有时,Compute Engine 无法自动注册 PAYG Ubuntu Pro 许可。本文档介绍如何解决注册运行随用随付 (PAYG) Ubuntu Pro 许可的 Compute Engine 虚拟机 (VM) 实例时可能遇到的问题。
查看注册状态
如需检查您的许可是否已注册,请连接到虚拟机并运行以下命令
sudo ua status
如果注册成功,您会看到类似于以下内容的输出,而无需执行进一步操作:
SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes disabled Common Criteria EAL2 Provisioning Packages cis yes disabled Security compliance and audit tools esm-apps yes enabled Expanded Security Maintenance for Applications esm-infra yes enabled Expanded Security Maintenance for Infrastructure fips yes disabled NIST-certified core packages fips-updates yes disabled NIST-certified core packages with priority security updates livepatch yes enabled Canonical Livepatch service
如果注册失败并且 Ubuntu Pro 未注册,您会看到类似如下的消息:
This machine is not attached to an Ubuntu Pro subscription.
手动注册许可
如果 Compute Engine 未能自动注册您的 Ubuntu Pro 许可,您可以通过运行以下命令来手动注册许可:
sudo pro auto-attach
输出类似于以下内容:
注册成功:
This machine is already attached to PROJECT_ID To use a different subscription first run: sudo pro detach.
注册失败:
Internal Server Error
排查许可注册问题
如果您无法手动注册 Ubuntu Pro 许可,请执行以下操作来解决此问题:
通过运行以下命令检查挂接到虚拟机的磁盘数量,验证虚拟机是否可以访问元数据服务器:
curl "http://metadata.google.internal/computeMetadata/v1/instance/disks/" -H "Metadata-Flavor: Google"
输出类似于以下内容,显示了挂接到虚拟机的磁盘数量:
0/ 1/ 2/
如果输出未显示挂接到虚拟机的磁盘数量,请参阅排查元数据服务器访问问题。
通过运行以下命令验证 Google 客机代理是否正在运行:
systemctl status google-guest-agent.service
输出类似于以下内容:
● google-guest-agent.service - Google Compute Engine Guest Agent Loaded: loaded (/lib/systemd/system/google-guest-agent.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2023-04-20 16:35:11 PDT; 2h 12min ago Main PID: 4582 (google_guest_ag) Tasks: 10 (limit: 9525)
如果未安装客机代理或客机代理失败,请安装或重新安装客机环境。
从本地工作站运行以下命令,以验证服务账号是否已关联到虚拟机:
gcloud compute instances describe VM_NAME \ --zone ZONE --format="table(serviceAccounts.email)"
替换以下内容:
VM_NAME
:虚拟机的名称ZONE
:该虚拟机所在的可用区
输出类似于以下内容:
EMAIL: ['XXXXXXXX-compute@developer.gserviceaccount.com']
记下该服务账号的电子邮件地址。
通过运行以下查询来检查是否已启用服务账号:
gcloud logging read --freshness=90d "SERVICE_ACCOUNT_EMAIL protoPayload.methodName=google.iam.admin.v1.DisableServiceAccount"
将
SERVICE_ACCOUNT_EMAIL
替换为与虚拟机的服务账号关联的电子邮件地址。输出类似于以下内容:
insertId: 1ne5thkf13sxec logName: projects/testproject/logs/cloudaudit.googleapis.com%2Factivity protoPayload: '@type': type.googleapis.com/google.cloud.audit.AuditLog authenticationInfo: principalEmail: principalemail@google.com principalSubject: user:pricipalemail@google.com authorizationInfo: granted: true permission: iam.serviceAccounts.disable resource: projects/-/serviceAccounts/XXXXXXXXXXXXXX resourceAttributes: name: projects/-/serviceAccounts/XXXXXXXXXXXXXXXX methodName: google.iam.admin.v1.DisableServiceAccount request: '@type': type.googleapis.com/google.iam.admin.v1.DisableServiceAccountRequest name: projects/testproject/serviceAccounts/
-compute@developer.gserviceaccount.com requestMetadata: destinationAttributes: {} requestAttributes: auth: {} time: '2024-01-25T21:37:55.748811275Z' resourceName: projects/-/serviceAccounts/XXXXXXXXXX response: '@type': type.googleapis.com/google.protobuf.Empty serviceName: iam.googleapis.com status: {} receiveTimestamp: '2024-01-25T21:37:56.409675900Z' resource: labels: email_id: -compute@developer.gserviceaccount.com project_id: testproject unique_id: 'XXXXXXXXXXXXXXXX' type: service_account severity: NOTICE timestamp: '2024-01-25T21:37:55.721215307Z' 如果服务账号未启用,请重新启用它。
重新启用服务账号后,请尝试按照本文档的手动注册许可部分中的说明注册许可。