Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DefaultCredentialsError after Compute Engine Metadata server failures #814

Open
Nishith95 opened this issue Jul 22, 2021 · 6 comments
Open

DefaultCredentialsError after Compute Engine Metadata server failures #814

Nishith95 opened this issue Jul 22, 2021 · 6 comments
Assignees
@busunkim96
Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@Nishith95
Copy link

Nishith95 commented Jul 22, 2021
edited
Loading

Still seeing the same issue mentioned in #211

Environment details

  • OS: Linux/Container-Optimized OS
  • Python version: 3.8.5
  • pip version: 20.1.1
  • google-auth version: 1.33.0

Steps to reproduce

  1. cred, _ = default(scopes=scopes) fails after successfully running for a prolonged period

Context:
I'm running a python multiprocessing service inside a docker container in Google's Container-Optimized OS (cos-stable-89-16108-470-1). The processes typically run bigquery queries that it consumes from pubsub topics and sends logs to other pubsub topics. The default authentication from the google-auth package works fine for some time (typically ~18 hours) while the processes continuously run bigquery commands and eventually fail on connecting to the Compute Engine Metadata server that results in DefaultCredentialsError (along with other google connection errors).

Tracebacks:

Jul 07 21:41:46 kronos-staging-eden-1 docker[208805]:     cred, _ = default(scopes=scopes)
Jul 07 21:41:46 kronos-staging-eden-1 docker[208805]:   File "/pyenv/versions/kronos-cloud-worker-deploy/lib/python3.8/site-packages/google/auth/_default.py", line 483, in default
Jul 07 21:41:46 kronos-staging-eden-1 docker[208805]:     raise exceptions.DefaultCredentialsError(_HELP_MESSAGE)
Jul 07 21:41:46 kronos-staging-eden-1 docker[208805]: google.auth.exceptions.DefaultCredentialsError: Could not automatically determine credentials. Please set GOOGLE_APPLICATION_CREDENTIALS or explicitly create credentials and re-run the application. For more information, please see https://cloud.google.com/docs/authentication/getting-started

Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:     table = client.get_table(
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:   File "/pyenv/versions/kronos-cloud-worker-deploy/lib/python3.8/site-packages/google/cloud/bigquery/client.py", line 994, in get_table
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:     api_response = self._call_api(
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:   File "/pyenv/versions/kronos-cloud-worker-deploy/lib/python3.8/site-packages/google/cloud/bigquery/client.py", line 741, in _call_api
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:     return call()
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:   File "/pyenv/versions/kronos-cloud-worker-deploy/lib/python3.8/site-packages/google/api_core/retry.py", line 285, in retry_wrapped_func
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:     return retry_target(
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:   File "/pyenv/versions/kronos-cloud-worker-deploy/lib/python3.8/site-packages/google/api_core/retry.py", line 188, in retry_target
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:     return target()
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:   File "/pyenv/versions/kronos-cloud-worker-deploy/lib/python3.8/site-packages/google/cloud/_http.py", line 473, in api_request
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:     response = self._make_request(
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:   File "/pyenv/versions/kronos-cloud-worker-deploy/lib/python3.8/site-packages/google/cloud/_http.py", line 337, in _make_request
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:     return self._do_request(
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:   File "/pyenv/versions/kronos-cloud-worker-deploy/lib/python3.8/site-packages/google/cloud/_http.py", line 375, in _do_request
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:     return self.http.request(
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:   File "/pyenv/versions/kronos-cloud-worker-deploy/lib/python3.8/site-packages/google/auth/transport/requests.py", line 476, in request
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:     self.credentials.before_request(auth_request, method, url, request_headers)
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:   File "/pyenv/versions/kronos-cloud-worker-deploy/lib/python3.8/site-packages/google/auth/credentials.py", line 133, in before_request
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:     self.refresh(request)
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:   File "/pyenv/versions/kronos-cloud-worker-deploy/lib/python3.8/site-packages/google/auth/compute_engine/credentials.py", line 117, in refresh
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:     six.raise_from(new_exc, caught_exc)
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]:   File "<string>", line 3, in raise_from
Jul 16 13:26:30 kronos-staging-eden1-1 docker[930391]: google.auth.exceptions.RefreshError: Failed to retrieve http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/?recursive=true from the Google Compute Enginemetadata service. Compute Engine Metadata server unavailable

This previously reported issue (#211) has mentioned the same errors but the thread was closed after pushing fixes to later versions. Hence opening a new issue now since i'm still seeing these errors in the latest version.
@Nishith95
Copy link
Author

I have seen this as a recommended solution but this is not possible for us at this time. Looking for a fix to the root cause here (metadata server issues)
#211 (comment)

@busunkim96
Copy link
Contributor

I am not sure what the latest recommendations are around the Metadata server - @arithmetic1728 @silvolu Could you take a look?

@busunkim96 busunkim96 added priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Jul 24, 2021
@busunkim96 busunkim96 self-assigned this Jul 24, 2021
@Nishith95
Copy link
Author

Any update here?

@yoshi-automation yoshi-automation added 🚨 This issue needs some love. and removed 🚨 This issue needs some love. labels Dec 14, 2021
@yoshi-automation yoshi-automation added the 🚨 This issue needs some love. label Jan 18, 2022
@mazzi
Copy link

mazzi commented Mar 30, 2022

Any update regarding this issue?

@arithmetic1728
Copy link
Contributor

Probably you can create a global credential using cred, _ = default(scopes=scopes) once, and pass the cred to all clients that use this credential (instead of letting the clients creating their own). This will reduce the load on metadata server. Probably this can solve the issue.

@mazzi
Copy link

mazzi commented Mar 31, 2022

Probably you can create a global credential using cred, _ = default(scopes=scopes) once, and pass the cred to all clients that use this credential (instead of letting the clients creating their own). This will reduce the load on metadata server. Probably this can solve the issue.

Good one. Thanks @arithmetic1728

@arithmetic1728 arithmetic1728 added priority: p3 Desirable enhancement or fix. May not be included in next release. and removed 🚨 This issue needs some love. priority: p2 Moderately-important priority. Fix may not be included in next release. labels Mar 31, 2022
@parthea parthea mentioned this issue Mar 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@busunkim96 busunkim96

Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mazzi @busunkim96 @Nishith95 @yoshi-automation @arithmetic1728