-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to build a new AMI due to fact that IAP gives 4047 error #37
Comments
I expect that this commit will fix this issue: |
That commit indeed solves this issue. To fix this issue, update googlecompute plugin to 1.0.2 or higher:
|
I did the mentioned update but the issue still persist, please help. |
Without the logs and the packer file it's hard to say what the issue is. Can you share the logs and your packer file? |
Indeed by converting the files from legacy json to .pkr.hcl and adding the required_plugins to the template fixes the issue. |
Thanks for replying. I am attaching the log and required packer files.
================= config.pkr.hcl ==================
================ ubuntu.pkr.hcl ==================
================= script that runs packer commands ==============
The service account has all the required permissions as this setup was working few days back. |
I'm not sure if "config.pkr.hcl" is parsed automatically. I see you're configuring a PACKER_CONFIG_DIR to your home directory, but also configure the config file "PACKER_CONFIG". So I'm unsure that config.pkr.hcl is used during the validate and build steps. To make things easier:
If that works then |
Did you ever figure this out? I'm seeing the same thing sporadically (got the same error, then the config started working, and then suddenly stopped again today). I can connect to existing instances via IAP fine, and the firewall rule allowing ssh traffic from IAP is in place, but I can verify that the packer-created instance gives the same IAP error if I try manually running
Sanitized config: packer {
required_plugins {
googlecompute = {
source = "github.com/hashicorp/googlecompute"
version = "~> 1"
}
}
}
source "googlecompute" "foo" {
disk_size = "60"
image_description = "Description"
image_family = "foo"
image_name = "bar"
machine_type = "n2-standard-2"
network = "main"
subnetwork = "${var.region}-01"
omit_external_ip = true
use_internal_ip = true
use_iap = true
on_host_maintenance = "TERMINATE"
project_id = var.project
scopes = ["https://www.googleapis.com/auth/cloud-platform"]
source_image_family = "ubuntu-minimal-2004-lts"
source_image_project_id = ["ubuntu-os-cloud"]
ssh_username = "packer"
use_os_login = true
service_account_email = "gce-imagebuilder@${var.project}.iam.gserviceaccount.com"
startup_script_file = "${path.root}/startup.sh"
zone = "${var.region}-b"
}
build {
sources = ["source.googlecompute.foo"]
} I do have a Twingate tunnel setup to the private network, but don't think that should be the issue, esp. as I can use IAP to connect to other hosts. I did try setting Wondering if it's a caching thing? If I run % gcloud compute start-iap-tunnel packer-65bbd65d-ed4d-0ae5-609c-1edf09b225f9 22 --local-host-port=localhost:8834 --zone us-central1-b --project xxx --log-http I can actually see it returning the information about the instance, but then still errors with
|
Further notes:
wait_to_add_ssh_keys = "5m"
iap_tunnel_launch_wait = 120 to the packer config to see if that would help by not having it try to create the tunnel immediately after instance creation... it did not solve the issue
|
@wyardley Do you think this may be a small outage? We are experiencing the same issue at the same time... |
@corinz that would make a lot of sense if that were the issue. |
Hi,
We are building new AMI's monthly through a pipeline each month, which on last month we successfully did it.
This month it fails with the following error:
I tried to run it from locally but i have the same error.
The text was updated successfully, but these errors were encountered: