Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packer issue: Non-retryable tunnel error: ERROR: (gcloud.auth.activate-service-account) #11245

Closed
ketanjoshi10 opened this issue Sep 2, 2021 · 6 comments
Closed

Packer issue: Non-retryable tunnel error: ERROR: (gcloud.auth.activate-service-account) #11245

ketanjoshi10 opened this issue Sep 2, 2021 · 6 comments
Labels
bug remote-plugin/googlecompute

Comments

@ketanjoshi10
Copy link

Overview of the Issue

I am trying to create a simple image using Packer in GCP. I have all the required access to GCP console through CLI.
On triggering the Packer.json script it fails with below error:

==> googlecompute: Step Launch IAP Tunnel...
==> googlecompute: Non-retryable tunnel error: ERROR: (gcloud.auth.activate-service-account) Unable to read file []: [Errno 2] No such file or directory: ''
==> googlecompute:

Can anyone suggest a resolution for this?

Reproduction Steps

  • First created the VPC, subnet and firewall rule to allow ssh IAP access in this VPC.

  • I have created a service account with the following permissions:

Compute Admin
Compute Instance Admin (v1)
IAP-secured Tunnel User
Monitoring Metric Writer
Secret Manager Secret Accessor
Storage Object Viewer

  • The same packer.json was running fine 2 weeks ago. Suddenly it started to fail with the specified error on triggering.

Packer version

Tried on 1.7.4 as well as 1.6.6

Simplified Packer Buildfile

{
"variables": {
"project_id": "my-gcp-project",
"image_name": "my-packer-image",
"instance_name": "my-packer-instance",
"service_account_email": "my-service-account@my-gcp-project.iam.gserviceaccount.com",
"zone": "us-east4-c",
"subnetwork": "my-gcp-subnet"
},

"builders": [
  {
    "type": "googlecompute",
    "image_name": "{{user `image_name`}}",
    "project_id": "{{user `project_id`}}",
    "source_image": "debian-10-buster-v20210701",
    "instance_name": "{{user `instance_name`}}",
    "machine_type": "e2-micro",
    "preemptible": true,
    "disk_size": "30",
    "disk_type": "pd-standard",
    "ssh_username": "packer",
    "zone": "{{user `zone`}}",
    "service_account_email": "{{user `service_account_email`}}",
    "use_iap": true,
    "omit_external_ip": true,
    "use_internal_ip": true,
    "subnetwork": "{{user `subnetwork`}}",
    "labels": {"environment":"prod", "group_name": "mgmt-group", "purpose": "baseimage"},
    "tags": ["allow-iap-ssh"],
    "scopes":  [
        "https://www.googleapis.com/auth/cloud-platform"
      ]
  }
],

"provisioners": [
  {
  "type": "file",
  "source": "metadata.sh",
  "destination": "/tmp/metadata.sh"
  },
  {
    "type": "shell",
    "inline": [
      "sudo bash /tmp/metadata.sh"
    ]
  }
@asml-erwin-willems
Copy link

We use a very similar setup, but we got another error:

2021-09-02T15:24:23Z: ==> googlecompute.rhel7: Step Launch IAP Tunnel...
2021-09-02T15:24:27Z: ==> googlecompute.rhel7: Non-retryable tunnel error: ERROR: (gcloud.compute.start-iap-tunnel) While checking if a connection can be made: Error while connecting [4047: 'Failed to lookup instance'].
2021-09-02T15:24:27Z: ==> googlecompute.rhel7: Deleting instance...
2021-09-02T15:26:43Z:     googlecompute.rhel7: Instance has been deleted!

If I look at the timestamps, then I have the feeling that packer is already giving up the tunnel, before the instance got started. So Packer thinks the Compute Engine instance is already running, while it is still in the startup phase.

We have this issue since 26-08-2021. I have the feeling that something has changed in the Google APIs that causes this issue.

If I look at the last successful build, the "Step Launch IAP tunnel" should take at least one minute:

2021-08-25T01:07:18Z: ==> googlecompute.rhel7: Step Launch IAP Tunnel...
2021-08-25T01:08:20Z: ==> googlecompute.rhel7: Using SSH communicator to connect: localhost
2021-08-25T01:08:20Z: ==> googlecompute.rhel7: Waiting for SSH to become available...
2021-08-25T01:08:22Z: ==> googlecompute.rhel7: Connected to SSH!

@erwin-willems
Copy link

I think this is related:
hashicorp/packer-plugin-googlecompute#37

@anjil
Copy link

anjil commented Sep 3, 2021

I did update the googlecompute plugin but it didn't solved the problem. Any other pointer please.

@erwin-willems
Copy link

I think this is related:
hashicorp/packer-plugin-googlecompute#37

This was another issue, so unrelated to the issue from the issue starter.

Closed
@github-actions github-actions bot closed this as completed Sep 6, 2021
@github-actions
Copy link

github-actions bot commented Sep 6, 2021

This issue has been migrated to hashicorp/packer-plugin-googlecompute#42 due to the Packer Plugin split.

Please follow the new issue for updates.

@github-actions
Copy link

github-actions bot commented Oct 7, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 7, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug remote-plugin/googlecompute
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@azr @anjil @erwin-willems @asml-erwin-willems @ketanjoshi10