Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can not build image with packer #641

Open
WanchiaTsai opened this issue Dec 4, 2023 · 5 comments
Open

Can not build image with packer #641

WanchiaTsai opened this issue Dec 4, 2023 · 5 comments

Comments

@WanchiaTsai
Copy link

Problem you have encountered:

I try to build gce image with packer, but it does not work. I encounter an error about impersonate: scopes must be provided. The detail is following

Step #0: cd9cf4263797: Pull complete
Step #0: e93ab6b80197: Pull complete
Step #0: c96596971c22: Pull complete
Step #0: 4c35a9a01dc8: Verifying Checksum
Step #0: 4c35a9a01dc8: Download complete
Step #0: 4c35a9a01dc8: Pull complete
Step #0: be0e7cfe939e: Pull complete
Step #0: 2607eac0764d: Pull complete
Step #0: 79074cc50ec6: Pull complete
Step #0: Digest: sha256:50d758dcbb3813dc0a5c5c3d5401e5c319563fd7103d392de82e29bb7cd40f95
Step #0: Status: Downloaded newer image for gcr.io/my-project-name/packer:latest
Step #0: gcr.io/my-project-name/packer:latest
Step #0: Installed plugin github.com/hashicorp/googlecompute v1.1.4 in "/builder/home/.config/packer/plugins/github.com/hashicorp/googlecompute/packer-plugin-googlecompute_v1.1.4_x5.0_linux_amd64"
Finished Step #0
Starting Step #1
Step #1: googlecompute.test-image: output will be in this color.
Step #1: 
Step #1: Build 'googlecompute.test-image' errored after 862 microseconds: impersonate: scopes must be provided
Step #1: 
Step #1: ==> Wait completed after 1 millisecond 60 microseconds
Step #1: 
Step #1: ==> Some builds didn't complete successfully and had errors:
Step #1: --> googlecompute.test-image: impersonate: scopes must be provided
Step #1: 
Step #1: ==> Builds finished but no artifacts were created.
Finished Step #1
ERROR
ERROR: build step 1 "gcr.io/my-project-name/packer" failed: step exited with non-zero status: 1
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

BUILD FAILURE: Build step failure: build step 1 "gcr.io/my-project-name/packer" failed: step exited with non-zero status: 1

What you expected to happen:

Get a new gce image artifact.

Steps to reproduce:

  1. git clone https://github.com/GoogleCloudPlatform/cloud-builders-community.git
  2. go into the dir packer of the repo, build a packer image with cloud build
gcloud builds submit .
  1. go into the dir packer/examples/gce of the repo
  2. following the README.md to configuring service account for packer
  3. modify the packer variables variables.pkrvars.hcl
  4. run build with script
gcloud builds submit --config=cloudbuild.yaml .

Other information (workarounds you have tried, documentation consulted, etc):

It works well until November 23rd with the same steps above.
@swelljoe
Copy link

swelljoe commented Jan 4, 2024

I see the same problem. I can run packer locally on my machine to build the image if I removed the impersonate_service_account option from build.pkr.hcl, which presumably is necessary for building in Google Cloud.

I also tried upgrading to the latest packer image version (1.1.0) which made no differences. I can't find any mention of this problem on the Hashicorp forum or ticket tracker, so I assume it's some kind of change on the Google backend. I can't figure out from the source, thus far, where the "scopes" are supposed to come from. I tried using the scopes option in build.pkr.hcl, but the docs are pretty sparse and while I didn't get an error, it didn't make a difference in the error; I don't know if that's the scopes this error is about.

@haroonc
Copy link
Collaborator

haroonc commented Jan 4, 2024

Can you please confirm that Cloud Build Service Account being used have proper permissions setup to create a VM image (docs). You will also need to add roles/iam.serviceAccountUser as well (example)

@AndyLau223
Copy link

AndyLau223 commented Jan 28, 2024
edited

Problem you have encountered:

I try to build gce image with packer, but it does not work. I encounter an error about impersonate: scopes must be provided. The detail is following

Step #0: cd9cf4263797: Pull complete
Step #0: e93ab6b80197: Pull complete
Step #0: c96596971c22: Pull complete
Step #0: 4c35a9a01dc8: Verifying Checksum
Step #0: 4c35a9a01dc8: Download complete
Step #0: 4c35a9a01dc8: Pull complete
Step #0: be0e7cfe939e: Pull complete
Step #0: 2607eac0764d: Pull complete
Step #0: 79074cc50ec6: Pull complete
Step #0: Digest: sha256:50d758dcbb3813dc0a5c5c3d5401e5c319563fd7103d392de82e29bb7cd40f95
Step #0: Status: Downloaded newer image for gcr.io/my-project-name/packer:latest
Step #0: gcr.io/my-project-name/packer:latest
Step #0: Installed plugin github.com/hashicorp/googlecompute v1.1.4 in "/builder/home/.config/packer/plugins/github.com/hashicorp/googlecompute/packer-plugin-googlecompute_v1.1.4_x5.0_linux_amd64"
Finished Step #0
Starting Step #1
Step #1: googlecompute.test-image: output will be in this color.
Step #1: 
Step #1: Build 'googlecompute.test-image' errored after 862 microseconds: impersonate: scopes must be provided
Step #1: 
Step #1: ==> Wait completed after 1 millisecond 60 microseconds
Step #1: 
Step #1: ==> Some builds didn't complete successfully and had errors:
Step #1: --> googlecompute.test-image: impersonate: scopes must be provided
Step #1: 
Step #1: ==> Builds finished but no artifacts were created.
Finished Step #1
ERROR
ERROR: build step 1 "gcr.io/my-project-name/packer" failed: step exited with non-zero status: 1
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

BUILD FAILURE: Build step failure: build step 1 "gcr.io/my-project-name/packer" failed: step exited with non-zero status: 1

What you expected to happen:

Get a new gce image artifact.

Steps to reproduce:

  1. git clone https://github.com/GoogleCloudPlatform/cloud-builders-community.git
  2. go into the dir packer of the repo, build a packer image with cloud build
gcloud builds submit .
  1. go into the dir packer/examples/gce of the repo
  2. following the README.md to configuring service account for packer
  3. modify the packer variables variables.pkrvars.hcl
  4. run build with script
gcloud builds submit --config=cloudbuild.yaml .

Other information (workarounds you have tried, documentation consulted, etc):

It works well until November 23rd with the same steps above.

I got the same issue - after done Service Account setup following the README.md, I've two SA

  • serviceAccount:packer@${PROJECT_ID}.iam.gserviceaccount.com -> has the necessary GCE permissions
  • ${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com -> has the right to impersonate Packer Service Account

But Google is still showing me "impersonate: scopes must be provided", and I don't know the reason yet after a long search from Google search...

@123joshuawu
Copy link

Still have the same issue

@jfpanisset
Copy link

Found a similar issue against the googlecompute Packer plugin:

hashicorp/packer-plugin-googlecompute#204

Downgrading to version 1.1.3 of the plugin worked around the issue for me as well.

@jfpanisset jfpanisset mentioned this issue May 12, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@swelljoe @haroonc @123joshuawu @WanchiaTsai @jfpanisset @AndyLau223