GoogleCloudPlatform
Can not build image with packer
Problem you have encountered:
I try to build gce image with packer, but it does not work. I encounter an error about impersonate: scopes must be provided. The detail is following
Step #0: cd9cf4263797: Pull complete
Step #0: e93ab6b80197: Pull complete
Step #0: c96596971c22: Pull complete
Step #0: 4c35a9a01dc8: Verifying Checksum
Step #0: 4c35a9a01dc8: Download complete
Step #0: 4c35a9a01dc8: Pull complete
Step #0: be0e7cfe939e: Pull complete
Step #0: 2607eac0764d: Pull complete
Step #0: 79074cc50ec6: Pull complete
Step #0: Digest: sha256:50d758dcbb3813dc0a5c5c3d5401e5c319563fd7103d392de82e29bb7cd40f95
Step #0: Status: Downloaded newer image for gcr.io/my-project-name/packer:latest
Step #0: gcr.io/my-project-name/packer:latest
Step #0: Installed plugin github.com/hashicorp/googlecompute v1.1.4 in "/builder/home/.config/packer/plugins/github.com/hashicorp/googlecompute/packer-plugin-googlecompute_v1.1.4_x5.0_linux_amd64"
Finished Step #0
Starting Step #1
Step #1: googlecompute.test-image: output will be in this color.
Step #1:
Step #1: Build 'googlecompute.test-image' errored after 862 microseconds: impersonate: scopes must be provided
Step #1:
Step #1: ==> Wait completed after 1 millisecond 60 microseconds
Step #1:
Step #1: ==> Some builds didn't complete successfully and had errors:
Step #1: --> googlecompute.test-image: impersonate: scopes must be provided
Step #1:
Step #1: ==> Builds finished but no artifacts were created.
Finished Step #1
ERROR
ERROR: build step 1 "gcr.io/my-project-name/packer" failed: step exited with non-zero status: 1
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
BUILD FAILURE: Build step failure: build step 1 "gcr.io/my-project-name/packer" failed: step exited with non-zero status: 1
What you expected to happen:
Get a new gce image artifact.
Steps to reproduce:
- git clone https://github.com/GoogleCloudPlatform/cloud-builders-community.git
- go into the dir
packerof the repo, build a packer image with cloud build
gcloud builds submit .
- go into the dir
packer/examples/gceof the repo - following the
README.mdto configuring service account for packer - modify the packer variables
variables.pkrvars.hcl - run build with script
gcloud builds submit --config=cloudbuild.yaml .
Other information (workarounds you have tried, documentation consulted, etc):
It works well until November 23rd with the same steps above.
I see the same problem. I can run packer locally on my machine to build the image if I removed the impersonate_service_account option from build.pkr.hcl, which presumably is necessary for building in Google Cloud.
I also tried upgrading to the latest packer image version (1.1.0) which made no differences. I can't find any mention of this problem on the Hashicorp forum or ticket tracker, so I assume it's some kind of change on the Google backend. I can't figure out from the source, thus far, where the "scopes" are supposed to come from. I tried using the scopes option in build.pkr.hcl, but the docs are pretty sparse and while I didn't get an error, it didn't make a difference in the error; I don't know if that's the scopes this error is about.
Can you please confirm that Cloud Build Service Account being used have proper permissions setup to create a VM image (docs). You will also need to add roles/iam.serviceAccountUser as well (example)
Problem you have encountered:
I try to build gce image with packer, but it does not work. I encounter an error about
impersonate: scopes must be provided. The detail is followingStep #0: cd9cf4263797: Pull complete Step #0: e93ab6b80197: Pull complete Step #0: c96596971c22: Pull complete Step #0: 4c35a9a01dc8: Verifying Checksum Step #0: 4c35a9a01dc8: Download complete Step #0: 4c35a9a01dc8: Pull complete Step #0: be0e7cfe939e: Pull complete Step #0: 2607eac0764d: Pull complete Step #0: 79074cc50ec6: Pull complete Step #0: Digest: sha256:50d758dcbb3813dc0a5c5c3d5401e5c319563fd7103d392de82e29bb7cd40f95 Step #0: Status: Downloaded newer image for gcr.io/my-project-name/packer:latest Step #0: gcr.io/my-project-name/packer:latest Step #0: Installed plugin github.com/hashicorp/googlecompute v1.1.4 in "/builder/home/.config/packer/plugins/github.com/hashicorp/googlecompute/packer-plugin-googlecompute_v1.1.4_x5.0_linux_amd64" Finished Step #0 Starting Step #1 Step #1: googlecompute.test-image: output will be in this color. Step #1: Step #1: Build 'googlecompute.test-image' errored after 862 microseconds: impersonate: scopes must be provided Step #1: Step #1: ==> Wait completed after 1 millisecond 60 microseconds Step #1: Step #1: ==> Some builds didn't complete successfully and had errors: Step #1: --> googlecompute.test-image: impersonate: scopes must be provided Step #1: Step #1: ==> Builds finished but no artifacts were created. Finished Step #1 ERROR ERROR: build step 1 "gcr.io/my-project-name/packer" failed: step exited with non-zero status: 1 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- BUILD FAILURE: Build step failure: build step 1 "gcr.io/my-project-name/packer" failed: step exited with non-zero status: 1What you expected to happen:
Get a new gce image artifact.
Steps to reproduce:
- git clone https://github.com/GoogleCloudPlatform/cloud-builders-community.git
- go into the dir
packerof the repo, build a packer image with cloud buildgcloud builds submit .
- go into the dir
packer/examples/gceof the repo- following the
README.mdto configuring service account for packer- modify the packer variables
variables.pkrvars.hcl- run build with script
gcloud builds submit --config=cloudbuild.yaml .Other information (workarounds you have tried, documentation consulted, etc):
It works well until November 23rd with the same steps above.
I got the same issue - after done Service Account setup following the README.md, I've two SA
- serviceAccount:packer@${PROJECT_ID}.iam.gserviceaccount.com -> has the necessary GCE permissions
- ${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com -> has the right to impersonate Packer Service Account
But Google is still showing me "impersonate: scopes must be provided", and I don't know the reason yet after a long search from Google search...
Found a similar issue against the googlecompute Packer plugin:
https://github.com/hashicorp/packer-plugin-googlecompute/issues/204
Downgrading to version 1.1.3 of the plugin worked around the issue for me as well.
