I've been working with using Packer v0.10.1 to build an image and am running into this access security issue when trying to run via Hashicorp's Atlas tool.
Packer v0.10.1
[1;32mgooglecompute output will be in this color.[0m
[1;32m==> googlecompute: Checking image does not exist...[0m
[1;32m==> googlecompute: Creating temporary SSH key for instance...[0m
[1;32m==> googlecompute: Creating instance...[0m
[0;32m googlecompute: Loading zone: us-central1-a[0m
[1;31m==> googlecompute: Error creating instance: Get https://www.googleapis.com/compute/v1/projects/united-course-124523/zones/us-central1-a?alt=json: oauth2/google: can't get a token from the metadata service; not running on GCE[0m
[1;31mBuild 'googlecompute' errored: Error creating instance: Get https://www.googleapis.com/compute/v1/projects/united-course-124523/zones/us-central1-a?alt=json: oauth2/google: can't get a token from the metadata service; not running on GCE[0m
==> Some builds didn't complete successfully and had errors:
--> googlecompute: Error creating instance: Get https://www.googleapis.com/compute/v1/projects/united-course-124523/zones/us-central1-a?alt=json: oauth2/google: can't get a token from the metadata service; not running on GCE
==> Builds finished but no artifacts were created.
Any thoughts, it seems like it ought to be a GCE error but I've uploaded the account.json variable to an environment variable as shown in the Packer template file below.
{
"variables": {
"instance_name": "hdqc-redis-{{timestamp}}",
"image_name": "testing-hdqc-redis-{{timestamp}}"
},
"builders": [
{
"type": "googlecompute",
"project_id": "united-course-124523",
"source_image": "debian-8-jessie-v20160718",
"zone": "us-central1-a",
"instance_name": "{{user `instance_name`}}",
"image_name": "{{user `image_name`}}",
"image_description": "Nginx Server.",
"communicator": "ssh",
"ssh_username": "redisadmin"
}
],
"provisioners": [
{
"type": "shell",
"inline": [
"sleep 3",
"echo \"slept for 3 seconds.\""
]
},
{
"type": "file",
"source": "install-redis.sh",
"destination": "install-redis.sh"
},
{
"type": "shell",
"script": "install-redis.sh",
"pause_before": "10s"
}
]
}
After realizing, this was simply just excluding the account.json, which as shown here requires a specific service account in GCE. So I changed and added the variable of the account.json file contents.
{
"variables": {
"instance_name": "hdqc-redis-{{timestamp}}",
"image_name": "testing-hdqc-redis-{{timestamp}}",
"account_json": "{{env `packer_account_json`}}",
},
"builders": [
{
"type": "googlecompute",
"account_file": "{{user `account_json`}}",
"project_id": "united-course-124523",
"source_image": "debian-8-jessie-v20160718",
"zone": "us-central1-a",
"instance_name": "{{user `instance_name`}}",
"image_name": "{{user `image_name`}}",
"image_description": "Nginx Server.",
"communicator": "ssh",
"ssh_username": "redisadmin"
}
],
"provisioners": [
{
"type": "shell",
"inline": [
"sleep 3",
"echo \"slept for 3 seconds.\""
]
},
{
"type": "file",
"source": "install-redis.sh",
"destination": "install-redis.sh"
},
{
"type": "shell",
"script": "install-redis.sh",
"pause_before": "10s"
}
]
}
But then adding this change, where I have the account.json file contents stored as a variable called "packer_account_json" and ended up with the following error.
Packer v0.10.1
googlecompute output will be in this color.
1 error(s) occurred:
* account_file path does not exist: {
To which I ponder, what in the world now. It can't take a variable? This is similar to how I have stored the account.json contents as a variable for Terraform, and it works just fine.
