Welcome to the Linux Foundation Forum!

Lab 4.1 - terraform apply fails without exception

Sudoaptgetgood
Sudoaptgetgood Posts: 24
in LFS268 Class Forum

Been trying to get through this lab for a couple of days now, following the steps to the letter. It might be me or it might just be poorly written. Did anyone else have the same experience with this?

Comments

  • oskarq
    oskarq Posts: 22
    edited January 12

    I have the same issues and no clue how to fix it... yet

  • oskarq
    oskarq Posts: 22

    Anyone?
    If LF368 is blocked at the beginning while creating the setup it is useless.

  • oskarq
    oskarq Posts: 22

    I can't continue....help

    │ Error: Error creating service account: googleapi: Error 403: Request had insufficient authentication scopes.
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "googleapis.com",
│     "metadata": {
│       "method": "google.iam.admin.v1.IAM.CreateServiceAccount",
│       "service": "iam.googleapis.com"
│     },
│     "reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT"
│   }
│ ]
│ 
│ More details:
│ Reason: insufficientPermissions, Message: Insufficient Permission
│ 
│ 
│   with module.jx.module.gsm[0].google_service_account.gsm_sa,
│   on .terraform/modules/jx/modules/gsm/main.tf line 25, in resource "google_service_account" "gsm_sa":
│   25: resource "google_service_account" "gsm_sa" {
  • zacts
    zacts Posts: 40

    I am experiencing the same Error with the IAM policy.

  • zacts
    zacts Posts: 40

    I'm also looking at the following guides from the official Jenkins-X doc for ideas: https://jenkins-x.io/v3/admin/platforms/google/ and https://jenkins-x.io/v3/admin/platforms/minikube/.

  • zacts
    zacts Posts: 40

    I also see the Enable Registry API section in the lab 4.1 PDF which mentions IAM roles.

  • zacts
    zacts Posts: 40
    edited December 10

    I just got this step of the lab to work for me. I'm running Debian 12 on my laptop. I originally installed the gcloud command line tool via the google-cloud-sdk snap package. I researched it a bit, and the google-cloud-cli snap package is actually more up to date than the google-cloud-sdk package. I eventually ended up installing the gcloud cli tool via the official Google tar package for it. Everything at this step worked fine after that for me. The google-cloud-cli snap package might still work but I couldn't use gcloud components install gke-gcloud-auth-plugin to install the gke auth plugin. There's probably a way to still do that with snap I don't know.

  • zacts
    zacts Posts: 40

    I think also the Enable Registry API section helps too with the IAM role messages. I restarted the lab from scratch, and got the same IAM error warnings. Everything seems to work fine for this lab for me after I have gcloud setup and the Enable Registry API.

Categories

Upcoming Training