Welcome to the Linux Foundation Forum!

Lab 4.1 - terraform apply fails without exception

Sudoaptgetgood
Sudoaptgetgood Posts: 24
in LFS268 Class Forum

Been trying to get through this lab for a couple of days now, following the steps to the letter. It might be me or it might just be poorly written. Did anyone else have the same experience with this?

Comments

  • oskarq
    oskarq Posts: 22
    edited January 2024

    I have the same issues and no clue how to fix it... yet

  • oskarq
    oskarq Posts: 22

    Anyone?
    If LF368 is blocked at the beginning while creating the setup it is useless.

  • oskarq
    oskarq Posts: 22

    I can't continue....help

    │ Error: Error creating service account: googleapi: Error 403: Request had insufficient authentication scopes.
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "googleapis.com",
│     "metadata": {
│       "method": "google.iam.admin.v1.IAM.CreateServiceAccount",
│       "service": "iam.googleapis.com"
│     },
│     "reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT"
│   }
│ ]
│ 
│ More details:
│ Reason: insufficientPermissions, Message: Insufficient Permission
│ 
│ 
│   with module.jx.module.gsm[0].google_service_account.gsm_sa,
│   on .terraform/modules/jx/modules/gsm/main.tf line 25, in resource "google_service_account" "gsm_sa":
│   25: resource "google_service_account" "gsm_sa" {
  • zacts
    zacts Posts: 42

    I am experiencing the same Error with the IAM policy.

  • zacts
    zacts Posts: 42

    I'm also looking at the following guides from the official Jenkins-X doc for ideas: https://jenkins-x.io/v3/admin/platforms/google/ and https://jenkins-x.io/v3/admin/platforms/minikube/.

  • zacts
    zacts Posts: 42

    I also see the Enable Registry API section in the lab 4.1 PDF which mentions IAM roles.

  • zacts
    zacts Posts: 42
    edited December 2024

    I just got this step of the lab to work for me. I'm running Debian 12 on my laptop. I originally installed the gcloud command line tool via the google-cloud-sdk snap package. I researched it a bit, and the google-cloud-cli snap package is actually more up to date than the google-cloud-sdk package. I eventually ended up installing the gcloud cli tool via the official Google tar package for it. Everything at this step worked fine after that for me. The google-cloud-cli snap package might still work but I couldn't use gcloud components install gke-gcloud-auth-plugin to install the gke auth plugin. There's probably a way to still do that with snap I don't know.

  • zacts
    zacts Posts: 42

    I think also the Enable Registry API section helps too with the IAM role messages. I restarted the lab from scratch, and got the same IAM error warnings. Everything seems to work fine for this lab for me after I have gcloud setup and the Enable Registry API.

  • danilogranadosg
    danilogranadosg Posts: 4

    I'm officially stuck at page 10 of lab 4.1. After running Terraform apply I always get the following error message:

    │ Error: googleapi: Error 403: Insufficient regional quota to satisfy request: resource "SSD_TOTAL_GB": request requires '300.0' and is short '50.0'. project
    has a quota of '250.0' with '250.0' available. View and manage quotas at https://console.cloud.google.com/iam-admin/quotas?usage=USED&project=lab-jenkinsx.
    │ Details:
    │ [
    │ {
    │ "@type": "type.googleapis.com/google.rpc.RequestInfo",
    │ "requestId": "0xd67ee50a9f1aee93"
    │ },
    │ {
    │ "@type": "type.googleapis.com/google.rpc.ErrorInfo",
    │ "domain": "container.googleapis.com",
    │ "reason": "INSUFFICIENT_QUOTA_REGIONAL"
    │ }
    │ ]
    │ , forbidden

    │ with module.jx.module.cluster.google_container_cluster.jx_cluster,
    │ on .terraform/modules/jx/modules/cluster/main.tf line 24, in resource "google_container_cluster" "jx_cluster":
    │ 24: resource "google_container_cluster" "jx_cluster" {

    I have checked all the terraform configuration files to make sure there are is no SSD storage declared. I am not able to request more SSD storage. Any help with this issue will be greatly appreciated.

  • danilogranadosg
    danilogranadosg Posts: 4

    I was finally able to finish this lab without errors by doing the following:

    1. Reducing to 2 the number of cluster nodes in the variables.tf file:

      variable "initial_cluster_node_count" {
      description = "initial number of cluster nodes"
      type = number
      default = 2
      }

      variable "initial_primary_node_pool_node_count" {
      description = "initial number of pool nodes"
      type = number
      default = 1
      }

      variable "autoscaler_min_node_count" {
      description = "Minimum number of cluster nodes"
      type = number
      default = 2
      }

      variable "autoscaler_max_node_count" {
      description = "Maximum number of cluster nodes"
      type = number
      default = 4

    2. Running the following additional commands on the gcloud CLI, before running "terraform init":

      gcloud services enable iam.googleapis.com \
      iamcredentials.googleapis.com \
      cloudresourcemanager.googleapis.com \
      --project=lab-jenkinsx

Categories

Upcoming Training