Merge pull request #134 from GoogleCloudPlatform/docs

added requireShieldedVm error in troubleshoot doc
GoogleCloudPlatform · Oct 4, 2023 · 2b177f8 · 2b177f8
2 parents 217d904 + 49398f0
commit 2b177f8
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/docs/TROUBLESHOOTING.md b/docs/TROUBLESHOOTING.md
@@ -108,3 +108,23 @@
   cd terraform/stages/foundation # foundation, gke or cloudrun.
   terraform force-unlock <terraform-lock-id>
   ```
+
+### Terraform error when creating the jump host in 0-jumphost stage
+
+- I ran into the following error when running `sb infra apply 0-jumphost`:
+  ```
+  │ Error: Error creating instance: googleapi: Error 412: Constraint constraints/compute.requireShieldedVm violated for project projects/jonchen-css-1004. Secure Boot is not enabled in the 'shielded_instance_config' field. See https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints for more information., conditionNotMet
+  │
+  │   with google_compute_instance.jump_host,
+  │   on main.tf line 104, in resource "google_compute_instance" "jump_host":
+  │  104: resource "google_compute_instance" "jump_host" {
+  │
+  ╵
+  Error when running command:  terraform apply   (working_dir=./terraform/stages/0-jumphost)
+  ```
+
+  To fix this, run the following to update the organization policies (You will need Org Policy Admin IAM role.)
+  ```
+  export ORGANIZATION_ID="$(gcloud projects get-ancestors $PROJECT_ID | grep organization | cut -f1 -d' ')"
+  gcloud resource-manager org-policies delete constraints/compute.requireShieldedVm --organization=$ORGANIZATION_ID
+  ```