Using Jenkins with Google Cloud

This is more of a Google Cloud issue, but I’m hoping someone here might have experience with this. I have a project that runs E2E tests that interact with services hosted on Google Cloud and that run commands from the Google Cloud CLI (gcloud, gsutil). These all run under my personal Google Cloud auth when running them locally. For Jenkins, which is running on a VM hosted on Google Cloud, we installed the plugin Google OAuth Credentials. I’ve followed the instructions for adding credentials that use a json key file linked to a Google Cloud service account. However, when I run tests from Jenkins, they continue to fail with the following error. Anyone know what I’m doing wrong here or what the fix is? io.grpc.StatusRuntimeException: UNAVAILABLE: Credentials failed to obtain metadata
Caused by: io.grpc.StatusRuntimeException: UNAVAILABLE: Credentials failed to obtain metadata
Caused by: Error code 404 trying to get security access token from Compute Engine metadata for the default service account. This may be because the virtual machine instance does not have permission scopes specified. It is possible to skip checking for Compute Engine metadata by specifying the environment variable NO_GCE_CHECK=true.

One thing I’ve noticed, that maybe is unrelated, but on an older install of Jenkins, all credentials are for the domain “Jenkins”, but on this newer install all the credentials are for the domain “System”. Does that matter? Also, maybe I’ve just missed something obvious. I created the credential, but is there an additional step I need to take in Jenkins so that projects actually use the credentials?

Does this help?

I don’t think so. It’s about how to set up Jenkins with Google Cloud in order to spin up Jenkins agents on Google Cloud Compute engine. But my issue is how to interact with the Google CLI commands and Google services (Google CLI is installed on the Jenkins server). Still, I’ve done the basic instructions as listed there in that article.

I think the credentials portion of that plugin would be useful to you since it sounds like that is where you are getting hung up.

Yes, but I already configured that and it didn’t solve anything. However, I’m starting to suspect that the core issue is outside of Jenkins configuration. That plugin may not be intended for things like running Google CLI commands from a test getting run by Jenkins, but instead for things like the link you provided where it’s used for more Google Admin type stuff.

For example, there is a Google CLI command that one needs to run to get authorized to use the CLI.

sudo -u jenkins gcloud auth activate-service-account SERVICE_ACCOUNT --key-file=KEY_FILE

I just ran this on the Jenkins server as user jenkins. Tests are still failing despite that, but that’s probably more the direction I need to investigate than configuration within Jenkins.