-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Terraform not honouring OS IPv4 settings, using IPv6 dst to call *.googleapis.com #6782
Comments
Here's what I know so far: Based on golang/go#25321 and hashicorp/terraform-provider-vsphere#636, something that could fix it would be to compile with CGO enabled. @megan07, is that indeed the build script that's used for the providers? If you don't mind, could you ask around to see if anyone at HashiCorp has any ideas on this? In the meantime, marking it upstream since I think it'll be good to have open as a reference for people that run into this, but I don't expect there being much we can do on the provider end. |
I'm running into similar issue intermittently as well in GCP cloud shell.
In my particular case, my script uploads a file to a Windows Server. I first get this error:
I checked that the firewalls are opened to the IP of the cloudshell instance. I try to do terraform apply again, and I would run into these "cannot assign requested address" errors while refreshing state. e.g. my first run I get:
Then immediately I run terraform apply again, and it would fail in a different place.
Finally, 3rd time it would let me type "yes" to apply the changes, but it will fail again timing out trying to upload the files. We run this same script a few times a week but most of the time there are no issues.
|
@c2thorn @rileykarson some of the team members have been running into this lately. Any possibilities for a fix? /cc @daniel-cit |
same here, could you give steps to resolve ? |
Hi there :) We experienced this as well in a relatively long
/cc @jbrook |
Quick and dirt plug:
|
get all gcp api endpoints gcloud services list --available --filter="name:googleapis.com" --format "csv[no-heading](ID)" --format "value(NAME)" |
I can't believe this is still an issue 2+ years after the bug was opened. |
I have exactly the same issue when executing from a mac |
+1 |
any update on this ? |
2023 : this is still an issue. I also encounter this problem. |
Another confirmation that this is still occurring. Very painful. |
While on a different than the OP, I recently encountered a similar issue ^ on my macOS system. For me, the resolution was changing the network WI-FI settings for DNS (from my ISP's router to a public DNS (like 1.1.1.1)). After this change, |
The suggested work around by @kevin-dimichel ( change DNS to 1.0.0.1 and 1.1.1.1 ) fix this for me. |
Can confirm this with Google CloudShell. |
I've been looking into this and it looks like it should be possible for us to resolve on the provider side. We should be able to use nettest.SupportsIPv6 to detect whether the current environment supports IPv6 and then force the transport layer to use IPv4 if not. Something like adding the following after this line: client.Transport = headerTransport
client.Transport.DialContext = func(ctx context.Context, network string, addr string) (net.Conn, error) {
d := &net.Dialer{}
if !nettest.SupportsIPv6() {
return d.DialContext(ctx, "tcp4", addr)
}
return d.DialContext(ctx, network, addr)
} However, I can't actually reproduce this bug on cloud shell, so I can't tell if the fix actually works. If anyone has a configuration that consistently and quickly causes this error in cloud shell, that would be extremely helpful! EDIT: apparently the override isn't quite that simple, continuing to dig, but still - reproducible cases would be great. Alternative fix would be to force setting the yaqs/47302089738551296 |
This is a workaround for golang/go#25321, and is related to hashicorp/terraform-provider-google#6782
…upported This is a workaround for golang/go#25321, and is related to hashicorp/terraform-provider-google#6782
I am facing similar issue with api.cloudflare.com |
I had similar issue and resolution to kevin-dimichel (above) % terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "~> 5.0"...
╷
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider hashicorp/aws: could not
│ query provider registry for registry.terraform.io/hashicorp/aws: the request failed after
│ 2 attempts, please try again later: Get
│ "https://registry.terraform.io/v1/providers/hashicorp/aws/versions": dial tcp
│ [2600:9000:2212:ee00:16:1aa3:1440:93a1]:443: connect: network is unreachable
╵ Version Info:
I resolved this by overriding the DNS servers for both IPv4/6 with the Quad9 servers. |
Community Note
modular-magician
user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned tohashibot
, a community member has claimed the issue already.Terraform Version
Affected Resource(s)
All resources, not specific to any one.
Terraform Configuration Files
While this happens intermittently and it's not specific to this config, it seems to happen with longer Terraform runs. You may need to apply / destroy 1-2 times before seeing this issue.
gist link to config
Debug Output
I see this output sporadically, and not on the same API call. Note the DST IP is an IPv6 address, but Cloud Shell does not enable IPv6 in the OS:
Link to gist
Console output when issue occurs (Note the IPv6 address is being used):
Expected Behavior
Terraform / Google provider should respect the OS network settings and use IPv4 addresses to call out to *.googleapis.com.
Actual Behavior
tf apply / tf destroy does not always successfully complete, and will return the errors above.
Steps to Reproduce
Note, if I statically configure /etc/hosts to resolve to a specific IPv4 address - say 199.36.153.8, the above errors never occur.
Important Factoids
Authenticating using application default credentials, built into Cloud Shell.
Confirm IPv6 is not enabled on the OS:
References
Similar issue 1 (with Go)
Similar issue 2
Workaround solution
The text was updated successfully, but these errors were encountered: