profile
viewpoint

Ask questionsTerraform provider downloads fail with TLS handshake timeout

Terraform Version

0.10.0

Expected Behavior

We are running terraform as part of a Jenkins CI system. Basically every job builds a docker container containing terraform and then executes a tectonic installer in said container.

Terraform should download the providers and their checksums

Actual Behavior

` Error installing provider "aws": error fetching checksums: Get https://releases.hashicorp.com/terraform-provider-aws/0.1.4/terraform-provider-aws_0.1.4_SHA256SUMS: net/http: TLS handshake timeout.

Terraform analyses the configuration and state and automatically downloads plugins for the providers used. However, when attempting to download this plugin an unexpected error occured.

This may be caused if for some reason Terraform is unable to reach the plugin repository. The repository may be unreachable if access is blocked by a firewall. `

This happens with several other providers as well.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. Run terraform apply inside a container which runs a container executing terraform apply

Important Factoids

I attached to the container running terraform and executed curl: ``root@jenkins-slave-4s7xc-r828q:~# docker exec -it 3e85ee5a4d9b curl -v https://releases.hashicorp.com/terraform-provider-tls/0.1.0/terraform-provider-tls_0.1.0_SHA256SUMS

  • Hostname was NOT found in DNS cache
  • Trying 151.101.1.183...
  • Connected to releases.hashicorp.com (151.101.1.183) port 443 (#0)
  • successfully set certificate verify locations:
  • CAfile: none CApath: /etc/ssl/certs
  • SSLv3, TLS handshake, Client hello (1):
  • SSLv3, TLS handshake, Server hello (2):
  • SSLv3, TLS handshake, CERT (11):
  • SSLv3, TLS handshake, Server key exchange (12):
  • SSLv3, TLS handshake, Server finished (14):
  • SSLv3, TLS handshake, Client key exchange (16):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
  • Server certificate:
  • subject: C=US; ST=California; L=San Francisco; O=Fastly, Inc; CN=s.ssl.fastly.net
  • start date: 2017-06-19 20:08:43 GMT
  • expire date: 2018-06-20 20:08:43 GMT
  • subjectAltName: releases.hashicorp.com matched
  • issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign CloudSSL CA - SHA256 - G3
  • SSL certificate verify ok.

GET /terraform-provider-tls/0.1.0/terraform-provider-tls_0.1.0_SHA256SUMS HTTP/1.1 User-Agent: curl/7.38.0 Host: releases.hashicorp.com Accept: /

< HTTP/1.1 200 OK <``

So there must be a difference in how curl handles TLS and how terraform does it.

hashicorp/terraform

Answer questions dgmorales

I'm on Mojave 10.14.5, and I'm getting the same "net/http: TLS handshake timeout" message on init when it tries to access my remote state backend on azurerm. Puzzling as it is, sudoing works, specially because I'm using sudo -E to preserve the environment (to access the ARM_ACCESS_KEY env var I've set on my regular user session).

terraform init
Initializing modules...

Initializing the backend...

Error: Failed to get existing workspaces: Get https://xxxxxxxx.blob.core.windows.net/tfstates?comp=list&prefix=xxxxxx.tfstateenv%3A&restype=container: net/http: TLS handshake timeout

Additionaly, terraform plan works fine without sudo, despite that it also has to access the state.

useful!

Related questions

failed to save provider manifest: open .terraform/plugins/linux_amd64/lock.json: permission denied hot 4
The argument "host" is required, but no definition was found. hot 3
Unable to run 0.12upgrade hot 3
Module cannot find alias AWS provider in 0.12.0 hot 3
Error: Invalid template interpolation value hot 2
Terraform v0.11.1 : Error downloading modules: Error loading modules: open .terraform/modules/3f10921295c292995128e9e36eb: no such file or directory hot 2
MalformedPolicyDocument: Policy document should not specify a principal. hot 2
Error in Terraform 0.12.0: This object has no argument, nested block, or exported attribute hot 2
Feature Request - Allow list/array in 'query' in 'external' data source hot 2
'terraform init' failed with 'Registry service unreachable.' error hot 2
for_each attribute for creating multiple resources based on a map hot 2
`Unreadable module directory` error is not clear for nested modules hot 2
Provider Development: Expected type 'string', got unconvertible type '[]interface {}' - with complicated block hot 2
Error loading state: state snapshot was created by Terraform v0.12.7, which is newer than current v0.12.6 hot 2
[BUG] Terraform 0.12.x corrupts state when upgrading from 0.11.14 hot 1
Github User Rank List