terraform icon indicating copy to clipboard operation
terraform copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Misleading error message with at least `terraform init` when Mac OS DNS not working properly

Open nhooey opened this issue 2 years ago • 2 comments

Terraform Version

Terraform v1.6.5
on darwin_amd64

Terraform Configuration Files

(none)

Debug Output

(Couldn't reproduce the broken DNS state, so was too late to get debug output.)

Expected Behavior

Terraform should indicate that the DNS could not be resolved.

Actual Behavior

It gives a cryptic error message:

$ terraform init

Initializing the backend...

Initializing provider plugins...
- Finding latest version of hashicorp/aws...
╷
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider hashicorp/aws: could not connect to registry.terraform.io:
│ failed to request discovery document: Get "https://registry.terraform.io/.well-known/terraform.json": context deadline
│ exceeded (Client.Timeout exceeded while awaiting headers)

Steps to Reproduce

  1. (Have broken DNS on Mac OS)
  2. terraform init

Additional Context

The error went away when fixing with this answer: DNS Name lookup (was SSH) Not Working After Snow Leopard Upgrade

References

  • 26532

nhooey avatar Dec 04 '23 06:12 nhooey

Hi @nhooey! Thanks for this feedback.

Unfortunately it seems that what happened here is that Terraform got stuck waiting for something to respond (based on the message I would've guessed it is the HTTPS server, but I can't confirm that) and so I don't think Terraform actually knows what's gone wrong here, beyond that the request took an unusually long time to complete.

It isn't clear to me how a failed DNS lookup could cause a slow response from a HTTPS request though. Do you think that your system got an incorrect answer for which IP address to connect to, and then the server it tried to connect to was not ready to accept an HTTPS request?

apparentlymart avatar Dec 04 '23 22:12 apparentlymart

Terraform will be able to detect if there is a DNS failure, but more often than not misconfigured DNS results in no response at all. Without running some extra diagnostics this is indistinguishable from an unstable or slow connection, bad routing, broken link, etc. You happen to know it was DNS, because resetting the system mDNSResponder resulted in a fix, but Terraform cannot diagnose that type of failure externally.

Since resolver configuration is a common problem, perhaps we could insert a custom client resolver with a slightly lower timeout, which would give basically the same error except it would at least mention DNS. Unfortunately since we only control some of the many http clients used from within Terraform it can't solve all cases, but might be able to make problems during init more obivous.

jbardin avatar Dec 05 '23 14:12 jbardin