terraform-provider-hcloud icon indicating copy to clipboard operation
terraform-provider-hcloud copied to clipboard

Published 20 hours ago verified publisher icon hetznercloud

[Bug]: lookup api.hetzner.cloud ... connection refused

Open fstab opened this issue 3 years ago • 0 comments

What happened?

Running terraform refresh failed on Linux, I go a lot of errors like this:

│ Error: Get "https://api.hetzner.cloud/v1/networks/130630": dial tcp: lookup api.hetzner.cloud on [::1]:53: read udp [::1]:39716->[::1]:53: read: connection refused
│                                                                                      
│   with hcloud_network.network,                                                       
│   on terraform.tf line 126, in resource "hcloud_network" "network":
│  126: resource "hcloud_network" "network" {                 
│

I found a way to solve this, and I'm not even sure if the root cause is in your code. I'm creating this issue because maybe there's a way you can fix it, or if not at least others might find the workaround described here.

Anyway, my Linux uses systemd-resolved for resolving hostnames. This works fine: resolvectl query api.hetzner.cloud can successfully resolve the IP address for api.hetzner.cloud.

There are multiple ways how programs can interact with systemd-resolved (see man systemd-resolved). For programs issuing DNS requests directly, systemd-resolved provides a local DNS stub listener on the IP addresses 127.0.0.53 and 127.0.0.54 on the local loopback interface. This works fine: dig @127.0.0.53 api.hetzner.cloud can resolve the hostname successfully.

However, based on the error message above it looks like the hcloud provider uses the IPv6 loopback interface [::1] on port 53 to resolve api.hetzner.cloud. This fails because the systemd-resolved does not listen on IPv6 by default.

To fix this, add the following line to /etc/systemd/resolved.conf

DNSStubListenerExtra=[::1]:53

and then systemctl restart systemd-resolved.service. This solves the issue.

Anyway, I have never seen this error with any other program before. So if you are using some kind of exotic library to connect to api.hetzner.cloud you might be able to fix this by switching to a more common HTTP client :)

What did you expect to happen?

Resolving api.hetzner.cloud should work out-of-the-box.

Please provide a minimal working example

versions.tf looks like this:

terraform {
  required_providers {
    hcloud = {
      source = "hetznercloud/hcloud"
    }
    null = {
      source = "hashicorp/null"
    }
  }
  required_version = ">= 0.13"
}

The issue is independent of the resource, happens with all requests to api.hetzner.cloud.

fstab avatar Feb 12 '22 22:02 fstab