Ping failing while running a plan

[matias2681]

Hi,

I've set up the provider information url and credentials in this way:

terraform {
  required_providers {
    artifactory = {
      source  = "jfrog/artifactory"
      version = "~> 2.2.5"
    }
  }
}

provider "artifactory" {
  url = "https://my-artifactory.com"
  username = "myusername"
  password = "mypassword"
}

However, when I run terraform plan I get this error:

Error: Get "https://my-artifactory.com/api/system/ping": dial tcp: lookup my-artifactory.com on 192.168.86.1:53: no such host

  on provider.tf line 10, in provider "artifactory":
  10: provider "artifactory" {

The IP that shows is the same one that if I do nslookup my-artifactory.com
Can't this be resolved in the same way that the API does it? If I run curl against the api/system/ping it works just fine.
We have ICMP disable in the host but the API and the JFrog CLI work just fine with ping in the same environment.

Do you have any workaround for this issue?

[chb0github]

Here is what I ran:

terraform {
  required_providers {
    artifactory = {
      source  = "jfrog/artifactory"
      version = "~> 2.2.5"
    }
  }
}

provider "artifactory" {
  url = "http://localhost:8081/artifactory"
  username = "admin"
  password = "password"
}

I am running a local docker instance of pro:

christianb@christianb-mac terraform-provider-artifactory % docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED      STATUS                   PORTS                              NAMES
35bd1ae5e5e4   jfrog-client-go_artifactory   "/entrypoint-artifac…"   7 days ago   Up 2 minutes (healthy)   0.0.0.0:8080-8082->8080-8082/tcp   jfrog-client-go_artifactory_1

results:

christianb@christianb-mac terraform-provider-artifactory % terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

artifactory_local_repository.docker-dev-local: Refreshing state... [id=docker-dev-local]

------------------------------------------------------------------------

No changes. Infrastructure is up-to-date.

This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.
christianb@christianb-mac terraform-provider-artifactory % 

I think the problem is that you don't have /artifactory on the URL. Remember, it's URL, not host - this is done to be able to accomodate for proxying issues.

I am going to close this ticket on the assumption that's the issue. If it isn't, please let me know.

I would suggest that you test your plan against a docker image as I do because it's a good way to make sure you don't have any environmental issues sneak in

[matias2681]

@chb0github I tried this with docker too and I see an error because is not the pro version however it seems to try to apply the changes.
I'm unsure that the /artifactory part on the url is the issue as we have that already covered with our DNS entry as part of https://my-artifactory.com/

I'm still scratching my head as if I do:

curl -u admin -X GET https://my-artifactory.com/api/system/ping
OK

it works. What could be the difference in how it's resolved the ping between the code that runs the provider and curl? As you can see the API call is the same but the terraform one fails. Interestingly it seems to try to resolve with an IP.

I'm not saying that it can't be an env issue but if you can give me some pointers that would be helpful.

EDIT: I think the issue should stay open as others might encounter the same problem. There was a previous issue that was closed with the same problem that I mentioned. However, the user never replied back.

[chb0github]

@matias2681 - if I am reading what you wrote correctly,

I'm unsure that the /artifactory part on the url is the issue as we have that already covered with our DNS entry as part of https://my-artifactory.com/

This doesn't make much sense to me - you can't alias http paths with DNS - the closest is a CNAME record which includes only the host.

try this on your end:

TF_LOG=TRACE terraform plan

provide that output here.

I do know this - there are endpoints on artifactory that respond with with valid HTTP codes that infact, do literally nothing!

see this:

christianb@christianb-mac terraform-provider-artifactory % curl -sfnL http://localhost:8081/artifactory/api/system/ping 
OK%              

now without artifactory

christianb@christianb-mac terraform-provider-artifactory % curl -sfvnL http://localhost:8081/api/system/ping
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8081 (#0)
* Server auth using Basic with user 'admin'
> GET /api/system/ping HTTP/1.1
> Host: localhost:8081
> Authorization: Basic YWRtaW46cGFzc3dvcmQ=
> User-Agent: curl/7.64.1
> Accept: */*
> 
* The requested URL returned error: 404 Not Found
* Closing connection 0
christianb@christianb-mac terraform-provider-artifactory % echo $?
22

without the /artifactory path curl reports a 404.

[matias2681]

This doesn't make much sense to me - you can't alias http paths with DNS - the closest is a CNAME record which includes only the host.

My bad, I was trying to point out that we have a DNS that points to a host and then the host has Nginx running that does the routing to /artifactory I believe that's way the API call with curl works but the plugin with terraform fails for some reason.

Here's the output after running TF_LOG=TRACE terraform plan

...
my-artifactory2021/01/06 11:49:32 [TRACE] GRPCProvider: Configure
2021/01/06 11:49:33 [TRACE] vertex "provider[\"registry.terraform.io/jfrog/artifactory\"]": visit complete
2021/01/06 11:49:33 [TRACE] dag/walk: upstream of "artifactory_local_repository.my-local (expand)" errored, so skipping
2021/01/06 11:49:33 [TRACE] dag/walk: upstream of "provider[\"registry.terraform.io/jfrog/artifactory\"] (close)" errored, so skipping
2021/01/06 11:49:33 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping
2021/01/06 11:49:33 [TRACE] dag/walk: upstream of "root" errored, so skipping
2021/01/06 11:49:33 [INFO] backend/local: plan operation completed

2021/01/06 11:49:33 [TRACE] statemgr.Filesystem: removing lock metadata file .terraform.tfstate.lock.info
2021/01/06 11:49:33 [TRACE] statemgr.Filesystem: unlocking terraform.tfstate using fcntl flock
Error: Get "https://my-artifactory.com/api/system/ping": dial tcp: lookup my-artifactory.com on 192.168.86.1:53: no such host

  on provider.tf line 10, in provider "artifactory":
  10: provider "artifactory" {


2021-01-06T11:49:33.507-0800 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-01-06T11:49:33.508-0800 [DEBUG] plugin: plugin process exited: path=.terraform/providers/registry.terraform.io/jfrog/artifactory/2.2.5/darwin_amd64/terraform-provider-artifactory_v2.2.5 pid=55672
2021-01-06T11:49:33.508-0800 [DEBUG] plugin: plugin exited

[matias2681]

After doing some research I was able to get it working. The problem seems to be the DNS resolver inside a VPN environment and it was reported here: hashicorp/terraform#3536

This workaround worked for me hashicorp/terraform#3536 (comment)
Basically, I ran route get my-artifactory.com and with the IP returned I added it to /etc/hosts

Posting that here just in case someone else face the same issue.