terraform-provider-vsphere: `r/vsphere_content_library_item` not working when run behind a proxy

Community Guidelines

  • I have read and agree to the HashiCorp Community Guidelines .
  • Vote on this issue by adding a 👍 reaction to the original issue initial description to help the maintainers prioritize.
  • Do not leave “+1” or other comments that do not add relevant information or questions.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Terraform

v1.3.7

Terraform Provider

v2.2.0

VMware vSphere

v7.0.3

Description

Hi,

we want to deploy a content library with a content library item using terraform, this works fine without a proxy, but the VM that is running the terraform scripts is sitting behind a proxy now. Here the info from our test environment where we could reproduce the issue as well.

main.tf

terraform {
  required_providers {
    vsphere = {
      source = "hashicorp/vsphere"
      version = "2.2.0"
    }
  }
}

provider "vsphere" {
  user                 = var.vsphere_user
  password             = var.vsphere_password
  vsphere_server       = var.vsphere_server
  allow_unverified_ssl = true
}

data "vsphere_datacenter" "datacenter" {
  name = var.vsphere_datacenter
}

data "vsphere_datastore" "datastore" {
  name          = var.vsphere_datastore
  datacenter_id = data.vsphere_datacenter.datacenter.id
}

resource "vsphere_content_library" "library" {
  name            = var.cl_name
  storage_backing = [data.vsphere_datastore.datastore.id]
  description     = "Terraform managed content library"
}

resource "vsphere_content_library_item" "cl_template" {
  name        = var.cl_item_name
  description = var.cl_item_description
  library_id  = vsphere_content_library.library.id
  file_url    = var.cl_item_url
}

terraform.tfvars:

vsphere_user = "administrator@vsphere.local"
vsphere_password = ""
vsphere_server = ""

vsphere_datacenter = "DevOpsLab"
cl_item_name = "sts-ubuntu-image"
cl_item_description = "sts-ubuntu-test" 
cl_item_url = "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.ova"
cl_name = "sts-ubuntu-test"

vsphere_datastore = "default-container-80975640325584"

I can see the initial connection during the init, plan and while creating the content library going to our proxy:

1674101044.663   4481 10.10.240.102 TCP_TUNNEL/200 8302329 CONNECT releases.hashicorp.com:443 - HIER_DIRECT/18.65.39.82 -
1674101044.663   8062 10.10.240.102 TCP_TUNNEL/200 9780 CONNECT releases.hashicorp.com:443 - HIER_DIRECT/18.65.39.82 -
1674101044.663  11679 10.10.240.102 TCP_TUNNEL/200 15451 CONNECT registry.terraform.io:443 - HIER_DIRECT/18.65.39.50 -
1674101044.663  19113 10.10.240.102 TCP_TUNNEL/200 7695 CONNECT registry.terraform.io:443 - HIER_DIRECT/18.65.39.50 -
1674101044.663  15501 10.10.240.102 TCP_TUNNEL/200 33237 CONNECT registry.terraform.io:443 - HIER_DIRECT/18.65.39.50 -
1674101058.749      0 10.10.240.102 TCP_DENIED/403 3897 CONNECT checkpoint-api.hashicorp.com:443 - HIER_NONE/- text/html
1674101110.505      0 10.10.240.102 TCP_DENIED/403 3897 CONNECT checkpoint-api.hashicorp.com:443 - HIER_NONE/- text/html

but as soon as terraform tries to create the content_library_item it tries to go directly through our firewall, which gets blocked and the script eventually runs into a timeout:

Deny: policy violation 10.10.240.102 16 minutes ago 185.125.190.40 (cloud-images.ubuntu.com) ubuntuguest

The proxy is configured on the VM as shown here:

root@frames1601:~/vmware-v2-provisioner/template# env | grep -i proxy
no_proxy=localhost,127.*,10.*,10.0.0.0/8,127.0.0.0/8,172.16.0.0/12,192.168.0.0/16,192.168.*,*.devops.lab,devops.lab,.devops.lab
https_proxy=http://proxy.devops.lab:3129
NO_PROXY=localhost,127.*,10.*,10.0.0.0/8,127.0.0.0/8,172.16.0.0/12,192.168.0./16,192.168.*,*.devops.lab,devops.lab,.devops.lab
HTTPS_PROXY=http://proxy.devops.lab:3129
HTTP_PROXY=http://proxy.devops.lab:3129
http_proxy=http://proxy.devops.lab:3129

are we missing something or is this a bug in the provider?

Thanks, Stefan

Affected Resources or Data Sources

resource/vsphere_content_library_item

Terraform Configuration

shown above

Debug Output

Enter a value: yes

https://gist.github.com/hornet83/ae54ca6e11c556040caffa5442270077

Panic Output

No response

Expected Behavior

vsphere_content_library_item is being added directly from the ubuntu cloud image url

Actual Behavior

connection is going directly to the firewall rather then the proxy - script runs into a timeout

Steps to Reproduce

terraform init terraform apply

Environment Details

No response

Screenshots

No response

References

No response

About this issue

  • Original URL
  • State: open
  • Created a year ago
  • Reactions: 1
  • Comments: 15

Most upvoted comments

Hi, updated the ticket with formatting and put the debug output into a github gist. let me know if you need any other information.

+2
hornet83 on Jan 24, 2023
Read more comments on GitHub
← terraform-provider-vsphere: rpc error when changing existing VMs network_interface
terraform-provider-vsphere: Terraform vsphere crashes on customization? →