Please bump gomaasapi and gomaasclient to avoid TLS errors in the terraform provider

Development
1

Concise Summary

When using terraform plan and the MaaS provider when TLS is enabled on the MaaS controllers, you will eventually run into

│ Error: Get "https://$REGION_CONTROLLER:5443/MAAS/api/2.0/machines/cacxen/": net/http: cannot rewind body after connection loss

This is fixed in https://github.com/juju/gomaasapi/commit/fee803278897a7853e3a41e3c04d3f6267a731f2, but the terraform provider hasn’t pulled in that dependency yet

Version and Build

MaaS:

# snap list maas
Name  Version                  Rev    Tracking    Publisher   Notes
maas  3.3.0-13159-g.1c22f7beb  25850  3.3/stable  canonical✓  -

terraform-maas-provider:

terraform-provider-maas $ git rev-parse HEAD
927857f308537f27fa42c49ab4eb0cfc9697206f

CLI, UI, or API?

API

How to reproduce

  • Enable TLS on your MaaS controller

  • Have a terraform file with data resources, the more the better.

  • Run terraform plan, during the state refresh and data reads, you’ll see some of them take more than a couple of seconds

module.maas-glue.maas_instance.fasrc_cluster_group["holy2a10303"]: Refreshing state... [id=4nymfg]
module.maas-glue.maas_instance.fasrc_cluster_group["holy2a10311"]: Refreshing state... [id=swa43k]
module.maas-glue.maas_instance.fasrc_cluster_group["holy2c02312"]: Refreshing state... [id=bb4axy]
module.maas-glue.maas_instance.fasrc_cluster_group["holy2c02311"]: Refreshing state... [id=eqd7mq]
module.maas-glue.data.maas_subnet.subnet_2476: Still reading... [10s elapsed]
module.maas-glue.maas_instance.fasrc_cluster_group["holy2c04308"]: Refreshing state... [id=t3nr8x]

Eventually there will be a failure:

Error: Get "https://$REGION_CONTROLLER:5443/MAAS/api/2.0/subnets/": net/http: cannot rewind body after connection loss
│
│   with module.maas-glue.data.maas_subnet.subnet_2476,
│   on ../modules/maas-glue/lookups.tf line 17, in data "maas_subnet" "subnet_2476":
│   17: data "maas_subnet" "subnet_2476" {
│
╵
╷
│ Error: Get "https://$REGION_CONTROLLER:5443/MAAS/api/2.0/fabrics/0/vlans/": net/http: cannot rewind body after connection loss
│
│   with module.maas-glue.data.maas_vlan.vlan_2476,
│   on ../modules/maas-glue/lookups.tf line 34, in data "maas_vlan" "vlan_2476":
│   34: data "maas_vlan" "vlan_2476" {
│

I don’t see any errors in the http log:

[root@holy-maas-region01 http]# pwd
/var/snap/maas/common/log/http
[root@holy-maas-region01 http]# grep subnets ./* | egrep '(02/15)|(15/Feb)' | tail -30
./access.log:10.242.106.144 - - [15/Feb/2023:10:57:16 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:10:57:23 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:10:57:23 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:10:57:25 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:10:57:33 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:10:57:37 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:10:57:41 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:10:57:51 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:10:57:54 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:10:57:56 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:10:58:30 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:10:59:15 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:11:00:38 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:11:12:31 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:11:12:31 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:11:12:36 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:11:12:36 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:11:12:36 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:11:12:36 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:11:13:26 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:11:13:26 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.242.106.144 - - [15/Feb/2023:11:13:27 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.255.12.58 - - [15/Feb/2023:11:28:05 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.255.12.58 - - [15/Feb/2023:11:28:05 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.255.12.58 - - [15/Feb/2023:11:28:05 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.255.12.58 - - [15/Feb/2023:11:28:10 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.255.12.58 - - [15/Feb/2023:11:29:43 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.255.12.58 - - [15/Feb/2023:11:29:43 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.255.12.58 - - [15/Feb/2023:11:29:44 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"
./access.log:10.255.12.58 - - [15/Feb/2023:11:29:44 -0500] "GET /MAAS/api/2.0/subnets/ HTTP/2.0" 200 6756 "-" "Go-http-client/2.0"

it seems like the Juju folks hit this and fixed it. It can be fixed in the terraform provider by bumping versions :slight_smile:

2

I have also verified the fix works, but I had to do hacky replace directives in the go.mod, then push that build onto the box I’m running terraform

3

Hi @thomsley,

can you confirm that you are using the official terraform provider?

We don’t use the juju maas client in the supported provider.

4

Hi @alexsander-souza,

I can! .git/config says my remote is https://github.com/maas/terraform-provider-maas

I’m new to golang, it seems like terraform-provider-maas doesn’t depend on juju maas client, but it depends onjuju/gomaasapi, which has a fix the problem I’m having with TLS.

I’m asking if you can:

Sorry for the confusion, thanks for the patience!

Edit: something like this https://github.com/maas/gomaasclient/commit/fef3c32b97a8c35945398ad6895ad75a161fdd2e

5

Tracking this at https://github.com/maas/terraform-provider-maas/issues/44

1 Like
6

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.