Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terraform Plan hangs when using the TLS URI #1155

Open
1 of 5 tasks
jgooge opened this issue Feb 24, 2025 · 0 comments · May be fixed by #1156
Open
1 of 5 tasks

Terraform Plan hangs when using the TLS URI #1155

jgooge opened this issue Feb 24, 2025 · 0 comments · May be fixed by #1156

Comments

@jgooge
Copy link

jgooge commented Feb 24, 2025
edited
Loading

System Information

Linux distribution

RHEL 9.5

Terraform version

terraform -v
Terraform v1.5.7
on darwin_arm64

Provider and libvirt versions

terraform-provider-libvirt - 0.8.1
libvirt - 10.5.0

Checklist

  • Is your issue/contribution related with enabling some setting/option exposed by libvirt that the plugin does not yet support, or requires changing/extending the provider terraform schema?

    • Make sure you explain why this option is important to you, why it should be important to everyone. Describe your use-case with detail and provide examples where possible.
    • If it is a very special case, consider using the XSLT support in the provider to tweak the definition instead of opening an issue
    • Maintainers do not have expertise in every libvirt setting, so please, describe the feature and how it is used. Link to the appropriate documentation

  • Is it a bug or something that does not work as expected? Please make sure you fill the version information below:

Description of Issue/Question

I’m encountering an issue with Terraform’s libvirt provider when using a TLS-enabled URI (e.g., qemu+tls://node.example.com/system). Terraform hangs indefinitely when running apply or plan. In contrast, the SSH URI works without any problems.

Setup

Terraform is executed from macbook (certs located in ~/.pki/libvirt).

main.tf

terraform {
  required_providers {
    libvirt = {
      source = "dmacvicar/libvirt"
      version = "0.8.1"
    }
  }
}

provider "libvirt" {
  uri = "qemu+tls://node.example.com/system"
} 

resource "libvirt_domain" "terraform_test" {
  name = "terraform_test"
}

Steps to Reproduce Issue

  • Set up CA certificates on the host running libvirt. Since my host is an IPA client, I added a service, generated certificates, and placed them in the expected libvirt paths.

  • Store client certs on macbook in ~/.pki/libvirt

  • Verify access to libvirt node:

    virsh -c qemu+tls://node.example.com/system list

    If successful, you should something like this (my host has no domains):

     Id   Name   State
--------------------

  • Create aforementioned main.tf then run:

    terraform init
TF_LOG=TRACE terraform plan

Additional information:

Do you have SELinux or Apparmor/Firewall enabled? Some special configuration? Have you tried to reproduce the issue without them enabled?

  • Firewall and SELinux were disabled in the process of debugging
  • RHEL 9+ now uses modular libvirt daemons instead of the monolithic libvirt daemon by default. Not sure if that's related.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@jgooge