Can't apply terraform through OctopusDeploy with AzureRM backend through proxy

stuart.robinson-vyas · 14 September 2018 16:00

am trying to use the OctopusDeploy terraform apply step to generate my infrastructure using an AzureRM backend. The backend is set up and works from my computer.

When I try it from OctoopusDeploy it doesn’t seem to be able to get through the Proxy - which is an authenticating proxy.

I’ve got the proxy set up in OctopusDeploy (and the packages are fed from a NuGet feed which comes through the proxy) and I have HTTP_PROXY and HTTPS_PROXY set in the system environment variables. The Octopus service is running as a user that has permissions to use the internet through the proxy

Here’s the output:

Info    Extracting package: C:\Octopus\OctopusServer\PackageCache\feeds-app-hub\TF_AppHub@S1.1.35248@7308A1964B1A0D48AF04BB90C9FBB55D.nupkg 
Info    terraform.exe init -no-color -input=false -get-plugins=true -backend-config= access_key=<acc_key>
Info    Initializing the backend... 
Info    Successfully configured the backend "azurerm"! Terraform will automatically use this backend unless the backend configuration changes. 
Error    Error refreshing state: Get https://<storage_acc>.blob.core.windows.net/modules/dev2.terraform.tfstate: proxyconnect tcp: EOF 
Fatal    The remote script failed with exit code 1 
Fatal    The action Create Infrastructure on the Octopus Server failed

I have also asked this question here: https://stackoverflow.com/questions/52335479/cant-apply-terraform-through-octopusdeploy-with-azurerm-backend-through-proxy

John_Simons · 17 September 2018 03:36

Hi Stuart,

There is definitely something not right with the proxy setup.

I have reviewed this part of the code and it seems we are using the proxy configured on the Octopus Server ( see https://octopus.com/docs/api-and-integration/octopus.server.exe-command-line/proxy ) or Octopus Tentacle if you are using an external worker ( see https://octopus.com/docs/api-and-integration/tentacle.exe-command-line/proxy ), so is this the way you have configured your proxy?

Regards
John

John_Simons · 17 September 2018 03:39

Hi Stuart,

Me again!
I should have also mentioned that the Terraform step should actually be checking whether the HTTP_PROXY/S environment variables are already set or not and use those values if they exist, unfortunately we are not doing that right now, in other steps we do this.

I will raise an issue to fix this step so it is consistent with the other ones.

Regards
John

Andrew_O_Hara · 21 September 2018 04:10

Having a similar issue with terraform failing when connecting via proxy. The proxy logs don’t show traffic reaching it so looks like the proxy setting on Octopus isn’t being used. The proxy is set for both Octopus server and Tentacle

11:27:36 Info | Initializing the backend…
11:27:36 Info | Successfully configured the backend “azurerm”! Terraform will automatically
11:27:36 Info | use this backend unless the backend configuration changes.
11:27:38 Error | Error refreshing state: Get https://.blob.core.windows.net/testtfstate/test.terraform.tfstate: proxyconnect tcp: dial tcp: lookup http: no such host

benpearce · 24 September 2018 05:46

Hi Andrew,

I have raised an issue for the proxy support in the Terraform steps here.

There is already a fix waiting to ship, so it should be fixed in the next patch release. Feel free to monitor the issue to be notified.

Regards
Ben

stuart.robinson-vyas · 5 October 2018 08:03

Fantastic, I will apply 2018.8.7 and try again. Thanks for the support