I've been able to recreate your issue by denying access to the Internet from the container. Since you mention that you're able to access from the host machine. I'm wondering if there's something else involved - custom docker networking or a corporate network that detects and blocks traffic from workstation-hosted VMs or containers. I'd be interested what the response is if you 'docker exec' into the container and run curl to the terraform registry:
docker exec -it <container_id> /bin/sh
curl https://registry.terraform.io
John Smoker thank you John, I will give a try and update here, thanks for your response!
John Smoker Hi John, here is the exec result ..
C:Userszhengquann>docker exec -it c11303be7494 /bin/bash
bash-5.0# curl https://registry.terraform.io
curl: (60) SSL certificate problem: certificate is not yet valid
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
bash-5.0#
What do you suggest to check further?
Ni Zhengquan That looks like the clock on the machine that is hosting the container may be out of sync.
John Smoker Hi John, managed to solve the time sync problem by rebooting laptop, however when came to deploy Aviatrix Transit in AWS, hit another issue. is it because Terraform version mis-match?
Initializing the backend... Initializing provider plugins... - Checking for available provider plugins... - Downloading plugin for provider "aviatrix" (terraform-providers/aviatrix) 2.16.3... Warning: registry.terraform.io: For users on Terraform 0.13 or greater, this provider has moved to AviatrixSystems/aviatrix. Please update your source in required_providers.
Error verifying checksum for provider "aws" The checksum for provider distribution from the Terraform Registry did not match the source. This may mean that the distributed files were changed after this version was released to the Registry.
unable to verify checksum
Could not satisfy plugin requirements Plugin reinitialization required. Please run "terraform init". Plugins are external binaries that Terraform uses to access and manipulate resources. The configuration provided requires plugins which can't be located, don't satisfy the version constraints, or are otherwise incompatible. Terraform automatically discovers provider requirements from your configuration, including providers used in child modules. To see the requirements and constraints from each module, run "terraform providers".
provider.aviatrix: new or changed plugin executable
provider.aws: no suitable version installed version requirements: "(any version)" versions installed: none --> Failed to launch AWS transit, aborting.
Hi, I have a similar but not exact issue...
Been trying for hours to get the sandbox environment going... I've followed all the prerequisites and changed my AWS keys multiple times but no luck...
This is the error from the debug window.
Initializing modules... Initializing the backend... Initializing provider plugins... The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, it is recommended to add version = "..." constraints to the corresponding provider blocks in configuration, with the constraint strings suggested below. * provider.aws: version = "~> 3.36" * provider.http: version = "~> 2.1" Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. module.avtx_iam_role.data.http.iam_policy_ec2_role: Refreshing state... module.avtx_iam_role.data.http.iam_policy_assume_role: Refreshing state... module.avtx_controller_instance.data.http.avx_iam_id: Refreshing state... --> Controller launch failed, aborting.
error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid. status code: 403, request id: 18790cfb-1632-45a7-8533-dae3508fe40d on main.tf line 3, in provider "aws": 3: provider "aws" { --> Controller launch failed, aborting.
Please help!
Ni Zhengquan That is an odd error. From searching that error on the Internet, I'm not seeing anything that I would apply to your case. If you haven't tried removing and recreating the TF volume, I would do that to ensure you're operating from a fresh state since your initial issues.
Rudi Heydra That error, from aws, seem like a clear mismatch between the keys the tool is using and what you have configured in aws. Have you tried removing and recreating your TF volume?
Hi John...
Thanks for the quick response.
Nope... I haven't.
I wasn't aware... thanks for the heads up. What would the CLI command be?
Thanks heaps
Rudi Heydra Assuming you don't have any other containers you care about, you could do a:
docker stop $(docker ps -q --filter ancestor=aviatrix/sandbox-starter) && docker container prune -f && docker volume rm TF
Then, start again with:
docker volume create TF
docker run -v TF:/root -p 5000:5000 -d aviatrix/sandbox-starter
Sounds easy enough... thanks for the help. Love your work
John Smoker this did help solve my problem, excellent John, thank you so much!
Facing the failure again. this time is "failed to create a new Aviatrix Transit VPC", The maximum number of VPCs has been reached.
aviatrix_vpc.aws_transit_vpcs["aws_transit_vpc"]: Still creating... [30s elapsed] aviatrix_vpc.aws_spoke_vpcs["aws_spoke2_vpc"]: Still creating... [40s elapsed] aviatrix_vpc.aws_transit_vpcs["aws_transit_vpc"]: Still creating... [40s elapsed] aviatrix_vpc.aws_transit_vpcs["aws_transit_vpc"]: Still creating... [50s elapsed] aviatrix_vpc.aws_transit_vpcs["aws_transit_vpc"]: Still creating... [1m0s elapsed] aviatrix_vpc.aws_transit_vpcs["aws_transit_vpc"]: Still creating... [1m10s elapsed] Warning: Resource targeting is in effect You are creating a plan with the -target option, which means that the result of this plan may not represent all of the changes requested by the current configuration. The -target option is not for routine use, and is provided only for exceptional situations such as recovering from errors or mistakes, or when Terraform specifically suggests to use it as part of an error message. Warning: Applied changes may be incomplete The plan was created with the -target option in effect, so some changes requested in the configuration may have been ignored and the output values may not be fully updated. Run the following command to verify that no other changes are pending: terraform plan Note that the -target option is not suitable for routine use, and is provided only for exceptional situations such as recovering from errors or mistakes, or when Terraform specifically suggests to use it as part of an error message.
failed to create a new Aviatrix Transit VPC: Rest API create_custom_vpc Get failed: failed to create vpc 10.60.0.0/16, An error occurred (VpcLimitExceeded) when calling the CreateVpc operation: The maximum number of VPCs has been reached. on aviatrix_aws.tf line 7, in resource "aviatrix_vpc" "aws_transit_vpcs": 7: resource "aviatrix_vpc" "aws_transit_vpcs" {
failed to create a new VPC: Rest API create_custom_vpc Get failed: failed to create vpc 10.62.0.0/16, An error occurred (VpcLimitExceeded) when calling the CreateVpc operation: The maximum number of VPCs has been reached. on aviatrix_aws.tf line 19, in resource "aviatrix_vpc" "aws_spoke_vpcs": 19: resource "aviatrix_vpc" "aws_spoke_vpcs" { --> Failed to launch AWS transit, aborting.
Ni Zhengquan The default limit on VPCs per region in aws is 5. You'll either need to request that quota to be increased, or remove existing VPCs to allow room for the tool to create its VPCs.
John Smoker Hi
Thanks that worked and got everything work. However today I've been getting this error.
--> Generating SSH key for the controller... --> Done. --> OK. --> Now going to launch the controller. The public IP of the controller will be shared with Aviatrix for tracking purposes. --> The controller will be launched in us-east-1. Initializing modules... - avtx_controller_instance in aviatrix-controller-build - avtx_iam_role in aviatrix-controller-iam-roles Initializing the backend... Initializing provider plugins... - Checking for available provider plugins... --> Controller launch failed, aborting.
Registry service unreachable. This may indicate a network issue, or an issue with the requested Terraform Registry. Registry service unreachable. This may indicate a network issue, or an issue with the requested Terraform Registry.
registry service is unreachable, check https://status.hashicorp.com/ for status updates
registry service is unreachable, check https://status.hashicorp.com/ for status updates
Could not satisfy plugin requirements Plugin reinitialization required. Please run "terraform init". Plugins are external binaries that Terraform uses to access and manipulate resources. The configuration provided requires plugins which can't be located, don't satisfy the version constraints, or are otherwise incompatible. Terraform automatically discovers provider requirements from your configuration, including providers used in child modules. To see the requirements and constraints from each module, run "terraform providers".
provider.aws: no suitable version installed version requirements: "(any version)" versions installed: none
provider.http: no suitable version installed version requirements: "(any version)" versions installed: none --> Controller launch failed, aborting.
I've tried various aws development accounts but keep getting the same error.
Please advise.
Many thanks
Rudi
Rudi Heydra That appears to be either a network issue connecting to the terraform registry or could be, as was the case earlier in this thread, a time sync issue with your container host (which broke the tls connection with the terraform registry). Read above for instructions on how to test connectivity from inside the container and/or check the docker host's time settings.
John Smoker
I get this error while trying to spin up Aviatrix Sandbox Starter and really appreciate if you can help me. Thank you
error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid. status code: 403, request id: e3395de1-c2b3-43f0-90fb-564ffc39fd78 on main.tf line 3, in provider "aws": 3: provider "aws" { --> Controller launch failed, aborting
raj You're getting a 403 from the aws api when attempting to get an auth token. Either the credentials you're using aren't valid, or you're not using the one you think you are (and the credentials aren't valid). The latter can occur if you've added, then changed your credentials and the tool has cached the previous version. If that's the case, you can start over by removing the starter image and volume:
docker stop $(docker ps -q --filter ancestor=aviatrix/sandbox-starter) && docker container prune -f && docker volume rm TF
Then, start again with:
docker volume create TF
docker run -v TF:/root -p 5000:5000 -d aviatrix/sandbox-starter
Hi all,
I kept getting this error below. I have remove the docker entirely and create again but to no avail.
From the docker container, I was able to perform curl on https://terraform.io too. Any suggestions?
--> The controller will be launched in us-east-1. Initializing modules... - avtx_controller_instance in aviatrix-controller-build - avtx_iam_role in aviatrix-controller-iam-roles Initializing the backend... Initializing provider plugins... - Finding hashicorp/aws versions matching "~> 3.42.0"... - Finding latest version of hashicorp/http... - Installing hashicorp/http v2.1.0... - Installed hashicorp/http v2.1.0 (signed by HashiCorp) - Installing hashicorp/aws v3.42.0... - Installed hashicorp/aws v3.42.0 (signed by HashiCorp) Terraform has created a lock file .terraform.lock.hcl to record the provider selections it made above. Include this file in your version control repository so that Terraform can guarantee to make the same selections by default when you run "terraform init" in the future. Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. --> Controller launch failed, aborting.
Could not load plugin │ │ │ Plugin reinitialization required. Please run "terraform init". │ │ Plugins are external binaries that Terraform uses to access and manipulate │ resources. The configuration provided requires plugins which can't be │ located, │ don't satisfy the version constraints, or are otherwise incompatible. │ │ Terraform automatically discovers provider requirements from your │ configuration, including providers used in child modules. To see the │ requirements and constraints, run "terraform providers". │ │ failed to instantiate provider "registry.terraform.io/hashicorp/aws" to │ obtain schema: Unrecognized remote plugin
I managed to get it installed successfully. Due to multiple attempts, there are some configurations created in AWS. Deleted them based on Aviatriax Sandbox debug. Tried the whole setup again. It works today.