Failed to install provider - net/http: TLS handshake timeout

Avatar
Patrick Munne
  • Updated

Problem

When starting a run in a Terraform Enterprise workspace, the run fails to install a third-party provider with a net/http: TLS handshake timeout error.

│ Error: Failed to install provider
│ 
│ Error while installing some/third-party-provider v1.3.1: github.com: Get
│ "https://objects.githubusercontent.com/github-production-release-ass
│ et-xxxxxx/220481523/dd51f8bb-9806-4f14-815f.....":
│ net/http: TLS handshake timeout

Prerequisites

  • Terraform Enterprise running on Google Cloud Platform (GCP).

Cause

This issue typically occurs with third-party providers hosted on GitHub when the Maximum Transmission Unit (MTU) settings for Docker on the GCP instance are not configured correctly. GCP requires an MTU of 1460. Some Docker networks used by Terraform Enterprise may not have this setting applied by default.

You can verify the MTU settings for the relevant Docker networks by running the following commands.

$ docker network inspect tfe_services
$ docker network inspect tfe_terraform_isolation

An incorrect configuration will show empty options in the output.

... 
"Options": {}, 
"Labels": {}
...

A correct configuration will specify the MTU value.

... 
"Options": { "com.docker.network.driver.mtu": "1460"}, 
"Labels": {}
...

Solution

To resolve this issue, you must configure the Docker daemon on the Terraform Enterprise instance to use an MTU of 1460.

  1. Create or edit the Docker daemon configuration file at /etc/docker/daemon.json.

  2. Add the following content to the file.

    {
  "mtu": 1460
}
  3. Restart the Docker daemon for the changes to take effect. The command to restart Docker may vary depending on your operating system (e.g., sudo systemctl restart docker).

For more details, refer to the official network configuration documentation.

For additional steps related to custom Docker networks that Terraform Enterprise may use, see the MTU Configuration for Custom Networks KB article.

Outcome

After applying the MTU configuration and restarting Docker, Terraform Enterprise will be able to download and install third-party providers from GitHub without a TLS handshake timeout.

Additional Information

Articles in this section

See more

Related articles