Error: fly wireguard tunnel must be open

[BertBR]

I'm facing the following error when trying to run terraform apply

Error: fly wireguard tunnel must be open
│ 
│   with fly_machine.machine,
│   on main.tf line 31, in resource "fly_machine" "machine":
│   31: resource "fly_machine" "machine" {

Does anyone already get it ?

[kotx]

To communicate with the Fly Machines API (which is what the Terraform provider does), you must open a WireGuard tunnel or proxy the API through the CLI.

[hb9cwp]

This new, additional requirement is a problem as soon as DevOps teams want to use Terraform Cloud (TFC) which hosts shared Terraform state, CI/CD workflows, and secrets on HashiCorp Cloud Platform (HCP).

@DAlperin is aware, see #31 and #42.

[DAlperin]

Yeah, this problem is partially out of my control. The good news is that it seems like the machines API won't require the tunnel for too much longer. Unfortunately I can't give a timeline but I'll keep you all updated.

[chronark]

After opening the tunnel I am greeted with another error

│ Error: Failed to create machine
│ 
│   with fly_machine.latency["fra"],
│   on fly.tf line 6, in resource "fly_machine" "latency":
│    6: resource "fly_machine" "latency" {
│ 
│ Create request failed: 422 Unprocessable Entity, &{ID: Name: State: Region:
│ InstanceID: PrivateIP: Config:{Env:map[] Init:{Entrypoint:[] Cmd:[]} Image:
│ Metadata:<nil> Restart:{Policy:} Services:[] Mounts:[] Guest:{CPUKind: Cpus:0
│ MemoryMb:0}} ImageRef:{Registry: Repository: Tag: Digest: Labels:{}}
│ CreatedAt:0001-01-01 00:00:00 +0000 UTC}

Here's my configuration

resource "fly_app" "latency" {
  name = "andreas-latency"
  org   = "upstash-monitoring"
}

resource "fly_machine" "latency" {
  for_each = var.fly_regions
  app      = fly_app.latency.id
  name     = "latency-${each.value}"
  region   = each.value
  image = "chronark/fly-latency"

  env = {
    REDIS_URL = var.fly_redis_url
    RESULTS_REDIS_URL = var.fly_results_redis_url

  }

  services = [
    {
      ports = [
        {
          port     = 443
          handlers = ["tls", "http"]
        },
        {
          port     = 80
          handlers = ["http"]
        }
      ]
      "protocol" : "tcp",
      "internal_port" : 80
    },
    {
      ports = [
        {
          port     = 8080
          handlers = ["tls", "http"]
        },
        {
          port     = 8081
          handlers = ["http"]
        }
      ]
      "protocol" : "tcp",
      "internal_port" : 8089
    }
  ]

}

[hb9cwp]

I am seeing a very similar problem now, for an example that worked fine last weekend using fly-apps/fly v0.0.12 then, that fails now using both v0.0.12 and v0.0.14 (latest), tryed in FRA and AMS as well:

fly_machine.exampleMachine: Creating...
╷
│ Error: Failed to create machine
│ 
│   with fly_machine.exampleMachine,
│   on flyMachineHello.tf line 82, in resource "fly_machine" "exampleMachine":
│   82: resource "fly_machine" "exampleMachine" {
│ 
│ Create request failed: 422 Unprocessable Entity, &{ID: Name: State: Region: InstanceID: PrivateIP: Config:{Env:map[]
│ Init:{Entrypoint:[] Cmd:[]} Image: Metadata:<nil> Restart:{Policy:} Services:[] Mounts:[] Guest:{CPUKind: Cpus:0
│ MemoryMb:0}} ImageRef:{Registry: Repository: Tag: Digest: Labels:{}} CreatedAt:0001-01-01 00:00:00 +0000 UTC}
╵

[DAlperin]

To anyone who is still interested in this, see this comment about the new beta internal tunnel: https://github.com/fly-apps/terraform-provider-fly/issues/42#issuecomment-1251818202

[andrewbaxter]

Would it be possible to add a note to the docs? https://registry.terraform.io/providers/fly-apps/fly/latest/docs

Right now the tunnel requirement isn't mentioned, and the useinternaltunnel variable is also undocumented.

A quick note saying a tunnel is necessary to access the api and listing the two options would be great.