search

microsoft / azure-pipelines-terraform

Azure Pipelines tasks for installing Terraform and running Terraform commands in a build or release pipeline.
MIT License
107 stars 66 forks source link

kex_exchange_identification error #251

Closed ioanbo closed 1 month ago

ioanbo commented 1 month ago

We are using azure cloud container apps jobs as DevOsp agents and we are experiencing this error without a pattern.

Could not download module "usecase_rg" (module.tf:3) source code from
│ "git::ssh://git@ssh.dev.azure.com/v3/org/project_modules/azurerm_resource_group?ref=v1.3.2":
│ error downloading
│ 'ssh://git@ssh.dev.azure.com/v3/org/project_modules/azurerm_resource_group?ref=v1.3.2':
│ /usr/bin/git exited with 128: Cloning into
│ '.terraform/modules/usecase_rg'...
│ kex_exchange_identification: Connection closed by remote host
│ Connection closed by 40.74.28.9 port 22
│ fatal: Could not read from remote repository.
│ 
│ Please make sure you have the correct access rights
│ and the repository exists.

This is our task in the pipeline: 

- task: TerraformTaskV4@4
        displayName: Terraform Init
        inputs:
          provider: 'azurerm'
          command: 'init'
          workingDirectory: '$(Agent.BuildDirectory)/src/${{ parameters.root_directory }}'
          backendServiceArm: ${{ parameters.service_connection_name }}
          backendAzureRmResourceGroupName: ${{ parameters.backend_resource_group }}
          backendAzureRmStorageAccountName: ${{ parameters.backend_storage_accountname }}
          backendAzureRmContainerName: ${{ parameters.container_name }}
          backendAzureRmKey: "$(Build.Repository.Name)/smoke_test_${{ variables.project_name }}_${{ variables.environment }}.tfstate"
        env:
          ARM_USE_AZUREAD: true

We validated that the FW it's not blocking the 40.74.28.0/23 west Europe devops ip's. We can execute this task 5 -15 times and no error, and we can execute this 3 times and will fail 1 or 2 times.

A ticket is opened with DevOps support but after 2 weeks no luck on solving this, they suggested to open an issue here.

mericstam commented 1 month ago

This is not something the terraform extension in azure devops control. I would check with azure team that manages container apps. please check this for contact info: https://github.com/microsoft/azure-container-apps.

Br Manuel