[ BUG ] - Some time to time, API returns Service unavailable

[mldmld68]

Describe the bug From time to time, we get Service unavailable issue from the Wallix API

• Installed wallix/wallix-bastion v0.12.2 (self-signed, key ID ,A5B491EF453DFE8C) wallix-bastion_device_localdomain_account.rdp_account[0]: Destroying... [id=xxxx] wallix-bastion_device_localdomain_account.rdp_account[0]: Destruction complete after 0s wallix-bastion_device_localdomain_account.rdp_account[0]: Creating... wallix-bastion_device_localdomain_account.rdp_account[0]: Creation complete after 2s [id=1xxxx] wallix-bastion_targetgroup.group-rdp[0]: Creating... wallix-bastion_targetgroup.group-rdp[0]: Creation complete after 2s [id=xxxxx] wallix-bastion_authorization.auth-rdp[0]: Creating... wallix-bastion_authorization.auth-rdp[0]: Creation complete after 1s [id=xxxxx] wallix-bastion_device_localdomain_account_credential.account_credential-rdp[0]: Creating... wallix-bastion_device_localdomain_account_credential.account_credential-rdp[0]: Still creating... [10s elapsed] wallix-bastion_device_localdomain_account_credential.account_credential-rdp[0]: Still creating... [20s elapsed] wallix-bastion_device_localdomain_account_credential.account_credential-rdp[0]: Still creating... [30s elapsed]

Error: sending http request: Get "https://xxxxxxxx:443/api/v3.3/devices/xxxxx: Service Unavailable │ │ with wallix-bastion_device_localdomain_account_credential.account_credential-rdp[0], │ on tbr.tf line 525, in resource "wallix-bastion_device_localdomain_account_credential" "account_credential-rdp": │ 525: resource "wallix-bastion_device_localdomain_account_credential" "account_credential-rdp" {

To Reproduce Play terraform multiple time

Expected behavior No Service unavailable error

Desktop (please complete the following information):

• Version Terraform v1.2.8, plugin 0.12.2
• OS : Rocky 9 running a Docker container in Rocky 9 too which run terraform in a Gitlab job

[bsimonWallix]

Hi @mldmld68, what version of bastion do you use ? This is not an issue on terraform provider but on the targeted bastion host.

You may want to set the logs as debug on the bastion and check syslog to see what is happening.

[mldmld68]

Hi, we expericing very high failure rate. The version of Wallix is "wab_complete_version": "8.0 hotfix 15 (build 19; 2022-10-14)" We have many devices and groups.

[mldmld68]

I made some tests using curl as the url of the failed requests are shown by the wallix terraform provider. I notice such a request can take between 1 and up to 30 seconds. date https://wallixhost/api/v3.3/usergroups/19082ad9fb0de97f42010a90787c date

What is the timeout set in the Wallix terraform provider ? I did not see it.

[bsimonWallix]

This timeout is not linled to to terraform provider but seems linked to the API handling on your bastion. It seems to be an old release. From version 8 we made a lot of change regarding API performance.

[bsimonWallix]

You can change timeout by ressource call on terraform script but this meeans we need to adapt resources endpoints.

timeouts { create = "1h30m" update = "2h" delete = "20m" }

https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts

[denis-machard]

Hi @mldmld68, I observed the same behavior on my side with provider terraform. I believe it's due to the number of parallel connections per IP being enabled (Bastion 10.0 Hotfix 5). I changed the number of connections settings in the menu System > Service Control, and the problem disappeared. Denis

[mldmld68]

Hello, finally we figured out this issue. It was related to proxy settings. The no_proxy variable was incorrect. Thank all

[bsimonWallix]

Thanks for the info. I was getting nuts trying to reproduce :p