Unable to use password authentification in Linux environment

Question

Unable to use password authentification in Linux environment

Closed this issue a year ago · 3 comments

Terraform CLI and Provider Versions

Terraform v1.5.3
on linux_amd64

provider registry.terraform.io/hashicorp/dns v3.3.2

Terraform Configuration

terraform {
  required_providers {
    dns = {
      source = "hashicorp/dns"
    }
  }
}

variable "zone" {
  description = "DNS zone"
  type        = string
}

variable "compute_instances" {
  description = "Compute instances"
  type = map(object({
    ip_address         = string
    create_dns_records = optional(bool)
  }))
  default = {}
}

resource "dns_a_record_set" "this" {
  for_each = { for instance_name, instance in var.compute_instances :
  instance_name => instance if instance.create_dns_records }
  zone      = var.zone
  name      = each.key
  addresses = [each.value.ip_address]
}

Expected Behavior

DNS records will be created as per configs

Actual Behavior

terraform plan shows that new dns records will be created, so as expected
terraform apply works as expected in Windows 10, but fails in Linux environments (Ubuntu 22.04):

│ Error: Error updating DNS record: error negotiating GSS context: 2 errors occurred:
│       * KRB5_CONFIG: not found
│       * stat /etc/krb5.conf: no such file or directory

It's not really clear why it tries to open /etc/krb5.conf while DNS_UPDATE_PASSWORD is set and DNS_UPDATE_KEYTAB is unset?

Steps to Reproduce

Export env variables:

export DNS_UPDATE_SERVER="dns-server.example.net"
export DNS_UPDATE_REALM="EXAMPLE.NET"
export DNS_UPDATE_USERNAME="username"
export DNS_UPDATE_PASSWORD="XXXXXXXXXXXXXXXX"

terraform plan -out plan
terraform apply plan

How much impact is this issue causing?

High

Logs

No response

Additional Information

No response

Code of Conduct

I agree to follow this project's Code of Conduct

Answer 1 · 2024-03-27T13:54:44.000Z

@ilgiznurgaliev How did you fix this?

Answer 2 · 2024-03-31T08:00:40.000Z

@ilgiznurgaliev How did you fix this?

Created /etc/krb5.conf manually with content like below:

[libdefaults]
default_realm = EXAMPLE.COM

[realms]
EXAMPLE.COM = {
  kdc = kdc01.example.com
  kdc = kdc02.example.com
}

[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM

After that it works with no any issues.

Answer 3 · 2024-05-22T23:51:16.000Z

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.