=== frankban|afk is now known as frankban | ||
magicaltrout | random question of the day | 13:47 |
---|---|---|
magicaltrout | has anyone seen juju ssh route them to the wrong box? | 13:47 |
wpk | nope, and there's host key check to make sure it doesn't happen | 13:51 |
magicaltrout | something funky is happening because if i run juju ssh 0 | 13:52 |
magicaltrout | i go to a remote node | 13:52 |
magicaltrout | if i run juju ssh 1,2 or 3 | 13:52 |
magicaltrout | I loop back to my controller node | 13:52 |
magicaltrout | hrm | 13:53 |
wpk | magicaltrout: what does juju --debug ssh 0 says? | 13:53 |
wpk | s/0/1/ ofc | 13:54 |
magicaltrout | er well | 13:56 |
magicaltrout | using 1 didn't fail that time but 2 did | 13:56 |
magicaltrout | using target "2" address "172.17.0.1" | 13:57 |
magicaltrout | but thats a local docker interface | 13:57 |
magicaltrout | and juju status shows the #2 machine as being 10.10.1.81 | 13:57 |
wpk | juju show-machine 2 ? | 13:57 |
magicaltrout | ip-addresses: 10.10.1.81, 10.1.100.0, 10.1.100.1.... 172.17.0.1 | 13:58 |
magicaltrout | instance-id: manual: 10.10.1.81 | 13:58 |
wpk | With --debug enabled is it checking host keys? And finding a proper key? | 13:59 |
magicaltrout | https://gist.github.com/buggtb/04efdbd34493984069026810a23227ff | 14:00 |
magicaltrout | and that loops me right back to the machine i'm on | 14:00 |
magicaltrout | and logs me in | 14:00 |
wpk | and if you ssh into the machine manually? | 14:01 |
wpk | could you see how ip a looks like? | 14:01 |
magicaltrout | well its external ip is 10.10.1.81 | 14:02 |
magicaltrout | it also has a docker internal net on 172.17.0.1 | 14:02 |
magicaltrout | its just a manual CDK deployment | 14:02 |
wpk | and 172.17.0.1 appears also on the machine you're on? | 14:03 |
magicaltrout | isn't 172.17.0.1 on ever machine docker is ever installed on? | 14:03 |
magicaltrout | its on my latop for example | 14:03 |
wpk | magicaltrout: can you try newer juju? 2.2? | 14:06 |
wpk | magicaltrout: in 2.2 we're checking for host keys on all the possible interfaces, and only connecting to the ones that provide the proper key | 14:06 |
magicaltrout | can i snap change it somehow? | 14:07 |
wpk | magicaltrout: in 2.0 the machine is reporting 172.17.0.1 as its address, so we try to connect to it. And since it's localhost it's likely it's going to 'win the race'. | 14:07 |
magicaltrout | bonus | 14:07 |
magicaltrout | ah yeah 2.2 does work wpk | 14:13 |
magicaltrout | thanks | 14:13 |
magicaltrout | that had me utterly baffled | 14:13 |
wpk | magicaltrout: could you paste juju --debug ssh 2 somewhere? I wonder how it looks like | 14:13 |
magicaltrout | new or old? | 14:13 |
wpk | new one | 14:14 |
magicaltrout | https://gist.github.com/buggtb/5a9d1708dd0ee59ea11a806dbf1c6e8a | 14:14 |
wpk | Thanks | 14:25 |
magicaltrout | wpk: i lied | 15:15 |
magicaltrout | check this treat | 15:15 |
magicaltrout | https://gist.github.com/buggtb/d85fbf00cd45c9e3b72251dd3fc619e4 | 15:15 |
magicaltrout | thats absolutely amazing :) | 15:17 |
magicaltrout | basically you can't run docker on the same machine as a juju controller | 15:18 |
magicaltrout | without it looping back in | 15:18 |
magicaltrout | fml | 15:18 |
magicaltrout | well | 15:19 |
magicaltrout | i can change the default docker0 ip i guess that'll stop it for now | 15:19 |
wpk | magicaltrout: ok, that's a serious bug | 15:31 |
wpk | magicaltrout: could you do ssh-keyscan 172.17.0.1 10.10.1.81 ? | 15:35 |
magicaltrout | wpk: https://gist.github.com/buggtb/6b9a4fd460aa2ba84284c3ec847808f5 | 15:37 |
wpk | there's no output for 172.17.0.1? | 15:38 |
wpk | try just ssh-keyscan 172.17.0.1 | 15:38 |
magicaltrout | i have realised part of the problem | 15:40 |
magicaltrout | there is an ubuntu user locally which allows ssh loopback access to the jujucontroller user I have | 15:40 |
magicaltrout | which is non-standard I accept :) | 15:40 |
magicaltrout | so usually you wouldn't be able to login to yourself | 15:40 |
magicaltrout | that said, its still a bit weird how the docker interface gets preferential treatment over the interfaces you've declared | 15:41 |
wpk | it's the fastest one | 15:42 |
wpk | since both 172.17.0.1 and 10.10.1.81 are in private space | 15:42 |
wpk | we wouldn't know anything about docker, ip is an ip | 15:43 |
wpk | hm, but still it shouldn't validate the host key on both IPs | 15:48 |
=== frankban is now known as frankban|afk | ||
ryebot | Where can I find documentation for bootstrapping & adding units in an egress-restricted environment? | 20:59 |
bdx | elasticsearch-peeps: http://paste.ubuntu.com/25825991/ | 22:04 |
bdx | :0 | 22:04 |
lazyPower | nice | 22:06 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!