[13:47] <magicaltrout> random question of the day
[13:47] <magicaltrout> has anyone seen juju ssh route them to the wrong box?
[13:51] <wpk> nope, and there's host key check to make sure it doesn't happen
[13:52] <magicaltrout> something funky is happening because if i run juju ssh 0
[13:52] <magicaltrout> i go to a remote node
[13:52] <magicaltrout> if i run juju ssh 1,2 or 3
[13:52] <magicaltrout> I loop back to my controller node
[13:53] <magicaltrout> hrm
[13:53] <wpk> magicaltrout: what does juju --debug ssh 0 says?
[13:54] <wpk> s/0/1/ ofc
[13:56] <magicaltrout> er well
[13:56] <magicaltrout> using 1 didn't fail that time but 2 did
[13:57] <magicaltrout> using target "2" address "172.17.0.1"
[13:57] <magicaltrout> but thats a local docker interface
[13:57] <magicaltrout> and juju status shows the #2 machine as being 10.10.1.81
[13:57] <wpk> juju show-machine 2 ?
[13:58] <magicaltrout> ip-addresses: 10.10.1.81, 10.1.100.0, 10.1.100.1.... 172.17.0.1
[13:58] <magicaltrout> instance-id: manual: 10.10.1.81
[13:59] <wpk> With --debug enabled is it checking host keys? And finding a proper key?
[14:00] <magicaltrout> https://gist.github.com/buggtb/04efdbd34493984069026810a23227ff
[14:00] <magicaltrout> and that loops me right back to the machine i'm on
[14:00] <magicaltrout> and logs me in
[14:01] <wpk> and if you ssh into the machine manually?
[14:01] <wpk> could you see how ip a looks like?
[14:02] <magicaltrout> well its external ip is 10.10.1.81
[14:02] <magicaltrout> it also has a docker internal net on 172.17.0.1
[14:02] <magicaltrout> its just a manual CDK deployment
[14:03] <wpk> and 172.17.0.1 appears also on the machine you're on?
[14:03] <magicaltrout> isn't 172.17.0.1 on ever machine docker is ever installed on?
[14:03] <magicaltrout> its on my latop for example
[14:06] <wpk> magicaltrout: can you try newer juju? 2.2?
[14:06] <wpk> magicaltrout: in 2.2 we're checking for host keys on all the possible interfaces, and only connecting to the ones that provide the proper key
[14:07] <magicaltrout> can i snap change it somehow?
[14:07] <wpk> magicaltrout: in 2.0 the machine is reporting 172.17.0.1 as its address, so we try to connect to it. And since it's localhost it's likely it's going to 'win the race'.
[14:07] <magicaltrout> bonus
[14:13] <magicaltrout> ah yeah 2.2 does work wpk
[14:13] <magicaltrout> thanks
[14:13] <magicaltrout> that had me utterly baffled
[14:13] <wpk> magicaltrout: could you paste juju --debug ssh 2 somewhere? I wonder how it looks like
[14:13] <magicaltrout> new or old?
[14:14] <wpk> new one
[14:14] <magicaltrout> https://gist.github.com/buggtb/5a9d1708dd0ee59ea11a806dbf1c6e8a
[14:25] <wpk> Thanks
[15:15] <magicaltrout> wpk: i lied
[15:15] <magicaltrout> check this treat
[15:15] <magicaltrout> https://gist.github.com/buggtb/d85fbf00cd45c9e3b72251dd3fc619e4
[15:17] <magicaltrout> thats absolutely amazing :)
[15:18] <magicaltrout> basically you can't run docker on the same machine as a juju controller
[15:18] <magicaltrout> without it looping back in
[15:18] <magicaltrout> fml
[15:19] <magicaltrout> well
[15:19] <magicaltrout> i can change the default docker0 ip i guess that'll stop it for now
[15:31] <wpk> magicaltrout: ok, that's a serious bug
[15:35] <wpk> magicaltrout: could you do ssh-keyscan 172.17.0.1 10.10.1.81 ?
[15:37] <magicaltrout> wpk: https://gist.github.com/buggtb/6b9a4fd460aa2ba84284c3ec847808f5
[15:38] <wpk> there's no output for 172.17.0.1?
[15:38] <wpk> try just ssh-keyscan 172.17.0.1
[15:40] <magicaltrout> i have realised part of the problem
[15:40] <magicaltrout> there is an ubuntu user locally which allows ssh loopback access to the jujucontroller user I have
[15:40] <magicaltrout> which is non-standard I accept :)
[15:40] <magicaltrout> so usually you wouldn't be able to login to yourself
[15:41] <magicaltrout> that said, its still a bit weird how the docker interface gets preferential treatment over the interfaces you've declared
[15:42] <wpk> it's the fastest one
[15:42] <wpk> since both 172.17.0.1 and 10.10.1.81 are in private space
[15:43] <wpk> we wouldn't know anything about docker, ip is an ip
[15:48] <wpk> hm, but still it shouldn't validate the host key on both IPs
[20:59] <ryebot> Where can I find documentation for bootstrapping & adding units in an egress-restricted environment?
[22:04] <bdx> elasticsearch-peeps: http://paste.ubuntu.com/25825991/
[22:04] <bdx> :0
[22:06] <lazyPower> nice