mini-lab icon indicating copy to clipboard operation
mini-lab copied to clipboard

Published 20 hours ago verified publisher icon metal-stack

Headscale support

Open GrigoriyMikhalkin opened this issue 3 years ago • 11 comments

GrigoriyMikhalkin avatar Sep 13 '22 14:09 GrigoriyMikhalkin

Looks good now. We will now wait for the metal-images PR to be merged, adapt the image URL and then we can merge.

Gerrit91 avatar Sep 14 '22 09:09 Gerrit91

This should be mergeable now? @Gerrit91

mwindower avatar Oct 06 '22 15:10 mwindower

Requires next release of metal-images and pinning or changing to latest stable image, also needs rebase.

Gerrit91 avatar Oct 07 '22 06:10 Gerrit91

@GrigoriyMikhalkin Can this be updated to current release state?

Gerrit91 avatar Oct 25 '22 07:10 Gerrit91

@Gerrit91 Ready to merge)

GrigoriyMikhalkin avatar Nov 09 '22 21:11 GrigoriyMikhalkin

Just tried it out once again but somehow I could not connect from my local machine, which should be possible, right? I am using the latest head of metalctl.

This is the state:

❯ m machine ls 
ID                                          LAST EVENT    WHEN   AGE      HOSTNAME   PROJECT                                SIZE           IMAGE                        PARTITION 
e0ab02d2-27cd-5a5e-8efc-080ba80cf258        Waiting       2s                                                                v1-small-x86                                mini-lab    
2294c949-88f6-5390-8154-fa53d93a3313   🛡️    Phoned Home   27s    6m 19s   fw         00000000-0000-0000-0000-000000000000   v1-small-x86   Firewall 2 Ubuntu 20221025   mini-lab 

❯ make console-machine02
exit console with CTRL+5 and then quit telnet through q + ENTER                                                                                                                                                                                   
Trying 127.0.0.1...                                         
Connected to 127.0.0.1.                                                                                                  
Escape character is '^]'.                                                                                                
                                                                                                                         
fw login: metal                                                                                                          
Password:      ...                                                                                                          
                                                                                 
metal@fw:~$ sudo -i                                                                                                      
root@fw:~# tailscale status                                                                                              
0.0.0.1         2294c949-88f6-5390-8154-fa53d93a3313-hkfygtpd 00000000-0000-0000-0000-000000000000 linux   -

❯ k -n metal-control-plane exec -it headscale-775c49cff8-rjhhm -- headscale nodes list
An updated version of Headscale has been found (0.17.0-beta2 vs. your current 0.17.0-alpha4). Check it out https://github.com/juanfont/headscale/releases
ID | Hostname                             | Name                                          | NodeKey | Namespace                            | IP addresses               | Ephemeral | Last seen           | Online | Expired
1  | 2294c949-88f6-5390-8154-fa53d93a3313 | 2294c949-88f6-5390-8154-fa53d93a3313-hkfygtpd | [drhV6] | 00000000-0000-0000-0000-000000000000 | 0.0.0.1, fd7a:115c:a1e0::1 | false     | 2022-11-10 15:54:24 | online | no     

❯ m firewall ssh 2294c949-88f6-5390-8154-fa53d93a3313 -i files/ssh/id_rsa                                                                                                                                                                16:47:57
accessing firewall through vpn ..........^C
# nothing happening anymore

Gerrit91 avatar Nov 10 '22 15:11 Gerrit91

@Gerrit91 Sorry, my last comment was very much wrong. metalctl actually receives the Headscale address from metal-api.

I tested tailscale connection with latest metalctl version. Worked for me:

accessing firewall through vpn .... connected to e0ab02d2-27cd-5a5e-8efc-080ba80cf258 (ip fd7a:115c:a1e0::1) took: 889.111563ms

GrigoriyMikhalkin avatar Nov 10 '22 19:11 GrigoriyMikhalkin

Strange that my firewall received an IPv4 address.

Gerrit91 avatar Nov 11 '22 08:11 Gerrit91

Strange that my firewall received an IPv4 address.

headscale_ip_prefixes is not specified and therefor both addressfamilies are supported

majst01 avatar Nov 12 '22 05:11 majst01

I specified the prefixes now and also added them to the suggestion. Then, the firewall will get only an IPv6 address. However, connecting through metalctl still does not work for me. @majst01 Maybe you can try it out as well and tell me if it works for you such that we can narrow down if this problem only exists for me or not?

Gerrit91 avatar Nov 17 '22 15:11 Gerrit91

@majst01 Ping?

Gerrit91 avatar Jan 19 '23 13:01 Gerrit91