Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Headscale support #117

Open
wants to merge 32 commits into
base: master
Choose a base branch
from
Open

Headscale support #117

wants to merge 32 commits into from
+23 −10

Conversation

GrigoriyMikhalkin
Copy link
Contributor

No description provided.

@GrigoriyMikhalkin GrigoriyMikhalkin requested a review from a team as a code owner September 13, 2022 14:35
Gerrit91
Gerrit91 reviewed Sep 14, 2022
View reviewed changes
inventories/group_vars/control-plane/headscale.yaml Outdated Show resolved Hide resolved
inventories/group_vars/control-plane/headscale.yaml Outdated Show resolved Hide resolved
inventories/group_vars/control-plane/headscale.yaml Outdated Show resolved Hide resolved
inventories/group_vars/control-plane/headscale.yaml Outdated Show resolved Hide resolved
inventories/group_vars/control-plane/metal.yml Outdated Show resolved Hide resolved
inventories/group_vars/all/images.yaml Outdated Show resolved Hide resolved
@Gerrit91
Copy link
Contributor

Looks good now. We will now wait for the metal-images PR to be merged, adapt the image URL and then we can merge.

@mwindower
Copy link
Contributor

This should be mergeable now? @Gerrit91

@Gerrit91
Copy link
Contributor

Gerrit91 commented Oct 7, 2022

Requires next release of metal-images and pinning or changing to latest stable image, also needs rebase.

@Gerrit91
Copy link
Contributor

@GrigoriyMikhalkin Can this be updated to current release state?

@GrigoriyMikhalkin
Copy link
Contributor Author

@Gerrit91 Ready to merge)

@Gerrit91
Copy link
Contributor

Just tried it out once again but somehow I could not connect from my local machine, which should be possible, right? I am using the latest head of metalctl.

This is the state:

❯ m machine ls 
ID                                          LAST EVENT    WHEN   AGE      HOSTNAME   PROJECT                                SIZE           IMAGE                        PARTITION 
e0ab02d2-27cd-5a5e-8efc-080ba80cf258        Waiting       2s                                                                v1-small-x86                                mini-lab    
2294c949-88f6-5390-8154-fa53d93a3313   🛡️    Phoned Home   27s    6m 19s   fw         00000000-0000-0000-0000-000000000000   v1-small-x86   Firewall 2 Ubuntu 20221025   mini-lab 

❯ make console-machine02
exit console with CTRL+5 and then quit telnet through q + ENTER                                                                                                                                                                                   
Trying 127.0.0.1...                                         
Connected to 127.0.0.1.                                                                                                  
Escape character is '^]'.                                                                                                
                                                                                                                         
fw login: metal                                                                                                          
Password:      ...                                                                                                          
                                                                                 
metal@fw:~$ sudo -i                                                                                                      
root@fw:~# tailscale status                                                                                              
0.0.0.1         2294c949-88f6-5390-8154-fa53d93a3313-hkfygtpd 00000000-0000-0000-0000-000000000000 linux   -

❯ k -n metal-control-plane exec -it headscale-775c49cff8-rjhhm -- headscale nodes list
An updated version of Headscale has been found (0.17.0-beta2 vs. your current 0.17.0-alpha4). Check it out https://github.com/juanfont/headscale/releases
ID | Hostname                             | Name                                          | NodeKey | Namespace                            | IP addresses               | Ephemeral | Last seen           | Online | Expired
1  | 2294c949-88f6-5390-8154-fa53d93a3313 | 2294c949-88f6-5390-8154-fa53d93a3313-hkfygtpd | [drhV6] | 00000000-0000-0000-0000-000000000000 | 0.0.0.1, fd7a:115c:a1e0::1 | false     | 2022-11-10 15:54:24 | online | no     

❯ m firewall ssh 2294c949-88f6-5390-8154-fa53d93a3313 -i files/ssh/id_rsa                                                                                                                                                                16:47:57
accessing firewall through vpn ..........^C
# nothing happening anymore

@GrigoriyMikhalkin
Copy link
Contributor Author

@Gerrit91 Sorry, my last comment was very much wrong. metalctl actually receives the Headscale address from metal-api.

I tested tailscale connection with latest metalctl version. Worked for me:

accessing firewall through vpn .... connected to e0ab02d2-27cd-5a5e-8efc-080ba80cf258 (ip fd7a:115c:a1e0::1) took: 889.111563ms

@Gerrit91
Copy link
Contributor

Strange that my firewall received an IPv4 address.

@majst01
Copy link
Contributor

majst01 commented Nov 12, 2022

Strange that my firewall received an IPv4 address.

headscale_ip_prefixes is not specified and therefor both addressfamilies are supported

Gerrit91
Gerrit91 reviewed Nov 14, 2022
View reviewed changes
inventories/group_vars/control-plane/headscale.yaml
headscale_tls: no
headscale_db_storage_size: 200Mi
headscale_private_key: c8e07b737d04715f1f5c1318334e888f65e6a704ea85d0cddaa31b2c5589ef7f
headscale_noise_private_key: 580b8691e0e1f7cd74cf6154e890df015b3d7a0611a06efa5e2fd543ab13be4b
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
headscale_noise_private_key: 580b8691e0e1f7cd74cf6154e890df015b3d7a0611a06efa5e2fd543ab13be4b
headscale_noise_private_key: 580b8691e0e1f7cd74cf6154e890df015b3d7a0611a06efa5e2fd543ab13be4b
# a private ipv6 prefix can be generated according RFC 4193
headscale_ip_prefixes:
- fd43:9c0b:d229::/48

@Gerrit91
Copy link
Contributor

I specified the prefixes now and also added them to the suggestion. Then, the firewall will get only an IPv6 address. However, connecting through metalctl still does not work for me. @majst01 Maybe you can try it out as well and tell me if it works for you such that we can narrow down if this problem only exists for me or not?

@Gerrit91
Copy link
Contributor

@majst01 Ping?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Gerrit91 Gerrit91 Gerrit91 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@GrigoriyMikhalkin @Gerrit91 @mwindower @majst01