suspected issue with downloading inlets-pro on GCP

Question

suspected issue with downloading inlets-pro on GCP

burtonr opened this issue 5 years ago · 7 comments

Expected Behaviour

Expect created server to run inlets(-pro) and output commands to result in a connected tunnel

Current Behaviour

Client shows:

$ ./inlets-pro client --connect "wss://$EXIT_IP:8123/connect" --token "$TOKEN" --license "$PRO_LICENSE" --tcp-ports $TCP_PORTS
2020/02/08 23:45:17 Welcome to inlets-pro!
2020/02/08 23:45:17 Starting client - version 0.5.3
2020/02/08 23:45:17 Licensed to: rheutan7@gmail.com, expires: 102 day(s)
2020/02/08 23:45:17 TCP Ports: [3306]
Error: unable to download CA from remote inlets server for auto-tls: Get https://104.155.178.133:8123/.well-known/ca.crt: dial tcp 104.155.178.133:8123: connect: connection refused

Logged in to the created server. This is what I found:

rheutan7@sharp-nightingale4:~$ cat /etc/default/inlets-pro 
AUTHTOKEN=tjqMrBbreSA9141nI7KMOVOhJxvJTbXISdHGen6yWEZxBhXe7L4nMyDX4U4hNghw
REMOTETCP=192.168.0.40
IP=104.155.178.133
rheutan7@sharp-nightingale4:~$ cat /etc/systemd/system/inlets-pro.service 
[Unit]
Description=inlets-pro Server Service
After=network.target

[Service]
Type=simple
Restart=always
RestartSec=2
StartLimitInterval=0
EnvironmentFile=/etc/default/inlets-pro
ExecStart=/usr/local/bin/inlets-pro server --auto-tls --common-name="${IP}"  --remote-tcp="${REMOTETCP}" --token="${AUTHTOKEN}"

[Install]
WantedBy=multi-user.target
rheutan7@sharp-nightingale4:~$ sudo systemctl status inlets-pro
● inlets-pro.service - inlets-pro Server Service
   Loaded: loaded (/etc/systemd/system/inlets-pro.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Sun 2020-02-09 05:48:55 UTC; 1s ago
  Process: 1264 ExecStart=/usr/local/bin/inlets-pro server --auto-tls --common-name=${IP} --remote-tcp=${REMOTETCP} --token=${AUTHTOKEN} (code=exited, status=203/EXEC)
 Main PID: 1264 (code=exited, status=203/EXEC)

Feb 09 05:48:55 sharp-nightingale4 systemd[1]: inlets-pro.service: Main process exited, code=exited, status=203/EXEC
Feb 09 05:48:55 sharp-nightingale4 systemd[1]: inlets-pro.service: Unit entered failed state.
Feb 09 05:48:55 sharp-nightingale4 systemd[1]: inlets-pro.service: Failed with result 'exit-code'.
rheutan7@sharp-nightingale4:~$ which inlets-pro
rheutan7@sharp-nightingale4:~$ inlets-pro
-bash: inlets-pro: command not found
rheutan7@sharp-nightingale4:~$ ls /usr/local/bin/
rheutan7@sharp-nightingale4:~$

Possible Solution

Perhaps a verification script that ensures the binary is installed, and the inlets-pro service is running before exiting to know that there was an error.
The process should clean up after itself by deleting everything that was created if there is a failure

Steps to Reproduce (for bugs)

Run inletsctl create --provider gce and all the flags necessary
Run the output commands to connect with a client
See the failed connection
Log in to the created server and view the inlets-pro service logs: sudo systemctl status inlets-pro

Context

Unable to get inlets-pro to work with Google Cloud where most of my applications run

Your Environment

inlets version inlets --version

Version: 0.4.6
Git Commit: a03f5e2b9f7a1968795739ec39eaab99c0680447

Docker/Kubernetes version docker version / kubectl version:
N/A
Operating System and version (e.g. Linux, Windows, MacOS):
Linux
Link to your project or a code example to reproduce issue:
N/A

Answer 1 · 2020-02-09T07:39:14.000Z

Hi @burtonr can you look at the cloud init log in /var/log/ (the log with a longer name suffix)

@utsavanand2 or @adamjohnson01 might be best looking at this.

It would appear the download script perhaps failed or was interrupted since the other files are in place.

Can you try again later and share the log please?

Alex

Answer 2 · 2020-02-09T07:39:53.000Z

/set title: suspected issue with downloading inlets-pro on GCP

Answer 3 · 2020-02-09T08:33:04.000Z

@burtonr @alexellis I'm getting on to this! One thing to note though I don't think this is related to the issue is opening up of ports. Which I'll put up as soon as I can today! I'll see if it fixes it. If not I'll see what I can do about it 🤞

Answer 4 · 2020-02-09T16:27:22.000Z

Confirmed this is now working as expected as of version 0.4.8 from PR #58

Answer 5 · 2022-10-25T11:38:30.000Z

Started seeing this from local k3s

unable to download CA from remote inlets server for auto-tls: Get "https://178.62.15.220:8123/.well-known/ca.crt"

What is this and why can't I configure the ca myself?

Answer 6 · 2022-10-25T17:24:27.000Z

Hi @jjaybrown

Happy to help, please can you raise your issue?

I've also emailed you directly with your Gumroad, so feel free to reply there also.

Alex

Answer 7 · 2022-10-25T17:24:32.000Z

/lock: resolved