Ignoring state even if present, container restart requires new authkey
Opened this issue · 0 comments
ksesong commented
The proxy loses its state if the container is restarted.
I have tried multiple authkey configurations, but none were successful:
- Setup with one-off authkey through
TS_AUTHKEY
environment variable, data volume set/home/nonroot
. First boot successful, service accessible with the right hostname, data volume properly populated. Restarted container, machine node remains offline,Received error: invalid key: API key ****** not valid
. - Setup with one-off authkey through
TS_AUTHKEY
environment variable, data volume set/home/nonroot
. First boot successful, service accessible with the right hostname, data volume properly populated. RemovedTS_AUTHKEY
environment variable. Restarted container, machine node remains offline. - Setup with one-off authkey through
TS_AUTHKEY
environment variable, no volume. First boot successful, service accessible with the right hostname. Restarted container, machine node remains offline. - Setup with reusable authkey through
TS_AUTHKEY
environment variable, data volume set/home/nonroot
. First boot successful, service accessible with the right hostname, data volume properly populated. Restarted container, initial machine node remains offline, new machine node created with a different name suffixed by-1
. - Setup without any authkey, data volume set
/home/nonroot
. First boot successful after validation with the logged auth URL, service accessible with the right hostname, data volume properly populated. The created machine node is ephemeral. Restarted container, initial machine node gets deleted, and a new auth key is demanded.
This maybe related to another issue from Tailscale's side (tailscale/tailscale#9025, tailscale/tailscale#9715), but the proposed solution of deleting its state directly has no effect in our situation.
I also tried playing with TAILPROXY_DATA_DIR
and different volume mount points, without success.
podman version 4.5.0, nixos version 23.05