Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error during authorize-session against a host in dynamic host set #4692

Open
japneet-sahni opened this issue Apr 22, 2024 · 1 comment
Open

Error during authorize-session against a host in dynamic host set #4692

japneet-sahni opened this issue Apr 22, 2024 · 1 comment

Comments

@japneet-sahni
Copy link

japneet-sahni commented Apr 22, 2024
edited

Describe the bug
Getting error from controller when performing authorize-session action against given target

To Reproduce
Steps to reproduce the behavior:

  1. Create couple of Azure machines with a tag (has a public IP address).
image

  1. Created a dynamic catalog in Boundary with provider as Azure

  2. Created a dynamic host set plugin using filter :
    tagName eq 'tier' and tagValue eq 'app-server'

  3. The hosts in the host set are populated correctly

image
  1. Created a target with host-source as dynamic host-set.
image
  1. But when I try to connect to this target, I get below error:
boundary connect ssh -target-id=ttcp_zEm6TWgBtq
Error from controller when performing authorize-session action against given target

Error information:
  Kind:                FailedPrecondition
  Message:             No egress workers can handle this session, as they have all been filtered out.
  Status:              400
  context:             Error from controller when performing authorize-session action against given target

Expected behavior
The target should be connected. If I create a target with a static host set using same host, it works fine.

Additional context
Somehow, I feel that the Boundary worker is trying to connect to the private IP address of the host instead of public IP address. I understand that this can be solved using egress/ingress workers when there is required network configurations between worker, target, and clients. But for demo purposes, this should work without any errors. Unfortunately, even the tutorials, don't cover the connection part.

image

I am using HCP Boundary
@japneet-sahni japneet-sahni added the bug Something isn't working label Apr 22, 2024
@anando-chatterjee
Copy link

Hi @japneet-sahni the dynamic host catalog returns 2 IP addresses (as you can see in your screenshot) and what is most likely happening is that the HCP worker is attempting to use the private IP and it does not have access to it. With self-managed workers running on the same network this won't be an issue.

To resolve this and to use HCP managed workers, you need to enter a preferred endpoint with a subnet mask of the public address (example screenshot below).

image

If this still doesn't fix your issue, please log a support ticket and one of our support engineers should be able to walk you through this.

@anando-chatterjee anando-chatterjee removed the bug Something isn't working label May 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@japneet-sahni @anando-chatterjee