-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Device at v2.85.2 still online and accessible even if glider disconnected #2352
Comments
Tested on an older release, on Pi4 2.73.1+rev1 which was known to be working correctly. |
Does glider show logs of the connections? |
I tried to reproduce with the steps from TC141 - socks5 proxy and I cleaned them up a bit in the process. Everything works as expected for me. Can you try the test again @acostach and share any differences in your results? If the steps below work we can update Testlodge accordingly, but at the core the test is the same. TC141 - socks5 proxy
docker run --rm --network host --user 995 nadoo/glider:v0.15.0 -verbose -listen :8123
SERVER_IP=<your_workstation_ip_running_glider>
DEVICE_UUID=<your_device_uuid>
cat << EOTTY | balena ssh "${DEVICE_UUID}" --tty
mkdir -p /mnt/boot/system-proxy/
cat <<'EOF'> /mnt/boot/system-proxy/redsocks.conf
base {
log_debug = off;
log_info = on;
log = stderr;
daemon = off;
redirector = iptables;
}
redsocks {
type = socks5;
ip = ${SERVER_IP};
port = 8123;
local_ip = 127.0.0.1;
local_port = 12345;
}
EOF
reboot
EOTTY
balena device $DEVICE_UUID
2021/11/11 12:51:46 group.go:186: [group] only 1 forwarder found, disable health checking
2021/11/11 12:51:46 server.go:107: [socks5] listening UDP on :8123
2021/11/11 12:51:46 mixed.go:68: [mixed] listening TCP on :8123
2021/11/11 13:01:15 server.go:87: [socks5] 192.168.1.209:57918 <-> 34.192.70.219:443 via DIRECT
2021/11/11 13:01:18 server.go:87: [socks5] 192.168.1.209:57926 <-> 35.169.76.143:443 via DIRECT
2021/11/11 13:01:28 server.go:87: [socks5] 192.168.1.209:57932 <-> 54.164.146.95:443 via DIRECT
2021/11/11 13:01:28 server.go:87: [socks5] 192.168.1.209:57936 <-> 54.160.66.231:443 via DIRECT
2021/11/11 13:01:29 server.go:87: [socks5] 192.168.1.209:57940 <-> 52.203.153.157:443 via DIRECT
2021/11/11 13:01:29 server.go:87: [socks5] 192.168.1.209:57944 <-> 34.192.70.219:443 via DIRECT
2021/11/11 13:01:29 server.go:87: [socks5] 192.168.1.209:57948 <-> 54.147.227.172:443 via DIRECT
balena device $DEVICE_UUID
docker run --rm --network host --user 995 nadoo/glider:v0.15.0 -verbose -listen :8123
balena device $DEVICE_UUID
cat << EOTTY | balena ssh "${DEVICE_UUID}" --tty
rm -rf /mnt/boot/system-proxy/redsocks.conf && reboot
EOTTY
balena device $DEVICE_UUID |
@klutchell Sure I'll test these steps. By any chance, did you try leave glider in container closed for ~10 minutes and check if the board shows back up even if glider is stopped? |
No, I only waited long enough to see it disconnect when I closed glider. But I can try that now. UPDATE: I waited an hour and my device remained offline when glider was not running. |
Hi @klutchell , I've tried now with 2.85.2 and can still reproduce the issue:
I also booted the board with this config and the glider container stopped, and it showed up online. Tested with meta-balena v2.85.2. |
I just tested with OS |
I just tested I will try some other things to reproduce... |
@klutchell I took these debug logs with the last production image of Pi4, in production environment, they most likely match what @floion saw since it's the same behavior:
Kill glider container, leaving it closed:
Device goes offline briefly, then comes back online:
|
@acostach @floion I tried again today, and while glider was closed my device was offline. My logs look the same as yours, redsocks is still running but the connection is refused over and over. How are you determining that the device is "back online" after a few minutes? I'm using the balena CLI and the balena dashboard to verify that it is no longer able to reach the API when glider is offline. However, existing SSH sessions seem to stay alive. Note that ping tests always ignore the proxy as well. |
@klutchell we're using the dashboard and are accessing the device trough the webterminal. Commands can be run trough the web termina, status is set to online.. |
@acostach, @floion your device is accessing the internet over IPv6 and I'm pretty sure redsocks is not configured to proxy IPv6 traffic. I tested IPv4 traffic and it seems to be failing. I'll open a separate issue for supporting the proxy of IPv6 traffic. For now we need to adjust the manual proxy tests to curl an IPv4 only endpoint from a shell on the device. See https://github.com/balena-io-modules/device-diagnostics/pull/294/files
|
Steps to reproduce: provision a device at v2.85.2
Run the testlodge http-connect or socks5 test.
Note that when glider is closed on the host PC, the device under test stays online and the webterminal is still accessible.
When glider is closed, the device should go offline.
Leviathan tests for current open meta-balena PRs are marked as passed.
The text was updated successfully, but these errors were encountered: