suspected issue with downloading inlets-pro on GCP

[burtonr]

Expected Behaviour

Expect created server to run inlets(-pro) and output commands to result in a connected tunnel

Current Behaviour

Client shows:

$ ./inlets-pro client --connect "wss://$EXIT_IP:8123/connect" --token "$TOKEN" --license "$PRO_LICENSE" --tcp-ports $TCP_PORTS
2020/02/08 23:45:17 Welcome to inlets-pro!
2020/02/08 23:45:17 Starting client - version 0.5.3
2020/02/08 23:45:17 Licensed to: rheutan7@gmail.com, expires: 102 day(s)
2020/02/08 23:45:17 TCP Ports: [3306]
Error: unable to download CA from remote inlets server for auto-tls: Get https://104.155.178.133:8123/.well-known/ca.crt: dial tcp 104.155.178.133:8123: connect: connection refused

Logged in to the created server. This is what I found:

rheutan7@sharp-nightingale4:~$ cat /etc/default/inlets-pro 
AUTHTOKEN=tjqMrBbreSA9141nI7KMOVOhJxvJTbXISdHGen6yWEZxBhXe7L4nMyDX4U4hNghw
REMOTETCP=192.168.0.40
IP=104.155.178.133
rheutan7@sharp-nightingale4:~$ cat /etc/systemd/system/inlets-pro.service 
[Unit]
Description=inlets-pro Server Service
After=network.target

[Service]
Type=simple
Restart=always
RestartSec=2
StartLimitInterval=0
EnvironmentFile=/etc/default/inlets-pro
ExecStart=/usr/local/bin/inlets-pro server --auto-tls --common-name="${IP}"  --remote-tcp="${REMOTETCP}" --token="${AUTHTOKEN}"

[Install]
WantedBy=multi-user.target
rheutan7@sharp-nightingale4:~$ sudo systemctl status inlets-pro
● inlets-pro.service - inlets-pro Server Service
   Loaded: loaded (/etc/systemd/system/inlets-pro.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Sun 2020-02-09 05:48:55 UTC; 1s ago
  Process: 1264 ExecStart=/usr/local/bin/inlets-pro server --auto-tls --common-name=${IP} --remote-tcp=${REMOTETCP} --token=${AUTHTOKEN} (code=exited, status=203/EXEC)
 Main PID: 1264 (code=exited, status=203/EXEC)

Feb 09 05:48:55 sharp-nightingale4 systemd[1]: inlets-pro.service: Main process exited, code=exited, status=203/EXEC
Feb 09 05:48:55 sharp-nightingale4 systemd[1]: inlets-pro.service: Unit entered failed state.
Feb 09 05:48:55 sharp-nightingale4 systemd[1]: inlets-pro.service: Failed with result 'exit-code'.
rheutan7@sharp-nightingale4:~$ which inlets-pro
rheutan7@sharp-nightingale4:~$ inlets-pro
-bash: inlets-pro: command not found
rheutan7@sharp-nightingale4:~$ ls /usr/local/bin/
rheutan7@sharp-nightingale4:~$ 

Possible Solution

Perhaps a verification script that ensures the binary is installed, and the inlets-pro service is running before exiting to know that there was an error.
The process should clean up after itself by deleting everything that was created if there is a failure

Steps to Reproduce (for bugs)

1. Run inletsctl create --provider gce and all the flags necessary
2. Run the output commands to connect with a client
3. See the failed connection
4. Log in to the created server and view the inlets-pro service logs: sudo systemctl status inlets-pro

Context

Unable to get inlets-pro to work with Google Cloud where most of my applications run

Your Environment

• inlets version inlets --version

Version: 0.4.6
Git Commit: a03f5e2b9f7a1968795739ec39eaab99c0680447

• Docker/Kubernetes version docker version / kubectl version:
  N/A
• Operating System and version (e.g. Linux, Windows, MacOS):
  Linux
• Link to your project or a code example to reproduce issue:
  N/A

[alexellis]

Hi @burtonr can you look at the cloud init log in /var/log/ (the log with a longer name suffix)

@utsavanand2 or @adamjohnson01 might be best looking at this.

It would appear the download script perhaps failed or was interrupted since the other files are in place.

Can you try again later and share the log please?

Alex

[alexellis]

/set title: suspected issue with downloading inlets-pro on GCP

[utsavanand2]

@burtonr @alexellis I'm getting on to this! One thing to note though I don't think this is related to the issue is opening up of ports. Which I'll put up as soon as I can today! I'll see if it fixes it. If not I'll see what I can do about it 🤞

[burtonr]

Confirmed this is now working as expected as of version 0.4.8 from PR #58

[jjaybrown]

Started seeing this from local k3s

unable to download CA from remote inlets server for auto-tls: Get "https://178.62.15.220:8123/.well-known/ca.crt"

What is this and why can't I configure the ca myself?

[alexellis]

Hi @jjaybrown

Happy to help, please can you raise your issue?

I've also emailed you directly with your Gumroad, so feel free to reply there also.

Alex

[alexellis]

/lock: resolved