Genvid Forum

Bastion install error


#1

On installing bastion on a new Windows Server 2012 R2 installation, I always see the following error at the end of genvid-bastion install:

INFO:genvid-bastion:Waiting for service bastion-api ...
HTTPConnectionPool(host='127.0.0.1', port=8092): Max retries exceeded with url:
/v1/bastion/backends (Caused by NewConnectionError('<urllib3.connection.HTTPConn
ection object at 0x0000001C6A58A240>: Failed to establish a new connection: [Win
Error 10061] No connection could be made because the target machine actively ref
used it',))
  File "c:\users\administrator\appdata\local\programs\python\python35\lib\site-p
ackages\requests\adapters.py", line 513, in send
    raise ConnectionError(e, request=request)

… meaning I cannot get to the Bastion UI.

Looking inside bastion-api.stderr.0 (inside the alloc logs), I noticed the following:

bastion-api serving HTTP on 10.0.2.27:8092

i.e. it is listening on the private LAN IP address, and not 127.0.0.1 (which it does by default on my local dev machine). However, I did not override GENVID_DEFAULT_IP. Is there a way to force to it listen on 127.0.0.1 to fix the error (I already tried forcing GENVID_DEFAULT_IP=127.0.0.1, makes no difference …)

Thanks,

Adrian


#2

Hi Adrian,

Can you try the following steps?

genvid-bastion uninstall
genvid-bastion uninstall -c
# The -c option is to clean the nomad and consul folder configuration
# Only reinstalling does not do the job.
# I sometimes was not able to do this command directly

Set the GENVID_DEFAULT_IP to 10.0.2.27 or 127.0.0.1

genvid-bastion install -uml -b mybastionid
genvid-bastion monitor

Henri


#3

Hi Henri,

It works if I set it to 10.0.2.27. It fails like before if I set it to 127.0.0.1.

Thanks,

Adrian


#4

Is there a way to ensure it binds everything to 127.0.0.1 instead? (I ask as this will save a major task in migrating the Bastion data from one machine to another)

Thanks,

Adrian


#5

Hi Adrian,

The team is looking at this we’ll get back to you shortly.

Best,

Pierre


#6

FYI,I’m pretty sure the cause of this is deep within nomad and is specific to running on an AWS instance.

When nomad is running on AWS, it automatically queries the AWS instance metadata (on 169.254.169.254), and reads back the unique.platform.aws.local-ipv4 property. It then uses this for binding services to, overriding other settings that would normally bind it to 127.0.0.1.

I don’t yet know of a way to suppress this behaviour - if anyone else does then that would be great!

Adrian


#7

Update: I can override this behaviour in nomad by setting the AWS_ENV_URL environment variable to something invalid (i.e. not the AWS metadata address) before bastion is installed and hence before nomad starts up… yay!

Thanks,

Adrian