Long story short, we have right now a flyctl ssh shell personal hostname.internal command (where “personal” is whatever your org slug is). It works without needing WireGuard installed (it will create a new WireGuard connection and cache it in your config).
We’re not done sanding the edges down, but the code is in Github:
The plan is to do a bunch more stuff like this; Postgres is the next candidate, but even just simple stuff like being able to resolve DNS without having to explicitly bring up your WireGuard connection. Ideas welcome!
Also can I say here that I hate this command line, and am open to any alternatives.
Since we’re creating new WireGuard connections on the fly, I’m a little nervous about defaulting to any one organization.
Kurt likes flyctl console which is maybe where we’ll end up, though it doesn’t get us around having to pick or pass in an org slug every time you shell into something.
Maybe I’m missing something, I’d think fly ssh shell in a folder with a fly.toml would auto connect, seems reasonable to me? Or can apps be in multiple orgs? If so couldn’t it just detect if only one org and use it if it’s the only one? Not sure I have context.
Ok see, here is why I am working on just asking this message board when I’m wondering about dev UX, because, yes, obviously, I should just auto-detect the org.
(The weird thing about me is, because I hack a bit on flyctl and because I use it to debug a bunch of different apps, I’m often running it out of ~/codebase/flyctl or ~.)
I just merged a second cut of this feature into main on flyctl. The old, bad way still works.
The new way is:
flyctl ssh console should just work; it picks up the app from your local directory context (you can -a in an app like with other commands).
flyctl ssh console nrt.my-app.internal will connect to a specific instance (in this case, your NRT instance). (Technically, you can connect to any host in your organization this way, regardless of app).
flyctl ssh console -s will pop up a selector of available instances in all regions.
Still to come: some notion of flyctl ssh exec hostname to run individual commands.
When I run flyctl ssh console, I keep getting the prompt “Region in which to add WireGuard peer”. I don’t know what to enter, and whatever I try, I get this error:
Error create wireguard config: add peer failed: no gateways selected region
I tried doing flyctl ssh establish and flyctl ssh issue, but that didn’t change anything for this gateway error.
This is a brand new app. Do I need to do some kind of Wireguard setup first?
Short answer: run flyctl platform regions and pick the region code closest to you that has a gateway checkmark.
Long answer: we are magically setting up Wireguard for you when you run flyctl ssh console. This is a sharp edge in our UX right now, we should just guess and pick the region that’s best for you.
We hates this region selection stuff — especially because not every region has a WireGuard gateway. There’s a PR on flyctl right now that automatically selects regions, so you don’t have to think about them anymore. If I didn’t screw it up too badly, that should be how flyctl works for everyone early this week.