belay
August 2, 2022, 12:38pm
1
Hi all, I’m trying to get RedPanda running, but can’t seem to connect unless I ssh into the machine. I can’t telnet to the expected port either, so it seems I’m being blocked somewhere along the lines.
Here’s my fly.toml
# fly.toml file generated for redpanda-1 on 2022-07-20T15:21:47-04:00
app = "redpanda-1"
kill_signal = "SIGINT"
kill_timeout = 5
processes = []
[build]
image = "docker.redpanda.com/vectorized/redpanda:v22.1.6"
[env]
[experimental]
allowed_public_ports = []
auto_rollback = true
[mounts]
destination = "/var/lib/redpanda/data"
source = "redpanda_poc"
[processes]
redpanda = "redpanda start --overprovisioned --smp 1 --memory 1G --reserve-memory 0 --node-id 0 --check=false --kafka-addr FLY://0.0.0.0:29092 --advertise-kafka-addr FLY://redpanda-1.internal:29092"
if I fly ssh into the console, I can connect with their cli on 29092 as expected. But if I set up a wireguard connection (that I can use to access a psql box on the same account), I can’t connect:
telnet redpanda-1.internal 29092
Trying fdaa:0:4939:a7b:ab2:1:4e05:2...
telnet: connect to address fdaa:0:4939:a7b:ab2:1:4e05:2: Connection refused
telnet: Unable to connect to remote host
Is there something to configure in my fly.toml to permit access that I’m not seeing? (Not publicly, just privately)
belay
August 2, 2022, 3:16pm
2
I can ping this machine, but not telnet to that port, which I assume means the port is blocked. Is that a reasonable assumption?
kurt
August 2, 2022, 3:18pm
3
No, we don’t block ports over the internal private network.
I think it’s not listening on IPv6. Does the --kafka-addr control how it listens? This tells it to listen on IPv4 only: --kafka-addr FLY://0.0.0.0:29092
belay
August 4, 2022, 3:38pm
4
Thanks @kurt - That does seem like it’s getting at the issue, though I’m still struggling to be able to reach the machine.
They asked me to create a discussion issue on their end. So here’s a little more detail on where I’m at.
opened 03:36PM - 04 Aug 22 UTC
kind/bug
### Version & Environment
Redpanda version: (use `rpk version`):
Server: doc… ker.redpanda.com/vectorized/redpanda:v22.1.6
Client: v22.1.5 (rev 042089c50e0c5d148a2d49f5dcf1bcdfa419be3a)
Cloud: https://fly.io/
Client OS: MacOS Monterey
I've created a fly.toml to run redpanda that looks like this:
```
app = "redpanda-1"
kill_signal = "SIGINT"
kill_timeout = 5
processes = []
[build]
image = "docker.redpanda.com/vectorized/redpanda:v22.1.6"
[mounts]
destination = "/var/lib/redpanda/data"
source = "redpanda_poc"
[processes]
redpanda = "redpanda start --overprovisioned --smp 1 --memory 1G --reserve-memory 0 --node-id 0 --check=false --kafka-addr FLY://[::1]:9092 --advertise-kafka-addr FLY://redpanda-1.internal:9092"
```
I then created a persistent volume with: `fly volumes create redpanda_poc --size 1`
And then deployed: `fly deploy --app redpanda-1`
### What went wrong?
rpk topic list --brokers "redpanda-1.internal:9092" -vvv
[DEBUG] opening connection to broker; addr: redpanda-1.internal:9092, broker: seed 0
[WARN] unable to open connection to broker; addr: redpanda-1.internal:9092, broker: seed 0, err: dial tcp [fdaa:0:4939:a7b:ab2:1:4e05:2]:9092: connect: connection refused
unable to request metadata: unable to dial: dial tcp [fdaa:0:4939:a7b:ab2:1:4e05:2]:9092: connect: connection refused
### What should have happened instead?
Should have seen a list of products
### How to reproduce the issue?
If this is an issue with IPV6, then presumably it could be replicated with Docker, but Docker only supports IPV6 on linux, and I'm on a mac. So the only way I know to emulate it is by creating an account and deploying to fly.io
1. Set up their fly cli https://fly.io/docs/getting-started/installing-flyctl/
2. Login / Register https://fly.io/docs/getting-started/log-in-to-fly/
3. `fly volumes create redpanda_poc --size 1`
4. create a fly.toml file with the content above (see above)
5. `fly deploy --app redpanda-1`
6. Set up wireguard connection in fly https://fly.io/docs/reference/private-networking/#install-your-wireguard-app
7. Set up wireguard locally: https://fly.io/docs/reference/private-networking/#importing-your-tunnel
8. Connect Wireguard to your tunnel
9. rpk topic list --brokers "redpanda-1.internal:9092" -vvv
### Additional information
Note that if you connect directly to the machine, it will work:
1. `fly ssh console -a redpanda-1`
2. `rpk topic list --brokers "[::1]:9092"` This command does work
I'm engaging the Fly team to try and help me diagnose the issue as well
https://community.fly.io/t/redpanda-kafka-clone-cant-connect/6221
Please attach any relevant logs, backtraces, or metric charts.
JIRA Link: [CORE-991](https://redpandadata.atlassian.net/browse/CORE-991)
[CORE-991]: https://redpandadata.atlassian.net/browse/CORE-991?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
The big one is that:
redpanda start --overprovisioned --smp 1 --memory 1G --reserve-memory 0 --node-id 0 --check=false --kafka-addr FLY://[::1]:9092 --advertise-kafka-addr FLY://redpanda-1.internal:9092
Still does not work from my wireguard-connected mac. But rpk topic list --brokers "[::1]:9092" DOES work if I fly ssh into the machine
belay
August 5, 2022, 4:01pm
5
Sorry @kurt I did not answer your question regarding --kafka-addr. Yes. --kafka-addr determines what networks it is listening on internally, and --advertise-kafka-addr determines how it’s supposed to be reached from the outside world. the “FLY” prefix just connects the external to the internal listeners.
I’m afraid I don’t really understand why these values need to be set independently. Specifically the --advertise-kafka-addr parameter.