Open dustinblackman opened 8 months ago
Let me answer this question, the authkey's expiration has no relation with node's expiration.
The only way is use tailscale debug set-expire --in=1m
to expire a node, just for debugging.
This issue is stale because it has been open for 90 days with no activity.
Bug description
Possibly related to https://github.com/juanfont/headscale/issues/1579
With adding new nodes using authentication keys, the expiry of the node is set to
0
on the authentication request, resulting inheadscale nodes list
outputting entries like this where expiry is0001-01-01 00:00:00
.I'm unsure if there's logic somewhere else that handles this, but it doesn't quite feel right. I would have thought there to be some default expiry, such as when logging in with a GUI client and OIDC where it sets the expiry based on your OIDC config.
My "I have no idea what I'm doing" patch looks like this to resolve it for my preference.
https://github.com/dustinblackman/headscale/commit/ad745bee3f98d4f52590ca8374ffbb7cb450e51a
Should there be a config and functionality to set a default expiry when an authentication request does not have one set?
Environment
Version of headscale used:
v0.23.0-alpha2
Version of tailscale client:
1.58.2
OS (e.g. Linux, Mac, Cygwin, WSL, etc.) and version: Debian 11
Kernel version: Not relevant.
The relevant config parameters you used: Not relevant.
Log output:
headscale nodes list
output shown above.[ ] Headscale is behind a (reverse) proxy - No
[ ] Headscale runs in a container - No
To Reproduce
machine-1
), login.