Recently, due to issues beyond our control, we hit a situation where we exhausted IPs from our DHCP server (pro-tip: don't run CI/CD on a subnet with 3-day leases). This would cause the VMs to sometimes report IPs that were not valid. These included IPv6 link-local addreses, as well as 0.0.0.0. Well, apparently for vagrant, 0.0.0.0 translates to localhost. Since the account and ssh key used is the same as that of the Jenkins server (long story, not my decision). So, Chef was able to log in, and start its operation, modifyting the configuration of the Jenkins server.
Yes, I will fully admit there are other issues that need to be solved here (trust me, I'm working on it), but I think it would be prudent to add a blacklist of IPs that are NOT valid and should cause errors if VMs report them.
Recently, due to issues beyond our control, we hit a situation where we exhausted IPs from our DHCP server (pro-tip: don't run CI/CD on a subnet with 3-day leases). This would cause the VMs to sometimes report IPs that were not valid. These included IPv6 link-local addreses, as well as 0.0.0.0. Well, apparently for vagrant, 0.0.0.0 translates to localhost. Since the account and ssh key used is the same as that of the Jenkins server (long story, not my decision). So, Chef was able to log in, and start its operation, modifyting the configuration of the Jenkins server.
Yes, I will fully admit there are other issues that need to be solved here (trust me, I'm working on it), but I think it would be prudent to add a blacklist of IPs that are NOT valid and should cause errors if VMs report them.