search

tailscale / github-action

A GitHub Action to connect your workflow to your Tailscale network.
BSD 3-Clause "New" or "Revised" License
519 stars 78 forks source link

Failed to ssh-keyscan to tailscaled dns after tailscale/github-action@main #109

Open slavasab opened 5 months ago

slavasab commented 5 months ago

We have the following setup:

jobs:
  deploy:
    runs-on: ubuntu-latest
    name: Deploy Staging Website
    steps:
      - name: Setup Tailscale
        uses: tailscale/github-action@main
        with:
          authkey: ${{ secrets.TAILSCALE_AUTHKEY }}

      - name: Add to auth keys
        run: |
          mkdir -p ~/.ssh
          ssh-keyscan -t ed25519 $MACHINE >> ~/.ssh/known_hosts
        env:
          MACHINE: app-api-staging

From time to time our job fails on ssh-keyscan -t ed25519 $MACHINE >> ~/.ssh/known_hosts and app-api-staging is a tailscale MagicDNS.

On app-api-staging we see the following logs: tailscaled[530]: CreateEndpoint error for 100.81.*.*:53254 -> 100.107..**:22: connection was refused

Sometimes it works, sometimes it doesn't.

I'd be grateful for any advice.

evilhamsterman commented 2 months ago

I think I've run into something like this myself. I don't think it's your keyscan directly it seems sometime the tailscale client takes upwards of a minute to actually establish connections before it can pass traffic. But the action completed so the next step runs and fails because it can't reach resources.