search

tailscale / github-action

A GitHub Action to connect your workflow to your Tailscale network.
BSD 3-Clause "New" or "Revised" License
588 stars 88 forks source link

DNS not working #129

Open VictorioBerra opened 5 months ago

VictorioBerra commented 5 months ago 
name: Deploy to VM

on:
  push:
    branches:
      - main
      - master
  pull_request:
    branches:
      - '*'

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:

      - uses: actions/checkout@master

      - uses: actions/setup-node@v4
        with: 
          node-version: 20

      - name: Build
        env:
        run: |
          npm ci
          npm run generate

      - name: Tailscale
        uses: tailscale/github-action@v2
        with:
          oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
          oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
          tags: tag:ci
          version: 1.66.4

      - name: netmap
        run:
          tailscale status
          ping -c 4 ${{ secrets.HOST }}

      - name: copy file via ssh
        uses: appleboy/scp-action@master
        with:
          host: ${{ secrets.HOST }}
          username: ${{ secrets.USERNAME }}
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          source: '.output/public/*'
          target: '/home/dockeruser/abc/pb_public/'
          overwrite: true
          strip_components: 2

The tailscale status and ping -c 4 ${{ secrets.HOST }} all work great. HOST is one of the node machine names.

appleboy/scp-action@master gives me:

2024/06/02 20:59:42 error copy file to dest: , error message: dial tcp: lookup on 1111.222.333.444:53: no such host

I have solved this with an action to get and set the IP to output variables:

      - name: netmap
        id: tailscale-netmap
        run: |
          ip=$(tailscale status | grep '${{ secrets.HOST }}' | awk '{print $1}')
          echo "LINODE_IP=$ip" >> "$GITHUB_OUTPUT"

      - name: copy file via ssh
        uses: appleboy/scp-action@0.1.7
        with:
          host: ${{ steps.tailscale-netmap.outputs.LINODE_IP }}
          username: ${{ secrets.USERNAME }}
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          source: '.output/public//${{ GITHUB_SHA }}'
          target: '/home/dockeruser/failreactor/'
          overwrite: true
          strip_components: 2

This is obviously super lame. What am I doing wrong?

tyvsmith commented 3 months ago

@VictorioBerra Did you find a better workaround? I just hit this on a project using split dns with internal domains, although I'm using internal devices that don't have tailscale installed but their routes are being broadcasted.

VictorioBerra commented 3 months ago

@tyvsmith I did not. I am still using the above solution. I believe this needs to be fixed properly by the tailscale action.

tyvsmith commented 3 months ago

@VictorioBerra I wonder if it's an issue with appleboy/scp-action and appleboy/ssh-action. I saw some logs from that action resolving to unexpected IPs instead of internal ones, but other standard commands command line commands run fine and resolve the host like I'd expect.

I ended up with this version based on yours since I need ipv4 hosts without tailscale installed.

    - name: netmap
      id: tailscale-netmap
      run: |
        ip=$(ping -4 -c 1 '${{ env.HOST }}' | grep -oP '(?<=\().*?(?=\))' | head -n 1)
        echo "HOST_IP=$ip" >> "$GITHUB_OUTPUT"
VictorioBerra commented 3 months ago

@tyvsmith that is a good point, I did not troubleshoot that angle. How are your hosts available on your network without tailscale installed?

tyvsmith commented 3 months ago

@VictorioBerra I have the Tailscale client serving a vlan route with other machines, override the domain with split dns in tailscale admin pointing to the local dns server, and can access by local ip or local hostname using a secret ssh key.