You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create couple of Azure machines with a tag (has a public IP address).
Created a dynamic catalog in Boundary with provider as Azure
Created a dynamic host set plugin using filter : tagName eq 'tier' and tagValue eq 'app-server'
The hosts in the host set are populated correctly
Created a target with host-source as dynamic host-set.
But when I try to connect to this target, I get below error:
boundary connect ssh -target-id=ttcp_zEm6TWgBtq
Error from controller when performing authorize-session action against given target
Error information:
Kind: FailedPrecondition
Message: No egress workers can handle this session, as they have all been filtered out.
Status: 400
context: Error from controller when performing authorize-session action against given target
Expected behavior
The target should be connected. If I create a target with a static host set using same host, it works fine.
Additional context
Somehow, I feel that the Boundary worker is trying to connect to the private IP address of the host instead of public IP address. I understand that this can be solved using egress/ingress workers when there is required network configurations between worker, target, and clients. But for demo purposes, this should work without any errors. Unfortunately, even the tutorials, don't cover the connection part.
I am using HCP Boundary
The text was updated successfully, but these errors were encountered:
Hi @japneet-sahni the dynamic host catalog returns 2 IP addresses (as you can see in your screenshot) and what is most likely happening is that the HCP worker is attempting to use the private IP and it does not have access to it. With self-managed workers running on the same network this won't be an issue.
To resolve this and to use HCP managed workers, you need to enter a preferred endpoint with a subnet mask of the public address (example screenshot below).
If this still doesn't fix your issue, please log a support ticket and one of our support engineers should be able to walk you through this.
Describe the bug
Getting error from controller when performing authorize-session action against given target
To Reproduce
Steps to reproduce the behavior:
Created a dynamic catalog in Boundary with provider as Azure
Created a dynamic host set plugin using filter :
tagName eq 'tier' and tagValue eq 'app-server'
The hosts in the host set are populated correctly
Expected behavior
The target should be connected. If I create a target with a static host set using same host, it works fine.
Additional context
Somehow, I feel that the Boundary worker is trying to connect to the private IP address of the host instead of public IP address. I understand that this can be solved using egress/ingress workers when there is required network configurations between worker, target, and clients. But for demo purposes, this should work without any errors. Unfortunately, even the tutorials, don't cover the connection part.
I am using HCP Boundary
The text was updated successfully, but these errors were encountered: