Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Strange multipass behaviour with ssh client #3535

Open
sinke237 opened this issue May 24, 2024 · 2 comments
Open

Strange multipass behaviour with ssh client #3535

sinke237 opened this issue May 24, 2024 · 2 comments
Assignees
@sharder996
Labels
bug

Comments

@sinke237
Copy link

sinke237 commented May 24, 2024
edited by ricab
Loading

Describe the bug
Strange behaviour of multipass [ssh client], any multipass command takes a very long time execute, after which if fails.

To Reproduce
How, and what happened?

  1. multipass list
  2. multipass info
    In fact any multipass command fails with the message,
    info failed: ssh failed to authenticate: ''
    exec failed: [ssh client] channel creation failed: ''

it depends on which command you run whether multipass info or multipass exec.

Logs
Here is my multipass logs:

May 22 08:33:29  systemd[1]: Started snap.multipass.hook.install-e0c16204-4ac1-4c44-b730-87b56ad9f50a.scope.
May 22 08:33:30  systemd[1]: snap.multipass.hook.install-e0c16204-4ac1-4c44-b730-87b56ad9f50a.scope: Deactivated successfully.
May 22 08:33:30  systemd[1]: Started snap.multipass.multipassd.service - Service for snap application multipass.multipassd.
May 22 08:33:30 adorsys systemd[1]: Started snap.multipass.hook.configure-94139dd2-4581-41a2-8375-1a76d787e8d7.scope.
May 22 08:33:31 adorsys systemd[1]: snap.multipass.hook.configure-94139dd2-4581-41a2-8375-1a76d787e8d7.scope: Deactivated successfully.
May 22 08:33:32  multipassd[10778]: Unable to determine subnet for the mpqemubr0 subnet
May 22 08:33:32  multipassd[10778]: Using AppArmor support
May 22 08:33:32  multipassd[10778]: Starting dnsmasq
May 22 08:33:32  multipassd[10778]: Applied AppArmor policy: multipass.dnsmasq
May 22 08:33:32  multipassd[10778]: [10876] started: dnsmasq --keep-in-foreground --strict-order --bind-interfaces --pid-file --domain=multipass --local=/multipass/ --except-interfac>
May 22 08:33:32  dnsmasq[10876]: started, version 2.90 cachesize 150
May 22 08:33:32  dnsmasq [10876]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect ino>
May 22 08:33:32  dnsmasq-dhcp[10876]: DHCP, IP range 10.59.252.2 -- 10.59.252.254, lease time infinite
May 22 08:33:32  dnsmasq-dhcp[10876]: DHCP, sockets bound exclusively to interface mpqemubr0
May 22 08:33:32  dnsmasq[10876]: using only locally-known addresses for multipass
May 22 08:33:32  dnsmasq[10876]: reading /etc/resolv.conf
May 22 08:33:32  dnsmasq[10876]: using nameserver 127.0.0.53#53
May 22 08:33:32  dnsmasq[10876]: using only locally-known addresses for multipass
May 22 08:33:32  dnsmasq[10876]: read /etc/hosts - 8 names
May 22 08:33:32  dnsmasq-dhcp[10876]: read /var/snap/multipass/common/data/multipassd/network/dnsmasq.hosts
May 22 08:33:32  multipassd[10778]: [10877] started: iptables-nft --wait -t filter --list-rules
May 22 08:33:32  multipassd[10778]: [10879] started: iptables-nft --wait -t nat --list-rules
May 22 08:33:32  multipassd[10778]: [10880] started: iptables-nft --wait -t mangle --list-rules
May 22 08:33:32  multipassd[10778]: [10881] started: iptables-nft --wait -t raw --list-rules
May 22 08:33:32  multipassd[10778]: [10882] started: iptables-legacy --wait -t filter --list-rules
May 22 08:33:32  multipassd[10778]: [10883] started: iptables-legacy --wait -t nat --list-rules
May 22 08:33:32  multipassd[10778]: [10885] started: iptables-legacy --wait -t mangle --list-rules
May 22 08:33:32  multipassd[10778]: [10887] started: iptables-legacy --wait -t raw --list-rules
May 22 08:33:32  multipassd[10778]: Using iptables-nft for firewall rules.
May 22 08:33:32  multipassd[10778]: [10889] started: iptables-nft --wait -t filter --list-rules
May 22 08:33:32  multipassd[10778]: # Warning: iptables-legacy tables present, use iptables-legacy to see them
May 22 08:33:32 adorsys multipassd[10778]: [10890] started: iptables-nft --wait -t nat --list-rules
May 22 08:33:32 adorsys multipassd[10778]: # Warning: iptables-legacy tables present, use iptables-legacy to see them
May 22 08:33:32  multipassd[10778]: [10891] started: iptables-nft --wait -t mangle --list-rules
May 22 08:33:32  multipassd[10778]: # Warning: iptables-legacy tables present, use iptables-legacy to see them
May 22 08:33:32  multipassd[10778]: [10892] started: iptables-nft --wait -t raw --list-rules
May 22 08:33:32  multipassd[10778]: # Warning: iptables-legacy tables present, use iptables-legacy to see them
May 22 08:33:32  multipassd[10778]: [10893] started: iptables-nft --wait -t filter --insert INPUT --in-interface mpqemubr0 --protocol udp --dport 67 --jump ACCEPT --match comment --c>
May 22 08:33:32  multipassd[10778]: [10897] started: iptables-nft --wait -t filter --insert INPUT --in-interface mpqemubr0 --protocol udp --dport 53 --jump ACCEPT --match comment --c>
May 22 08:33:32  multipassd[10778]: [10898] started: iptables-nft --wait -t filter --insert INPUT --in-interface mpqemubr0 --protocol tcp --dport 53 --jump ACCEPT --match comment --c>
May 22 08:33:32  multipassd[10778]: [10899] started: iptables-nft --wait -t filter --insert OUTPUT --out-interface mpqemubr0 --protocol udp --sport 67 --jump ACCEPT --match comment ->
May 22 08:33:32  multipassd[10778]: [10900] started: iptables-nft --wait -t filter --insert OUTPUT --out-interface mpqemubr0 --protocol udp --sport 53 --jump ACCEPT --match comment ->
May 22 08:33:32  multipassd[10778]: [10901] started: iptables-nft --wait -t filter --insert OUTPUT --out-interface mpqemubr0 --protocol tcp --sport 53 --jump ACCEPT --match comment ->
May 22 08:33:32  multipassd[10778]: [10902] started: iptables-nft --wait -t mangle --insert POSTROUTING --out-interface mpqemubr0 --protocol udp --dport 68 --jump CHECKSUM --checksum>

Additional info

  • OS: [Ubuntu 24.04]
  • multipass version: [1.13.1]
  • multipass get local.driver: [qemu]
@sinke237 sinke237 added bug needs triage Issue needs to be triaged labels May 24, 2024
@sharder996
Copy link
Contributor

Hi @sinke237,

The issue seems to be coming from this line:

Using iptables-nft for firewall rules

It seems iptables and nftables are both present on your system, which do not work simultaneously. You may have perhaps done something on your system that added the legacy iptables after installing and using Multipass meaning that your instances are now unavailable. If that's something you did, you could try reverting those changes. I will also look to see if the logic around which firewall rules we use can be improved.

@sharder996 sharder996 removed the needs triage Issue needs to be triaged label May 25, 2024
@sharder996 sharder996 self-assigned this May 25, 2024
@sharder996
Copy link
Contributor

If that's not the issue, would you be able to provide more logs with trace logging enabled? Specifically around the offending commands. See here for docs on how to change logging levels.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sharder996 sharder996

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sharder996 @sinke237