Context deadline exceeded

Luethi · June 15, 2022, 12:47pm

Hello

Since March 24th I have a problem connecting to the targets. I did no changes and just updated Boundary to 0.8.1.

The error is:

Error dialing the worker: failed to WebSocket dial: failed to send handshake request: Get “http://:9202/v1/proxy”: proxyconnect tcp: dial tcp :3128: connect: connection timed out
kex_exchange_identification: read: Connection reset by peer
Connection reset by 127.0.0.1 port 44591
error fetching connection to send session teardown request to worker: Error dialing the worker: failed to WebSocket dial: failed to send handshake request: Get “http://:9202/v1/proxy”: context deadline exceeded

I don’t really know why it wants to connect to a proxy and why it gets a context deadline exceeded.

I used the default configuration with vault transit as kms and did some little changes.
Production Installation | Boundary by HashiCorp (boundaryproject.io)

Does someone know this problem and can help me?

omkensey · June 15, 2022, 3:01pm

The reference to a proxy is to the TCP proxy that Boundary needs to create through the worker. The fact that there’s no IP or hostname in the handshake URL makes me think something could be wrong with the worker configuration that’s causing it to advertise a proxy URL with no host info. What’s your worker config block look like?

Luethi · June 17, 2022, 6:19am

Thanks @omkensey for the answer.

For security reasons, I had to replace the IPs.
This is the workerconfig:

listener "tcp" {
    purpose = "proxy"
    tls_disable = true
    address = "<ip worker>"
}

worker {
  # Name attr must be unique
    name = "bw1"
    description = "Boundary worker 1"
    public_addr = "<ip worker>"
    controllers = [
    "<ip controller>",
    "<ip controller>",
    "<ip controller>"
      ]
}

# must be same key as used on controller config

kms "transit" {
  purpose            = "worker-auth"
  address            = "<vault address>"
  token              = "<token>"
  disable_renewal    = "false"

  // Key configuration
  key_name           = "boundary"
  mount_path         = "transit/"
  namespace          = "root"

  // TLS Configuration
  tls_ca_cert        = "/var/spool/keybox/vault/truststore.pem"
  tls_client_cert    = "/var/spool/keybox/vault/node_certificate.pem"
  tls_client_key     = "/var/spool/keybox/vault/node_key_nocrypt.pem"
  tls_server_name    = "<server name>"
  tls_skip_verify    = "false"

}

omkensey · June 20, 2022, 1:59pm

Looking back at your original, I see a port 3128 reference in there. Does your desktop have a Squid proxy set in its network connections somewhere? That might be interfering as WebSocket support is relatively recent in Squid, so it might be that the Squid version in use doesn’t support it, or Squid is configured not to allow that connection.

Luethi · June 22, 2022, 7:23am

I found the problem. I had a problem with an env variable.
Thanks for your help.