Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v17] Improve client tools host resolution #50799

Merged
merged 1 commit into from
Jan 17, 2025
Merged

[v17] Improve client tools host resolution #50799

merged 1 commit into from
Jan 17, 2025

Conversation

rosstimothy
Copy link
Contributor

Backport #50175 to branch/v17

Changelog: Honor the cluster routing strategy when client initiated host resolution via proxy templates or label matching is ambiguous.

@rosstimothy rosstimothy changed the title [v17] Improve client tools host resolution;' [v17] Improve client tools host resolution Jan 6, 2025
@rosstimothy rosstimothy marked this pull request as ready for review January 6, 2025 21:33
@github-actions github-actions bot added machine-id size/md tsh tsh - Teleport's command line tool for logging into nodes running Teleport. labels Jan 6, 2025
@public-teleport-github-review-bot public-teleport-github-review-bot bot removed the request for review from fspmarshall January 7, 2025 10:55
@rosstimothy
Improve client tools host resolution (#50175)
b54ddb9 
Host resolution performed because labels, fuzzy search, or predicate
expressions were supplied to commands that establish connections to
a single host has historically been performed client side in tsh.
While that works in most cases, it can prevent correctly
resolving hosts in some situations, i.e. when there are ambiguous
hosts and tsh is unaware that the cluster routing strategy is set
to ROUTE_TO_MOST_RECENT.

To improve the experience, a new ResolveSSHTarget was added to
Auth to allow host resolution to be performed server side. The
resolution works in a similar manner to, and was inspired by
GetSSHTargets. In the event that the new RPC is not implemented,
because the client is newer than Auth, tsh has also been updated
to pull the cluster networking config and address any host
ambiguity if allowed.

As a result tsh scp and tsh proxy ssh should be much more
tolerant to, and still permit access in situations where
ambiguous hosts are present for some amount of time. Prior to
this the only way to connect in these situations was to find
the UUID of the correct target instance and try again after
seeing an ambiguous host error.
@rosstimothy rosstimothy force-pushed the tross/backport-50175/v17 branch from ed61cb4 to b54ddb9 Compare January 17, 2025 14:04
@rosstimothy rosstimothy enabled auto-merge January 17, 2025 14:08
@rosstimothy rosstimothy added this pull request to the merge queue Jan 17, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Jan 17, 2025
@rosstimothy rosstimothy added this pull request to the merge queue Jan 17, 2025
Merged via the queue into branch/v17 with commit a2b217a Jan 17, 2025
42 checks passed
@rosstimothy rosstimothy deleted the tross/backport-50175/v17 branch January 17, 2025 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@espadolini espadolini espadolini approved these changes

@marcoandredinis marcoandredinis marcoandredinis approved these changes

Assignees
No one assigned
Labels
backport machine-id size/md tsh tsh - Teleport's command line tool for logging into nodes running Teleport.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rosstimothy @marcoandredinis @espadolini