Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vsock_proxy problem #648

Open
longtranv opened this issue Jan 8, 2025 · 4 comments
Open

vsock_proxy problem #648

longtranv opened this issue Jan 8, 2025 · 4 comments

Comments

@longtranv
Copy link

longtranv commented Jan 8, 2025

I start vsock_proxy installed along with nitro enclave cli and nothing happened. Log of service gives warnings "Unable to resolve allow listed host: "kms.ap-southeast-1.amazonaws.com"."

image Screenshot 2025-01-08 at 13 32 47

Application running inside nitro enclave also could not connect to kms after that. Please help!

@atanzu
Copy link

atanzu commented Jan 8, 2025

Hi longtranv, could you please share your network configuration? It might be that your instance has a specific firewall or network configuration which blocks the connection.

Could you also check if the host is available via running nslookup kms.ap-southeast-1.amazonaws.com and ping kms.ap-southeast-1.amazonaws.com ?

@longtranv
Copy link
Author

Hi longtranv, could you please share your network configuration? It might be that your instance has a specific firewall or network configuration which blocks the connection.

Could you also check if the host is available via running nslookup kms.ap-southeast-1.amazonaws.com and ping kms.ap-southeast-1.amazonaws.com ?

there is no firewall enable in my parent isntance, I use nslookup and ping or telnet for kms.ap-southeast-1.amazonaws.com successfully. Do you know any the clearest possible signs that the vsock proxy running properly because the problem is that i cannot exactly know the proxy run or not :))

@longtranv
Copy link
Author

Hi longtranv, could you please share your network configuration? It might be that your instance has a specific firewall or network configuration which blocks the connection.
Could you also check if the host is available via running nslookup kms.ap-southeast-1.amazonaws.com and ping kms.ap-southeast-1.amazonaws.com ?

there is no firewall enable in my parent isntance, I use nslookup and ping or telnet for kms.ap-southeast-1.amazonaws.com successfully. Do you know any the clearest possible signs that the vsock proxy running properly because the problem is that i cannot exactly know the proxy run or not :))

and when I use vsock proxy binary directly, it hangs forever

@atanzu
Copy link

atanzu commented Jan 9, 2025

and when I use vsock proxy binary directly, it hangs forever

You mean, your terminal is stuck when you execute e.g. vsock-proxy 8000 kms.us-east-1.amazonaws.com 443? That's the expected behaviour.

This section of the Readme tells how to enable more logs, could you please try that?

Do you know any the clearest possible signs that the vsock proxy running properly

I'd recommend to try running this example modified with a ping command, so if pings from an Enclave work, then the proxy is up and running.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants