Auto-Update Failing: Fedora 40
shladek opened this issue · comments
What is the issue?
1.66.3 was released today , and I was trying to update it on a node that has auto-updates enabled. I went to the admin console and hit the "start update" button and received the notification that it was up and running.
Looking at the node in question I see from the journal:
May 15 20:53:39 appland tailscaled[623]: c2n: update command failed: exit status 1, output: Failed to start transient service unit: Connection reset by peer
May 15 20:53:39 appland systemd[1]: tailscaled.service: Got notification message from PID 3462, but reception only permitted for main PID 623
May 15 20:53:39 appland systemd[1]: tailscaled.service: Got notification message from PID 3462, but reception only permitted for main PID 623
May 15 20:53:39 appland tailscaled[623]: c2n: running "systemd-run --wait --pipe --collect /usr/bin/tailscale update --yes"
May 15 20:53:38 appland tailscaled[623]: c2n: GET /update received
May 15 20:53:38 appland tailscaled[623]: c2n: POST /update received
The update doesn't complete and dnf update does show it as still available:
sudo dnf update tailscale
Last metadata expiration check: 0:14:44 ago on Wed 15 May 2024 10:12:07 PM EDT.
Dependencies resolved.Package Architecture Version Repository Size
Upgrading:
tailscale aarch64 1.66.3-1 tailscale-stable 25 MTransaction Summary
Upgrade 1 Package
Don't see a similar issue, so thought I'd raise this one.
Steps to reproduce
- See the upgrade available arrow in Admin Console
- Click start upgrade
- Upgrade says successful, but still doesn't apply the upgrade
Are there any recent changes that introduced the issue?
N/A
OS
Linux
OS version
Fedora 40
Tailscale version
1.66.1
Other software
This system runs nftables with a very basic firewall:
sudo cat /etc/sysconfig/nftables.conf
#This is our tailscale exit node firewall that will
#reside in another location other than our own
#don't trust anything coming in on the local network
#that we haven't established
#but always allow incoming tailscale connections
table inet firewall {
chain incoming {
type filter hook input priority 0; policy accept;
ct state vmap { invalid : drop, established : accept, related : accept }
iifname {end0, wlan0} drop
}
}
Bug report
BUG-4cdf818b0f9a73b8744cf16b6c8d23574f592b71d9cd3d1759d417d0dddac21d-20240516023044Z-2d19ef9f795e6ec1