majorlinux/majorwiki
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: majorlinux:dc897d4a6724a33560aa84025b53cb9a2d35061a
Branches Tags
majorlinux:main
majorlinux:code/majormac/wiki-draft-warp-iphonemirroring
majorlinux:code/majormac/tailscale-ios-hostname-fix
..
compare: majorlinux:318f50c50b212541e39760649716ecb0e7e72f25
Branches Tags
majorlinux:main
majorlinux:code/majormac/wiki-draft-warp-iphonemirroring
majorlinux:code/majormac/tailscale-ios-hostname-fix

No commits in common. "dc897d4a6724a33560aa84025b53cb9a2d35061a" and "318f50c50b212541e39760649716ecb0e7e72f25" have entirely different histories.
dc897d4a67 ... 318f50c50b

1 changed files with 3 additions and 7 deletions
Show stats Expand all files Collapse all files

10
05-troubleshooting/networking/ssh-socket-tailscale-race-condition.md
View file

@ -35,7 +35,7 @@ Add Tailscale dependency to the socket override:
# /etc/systemd/system/ssh.socket.d/override.conf
[Unit]
After=tailscaled.service
Requires=tailscaled.service
BindsTo=tailscaled.service
[Socket]
ListenStream=
@ -51,14 +51,11 @@ systemctl status ssh.socket # verify Listen: shows correct IP
```
- `After=` ensures the socket waits for Tailscale to start
- `Requires=` ensures tailscaled must be running for the socket to activate
!!! warning "Do NOT use BindsTo"
`BindsTo=tailscaled.service` creates a **systemd ordering cycle** during shutdown: `basic.target → sockets.target → ssh.socket → tailscaled.service → basic.target`. Systemd breaks the cycle by deleting jobs unpredictably, which can prevent `ssh.socket` from starting on the next boot — leaving SSH dead until manual intervention. This was discovered on 2026-05-23 after the original fix (2026-05-19) used `BindsTo` and caused a second outage on dcaprod-hetzner. `Requires` provides the startup dependency without the dangerous bidirectional lifecycle coupling.
- `BindsTo=` restarts the socket if Tailscale restarts, preventing stale binds
### Affected Hosts
Ubuntu hosts using `configure_tailscale_ssh_only.yml`: majorlinux, dcaprod-hetzner, tttpod-hetzner. Fedora hosts (majordiscord) use firewall rules for SSH restriction — not affected by this race.
Ubuntu hosts using `configure_tailscale_ssh_only.yml`: majorlinux, dcaprod-hetzner. Fedora hosts (majordiscord) use firewall rules for SSH restriction — not affected by this race.
---
@ -119,5 +116,4 @@ All hosts where Tailscale is the primary access path. Particularly impactful on
- [[dcaprod#2026-05-19 — SSH unreachable due to ssh.socket race condition with Tailscale]]
- [[majordiscord#2026-05-19 — Tailscale boot race: unreachable after Ansible reboot]]
- [[majorlinux#2026-05-19 — ssh.socket override patched: added Tailscale dependency]]
- [[dcaprod#2026-05-23 — SSH unreachable again: BindsTo ordering cycle in ssh.socket override]]
- Ansible: `configure_tailscale_ssh_only.yml`, `configure_tailscale_network_wait.yml`