Use IP before DNS/hostname in SSH for AAIP

[DonZoomik]

Scenario:
* AAIP is required for some VMs with hostnames as vmname.zone.com
* There are no records for vmname in zone.com (only public zone without split-brain exists)
* zone.com is wildcard enabled so all requests for vmname get A/CNAME record for www.zone.com (you never get a NXDOMAIN reply)
* AAIP processing gets very slow as it waits for SSH timeout connecting to www.zone.com (wrong host). It eventually succeeds with IP
* Key-based login is desired, that does not seem to work with WIX

Is is possible to use VM's IP before hostname/DNS?
Some global registry value? I googled and looked through documentation and could not find such functionality.

[PTide]

Hi,

Would you elaborate on that, please?

Key-based login is desired, that does not seem to work with WIX

Did you mean VIX? If so then it is not quite clear what exactly does not work in your case?

Thanks

[DonZoomik]

My mistake, I meant VIX.

When we try to login via VIX first (setting InverseVssProtocolOrder) with "Linux Private key" credential, it fails with:

Code: Select all

[25.10.2018 16:19:38]      Info             Connecting to host [IP] over web service. Login: [user@domain].. Failed.
[25.10.2018 16:19:38]      Error             Cannot connect to host [IP] over web service. Login: [user@domain]. GuestLogin: [veeam].
[25.10.2018 16:19:38]      Error             Could not copy host file [C:\Program Files\Veeam\Backup and Replication\Backup\vblkid] to guest [\{f24afa0a-55ee-4ed5-b4fe-4a25e9959685}\vblkid]
[25.10.2018 16:19:38]      Error             Could not copy host file [C:\Program Files\Veeam\Backup and Replication\Backup\vblkid] to guest [vm-1739] file [\{f24afa0a-55ee-4ed5-b4fe-4a25e9959685}\vblkid]
[25.10.2018 16:19:38]      Error             Could not upload file [C:\Program Files\Veeam\Backup and Replication\Backup\vblkid] to []
[25.10.2018 16:19:38]      Error             Could not initiate HTTP connection
[25.10.2018 16:19:38]      Error             Connection handle is empty. System error code: 12005
[25.10.2018 16:19:38] <26> Error    Failed to create oracle proxy VIX connection: System.Runtime.InteropServices.COMException (0x80004005): Error HRESULT E_FAIL has been returned from a call to a COM component.
[25.10.2018 16:19:38] <26> Error       at VeeamGuestHelperCtrlLib.LinuxVixConnectionClass.ConnectByWebService(String hostIPAddr, UInt16 portNumber, String hostLogin, String hostPwd, String vmRef, String guestLogin, String guestPwd, String proxyGuestDir, Boolean installProxy)
[25.10.2018 16:19:38] <26> Error       at Veeam.Backup.VssProvider.COracleLinVixProxy..ctor(GuestVssConnectionSpec connSpec)
[25.10.2018 16:19:38] <26> Error       at Veeam.Backup.Core.CLogShippingProxyFactory.doInverseConnection(GuestVssConnectionSpec connectionSpec, Exception& networkExc)

Same credentials work fine over SSH, just waiting for wrong DNS record timeouts takes several minutes. Judging by function parameters "String guestLogin, String guestPwd" there is no option to do key-based login.

So we'd prefer to skip DNS resolution and use VM's IPs first.

[PTide]

Hi,

Did I get it right:

1. You've specified a Linux account whith a private key, but haven't provided any password.
2. A private key and a username combination is sufficient for ssh connection, so it works fine.
3. VIX fails since it is unable to use key-based (just by the nature of VIX) and no password to use has been supplied.

Is that correct?

Thanks!

[DonZoomik]

Yes, that's correct.

[PTide]

Got it. From my point of view an additional "password" field for private-key authentication method should address that problem. Do you agree?
Regarding skipping DNS resolution in favor of VM's IPs usage - we need to discuss that internally with the team. Your feedback is appreciated.

Thanks!

[DonZoomik]

Password fallback would be an option. I'll see if I can get the team to revert to user-pass login for VIX as it's the most realistic scenario for now.