Allow terminus to work in an IPv6-only environment with DNS64/NAT64

[No0ne]

No description provided.

[LordSimal]

Why was this restriction added in the first place @greg-1-anderson ?

[namespacebrian]

I believe the appserver containers are not accessible via IPv6.

If you run dig appserver.<ENV>.<SITE_ID>.drush.in, e.g. dig appserver.dev.aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee.drush.in you should see that there are no AAAA records. They don't have IPv6 addresses.

You can see the exact hostname that's used with your terminus drush commands by adding the -vvvv parameter and looking for the line that starts [debug] shell command:. The hostname in that command, does it have an AAAA record?

[namespacebrian]

Did the change in this PR make something work for you that didn't work without it?

You should be able to composer install in the root of this repo, and then the bin/terminus script will run terminus directly from your local repo's working directory.

[No0ne]

Our company runs IPv6-only internally. With this option we cannot use terminus:

noone@imac20 ~ % ./terminus drush xxx.dev -- cr              
 [warning] This environment is in read-only Git mode. If you want to make changes to the codebase of this site (e.g. updating modules or plugins), you will need to toggle into read/write SFTP mode first.
ssh: connect to host appserver.dev.bd700643-a7fa-4d6f-b79b-68dbb792cf5d.drush.in port 2222: Undefined error: 0
 [notice] Command: xxx.dev -- drush cr [Exit: 255] (Attempt 1/1)
 [error]  Command: xxx.dev --  [Exit: 255] (All attempts failed) 
 [error]   
noone@imac20 ~ % 

 
We use DNS64:

noone@imac20 ~ % dig -t aaaa appserver.dev.bd700643-a7fa-4d6f-b79b-68dbb792cf5d.drush.in

; <<>> DiG 9.10.6 <<>> -t aaaa appserver.dev.bd700643-a7fa-4d6f-b79b-68dbb792cf5d.drush.in
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39467
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;appserver.dev.bd700643-a7fa-4d6f-b79b-68dbb792cf5d.drush.in. IN	AAAA

;; ANSWER SECTION:
appserver.dev.bd700643-a7fa-4d6f-b79b-68dbb792cf5d.drush.in. 240 IN AAAA 64:ff9b::2222:399f

;; Query time: 15 msec
;; SERVER: 2a01:aea0:df3:1::xxx#53(2a01:aea0:df3:1::xxx)
;; WHEN: Fri Oct 18 17:48:01 CEST 2024
;; MSG SIZE  rcvd: 116

noone@imac20 ~ % 

[namespacebrian]

I'm not sure you'll be able to get your packets routed to the appserver container since the internal network doesn't handle ipv6.

While we wait for input from @greg-1-anderson, if this code change will make terminus work for you then you should be unblocked; simply run terminus via the bin/terminus script in your clone of the repo, where you have removed the offending ssh parameter.

And if that really is working for you, do let us know and share details here.

[No0ne]

The packets are routed by our companies NAT64 router like in this picture here: https://en.wikipedia.org/wiki/NAT64

If I remove '-o "AddressFamily inet"' in src/Commands/Remote/SSHBaseCommand.php terminus works as expected without any IPv4 connectivity.

[namespacebrian]

Okay, then you should be unblocked, at least.