Troubleshoot session recordings
This feature requires HCP Boundary or Boundary Enterprise
Refer to the following for information about how to troubleshoot recorded sessions.
Known bugs
Rotation of AWS access and secret keys during a session results in stale recordings:
In Boundary version 0.13.0, when you rotate a storage bucket's secrets, any new sessions use the new credentials. However, previously established sessions continue to use the old credentials.
As a best practice, administrators should rotate credentials in a phased manner, ensuring that all previously established sessions are completed before revoking the stale credentials. Otherwise, you may end up with recordings that aren't stored in the remote storage bucket and are unable to be played back.
Unsupported recovery workflow during worker failure:
If a worker fails during a recording, there is no way to recover the recording. This could happen due to a network connectivity issue or because a worker is scaled down, for example. There are a number of currently unsupported failure cases, including when the worker:
- Crashes and restarts while servicing connections and channels for session to an SSH target
- Crashes and restarts while closing a channel, before all files are synced to remote storage
- Crashes and restarts while closing a connection recorder, before all files are synced to remote storage
- Crashes and restarts while closing a session recorder, before all files are synced to remote storage
- Crashes and never restarts or is seen again while closing a channel/connection recorer/session recorder
- Loses its connection to the controller and cancels sessions, it must resend the information when com
Tips
When you create or update a storage bucket, the actions GetBucketAcl
and GetEncryptionConfiguration
can be helpful in debugging access issues.