retain peer identity across host reboots #901
Comments
|
So how can we come up with a persistent peer identity? One option is to derive the weave bridge MAC, and hence peer identity, from the docker engine id which shows up in |
|
Or use one MAC address of the host? Though I'm finding it hard to think of a rule to pick one interface, that will give a useful answer in a wide range of hosts and deployment scenarios. |
https://github.com/weaveworks/weave/blob/master/weave#L950 ;) |
|
Trying to pick a canonical primary network interface on a modern system sounds like a fool's quest to me. I thought we had an issue for persisting IPAM state. Could we bite that bullet and persist the randomly generated MAC address? |
any interface will do. As long as we pick the same one every time. And it has a stable MAC. |
Yes, that's #678 I referenced above.
Could do, but technically this issue is independent of IPAM. Hence separate issue, but conceivably one solution. |
Yes. I don't think that "as long as" is as easy as it might sound, even in a server environment. The days where you could just look at eth0 are long gone. |
Tell me about it. My laptop doesn't even have an eth0. It has a wlan0. Sometimes. |
|
How about deriving the bridge MAC, and hence peer identify, from I don't know when that was introduced; we can always fall back on the current method when it's not there. |
I haven't got it on ubuntu 14.04, but it does exist on 15.04. Doesn't look like it's a kernel thing - I'm running 3.19 in both. Googling suggests it's a systemd thing, but it was previously a dbus thing. And indeed I do have a |
|
In fact, rather than generating the MAC from the machine id, we could leave that as is (i.e. randomly generated) and instead change the derivation of the peer name, i.e. instead of deriving it from the bridge MAC, we derive it from the machine id and fall back on the bridge MAC if we cannot find a machine id. |
This provides a stable peer identity across reboots. Fixes #901.
This provides a stable peer identity across reboots. Fixes #901.
This provides a stable peer identity across reboots. Fixes #901.
...is hated by some, and not as unique as one would hope. There's gethostid and the |
|
Any chance to persist the MAC address assigned to the weave bridge on a file (just like machine-id does) and on reboot, look if that file is already there? Sorry if that was too dumb sugestion. |
|
The trouble with persisting the info in the filesystem is that you end up with duplication when the filesystem is cloned. Which, I suspect, is precisely what is happening in our CircleCI (where we end up with a whole bunch of hosts all claiming to have the same machine-id). |
|
Lennart Poettering's thoughts on the subject, with unsurprising conclusions. Using the contents of |
Use systemd? 😄
It seems to survive reboots on DigitalOcean too. Are your local VMs VirtualBox? Be interesting to get results for AWS and Azure as well. |
ID survival is actually less of a concern than duplication. I am really worried that some common way of creating "machines" via some cloning/copying/whatever mechanism might result in ID duplicates. I agree that testing on AWS and Azure would be good. |
This provides a stable peer identity across reboots. Fixes #901.
This provides a stable peer identity across reboots. Fixes #901.
...if possible. This provides a stable peer identity across reboots. If we cannot determinbe the system UUID then we revert to a random MAC, as before. Fixes #901.
...if possible. This provides a stable peer identity across reboots. If we cannot determinbe the system UUID then we revert to a random MAC, as before. Fixes #901.
ATM the peer's identity is the MAC address we assign to the weave bridge. This changes on reboots since the bridge doesn't survive them. One consequence of that is that we are prone to leaking IP addresses allocated with IPAM. See #678 and #894.
The text was updated successfully, but these errors were encountered: