Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nspawn containers with too long names conflict regarding veth name if `--network-veth` is used #10721

Closed
arianvp opened this issue Nov 10, 2018 · 5 comments

Comments

3 participants
@arianvp
Copy link
Contributor

commented Nov 10, 2018

systemd version the issue has been seen with

all up to v239

If you start

$ systemd-nspawn -M helloabcdef1 --private-network

allocates a veth named ve-helloabcdef

Then if you do

$ systemd-nspawn -M helloabcdef2 --private-network

it fails with:

Nov 10 11:47:50 t430s container helloabcdef2[5146]: Spawning container helloabcdef2 on /var/lib/containers/helloabcdef2.
Nov 10 11:47:50 t430s container helloabcdef2[5146]: Press ^] three times within 1s to kill container.
Nov 10 11:47:50 t430s container helloabcdef2[5146]: /etc/localtime does not point into /usr/share/zoneinfo/, not updating container timezone.
Nov 10 11:47:50 t430s container helloabcdef2[5146]: Failed to add new veth interfaces (ve-helloabcdef:host0): File exists
Nov 10 11:47:50 t430s container helloabcdef2[5146]: Parent died too early

Possible Fix
Perhaps we should document somewhere that containers names can not be longer than 11 characters?

Why are the veth names truncated anyway? Is there a good reason for it?
Edit: There seems to be a limitation on how long interface names can be.

Other possible fixes

  • Docker derives the veth pair name from the container id instead of the container name and keeps
    a mapping from name to id out of band. perhaps we can do the same for nspawn?
  • Make the Veth pair name truncate(sha256(name),11)
@poettering

This comment has been minimized.

Copy link
Member

commented Nov 12, 2018

  • Docker derives the veth pair name from the container id instead of the container name and keeps
    a mapping from name to id out of band. perhaps we can do the same for nspawn?

  • Make the Veth pair name truncate(sha256(name),11)

Well, that certainly doesn't make things more discoverable…

@poettering poettering changed the title Systemd-nspawn containers with too long names try to attach to the same veth and crash nspawn containers with too long names conflict regarding veth name if `--network-veth` is used Nov 12, 2018

@poettering

This comment has been minimized.

Copy link
Member

commented Nov 12, 2018

I figure you mean --network-veth btw, right? Not just "--private-network"...

@poettering

This comment has been minimized.

Copy link
Member

commented Nov 12, 2018

To me this sounds like something to document and be done with it. And users should use --network-veth-extra= instead, if the automatic naming doesn't work for them if the names get too long

@arianvp

This comment has been minimized.

Copy link
Contributor Author

commented Nov 12, 2018

I figure you mean --network-veth btw, right? Not just "--private-network"...

Yes, definitely.

To me this sounds like something to document and be done with it. And users should use --network-veth-extra= instead, if the automatic naming doesn't work for them if the names get too long

Documenting this sounds like a good solution to me

@poettering

This comment has been minimized.

Copy link
Member

commented Mar 14, 2019

docfix pending in #11989.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.