From e05345d3bbc6eca597efd4d7b28cec0d7fe4d85a Mon Sep 17 00:00:00 2001 From: Bryan Boreham Date: Tue, 17 Apr 2018 10:24:00 +0100 Subject: [PATCH 1/4] Add instructions for 'seeded by different peers' message --- site/tasks/ipam/troubleshooting-ipam.md | 15 +++++++++++++++ site/troubleshooting.md | 4 ++++ 2 files changed, 19 insertions(+) diff --git a/site/tasks/ipam/troubleshooting-ipam.md b/site/tasks/ipam/troubleshooting-ipam.md index bddffb5366..b9cd131843 100644 --- a/site/tasks/ipam/troubleshooting-ipam.md +++ b/site/tasks/ipam/troubleshooting-ipam.md @@ -67,3 +67,18 @@ Columns are as follows: partition, it may be because the peer has failed and needs to be removed administratively - see [Starting, Stopping and Removing Peers](/site/tasks/ipam/stop-remove-peers-ipam.md) for more details. + + +### Seeded by Different Peers + +If you see the message: `IP allocation was seeded by different peers`, +this means that some Weave Net peers were initialized into one cluster +and some into another cluster; Weave Net cannot operate in this state. + +To recover, you need to eliminate the IPAM data from the affected +nodes and restart. If you installed via the Kubernetes Addon, this +data will be in a file under `/var/lib/weave` on the node - delete +this file and restart the node. + +For other installations, run `weave reset` and restart. Any existing +connections to containers will be lost. diff --git a/site/troubleshooting.md b/site/troubleshooting.md index 7ade9e43ed..e98ac08502 100644 --- a/site/troubleshooting.md +++ b/site/troubleshooting.md @@ -157,6 +157,9 @@ The columns are as follows: the encryption mode, data transport method, remote peer name and nickname for pending and established connections, mtu if known +Specific error messages: +* `IP allocation was seeded by different peers` - [more details here](/site/ipam/troubleshooting-ipam.md#seeded-different-peers) + ### List Peers Detailed information on peers can be obtained with `weave status @@ -329,5 +332,6 @@ and the container image versions as git hashes. **See Also** + * [Troubleshooting the Kubernetes Addon](/site/kubernetes/kube-addon/#troubleshooting) * [Troubleshooting IPAM](/site/tasks/ipam/troubleshooting-ipam.md) * [Troubleshooting the Proxy](/site/tasks/weave-docker-api/using-proxy.md) From 391b55ceafd911efc189e13d9f0c375a3954570b Mon Sep 17 00:00:00 2001 From: Bryan Boreham Date: Mon, 23 Apr 2018 14:24:44 +0100 Subject: [PATCH 2/4] Add note about ip forward setting --- site/kubernetes/kube-addon.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/site/kubernetes/kube-addon.md b/site/kubernetes/kube-addon.md index fdf37967b3..2442e8c97a 100644 --- a/site/kubernetes/kube-addon.md +++ b/site/kubernetes/kube-addon.md @@ -303,6 +303,10 @@ UDP connection from 10.32.0.7:56648 to 10.32.0.11:80 blocked by Weave NPC. pods can talk. - If you do set the `--cluster-cidr` option on kube-proxy, make sure it matches the `IPALLOC_RANGE` given to Weave Net (see below) +- IP forwarding must be enabled on each node, in order for pods to + access Kubernetes services or other IP addresses on another + network. Check this with `sysctl net.ipv4.ip_forward`; the result + should be `1`. ## Changing Configuration Options From 22ecf505e3862d2f2fc885c00be14ae234abaf82 Mon Sep 17 00:00:00 2001 From: Bryan Boreham Date: Wed, 2 May 2018 06:06:58 +0100 Subject: [PATCH 3/4] Added note about security implications of enabling IP forwarding --- site/kubernetes/kube-addon.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/site/kubernetes/kube-addon.md b/site/kubernetes/kube-addon.md index 2442e8c97a..e631940072 100644 --- a/site/kubernetes/kube-addon.md +++ b/site/kubernetes/kube-addon.md @@ -306,7 +306,8 @@ UDP connection from 10.32.0.7:56648 to 10.32.0.11:80 blocked by Weave NPC. - IP forwarding must be enabled on each node, in order for pods to access Kubernetes services or other IP addresses on another network. Check this with `sysctl net.ipv4.ip_forward`; the result - should be `1`. + should be `1`. (Be aware that there can be security implications of + enabling IP forwarding) ## Changing Configuration Options From 9f207f161a160e1f09f472015c346976547a0dc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Carr=C3=A9?= Date: Fri, 11 May 2018 19:54:05 +0100 Subject: [PATCH 4/4] Add org.opencontainers.image.* labels to Dockerfiles - This should ultimately help for image-to-code back references. - `org.label-schema.*` labels are now deprecated, in favour of `org.opencontainers.image.*` labels. See also: https://github.com/opencontainers/image-spec/blob/master/annotations.md#back-compatibility-with-label-schema - Git revision is now injected at `docker build` time. --- Makefile | 11 ++++++----- prog/weave-kube/Dockerfile.template | 11 +++++++++++ prog/weave-npc/Dockerfile.template | 24 ++++++++++++++++++------ prog/weavedb/Dockerfile | 14 ++++++++++++-- prog/weaveexec/Dockerfile.template | 10 ++++++++++ prog/weaver/Dockerfile.template | 24 ++++++++++++++++++------ 6 files changed, 75 insertions(+), 19 deletions(-) diff --git a/Makefile b/Makefile index ece9c26027..6b55e5400d 100644 --- a/Makefile +++ b/Makefile @@ -101,6 +101,7 @@ endif # The name of the user that this Makefile should produce image artifacts for. Can/should be overridden DOCKERHUB_USER?=weaveworks # The default version that's chosen when pushing the images. Can/should be overridden +GIT_REVISION=$(shell git rev-parse HEAD) WEAVE_VERSION?=git-$(shell git rev-parse --short=12 HEAD) # Docker Store does not allow the "latest" tag. NET_PLUGIN_LATEST=latest_release @@ -274,7 +275,7 @@ endif $(WEAVER_UPTODATE): prog/weaver/Dockerfile.$(DOCKERHUB_USER) $(WEAVER_EXE) weave $(WEAVEUTIL_EXE) cp $(WEAVEUTIL_EXE) prog/weaver/weaveutil cp weave prog/weaver/weave - $(SUDO) DOCKER_HOST=$(DOCKER_HOST) docker build -f prog/weaver/Dockerfile.$(DOCKERHUB_USER) -t $(WEAVER_IMAGE) prog/weaver + $(SUDO) DOCKER_HOST=$(DOCKER_HOST) docker build --build-arg=revision=$(GIT_REVISION) -f prog/weaver/Dockerfile.$(DOCKERHUB_USER) -t $(WEAVER_IMAGE) prog/weaver touch $@ $(WEAVEEXEC_UPTODATE): prog/weaveexec/Dockerfile.$(DOCKERHUB_USER) prog/weaveexec/symlink $(SIGPROXY_EXE) $(WEAVEWAIT_EXE) $(WEAVEWAIT_NOOP_EXE) $(WEAVEWAIT_NOMCAST_EXE) $(WEAVER_UPTODATE) @@ -282,7 +283,7 @@ $(WEAVEEXEC_UPTODATE): prog/weaveexec/Dockerfile.$(DOCKERHUB_USER) prog/weaveexe cp $(WEAVEWAIT_EXE) prog/weaveexec/weavewait cp $(WEAVEWAIT_NOOP_EXE) prog/weaveexec/weavewait_noop cp $(WEAVEWAIT_NOMCAST_EXE) prog/weaveexec/weavewait_nomcast - $(SUDO) DOCKER_HOST=$(DOCKER_HOST) docker build -f prog/weaveexec/Dockerfile.$(DOCKERHUB_USER) -t $(WEAVEEXEC_IMAGE) prog/weaveexec + $(SUDO) DOCKER_HOST=$(DOCKER_HOST) docker build --build-arg=revision=$(GIT_REVISION) -f prog/weaveexec/Dockerfile.$(DOCKERHUB_USER) -t $(WEAVEEXEC_IMAGE) prog/weaveexec touch $@ # Builds Docker plugin. @@ -304,15 +305,15 @@ $(PLUGIN_UPTODATE): prog/net-plugin/launch.sh prog/net-plugin/config.json $(WEAV $(WEAVEKUBE_UPTODATE): prog/weave-kube/Dockerfile.$(DOCKERHUB_USER) prog/weave-kube/launch.sh $(KUBEPEERS_EXE) $(WEAVER_UPTODATE) cp $(KUBEPEERS_EXE) prog/weave-kube/ - $(SUDO) docker build -f prog/weave-kube/Dockerfile.$(DOCKERHUB_USER) -t $(WEAVEKUBE_IMAGE) prog/weave-kube + $(SUDO) docker build --build-arg=revision=$(GIT_REVISION) -f prog/weave-kube/Dockerfile.$(DOCKERHUB_USER) -t $(WEAVEKUBE_IMAGE) prog/weave-kube touch $@ $(WEAVENPC_UPTODATE): prog/weave-npc/Dockerfile.$(DOCKERHUB_USER) $(WEAVENPC_EXE) prog/weave-npc/ulogd.conf - $(SUDO) docker build -f prog/weave-npc/Dockerfile.$(DOCKERHUB_USER) -t $(WEAVENPC_IMAGE) prog/weave-npc + $(SUDO) docker build --build-arg=revision=$(GIT_REVISION) -f prog/weave-npc/Dockerfile.$(DOCKERHUB_USER) -t $(WEAVENPC_IMAGE) prog/weave-npc touch $@ $(WEAVEDB_UPTODATE): prog/weavedb/Dockerfile - $(SUDO) docker build -t $(WEAVEDB_IMAGE) prog/weavedb + $(SUDO) docker build --build-arg=revision=$(GIT_REVISION) -t $(WEAVEDB_IMAGE) prog/weavedb touch $@ $(NETWORKTESTER_UPTODATE): test/images/network-tester/Dockerfile $(NETWORKTESTER_EXE) diff --git a/prog/weave-kube/Dockerfile.template b/prog/weave-kube/Dockerfile.template index 8ceaae36ed..6a67494377 100644 --- a/prog/weave-kube/Dockerfile.template +++ b/prog/weave-kube/Dockerfile.template @@ -1,3 +1,14 @@ FROM DOCKERHUB_USER/weaveARCH_EXT + +# These labels are pretty static, and can therefore be added early on: +LABEL maintainer="Weaveworks " \ + org.opencontainers.image.title="weave-kube" \ + org.opencontainers.image.source="https://github.com/weaveworks/weave" \ + org.opencontainers.image.vendor="Weaveworks" + ADD ./launch.sh ./kube-peers /home/weave/ ENTRYPOINT ["/home/weave/launch.sh"] + +# This label will change for every build, and should therefore be the last layer of the image: +ARG revision +LABEL org.opencontainers.image.revision="${revision}" diff --git a/prog/weave-npc/Dockerfile.template b/prog/weave-npc/Dockerfile.template index 529cf015f9..2499f2a9b9 100644 --- a/prog/weave-npc/Dockerfile.template +++ b/prog/weave-npc/Dockerfile.template @@ -1,17 +1,24 @@ FROM ALPINE_BASEIMAGE -# If we're building for another architecture than amd64, the CROSS_BUILD_ placeholder is removed so e.g. CROSS_BUILD_COPY turns into COPY -# If we're building normally, for amd64, CROSS_BUILD lines are removed -CROSS_BUILD_COPY qemu-QEMUARCH-static /usr/bin/ - -LABEL maintainer "Weaveworks Inc " -LABEL works.weave.role=system \ +# These labels are pretty static, and can therefore be added early on: +LABEL works.weave.role="system" \ + maintainer="Weaveworks " \ + org.opencontainers.image.title="Weave Net" \ + org.opencontainers.image.description="Weave Net creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery" \ + org.opencontainers.image.url="https://weave.works" \ + org.opencontainers.image.source="https://github.com/weaveworks/weave" \ + org.opencontainers.image.vendor="Weaveworks" \ + org.label-schema.schema-version="1.0" \ org.label-schema.name="Weave Net" \ org.label-schema.description="Weave Net creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery" \ org.label-schema.url="https://weave.works" \ org.label-schema.vcs-url="https://github.com/weaveworks/weave" \ org.label-schema.vendor="Weaveworks" +# If we're building for another architecture than amd64, the CROSS_BUILD_ placeholder is removed so e.g. CROSS_BUILD_COPY turns into COPY +# If we're building normally, for amd64, CROSS_BUILD lines are removed +CROSS_BUILD_COPY qemu-QEMUARCH-static /usr/bin/ + RUN apk add --update \ iptables \ ipset \ @@ -21,3 +28,8 @@ RUN apk add --update \ COPY ./weave-npc /usr/bin/weave-npc COPY ./ulogd.conf /etc/ulogd.conf ENTRYPOINT ["/usr/bin/weave-npc"] + +# These labels will change for every build, and should therefore be the last layer of the image: +ARG revision +LABEL org.opencontainers.image.revision="${revision}" \ + org.label-schema.vcs-ref="${revision}" diff --git a/prog/weavedb/Dockerfile b/prog/weavedb/Dockerfile index e91fbd6188..fda33a4db7 100644 --- a/prog/weavedb/Dockerfile +++ b/prog/weavedb/Dockerfile @@ -1,7 +1,17 @@ # This is a nearly-empty image that we use to create a data-only container for persistence FROM scratch -LABEL maintainer "Weaveworks Inc " -LABEL works.weave.role=system + +# These labels are pretty static, and can therefore be added early on: +LABEL works.weave.role="system" \ + maintainer="Weaveworks " \ + org.opencontainers.image.title="weavedb" \ + org.opencontainers.image.source="https://github.com/weaveworks/weave" \ + org.opencontainers.image.vendor="Weaveworks" + ENTRYPOINT ["data-only"] # Work round Docker refusing to save an empty image COPY Dockerfile / + +# This label will change for every build, and should therefore be the last layer of the image: +ARG revision +LABEL org.opencontainers.image.revision="${revision}" diff --git a/prog/weaveexec/Dockerfile.template b/prog/weaveexec/Dockerfile.template index e0e66436d2..237fa966c8 100644 --- a/prog/weaveexec/Dockerfile.template +++ b/prog/weaveexec/Dockerfile.template @@ -1,5 +1,11 @@ FROM DOCKERHUB_USER/weaveARCH_EXT +# These labels are pretty static, and can therefore be added early on: +LABEL maintainer="Weaveworks " \ + org.opencontainers.image.title="weaveexec" \ + org.opencontainers.image.source="https://github.com/weaveworks/weave" \ + org.opencontainers.image.vendor="Weaveworks" + ENTRYPOINT ["/home/weave/sigproxy", "/home/weave/weave"] ADD ./sigproxy ./symlink /home/weave/ @@ -7,3 +13,7 @@ ADD ./weavewait /w/w ADD ./weavewait_noop /w-noop/w ADD ./weavewait_nomcast /w-nomcast/w WORKDIR /home/weave + +# This label will change for every build, and should therefore be the last layer of the image: +ARG revision +LABEL org.opencontainers.image.revision="${revision}" diff --git a/prog/weaver/Dockerfile.template b/prog/weaver/Dockerfile.template index 7e9d951355..9880cc3107 100644 --- a/prog/weaver/Dockerfile.template +++ b/prog/weaver/Dockerfile.template @@ -1,17 +1,24 @@ FROM ALPINE_BASEIMAGE -# If we're building for another architecture than amd64, the CROSS_BUILD_ placeholder is removed so e.g. CROSS_BUILD_COPY turns into COPY -# If we're building normally, for amd64, CROSS_BUILD lines are removed -CROSS_BUILD_COPY qemu-QEMUARCH-static /usr/bin/ - -LABEL maintainer "Weaveworks Inc " -LABEL works.weave.role=system \ +# These labels are pretty static, and can therefore be added early on: +LABEL works.weave.role="system" \ + maintainer="Weaveworks " \ + org.opencontainers.image.title="Weave Net" \ + org.opencontainers.image.description="Weave Net creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery" \ + org.opencontainers.image.url="https://weave.works" \ + org.opencontainers.image.source="https://github.com/weaveworks/weave" \ + org.opencontainers.image.vendor="Weaveworks" \ + org.label-schema.schema-version="1.0" \ org.label-schema.name="Weave Net" \ org.label-schema.description="Weave Net creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery" \ org.label-schema.url="https://weave.works" \ org.label-schema.vcs-url="https://github.com/weaveworks/weave" \ org.label-schema.vendor="Weaveworks" +# If we're building for another architecture than amd64, the CROSS_BUILD_ placeholder is removed so e.g. CROSS_BUILD_COPY turns into COPY +# If we're building normally, for amd64, CROSS_BUILD lines are removed +CROSS_BUILD_COPY qemu-QEMUARCH-static /usr/bin/ + RUN apk add --update \ curl \ ethtool \ @@ -29,3 +36,8 @@ ADD ./weaveutil /usr/bin/ ADD weavedata.db /weavedb/ ENTRYPOINT ["/home/weave/weaver"] WORKDIR /home/weave + +# These labels will change for every build, and should therefore be the last layer of the image: +ARG revision +LABEL org.opencontainers.image.revision="${revision}" \ + org.label-schema.vcs-ref="${revision}"