Merge pull request #2409 from /issues/2381-awsvpc-fix-attach-router

Fix re-attaching of weave router in awsvpc mode

ipam/ring/ring.go

@@ -119,6 +119,8 @@ func New(start, end address.Address, peer mesh.PeerName, f OnUpdate) *Ring {
 }
 
 func (r *Ring) Restore(other *Ring) {
+	defer r.trackUpdates()()
+
 	onUpdate := r.onUpdate
 	*r = *other
 	r.onUpdate = onUpdate

ipam/tracker/awsvpc.go

@@ -21,6 +21,7 @@ package tracker
 import (
 	"fmt"
 	"net"
+	"syscall"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/ec2metadata"
@@ -94,14 +95,14 @@ func (t *AWSVPCTracker) HandleUpdate(prevRanges, currRanges []address.Range, loc
 	for _, cidr := range curr {
 		cidrStr := cidr.String()
 		t.debugf("adding route %s to %s", cidrStr, t.instanceID)
-		_, err := t.createVPCRoute(cidrStr)
-		if err != nil {
+		if _, err := t.createVPCRoute(cidrStr); err != nil {
 			return fmt.Errorf("createVPCRoutes failed: %s", err)
 		}
 		if local {
-			err = t.createHostRoute(cidrStr)
-			if err != nil {
-				return fmt.Errorf("createHostRoute failed: %s", err)
+			if err := t.createHostRoute(cidrStr); err != nil {
+				if errno, ok := err.(syscall.Errno); !(ok && errno == syscall.EEXIST) {
+					return fmt.Errorf("createHostRoute failed: %s", err)
+				}
 			}
 		}
 	}
@@ -110,13 +111,11 @@ func (t *AWSVPCTracker) HandleUpdate(prevRanges, currRanges []address.Range, loc
 	for _, cidr := range prev {
 		cidrStr := cidr.String()
 		t.debugf("removing %s route", cidrStr)
-		_, err := t.deleteVPCRoute(cidrStr)
-		if err != nil {
+		if _, err := t.deleteVPCRoute(cidrStr); err != nil {
 			return fmt.Errorf("deleteVPCRoute failed: %s", err)
 		}
 		if local {
-			err = t.deleteHostRoute(cidrStr)
-			if err != nil {
+			if err := t.deleteHostRoute(cidrStr); err != nil {
 				return fmt.Errorf("deleteHostRoute failed: %s", err)
 			}
 		}

weave

@@ -1655,9 +1655,12 @@ launch_router() {
         "$@")
     setup_router_iface_$BRIDGE_TYPE
     wait_for_status $CONTAINER_NAME http_call $HTTP_ADDR
+    setup_awsvpc
     populate_router
+}
+
+setup_awsvpc() {
     if [ -n "$AWSVPC" ]; then
-        expose_ip
         # Set proxy_arp on the bridge, so that it could accept packets destined
         # to containers within the same subnet but running on remote hosts.
         # Without it, exact routes on each container are required.
@@ -1666,6 +1669,7 @@ launch_router() {
         # placing the request into a bounded queue as it can be seen:
         # https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/net/ipv4/arp.c?id=refs/tags/v4.6.1#n819
         echo 0 >/proc/sys/net/ipv4/neigh/$BRIDGE/proxy_delay
+        expose_ip
     fi
 }
 
@@ -1679,7 +1683,8 @@ fetch_router_args() {
 populate_router() {
     if [ -n "$IPRANGE" ] ; then
         # Tell the newly-started weave IP allocator about existing weave IPs
-        with_container_addresses ipam_reclaim_no_check_alive weave:expose
+        # In the case of AWSVPC, we do expose before calling populate_router
+        [ -n "$AWSVPC" ] || with_container_addresses ipam_reclaim_no_check_alive weave:expose
         with_container_addresses ipam_reclaim $(docker ps -q --no-trunc)
     fi
     if [ -z "$NO_DNS_OPT" ] ; then
@@ -1956,10 +1961,13 @@ EOF
     attach-router)
         check_running $CONTAINER_NAME
         enforce_docker_bridge_addr_assign_type
+        # We cannot use detect_awsvpc here, because HTTP server might not be started
+        ! docker inspect -f '{{.Config.Cmd}}' $CONTAINER_NAME | grep -q -- "--awsvpc" || AWSVPC=1
         create_bridge
         fetch_router_args
         setup_router_iface_$BRIDGE_TYPE
         wait_for_status $CONTAINER_NAME http_call $HTTP_ADDR
+        setup_awsvpc
         populate_router
         ;;
     launch-proxy)