Skip to content
This repository has been archived by the owner on Jun 20, 2024. It is now read-only.

weave start with container name or short id leaks allocated IPs and DNS records #881

Closed
rade opened this issue Jun 9, 2015 · 2 comments
Closed

weave start with container name or short id leaks allocated IPs and DNS records #881

rade opened this issue Jun 9, 2015 · 2 comments
Assignees
@rade
Labels
bug [component/dns] [component/ipam]
Milestone
1.0.0

Comments

@rade
Copy link
Member

rade commented Jun 9, 2015

To reproduce

$ weave launch -iprange 10.3.0.0/24
c86dea6734a9bee5788e07a9cafa064178d5f930d4582e60d8d59ef7f7f3604b
$ weave launch-dns 10.3.1.1/24
6615e65710c480b30f492b03529b70313e7b6a89e31719f3274ab08d2b1e5328
$ docker create --name=foo -h foo.weave.local -ti ubuntu
ba6622c1301f614d5e38422324a718199629f45b6e22331b163e2878edd71b71
$ weave status | grep -E '(Free IPs|foo.weave.local)'
Allocator subnet 10.3.0.0/24  Free IPs: ~99.2%, 254 local, ~0 remote
$ weave start foo
foo
$ weave status | grep -E '(Free IPs|foo.weave.local)'
Allocator subnet 10.3.0.0/24  Free IPs: ~98.8%, 253 local, ~0 remote
foo: foo.weave.local.[10.3.0.1]
$ docker kill foo
foo
$ weave status | grep -E '(Free IPs|foo.weave.local)'
Allocator subnet 10.3.0.0/24  Free IPs: ~98.8%, 253 local, ~0 remote
foo: foo.weave.local.[10.3.0.1]

The problem stems from the fact that docker start just echoes back what it is given, rather than the full container id. Which is most useless.

This was spotted by @bboreham
@rade rade added the bug label Jun 9, 2015
@rade rade added this to the 1.0 milestone Jun 9, 2015
rade referenced this issue in bboreham/weave Jun 9, 2015
@bboreham
Need to explicitly get the full container ID from Docker because 'doc…
064dfc6 
…ker start' doesn't give it to us
@rade
Copy link
Member Author

rade commented Jun 9, 2015

The fix for this is trivial but we really should add some tests, at least for DNS (which should be easy; just check for a failing lookup). IPAM is harder.

@rade rade self-assigned this Jun 9, 2015
@bboreham
Copy link
Contributor

On the multi-subnet IPAM branch (#827), the fix is 064dfc6, the DNS test is c4f86fc and the IPAM test is part of eb92275

rade added a commit to rade/weave that referenced this issue Jun 10, 2015
@rade
feed full container id on weave start to DNS/IPAM
7a2b5c4 
We erroneously assumed that `docker start` returned the full container
id. It doesn't and as a result we populated DNS with records with ids
other than full container ids. And that's also what we told IPAM. As a
result, DNS and IPAM didn't clean up after the container's death,
resulting in stale DNS entries and leaked IPs.

Fixes weaveworks#881.
@rade rade mentioned this issue Jun 10, 2015
Merged
bboreham added a commit that referenced this issue Jun 10, 2015
@bboreham
Merge pull request #884 from rade/881_get_container_id_on_start
ae8985d 
LGTM. Fixes #881
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@rade rade

Labels
bug [component/dns] [component/ipam]
Projects
None yet
Milestone
1.0.0
Development

No branches or pull requests
2 participants
@rade @bboreham