Skip to content

@bboreham bboreham released this Jun 18, 2015 · 4571 commits to master since this release

Highlights:

  • It is now easier than ever to start containers and for them to communicate, across multiple hosts. Automatic IP address allocation, and name resolution via weaveDNS are now enabled by default, and the proxy has become more fully-featured. In short, once weave has been launched the following is possible:

      host1$ docker run --name=pingme -dti ubuntu
      host2$ docker run -ti ubuntu
      root@d11e9287f65b:/# ping pingme
    
  • Containers can now be
    load-balanced
    easily.

  • IP address allocation is now available across multiple
    subnets
    ,
    and hence can be employed when running multiple, isolated
    applications.

  • The proxy now supports TLS
    connections
    ,
    enabling its deployment when the communication between docker
    clients and the server must be secured.

There are many other new features, plus the usual assortment of bug fixes and improvements under the hood. More detail below and in the change log.

NB: This release changes the weave protocol version. Therefore, when upgrading an existing installation, all hosts need to be upgraded in order to for them to be able to communicate and form a network.

new IP address allocation features

new weaveDNS features

new proxy features

new administrative features

  • finer-grained control over peer
    topology
    • introduce weave connect --replace to replace command line peer
      addresses. #658/#794
    • permit invocation of weave connect/forget with multiple
      peers. #759/#697
    • add -nodisco option to weave launch to disable peer discovery
      and thus give complete control over peer topology. #847/#853
    • add command line peers to status output. #659/#764, #660/#764
  • document recommendations on using a strong
    password
    . #641/#844
  • more detailed documentation on -initpeercount. #758/#946
  • improvements to weave and container startup
    • don't time out in weave launch/launch-dns/launch-proxy, since that
      can lead to spurios failures on busy machines. #666/#828
    • don't leave weave containers running when their network
      configuration failed on startup. #192/#831
    • reduce container startup time. #710/#785, #654/#706
    • more helpful error message when weave, weavedns or the proxy fail on startup. #958
  • make weave status fail when weave isn't running, which is useful
    for scripted monitoring. #784/#789
  • facilitate installation of weave from private docker registries, by
    supplying a custom DOCKERHUB_USER. #887

bug fixes

  • various edge cases could cause leaked IP addresses or stale DNS records:
    • restarting weave when there are containers with automatically
      allocated IP addresses that subsequently die. #818/#823
    • death of container just as we are registering it in
      DNS. #821/#865/#904
    • death of container just after we requested automatic IP allocation
      for it. #819/#907
    • death of container that was started with weave start using a
      container name or short id. #881/#884
    • weave detaching an automatically allocated IP address. #861/#827
  • some errors were being misreported:
    • network configuration errors during weave ... command execution
      were swallowed and misreported as container deaths. #829/#830
    • when starting application containers, a failure to obtain an
      automatically allocated IP address would be misreported, and leave
      the container running. #921/#889/#932
    • when a container started via the proxy terminates quickly that
      could be misreported as an unexpected container
      death. #812/#820/#824
    • weave run was terminating silently when weave got stopped during
      IP allocation. #916/#918
    • weave --local run, without further arguments, would show the
      weave usage instead of letting docker complain about the lack of
      arguments. #910
    • running weave --local ... on a system w/o nsenter would
      produce a hard to decipher error. #895
  • miscellaneous fixes:
    • weave crypto could use the same nonce twice, which provided
      potential attack vectors. #927/#928
    • prevent access to the weaveDNS HTTP API from containers, which had
      made running weaveDNS in the same subnet as application containers
      more insecure than it should be. #899/#906
    • specifying any weave launch argument before -password, -port, or
      -iprange would result in the latter being ignored or not processed
      correctly. #816/#852
    • failed connection attempts between peers could be re-tried too
      quickly. #412/#832
    • fix a race condition in peer topology encoder, resulting from a
      missing lock. #883

build & tests bug fixes and improvements

  • transient Alpine Linux repository issues during build could result
    in silently broken weaveexec image. #663
  • fixed a number of race conditions that caused spurious failures in
    the unit tests for IPAM (#779/#793, #802/#822, #915/#919), DNS
    (#798/#836/#892/#917, #934/#937, #935), and topology gossip
    (#885/#886/#902)
  • prevent port clashes. #720/#792
  • fix occasional timeout for non-weave name resolution in
    tests. #347/#761
  • shrink top level dir by moving exe/image sub-dirs. #420/#817
  • run linter on travis. #765
  • various fixes and improvements to CircleCI
    integration. #791/#796/#797
  • introduce a mechanism to run individual smoke tests. #728

improvements "under the hood"

  • switch to a new protocol header and version negotiation, which is
    flexible enough to permit radical changes with the possibility of
    retaining compatibility. #871/#920
  • make it easier to change some aspects of the weave protocol w/o
    breaking compatibility. #911/#914
  • limit acceptance rate on peer connections in order to guard against
    online dictionary attacks on the weave password. #837/#839.
  • simplify UDP fragmentation check. #746/#888
  • simplify proxy interceptor code. #879
  • don't hash gossip channel names. #745/#748
  • improve IPAM HTTP API to allow lookup of addresses allocated to a
    particular container. #825
  • remove pointless DOCKER_HOST parsing for proxy. #807/#808
  • restore the "--fallback" argument in WeaveDNS. #773
  • introduce helper function to make status output more
    consistent. #863
Assets 3
You can’t perform that action at this time.