Periodically check for up to date versions of weave. #1954

tomwilkie · 2016-02-04T16:37:03Z

Every 6 hours, hit https://checkpoint-api.weave.works looking for current versions of Weave. If a new version is found, log it.

Reuses the same library as Hashicorp's products.

rade · 2016-02-04T17:36:50Z

Leaving aside whether this is a good idea in principle..., I see the following issues:

we spent considerable effort figuring out a stable uuid - see Derive peer name from product_uuid #1866. We should use that since it is "more unique" than go-checkpoint's ID. This would also resolve the 2nd and 3rd issue...
the need to mount /etc/weave, and write to it, is horrible
AFAICT the go-checkpoint code is not concurrency safe - if you have multiple programs, e.g. weave net and scope, starting simultaneously and generate an ID then things will go wrong
go-checkpoint transmits way more info than we need, e.g. OS/Arch.

README.md

@@ -55,6 +55,12 @@ For installing weave on other platforms, follow the [integration guides](http://
 Weave respects the environment variable `DOCKER_HOST`, so you can run
 it locally to control a weave network on a remote host.

+Weave will periodically check with our servers to see if a new version is available. To disable this, run:


tomwilkie · 2016-02-26T11:11:01Z

I've addressed 1-3. I'd like to leave 4 as is.

prog/weaver/main.go

+	params := checkpoint.CheckParams{
+		Product:       "weave-net",
+		Version:       version,
+		SignatureFile: "",


tomwilkie · 2016-02-26T12:07:38Z

@awh have fixed in weaveworks/go-checkpoint#1 and updated here. PTAL.

.gitmodules

+[submodule "vendor/github.com/weaveworks/go-checkpoint"]
+	path = vendor/github.com/weaveworks/go-checkpoint
+	url = https://github.com/weaveworks/go-checkpoint
+[submodule "vendor/github.com/certifi/gocertifi"]


awh · 2016-02-26T16:06:40Z

@tom this appears to have a file descriptor leak. Here's a tcpdump of weave launch; first you can see it perform the actual version check:

$ sudo tcpdump -n -i any port https
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
15:50:17.452567 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [S], seq 1882626887, win 29200, options [mss 1460,sackOK,TS val 25446958 ecr 0,nop,wscale 7], length 0
15:50:17.467898 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [S.], seq 160666113, ack 1882626888, win 65535, options [mss 1460], length 0
15:50:17.467917 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 1, win 29200, length 0
15:50:17.468210 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [P.], seq 1:164, ack 1, win 29200, length 163
15:50:17.468280 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 164, win 65535, length 0
15:50:17.502345 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [P.], seq 1:1419, ack 164, win 65535, length 1418
15:50:17.502374 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 1419, win 31196, length 0
15:50:17.503007 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [P.], seq 1419:2966, ack 164, win 65535, length 1547
15:50:17.503019 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 2966, win 34080, length 0
15:50:17.515090 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [P.], seq 164:239, ack 2966, win 34080, length 75
15:50:17.515982 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 239, win 65535, length 0
15:50:17.516380 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [P.], seq 239:245, ack 2966, win 34080, length 6
15:50:17.516397 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 245, win 65535, length 0
15:50:17.516575 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [P.], seq 245:290, ack 2966, win 34080, length 45
15:50:17.516608 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 290, win 65535, length 0
15:50:17.602752 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [P.], seq 2966:3017, ack 290, win 65535, length 51
15:50:17.603272 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [P.], seq 290:583, ack 3017, win 34080, length 293
15:50:17.603291 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:50:17.934270 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [P.], seq 3017:3679, ack 583, win 65535, length 662
15:50:17.973090 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3679, win 36920, length 0

Then, 30s later, more traffic (HTTP keepalive?). The HTTPS connection to checkpoint-api.weave.works is still ESTABLISHED on the weave host:

15:50:47.933103 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3679, win 36920, length 0
15:50:47.933338 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0

A minute after launch, we get a FIN from the checkpoint API (which we ACK):

15:51:17.937087 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3679, win 36920, length 0
15:51:17.937204 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:51:17.945569 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [F.], seq 3679, ack 583, win 65535, length 0
15:51:17.985098 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0

But no FIN in the other direction. HTTPS connection is now in CLOSE_WAIT on the weave host. Then forever more:

15:51:48.017074 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:51:48.017181 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:52:18.097093 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:52:18.097204 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:52:48.177084 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:52:48.177197 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:53:18.257077 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:53:18.257191 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:53:48.337094 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:53:48.337205 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:54:18.417088 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:54:18.417254 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:54:48.497083 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:54:48.497192 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:55:18.577095 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:55:18.577202 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:55:48.657096 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:55:48.657218 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:56:18.737089 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:56:18.737197 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:56:48.817082 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:56:48.817191 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:57:18.897105 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:57:18.897355 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:57:48.977103 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:57:48.977227 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:58:19.057087 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:58:19.057190 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:58:49.137106 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:58:49.137236 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:59:19.217089 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:59:19.217198 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
15:59:49.297096 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
15:59:49.297214 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
16:00:19.377871 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
16:00:19.377981 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0
16:00:49.457082 IP 10.0.2.15.52302 > 74.125.24.121.443: Flags [.], ack 3680, win 36920, length 0
16:00:49.457190 IP 74.125.24.121.443 > 10.0.2.15.52302: Flags [.], ack 583, win 65535, length 0

Ten minutes have elapsed. On weave host:

$ sudo lsof -p $(pidof weaver) -a -i tcp
COMMAND   PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
weaver  10276 root    9u  IPv4 1734917      0t0  TCP vagrant-ubuntu-wily-64:52302->de-in-f121.1e100.net:https (CLOSE_WAIT)
weaver  10276 root   12u  IPv4 1734891      0t0  TCP vagrant-ubuntu-wily-64:domain (LISTEN)
weaver  10276 root   14u  IPv4 1734893      0t0  TCP *:6783 (LISTEN)
weaver  10276 root   18u  IPv4 1734911      0t0  TCP localhost:6784 (LISTEN)
weaver  10276 root   19u  IPv4 1735717      0t0  TCP localhost:6784->localhost:59914 (ESTABLISHED)

Best case is that this gets cleaned up the next time we check; if not, we'll leak file descriptors until we run out. Either way, having this suspicious looking connection hanging around isn't ideal 😄

Looks like go-checkpoint library isn't closing the HTTPS connection properly...

tomwilkie · 2016-02-26T16:51:21Z

@awh weaveworks/go-checkpoint#2 should fix that. Thanks for the testing!

awh · 2016-02-26T17:24:54Z

👍

Periodically check for up to date versions of weave.

tomwilkie force-pushed the version-check branch 2 times, most recently from 79683c7 to 9b38721 Compare February 4, 2016 16:45

rade changed the title ~~Periodically check for up to date versions of weave.~~ [DO NOT MERGE THIS *EVER*]Periodically check for up to date versions of weave. Feb 4, 2016

tomwilkie force-pushed the version-check branch from 9b38721 to b252524 Compare February 4, 2016 16:58

rade reviewed Feb 4, 2016
View reviewed changes

rade changed the title ~~[DO NOT MERGE THIS *EVER*]Periodically check for up to date versions of weave.~~ [WIP]Periodically check for up to date versions of weave. Feb 15, 2016

tomwilkie force-pushed the version-check branch from b252524 to f2b9c07 Compare February 26, 2016 11:10

tomwilkie changed the title ~~[WIP]Periodically check for up to date versions of weave.~~ Periodically check for up to date versions of weave. Feb 26, 2016

tomwilkie force-pushed the version-check branch 3 times, most recently from 1f1e1d6 to c292e46 Compare February 26, 2016 11:55

awh reviewed Feb 26, 2016
View reviewed changes

prog/weaver/main.go

params := checkpoint.CheckParams{

Product: "weave-net",

Version: version,

SignatureFile: "",

This comment was marked as abuse.

Sign in to view

tomwilkie force-pushed the version-check branch from c292e46 to ea3f4e3 Compare February 26, 2016 11:56

tomwilkie assigned awh Feb 26, 2016

awh reviewed Feb 26, 2016
View reviewed changes

.gitmodules

[submodule "vendor/github.com/weaveworks/go-checkpoint"]

path = vendor/github.com/weaveworks/go-checkpoint

url = https://github.com/weaveworks/go-checkpoint

[submodule "vendor/github.com/certifi/gocertifi"]

This comment was marked as abuse.

Sign in to view

tomwilkie added 2 commits February 26, 2016 15:35

Periocially check for up to date versions of weave.

b228bbb

Review feedback

6ff7419

tomwilkie force-pushed the version-check branch from e7624a1 to 1895ea0 Compare February 26, 2016 15:35

Review feedback

b79bb32

tomwilkie force-pushed the version-check branch from 1895ea0 to b79bb32 Compare February 26, 2016 15:37

Update go-checkpoint

b717399

awh added this to the 1.5.0 milestone Feb 26, 2016

awh added a commit that referenced this pull request Feb 26, 2016

Merge pull request #1954 from weaveworks/version-check

31a964b

Periodically check for up to date versions of weave.

awh merged commit 31a964b into master Feb 26, 2016

awh deleted the version-check branch February 26, 2016 17:25

brb mentioned this pull request Apr 12, 2016

2089: Add info about new available versions to the weave status report #2131

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Periodically check for up to date versions of weave. #1954

Periodically check for up to date versions of weave. #1954

Uh oh!

Uh oh!

Uh oh!

This comment was marked as abuse.

Uh oh!

Uh oh!

This comment was marked as abuse.

Uh oh!

Uh oh!

This comment was marked as abuse.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Periodically check for up to date versions of weave. #1954

Periodically check for up to date versions of weave. #1954

Uh oh!

Conversation

Uh oh!

Uh oh!

This comment was marked as abuse.

Uh oh!

Uh oh!

This comment was marked as abuse.

Uh oh!

Uh oh!

This comment was marked as abuse.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!