minion id: getfqdn() vs. gethostname()
904 views
Skip to first unread message
Dan Garthwaite
Aug 24, 2012, 11:11:20 AM8/24/12
to salt-...@googlegroups.com
On my debian systems, if I add a second IP address ( eth0:1 ) socket.getfqdn() returns the wrong hostname. The (often) private IP address assigned to eth0:1 is listed before eth0 when quering IPs, and gethostbyip() is run against the eth0:1 address.
This leads to unacceptable key names in salt-master.
Setting the ID in /etc/salt/minion is a confirmed work around.
As a sys admin, I expect the canonical FQDN of a server to be what I set it to be in /etc/hostname, or to be able to override it on a per environment basis using the HOSTNAME environment variable.
I propose using socket.gethostname() for ID, or adding some logic to reject ethN:N FQDN's in favor of the base NIC's ip.
Dan Garthwaite
Aug 24, 2012, 11:25:52 AM8/24/12
to salt-...@googlegroups.com
Some details on this. The last command shows what I think is happening, the IP address for eth0:1 is listed before eth0.
root@drone1:~
# head -5 /etc/hosts
127.0.0.1 localhost
127.0.1.1 drone1.example.com drone1
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
root@drone1:~
# hostname
root@drone1:~
# cat /etc/hostname
root@drone1:~
# grep domain /etc/resolv.conf
domain example.com
root@drone1:~
# python -c 'import socket; print socket.getfqdn()'
root@drone1:~
# python -c 'import socket; print socket.gethostname()'
root@drone1:~
# ip addr | grep inet
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 192.168.XXX.XXX/17 brd 192.168.255.255 scope global eth0:1
inet 50.116.XX.XXX/24 brd 50.116.XXX.255 scope global eth0
inet6 2600:XXXX:XXXX::XXXX:XXXX/64 scope global dynamic
inet6 fe80::XXXX:XXXX:XXXX:XXXX/64 scope link
Thomas S Hatch
Aug 25, 2012, 12:20:03 PM8/25/12
to salt-...@googlegroups.com
This has come up before with strong arguments on both sides. I don't want to make a major change that could break everyone's existing setups. I think that the correct solution here is to add some logic to salt for this process. The other problem is that I have seen some varying behavior here on different platforms.
Does anyone else have any input here? I think that this is a legitimate problem but I would like to hear some more input on it.
Bret Palsson
Aug 25, 2012, 12:32:30 PM8/25/12
to salt-...@googlegroups.com
Here are some ideas, but haven't had time to implement or try:
We can still use the fqdn or hostname for easy identification, human readable… but each minion/master should have it's own UUID of some sort that all operations key off of. This way we can ensure uniqueness. I'm not sure if the public key should be stored as hostname or the uuid and a comment placed after the "-----END PUBLIC KEY-----" than can be parsed to get the readable name.
Obviously this idea need lots more baking… any feedback?
-Bret
Thomas S Hatch
Aug 25, 2012, 12:38:49 PM8/25/12
to salt-...@googlegroups.com
I think that a generated specific uuid could be used to double track the key association, we also have the serverid grain
Dan Garthwaite
Aug 25, 2012, 9:30:02 PM8/25/12
to salt-...@googlegroups.com
I searched the mailing list before posting for previous discussions and didn't find any.
What would the decision tree look like? Gather all IP addresses and rank them in order of likeliness?
Least to most:
Loopbacks. Virtualbox's 10.0.2.15. Private IP space 1..N. Public IP space 1..N. Then try and determine the "base" virtual NIC?
Sean Channel
Aug 26, 2012, 2:31:29 PM8/26/12
to salt-...@googlegroups.com
hostname and fqdn are really two different things in practice. I've also had
Salt come up with names that are not what I expected for this same reason. I
think gethostname() is going to return more predictable results in that regard.
_S
Salt come up with names that are not what I expected for this same reason. I
think gethostname() is going to return more predictable results in that regard.
_S
Dan Garthwaite
Aug 26, 2012, 2:42:56 PM8/26/12
to salt-...@googlegroups.com
... because the sys admin has explicit control over it.
Thomas S Hatch
Aug 27, 2012, 11:55:48 AM8/27/12
to salt-...@googlegroups.com
Yes, this is honestly a tough call, because we would gather all ip addrs and then basically need to look for the first non localhost name and have a fairly predictable sequence.
Sean Channel
Aug 27, 2012, 12:25:08 PM8/27/12
to salt-...@googlegroups.com
'hostnames' are local, for admin purposes, whereas an FQDN is an internet
address for production URLs. A system may or may not have an internet FQDN, but
will always have a hostname (even if "localhost"), which I kind of expect to be
the default.
it seems simpler to use gethostname(), then determine which port is configured
w/ the corresponding address, rather than try to guess, but I'm sure there are
many factors.
_S.
address for production URLs. A system may or may not have an internet FQDN, but
will always have a hostname (even if "localhost"), which I kind of expect to be
the default.
it seems simpler to use gethostname(), then determine which port is configured
w/ the corresponding address, rather than try to guess, but I'm sure there are
many factors.
_S.
Corey Quinn
Aug 27, 2012, 9:32:51 PM8/27/12
to salt-...@googlegroups.com, salt-...@googlegroups.com
I agree wholeheartedly. I can set this easily in EC2-- I can't get an FQDN that makes sense to humans for love or money.
Make it a toggle, I'll whack it every time.
Make it a toggle, I'll whack it every time.
Reply all
Reply to author
Forward
0 new messages