Consistent network fixes by breardon2011 · Pull Request #44 · diggerhq/opencomputer

breardon2011 · 2026-03-06T20:57:24Z

Sandbox Infrastructure Changes

1. Clock Skew Fix (Golden Snapshots)

Problem:
VMs restored from snapshots had frozen clocks, causing apt-get update failures (“release files from the future”).

Root Cause:
Firecracker LoadSnapshot supports clock_delta_us, but we never passed it.

Fix:

Added SnapshotedAt time.Time to SnapshotMeta
Added snapshotClockDeltaUs() to compute elapsed time since snapshot
- Falls back to mem file mtime for legacy snapshots
Pass clock_delta_us to Firecracker on all restore paths:
- Hibernate wake
- Checkpoint restore
- Warm fork
- Golden snapshot create

Files:

internal/firecracker/snapshot.go
internal/firecracker/api.go

2. eth0 Network Fixes (Checkpoint Resume)

Problem:
Preview URLs stopped working after checkpoints because eth0 remained down.

Root Cause:
Checkpoint process brought eth0 down but never restored it.

Fix:

Restore network via reconfigureGuestNetwork() after agent reconnect
Restore eth0 on error paths:
- PauseVM failure
- drive copy failure
Consistent network quiesce:
- ip addr flush dev eth0
- ip link set eth0 down

File:

internal/firecracker/snapshot.go

3. Worker TLS via Cloudflare

Problem:
Workers were exposed over plain HTTP (http://IP:8080).

Solution:
Cloudflare proxy with origin certificates.

Flow:
CLI → https://w-*.workers.opencomputer.dev/
→ worker :443 (Cloudflare TLS)
Control plane → http://private_ip:8080

Changes:

Worker serves HTTPS on :443 if origin certs exist
EC2 bootstrap registers Cloudflare DNS record
Control plane routes using private IP
Autoscaler injects cloudflare.env
CLI WebSocket sends ping every 30s (avoid Cloudflare idle timeout)

Files:

cmd/worker/main.go
cmd/server/main.go
deploy/ec2/setup-instance.sh
internal/compute/ec2.go
internal/config/config.go
internal/controlplane/redis_registry.go
internal/proxy/controlplane_proxy.go
internal/worker/http_server.go
cmd/oc/internal/commands/shell.go

4. CLI Cleanup

Removed connectURL from human-readable CLI output
Still available in JSON output for SDK

File:

cmd/oc/internal/commands/sandbox.go# Sandbox Infrastructure Changes

vercel · 2026-03-06T20:57:25Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
opensandbox	Ready	Preview, Comment	Mar 6, 2026 8:57pm

breardon2011 added 2 commits March 6, 2026 11:51

make sure eth0 handling is consistent, handle clock on goldensnapshot

b4c67f0

tls for cli

7541426

vercel bot deployed to Preview March 6, 2026 20:57 View deployment

breardon2011 marked this pull request as ready for review March 6, 2026 21:08

This was referenced Mar 7, 2026

Consistent network fixes #49

Merged

[bug] session clock skew #43

Closed

motatoes closed this Mar 12, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Consistent network fixes#44

Consistent network fixes#44
breardon2011 wants to merge 2 commits intomainfrom
consistent-network-fixes

breardon2011 commented Mar 6, 2026 •

edited

Loading

Uh oh!

vercel bot commented Mar 6, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

breardon2011 commented Mar 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Sandbox Infrastructure Changes

1. Clock Skew Fix (Golden Snapshots)

2. eth0 Network Fixes (Checkpoint Resume)

3. Worker TLS via Cloudflare

4. CLI Cleanup

Uh oh!

vercel bot commented Mar 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

breardon2011 commented Mar 6, 2026 •

edited

Loading

vercel bot commented Mar 6, 2026 •

edited

Loading