Other Pages

Machine Images and /etc/machine-id

Introduction

/etc/machine-id is a file with a long number in it, which is (hopefully) unique across your whole estate (and maybe the world). It's used by a variety of software to uniquely identify that particular machine amongst all the others - particularly when your machine interacts with others (perhaps with cloud services and the like).

If you don't take some care, it's very easy to end up 'baking in' a machine-id into your AMI images and then every machine created with that image gets the same ID. This can cause problems with software that relies on it.

This article describes the mechanisms that make /etc/machine-id and how you can ensure it's unique on all machines made by a machine image (AMI).

How is machine-id generated?

In modern systems, /etc/machine-id is likely generated by Systemd. Early in the boot phase, before any other services are started, Systemd runs and looks if /etc/machine-id exists and looks valid. If it's not, it'll try and recreate it.

This all happens very early in the boot process, when /etc is (probably) still marked read-only. There are some 'loop' tricks that Systemd can play to do its work, but it can fail in some circumstances.

It's possible to manually create the machine ID by running systemd-machine-id-setup. This program will look at the file to see if it exists or is empty. If it doesn't exist, or is empty then it will recreate it.

Making Machine Images, Clones and AMIs

If you boot a system to set it up ready for cloning, machine imaging or AMI baking, then it'll have an /etc/machine-id already written. That means all your clones or built machines will all have the same ID. To avoid this, you can empty the file before shutting the machine down before imaging. Note though, if you delete the file, Systemd may NOT be able to create a new file (because /etc/ may be read-only), but if it's a zero byte file, it should be able to extend it through some filesystem loop tricks.

Before shutting down to take an image, run:

cp /dev/null /etc/machine-id

Alternatively, if you forgot to do that, when the cloned system starts up, you can clean out the ID with:

sudo rm /etc/machine-id
sudo systemd-machine-id-setup

You'll need to remember to do this just once on every cloned machine you make though - it's definitely easier to 'bake' it into the AMI image instead!

Lastly, if you happen to be using a non-Systemd system, then you can create a machine-id with:

dbus-uuidgen --ensure=/etc/machine-id

There may be a mechanism to create it at boot time, but that'll depend on what's booting your system.

If you need help with Linux systems configuration, general Sysadmin operations, or anything cloud related, please contact us - we can help you figure out what you need and make it work for you.

Tags: aws   gcp   ami   linux   cloud-init