Hello all, I am trying to get automatic networking provisioning for local zones working, ultimately in order to simplify rapid deployments of testbeds and per-bug build environments.
In the process I found a few nits, and wondered if I am doing something wrong or things are according to current design and that can be revised, perhaps? So, here goes: 1) In the SMF framework, local zones can not use netstrategy=dhcp by the definition in /lib/svc/share/smf_include.sh: --- # The network boot strategy for a zone is always "none". # smf_netstrategy () { if smf_is_nonglobalzone; then _INIT_NET_STRATEGY="none" export _INIT_NET_STRATEGY return 0 fi ... --- This does make sense for shared-IP zones, but for exclusive-IP ones which can be DHCP clients indeed, this seems wrong (and further on forbids configuration of DNS resolver (resolv.conf, nsswitch.conf) from DHCP data via svc:/network/service:default method script /lib/svc/method/net-svc. Also, I did some limited testing: * on SXCE the "/sbin/netstrategy" returns "zfs none none" for both shared and exclusive-IP zones (all with static IP configuration), * on OI (oi_151a3) the exclusive-IP zone which is a DHCP client does return "zfs vnic127101 dhcp" properly, * while OI local zones with static IP config also return "zfs none none". Is there any known rationale for the snippet above from smf_netstrategy() - or can it be just removed? What are the possible negative consequences if this check is dropped? Is there a simple reliable way to check the zone's ip-type, or why don't we trust /sbin/netstrategy output? 2) In /etc/sysidcfg templates we can set name_service to be DNS, LDAP, NIS or NONE. Would it be inappropriate to define a new type and set it to "DHCP" (and then fetch name-service info from DHCP)? 3) Some networking clients might want the changes to their DNS/nsswitch config files from a dynamic wizard, others might not. The policy might even differ per-local zone. For example, there is "fear" of scripts which might corrupt manually crafted settings for files+dns+ldap host lookups, etc. So far I have not seen any configurable switch that would *request* or *forbid* changes to the /etc/resolv.conf and /etc/nsswitch.conf files using data from DHCP. Does such a switch exist? Is it reasonable to add one (if not)? As an option, might it make sense to integrate this solution (an SMF service to combine user-preferred and DHCP-dynamic resolver options, which can then be enabled or disabled on a particular zone)? http://thestaticvoid.com/post/2011/01/11/persistent-search-domains-with-nwam-and-dhcp/ Thanks, //Jim Klimov PS: A draft Wiki page is cooking here so far: http://wiki.illumos.org/display/~jimklimov/Using+host-only+networking+to+get+from+build+zones+and+test+VMs+to+the+Internet _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss