Hello all,
I am trying to get automatic networking provisioning for local
zones working, ultimately in order to simplify rapid deployments
of testbeds and per-bug build environments.
In the process I found a few nits, and wondered if I am doing
something wrong or things are according to current design and
that can be revised, perhaps? So, here goes:
1) In the SMF framework, local zones can not use netstrategy=dhcp
by the definition in /lib/svc/share/smf_include.sh:
---
# The network boot strategy for a zone is always "none".
#
smf_netstrategy () {
if smf_is_nonglobalzone; then
_INIT_NET_STRATEGY="none" export _INIT_NET_STRATEGY
return 0
fi
...
---
This does make sense for shared-IP zones, but for exclusive-IP
ones which can be DHCP clients indeed, this seems wrong (and
further on forbids configuration of DNS resolver (resolv.conf,
nsswitch.conf) from DHCP data via svc:/network/service:default
method script /lib/svc/method/net-svc.
Also, I did some limited testing:
* on SXCE the "/sbin/netstrategy" returns "zfs none none"
for both shared and exclusive-IP zones (all with static
IP configuration),
* on OI (oi_151a3) the exclusive-IP zone which is a DHCP
client does return "zfs vnic127101 dhcp" properly,
* while OI local zones with static IP config also return
"zfs none none".
Is there any known rationale for the snippet above from
smf_netstrategy() - or can it be just removed? What are
the possible negative consequences if this check is dropped?
Is there a simple reliable way to check the zone's ip-type,
or why don't we trust /sbin/netstrategy output?
2) In /etc/sysidcfg templates we can set name_service to be
DNS, LDAP, NIS or NONE. Would it be inappropriate to define
a new type and set it to "DHCP" (and then fetch name-service
info from DHCP)?
3) Some networking clients might want the changes to their
DNS/nsswitch config files from a dynamic wizard, others
might not. The policy might even differ per-local zone.
For example, there is "fear" of scripts which might
corrupt manually crafted settings for files+dns+ldap
host lookups, etc.
So far I have not seen any configurable switch that would
*request* or *forbid* changes to the /etc/resolv.conf and
/etc/nsswitch.conf files using data from DHCP.
Does such a switch exist?
Is it reasonable to add one (if not)?
As an option, might it make sense to integrate this solution
(an SMF service to combine user-preferred and DHCP-dynamic
resolver options, which can then be enabled or disabled on
a particular zone)?
http://thestaticvoid.com/post/2011/01/11/persistent-search-domains-with-nwam-and-dhcp/
Thanks,
//Jim Klimov
PS: A draft Wiki page is cooking here so far:
http://wiki.illumos.org/display/~jimklimov/Using+host-only+networking+to+get+from+build+zones+and+test+VMs+to+the+Internet
_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
