Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-31 Thread Volker A. Brandt
Dan McDonald writes: > > On Mar 31, 2017, at 6:54 AM, Andy Fiddaman wrote: > > > > I don't want the zone root user to be able to change > > the IP address. > > Well, so far, that seems to be the case, so it's looking like not changing > anything is a good thing. When I

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-31 Thread Dominik Hassler
On 03/30/2017 10:00 AM, Andy Fiddaman wrote: On Thu, 30 Mar 2017, Ludovic Orban wrote: ; I personally don't need ipadm in my LX zones, nerver missed it and I'm ; pretty certain I wouldn't use it even if it was available. Same here. +1 ___

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-31 Thread Andy Fiddaman
On Thu, 30 Mar 2017, Dan McDonald wrote: ; ; > On Mar 30, 2017, at 5:11 PM, Brian Hechinger wrote: ; > ; > I'd like to see a way that network configuration can be disabled from within the zone so that it's set by the host admin and not the zone admin (assuming they are

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-31 Thread Peter Tribble
On Fri, Mar 31, 2017 at 3:38 AM, Dan McDonald wrote: > > > On Mar 30, 2017, at 5:11 PM, Brian Hechinger wrote: > > > > I'd like to see a way that network configuration can be disabled from > within the zone so that it's set by the host admin and not the

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-31 Thread Joshua M. Clulow
On 30 March 2017 at 14:46, Bob Friesenhahn wrote: > Something I see is that with normal Solaris zones, one can provide root > access to a relatively untrusted third-party since everything important can > be locked-down. This approach should currently not be used

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-30 Thread Dan McDonald
> On Mar 30, 2017, at 5:11 PM, Brian Hechinger wrote: > > I'd like to see a way that network configuration can be disabled from within > the zone so that it's set by the host admin and not the zone admin (assuming > they are different people). I thought more people would

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-30 Thread Bob Friesenhahn
On Thu, 30 Mar 2017, Paul B. Henson wrote: Linux DHCP can overwrite files at any time, possibly weeks after boot. You can configure it not to; for example, with dhcpcd, you would use the option '--nohook resolv.conf'. Other clients have similar options. This is all very true. Something I

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-30 Thread Paul B. Henson
On Thu, Mar 30, 2017 at 04:02:52PM -0500, Bob Friesenhahn wrote: > Linux DHCP can overwrite files at any time, possibly weeks after boot. You can configure it not to; for example, with dhcpcd, you would use the option '--nohook resolv.conf'. Other clients have similar options.

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-30 Thread Brian Hechinger
I'd like to see a way that network configuration can be disabled from within the zone so that it's set by the host admin and not the zone admin (assuming they are different people). Is this a possibility? On Mar 30, 2017 5:04 PM, "Dan McDonald" wrote: > > > On Mar 30, 2017,

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-30 Thread Dan McDonald
> On Mar 30, 2017, at 5:02 PM, Bob Friesenhahn > wrote: > > On Thu, 30 Mar 2017, Dan McDonald wrote: > >> >>> On Mar 30, 2017, at 4:26 PM, Bob Friesenhahn >>> wrote: >>> >>> The only way it could possibly work is if

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-30 Thread Bob Friesenhahn
On Thu, 30 Mar 2017, Dan McDonald wrote: On Mar 30, 2017, at 4:26 PM, Bob Friesenhahn wrote: The only way it could possibly work is if /etc/resolv.conf gets updated in the zone. This is because native user-space apps/libraries take care of the DNS lookups

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-30 Thread Dan McDonald
> On Mar 30, 2017, at 4:26 PM, Bob Friesenhahn > wrote: > > The only way it could possibly work is if /etc/resolv.conf gets updated in > the zone. This is because native user-space apps/libraries take care of the > DNS lookups rather than kernel code. Check

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-30 Thread Bob Friesenhahn
On Thu, 30 Mar 2017, Michael Talbott wrote: I have experienced the same /etc/resolv.conf issue in a CentOS 6 and 7 LX zones. No DNS servers get propagated from zonecfg. The only way it could possibly work is if /etc/resolv.conf gets updated in the zone. This is because native user-space

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-30 Thread Volker A. Brandt
Michael Talbott writes: > I have experienced the same /etc/resolv.conf issue in a CentOS 6 and 7 LX > zones. No DNS servers get propagated from zonecfg. Me, too. The default search domain does get set, however. Maybe it is a trivial thing. Regards -- Volker --

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-30 Thread Michael Talbott
I have experienced the same /etc/resolv.conf issue in a CentOS 6 and 7 LX zones. No DNS servers get propagated from zonecfg. Oh, and I am on the same boat with ipadm. Would likely never use it inside an LX zone. Michael > On Mar 30, 2017, at 12:21 PM, Dan McDonald wrote:

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-30 Thread Dan McDonald
> On Mar 30, 2017, at 3:19 AM, Guenther Alka wrote: > > Setting ip properties atthe virtualisation layer > seems not straight forward to me. Lately I was > asked about the problem where DNS onUbuntu 16 > was not working despite the setting in the zone.cfg > (Configurating

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-30 Thread Bob Friesenhahn
On Thu, 30 Mar 2017, Guenther Alka wrote: I would prefer a more ESXi like behaviour where settings about hardware like (lofi) disks, CPU, RAM, vnics are zone settings while network configuration is done by the VM itself with the different but regular Linux tools and ways. The "regular Linux

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-30 Thread Andy Fiddaman
On Thu, 30 Mar 2017, Ludovic Orban wrote: ; I personally don't need ipadm in my LX zones, nerver missed it and I'm ; pretty certain I wouldn't use it even if it was available. Same here. Andy -- Citrus IT Limited | +44 (0)870 199 8000 | enquir...@citrus-it.co.uk Rock House Farm | Green Moor

Re: [OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?

2017-03-30 Thread Ludovic Orban
I personally don't need ipadm in my LX zones, nerver missed it and I'm pretty certain I wouldn't use it even if it was available. I'd *much* prefer to have 7388 though (sorry for insisting, I couldn't resist ;-)) On Thu, Mar 30, 2017 at 9:19 AM, Guenther Alka wrote: >