+1 there is also a jira issue on this https://issues.apache.org/jira/browse/VCL-582
sounds good, depending on rc.local has an issue in certain cases. -Aaron On Thu, Oct 11, 2012 at 10:51 AM, Andy Kurth <[email protected]> wrote: > I'd like to change how networking gets configured for Linux images. > Currently eth0 and eth1 are hard-coded and saved in every Linux image. > The private interface must be eth0, public eth1. This isn't ideal > for various reasons: > - Depending on how the hardware is cabled/configured, some interface > other than the private one may be using eth0. > - If an image is configured with bridged adapters, the IP address may > show up as belonging to something like br0 instead of eth0. This is > particularly a problem for images which have KVM installed. > - The code currently writes the hard-coded eth0/eth1 configuration > commands to rc.local during image capture. Changes cannot be made > without capturing a new image. > - rc.local is erased/rewritten during image capture. It would be most > logical and familiar for image creators to simply be able to put > custom commands in rc.local. Instead, they have to use custom > vcl_post_load scripts. > > I propose changing this to work the same way the Windows code works: > - The only assumption the backend vcld code makes is that when an > image is loaded, the private interface will receive its IP address via > DHCP (usually given out by the management node) and at some point that > machine will respond to SSH on port 22 on its private IP address. It > doesn't matter what the interfaces are named. Nothing is saved in the > image which restricts it to a particular hardware/network > configuration. > - Once the machine responds, the vcld code performs all of the steps > to secure the machine and allow the connection methods to work > including configuring SSH access on the public network. The code > retrieves the networking configuration from the machine and figures > out which interface is private and public. > > Some of the changes to the code which would have to be made: > - During image capture, configure sshd to listen on all interfaces. > Remove the changes that were made to configure "external" sshd. This > is pretty much how things would be configured out-of-the-box with a > few security settings applied such as disabling password > authentication. > - For existing images, remove the commands from rc.local which were > added by vcld when the image was captured. > - Modify the code so that the private and public networks are sorted > out during the OS post_load stage. Most of this code is already in > OS.pm and can be used for both Linux and Windows with some minor > changes. > > This will allow for greater flexibility, will make it easier to add > support for a single network interface, and will probably make it > easier to add new network/VLAN/fixed IP address features. > > Thoughts, suggestions, concerns? > > Thanks, > Andy -- Aaron Peeler Program Manager Virtual Computing Lab NC State University All electronic mail messages in connection with State business which are sent to or received by this account are subject to the NC Public Records Law and may be disclosed to third parties.
