Re: [systemd-devel] Understanding DHCP, DNS and IPMasquerade
On Jun 15, 2015, at 11:32, Lennart Poettering lenn...@poettering.net wrote: On Mon, 15.06.15 10:39, Johannes Ernst (johannes.er...@gmail.com) wrote: On Jun 15, 2015, at 10:33, Lennart Poettering lenn...@poettering.net wrote: On Mon, 15.06.15 10:32, Johannes Ernst (johannes.er...@gmail.com mailto:johannes.er...@gmail.com) wrote: On Jun 14, 2015, at 15:27, Lennart Poettering lenn...@poettering.net wrote: On Fri, 12.06.15 17:32, Johannes Ernst (johannes.er...@gmail.com) wrote: * host and container can ping test (if test is the name of the * container machine per machinectl): FAILS, neither can Do you have nss-mymachines enabled in /etc/nsswitch.conf? Yes: Does pinging via the IP addresses work? Yes. Both container-host and host-container. On host: machinectl MACHINE CLASS SERVICE foo container nspawn 1 machines listed. ping foo ping: unknown host foo cat /etc/nsswitch.conf hosts: nss-mymachines files mdns_minimal [NOTFOUND=return] dns myhostname Ah, heh, try mymachines instead of nss-mymachines... Also see nss-mymachines(8) man page. That should fix your issue. Magic! It’s working! Thank you. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Understanding DHCP, DNS and IPMasquerade
On Mon, 15.06.15 10:39, Johannes Ernst (johannes.er...@gmail.com) wrote: On Jun 15, 2015, at 10:33, Lennart Poettering lenn...@poettering.net wrote: On Mon, 15.06.15 10:32, Johannes Ernst (johannes.er...@gmail.com mailto:johannes.er...@gmail.com) wrote: On Jun 14, 2015, at 15:27, Lennart Poettering lenn...@poettering.net wrote: On Fri, 12.06.15 17:32, Johannes Ernst (johannes.er...@gmail.com) wrote: * host and container can ping test (if test is the name of the * container machine per machinectl): FAILS, neither can Do you have nss-mymachines enabled in /etc/nsswitch.conf? Yes: Does pinging via the IP addresses work? Yes. Both container-host and host-container. On host: machinectl MACHINE CLASS SERVICE foo container nspawn 1 machines listed. ping foo ping: unknown host foo cat /etc/nsswitch.conf hosts: nss-mymachines files mdns_minimal [NOTFOUND=return] dns myhostname Ah, heh, try mymachines instead of nss-mymachines... Also see nss-mymachines(8) man page. That should fix your issue. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Understanding DHCP, DNS and IPMasquerade
On Jun 14, 2015, at 15:27, Lennart Poettering lenn...@poettering.net wrote: On Fri, 12.06.15 17:32, Johannes Ernst (johannes.er...@gmail.com) wrote: * host and container can ping test (if test is the name of the * container machine per machinectl): FAILS, neither can Do you have nss-mymachines enabled in /etc/nsswitch.conf? Yes: Does pinging via the IP addresses work? Yes. Both container-host and host-container. On host: machinectl MACHINE CLASS SERVICE foo container nspawn 1 machines listed. ping foo ping: unknown host foo cat /etc/nsswitch.conf hosts: nss-mymachines files mdns_minimal [NOTFOUND=return] dns myhostname (or with just nss-mymachines) Thanks for your help, Johannes. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Understanding DHCP, DNS and IPMasquerade
On Mon, 15.06.15 10:32, Johannes Ernst (johannes.er...@gmail.com) wrote: On Jun 14, 2015, at 15:27, Lennart Poettering lenn...@poettering.net wrote: On Fri, 12.06.15 17:32, Johannes Ernst (johannes.er...@gmail.com) wrote: * host and container can ping test (if test is the name of the * container machine per machinectl): FAILS, neither can Do you have nss-mymachines enabled in /etc/nsswitch.conf? Yes: Does pinging via the IP addresses work? Yes. Both container-host and host-container. On host: machinectl MACHINE CLASS SERVICE foo container nspawn 1 machines listed. ping foo ping: unknown host foo cat /etc/nsswitch.conf hosts: nss-mymachines files mdns_minimal [NOTFOUND=return] dns myhostname Does machinectl status show the IP addresses of the container in its output? Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Understanding DHCP, DNS and IPMasquerade
On Jun 15, 2015, at 10:33, Lennart Poettering lenn...@poettering.net wrote: On Mon, 15.06.15 10:32, Johannes Ernst (johannes.er...@gmail.com mailto:johannes.er...@gmail.com) wrote: On Jun 14, 2015, at 15:27, Lennart Poettering lenn...@poettering.net wrote: On Fri, 12.06.15 17:32, Johannes Ernst (johannes.er...@gmail.com) wrote: * host and container can ping test (if test is the name of the * container machine per machinectl): FAILS, neither can Do you have nss-mymachines enabled in /etc/nsswitch.conf? Yes: Does pinging via the IP addresses work? Yes. Both container-host and host-container. On host: machinectl MACHINE CLASS SERVICE foo container nspawn 1 machines listed. ping foo ping: unknown host foo cat /etc/nsswitch.conf hosts: nss-mymachines files mdns_minimal [NOTFOUND=return] dns myhostname Does machinectl status show the IP addresses of the container in its output? Yes: sudo machinectl status foo Since: Mon 2015-06-15 17:27:33 UTC; 9min ago Leader: 31137 (systemd) Service: nspawn; class container Root: /home/buildmaster/git/github.com/uboslinux/ubos-buildconfig/repository/dev/x86_64/images/ubos_dev_container-pc_20150614-054626 Iface: ve-foo Address: 10.0.0.2 169.254.169.115 OS: UBOS (UBOS: for our purposes here: same as Arch) ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Understanding DHCP, DNS and IPMasquerade
On Fri, 12.06.15 17:32, Johannes Ernst (johannes.er...@gmail.com) wrote: I was expecting: * container gets an IP address from host in some new subnet: WORKS, e.g 10.0.0.2 * container can route to upstream via IPMasquerade: WORKS, after manual 'modprobe iptable_nat' * container gets the DNS server from the host: FAILS: /etc/resolv.conf points to Google name servers instead (8.8.8.8 etc) This is a missing feature of the DHCP server in networkd: it should be able to propagate the DNS servers it learned on the external networks automatically in a smart way. It's on the TODO list to add this. * host and container can ping test (if test is the name of the * container machine per machinectl): FAILS, neither can Do you have nss-mymachines enabled in /etc/nsswitch.conf? Does pinging via the IP addresses work? Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Understanding DHCP, DNS and IPMasquerade
On Sat, 13.06.15 13:55, Johannes Ernst (johannes.er...@gmail.com) wrote: [Match] Type=ethernet [Network] DHCP=ipv4 I did. No change. I do receive the IP address (so DHCP IP assignment is working) but I do not receive the DNS server. No need to have an explicit file for this BTW, we ship one anyway out of the box, that only matches in container environments with veth links: /usr/lib/systemd/network/80-container-host0.network Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Understanding DHCP, DNS and IPMasquerade
13. Juni 2015 02:32 Uhr, Johannes Ernst johannes.er...@gmail.com schrieb: My host obtains an IP address and DNS server via DHCP from upstream via Ethernet like this (systemd 219, Arch Linux) [Match] Name=en* [Network] DHCP=ipv4 It has the resolv.conf symlink to /run/systemd/resolve/resolv.conf, and the DNS server from DHCP shows up there. It also has this test.network file: [Match] Name=ve-* [Network] Address=0.0.0.0/28 IPMasquerade=yes IPv4LL=yes DHCPServer=yes IPForward=yes My host runs a container like this: (systemd 219, UBOS (just like Arch Linux)) systemd-nspawn -b -D test -n The container does not have any networkd configuration. It has the resolv.conf symlink, and runs systemd-networkd I was expecting: * container gets an IP address from host in some new subnet: WORKS, e.g 10.0.0.2 * container can route to upstream via IPMasquerade: WORKS, after manual 'modprobe iptable_nat' * container gets the DNS server from the host: FAILS: /etc/resolv.conf points to Google name servers instead (8.8.8.8 etc) * host and container can ping test (if test is the name of the container machine per machinectl): FAILS, neither can What am I misunderstanding or doing wrong? If somebody educates me, I’ll put the insights on a wiki somewhere (e.g. Arch) Hi, you need to configure the networkd inside your container to issue DHCP-Request on its own interface, like you did on the host: [Match] Type=ethernet [Network] DHCP=ipv4 Thanks, Johannes. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel pgpzpD6i2NQWe.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Understanding DHCP, DNS and IPMasquerade
On Jun 13, 2015, at 2:33, joerg.syst...@higgsboson.tk mailto:joerg.syst...@higgsboson.tk wrote: 13. Juni 2015 02:32 Uhr, Johannes Ernst johannes.er...@gmail.com mailto:johannes.er...@gmail.com schrieb: My host obtains an IP address and DNS server via DHCP from upstream via Ethernet like this (systemd 219, Arch Linux) [Match] Name=en* [Network] DHCP=ipv4 It has the resolv.conf symlink to /run/systemd/resolve/resolv.conf, and the DNS server from DHCP shows up there. It also has this test.network file: [Match] Name=ve-* [Network] Address=0.0.0.0/28 IPMasquerade=yes IPv4LL=yes DHCPServer=yes IPForward=yes My host runs a container like this: (systemd 219, UBOS (just like Arch Linux)) systemd-nspawn -b -D test -n The container does not have any networkd configuration. It has the resolv.conf symlink, and runs systemd-networkd I was expecting: * container gets an IP address from host in some new subnet: WORKS, e.g 10.0.0.2 * container can route to upstream via IPMasquerade: WORKS, after manual 'modprobe iptable_nat' * container gets the DNS server from the host: FAILS: /etc/resolv.conf points to Google name servers instead (8.8.8.8 etc) * host and container can ping test (if test is the name of the container machine per machinectl): FAILS, neither can What am I misunderstanding or doing wrong? If somebody educates me, I’ll put the insights on a wiki somewhere (e.g. Arch) Hi, you need to configure the networkd inside your container to issue DHCP-Request on its own interface, like you did on the host: [Match] Type=ethernet [Network] DHCP=ipv4 I did. No change. I do receive the IP address (so DHCP IP assignment is working) but I do not receive the DNS server. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Understanding DHCP, DNS and IPMasquerade
My host obtains an IP address and DNS server via DHCP from upstream via Ethernet like this (systemd 219, Arch Linux) [Match] Name=en* [Network] DHCP=ipv4 It has the resolv.conf symlink to /run/systemd/resolve/resolv.conf, and the DNS server from DHCP shows up there. It also has this test.network file: [Match] Name=ve-* [Network] Address=0.0.0.0/28 IPMasquerade=yes IPv4LL=yes DHCPServer=yes IPForward=yes My host runs a container like this: (systemd 219, UBOS (just like Arch Linux)) systemd-nspawn -b -D test -n The container does not have any networkd configuration. It has the resolv.conf symlink, and runs systemd-networkd I was expecting: * container gets an IP address from host in some new subnet: WORKS, e.g 10.0.0.2 * container can route to upstream via IPMasquerade: WORKS, after manual 'modprobe iptable_nat' * container gets the DNS server from the host: FAILS: /etc/resolv.conf points to Google name servers instead (8.8.8.8 etc) * host and container can ping test (if test is the name of the container machine per machinectl): FAILS, neither can What am I misunderstanding or doing wrong? If somebody educates me, I’ll put the insights on a wiki somewhere (e.g. Arch) Thanks, Johannes. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
