James Carlson wrote:
Erik Nordmark writes:


But the key thing to me is the consistency between where things can be observed and where they can be modified.

We already have RFEs filed against other utilities because they don't
show non-global zone activity (see, for example, CR 6369726).  I think
the lines here are pretty blurry.

In some usage models, the global zone administrator "owns"
everything.  Even if he can't directly control things from the global
zone (and must log into the non-global zone to turn services on and
off), he wants to see a view of the system that includes everything.

Do you have an example of that?

In other usage models, the global zone administrator just provides
"infrastructure" and has no business looking at non-global zones.  And
we've had requests to lock down the global zone so it can't look where
it shouldn't.

I know the about is quite blurry - I sure wish zone administration was more self-consistent.

Given that there are some networking things that must be administered
in the global zone alone even when exclusive stack instances are in
use, it doesn't seem unreasonable to me to say that the administrator
of the global zone should be able to list related information without
entering the non-global zone.

ifconfig displays network interface names used by IP and IP addresses and related information.

zoneadm list -l displays the datalink names assigned to an exclusive-IP zone.

Are you saying that the datalink names are insufficient for the administration the global zone would need to do for the exlusive-IP zone?

There are things external to the system (such a firewalls) that might need to be configured with IP addresses, and I can see the same thing being true for the global zone (e.g. the global zone might run a firewall in front of the non-global zone down the road). But I don't see that particular type of configuration as an argument for being able to do ifconfig -a in the global zone and see the non-global information, any more than there being a requirement for a router outside the system being able to do ifconfig -a and see the IP configuration of other systems on the network.

Thus I am trying to understand what the architectural or design principle is that makes you conclude that showing IP address configuration for exclusive-IP zones in ifconfig in the global zone.

    Erik


_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to