[systemd-devel] nss-mymachines and virtual machines

Tom Gundersen teg at jklm.no
Wed Oct 1 16:11:28 PDT 2014 

On Thu, Oct 2, 2014 at 12:58 AM, Lennart Poettering
<lennart at poettering.net> wrote:
> On Fri, 26.09.14 12:23, Simon Peeters (peeters.simon at gmail.com) wrote:
>
>> hej,
>>
>> In the light of my linux classes i was looking into hooking up vagrant
>> with machined in order to be able to use nss-mymachines to resolve the
>> ip address on the host-only adaptor. Unfortunatly the network side of
>> machined seems to only work with containers (since afaik it looks for
>> a veth pair).
>
> It doesn't actually care about veth. The NSS module talks to machined,
> and machined will actually enter the network namespace of the
> container and query the network configuration in there.
>
>> It would be nice to enable this also for virtual machines (in this
>> case virtualbox).
>>
>> we could:
>>  * allow the ip and optionally interface to be specified on machine creation.
>>    + ensures nobody can change it once the machine is running
>>    - would require yet another "create" dbus call
>
> We already have a second evrsion that additionally takes an interface
> index. I have never added it to the wiki docs though. The nss module
> uses this to initially the ipv6 scope id sockaddr field so that that
> link-local ipv6 addresses work correctly with the NSS module.
>
>>  * add the ip and interface as writable properties.
>>    + less code, easy to use.
>>    - allows any system process (not only the supervisor of the
>> machine) to modify this information at runtime.
>>
>> Any ideas on this?
>
> I'd like to open this up so that we can automatically resolve names
> for local VMs and UML machines. However, I don't think static passing
> of IP addresses to machined will work. IP configuration is inherently
> dynamic these days, and if we'd allow this the configuration could
> easily get out of sync. One great advantage of the the scheme
> currently implemented for containers is that it never gets
> out-of-sync. The NSS module always returns the exact IP configuration
> of the container, for whatever that might be.
>
> One thing I'd like to do instead is hook up networkd's dhcp registry
> with NSS in some way. i.e. all local VMs/UML machines that acquired an
> IP address via DHCP from the host would be implicitly resolvable. Of
> course, this would only work for DHCP systems, but I have the
> suspicion that that's pretty much covers the vast majority of VM/UML
> setups.

Yeah, adding a sd-network api to query the DHCP leases we have handed
out makes sense.

Cheers,

Tom

More information about the systemd-devel mailing list