[systemd-devel] nss-mymachines and virtual machines

Lennart Poettering lennart at poettering.net
Wed Oct 1 15:58:16 PDT 2014 

On Fri, 26.09.14 12:23, Simon Peeters (peeters.simon at gmail.com) wrote:

> hej,
> 
> In the light of my linux classes i was looking into hooking up vagrant
> with machined in order to be able to use nss-mymachines to resolve the
> ip address on the host-only adaptor. Unfortunatly the network side of
> machined seems to only work with containers (since afaik it looks for
> a veth pair).

It doesn't actually care about veth. The NSS module talks to machined,
and machined will actually enter the network namespace of the
container and query the network configuration in there.

> It would be nice to enable this also for virtual machines (in this
> case virtualbox).
> 
> we could:
>  * allow the ip and optionally interface to be specified on machine creation.
>    + ensures nobody can change it once the machine is running
>    - would require yet another "create" dbus call

We already have a second evrsion that additionally takes an interface
index. I have never added it to the wiki docs though. The nss module
uses this to initially the ipv6 scope id sockaddr field so that that
link-local ipv6 addresses work correctly with the NSS module.

>  * add the ip and interface as writable properties.
>    + less code, easy to use.
>    - allows any system process (not only the supervisor of the
> machine) to modify this information at runtime.
> 
> Any ideas on this?

I'd like to open this up so that we can automatically resolve names
for local VMs and UML machines. However, I don't think static passing
of IP addresses to machined will work. IP configuration is inherently
dynamic these days, and if we'd allow this the configuration could
easily get out of sync. One great advantage of the the scheme
currently implemented for containers is that it never gets
out-of-sync. The NSS module always returns the exact IP configuration
of the container, for whatever that might be.

One thing I'd like to do instead is hook up networkd's dhcp registry
with NSS in some way. i.e. all local VMs/UML machines that acquired an
IP address via DHCP from the host would be implicitly resolvable. Of
course, this would only work for DHCP systems, but I have the
suspicion that that's pretty much covers the vast majority of VM/UML
setups.

Lennart

-- 
Lennart Poettering, Red Hat

More information about the systemd-devel mailing list