From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50941) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1duZ4I-0007IJ-HC for guix-patches@gnu.org; Wed, 20 Sep 2017 03:05:11 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1duZ4C-0002iB-N1 for guix-patches@gnu.org; Wed, 20 Sep 2017 03:05:10 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:40312) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1duZ4C-0002hl-Gi for guix-patches@gnu.org; Wed, 20 Sep 2017 03:05:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1duZ4A-0005VI-AA for guix-patches@gnu.org; Wed, 20 Sep 2017 03:05:04 -0400 Subject: [bug#28128] [PATCH] scripts: system: Add support for container network sharing. Resent-Message-ID: Date: Wed, 20 Sep 2017 08:04:18 +0100 From: Christopher Baines Message-ID: <20170920080418.3cc0a203@cbaines.net> In-Reply-To: <87y3patlk9.fsf@inria.fr> References: <20170817191334.26269-1-mail@cbaines.net> <20170904214722.9572-1-mail@cbaines.net> <87y3patlk9.fsf@inria.fr> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/hSvP4gYARe6IAW.KL=0GgT5"; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 28128@debbugs.gnu.org --Sig_/hSvP4gYARe6IAW.KL=0GgT5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Tue, 19 Sep 2017 23:39:34 +0200 ludo@gnu.org (Ludovic Court=C3=A8s) wrote: > Hi! >=20 > Sorry for the delay! >=20 > Christopher Baines skribis: >=20 > > This is a port of the functionality in the Guix environment command > > to the guix system container command. > > > > This requires additional changes to the operating-system > > definitions used, in particular, networking related services may > > need removing if the host network is shared. > > > > * guix/scripts/system.scm (system-derivation-for-action): Add > > #:container-shared-network? argument. > > (perform-action): Add #:container-shared-network? argument. > > (show-help): Add "-N, --network" help information. > > (%options): Add network option. > > (process-action): Call perform-action with > > #:container-shared-network?. > > * gnu/system/linux-container.scm (%network-configuration-files): > > New variable. (container-script): Add support for returning a > > container script that shares the host network. > > * gnu/system.scm (essential-services): Add > > #:container-shared-network? argument. > > (operating-system-services): Add #:container-shared-network? > > argument. (operating-system-etc-service): Add > > #:container-shared-network? argument, and support for ommiting some > > configuration if the network is shared. > > (operating-system-activation-script): Add > > #:container-shared-network? argument, and pass this through to the > > operating-system-services procedure. > > (operating-system-boot-script): Add #:container-shared-network? > > argument, and pass this through to the operating-system-services > > procedure. (operating-system-derivation): Add the > > #:container-shared-network? argument, and pass this through to the > > operating-system-services procedure. (operating-system-profile): > > Add the #:container-shared-network? argument, and pass this through > > to the operating-system-services procedure. =20 >=20 > My gut reaction was =E2=80=9Chey this is cool!=E2=80=9D, and then =E2=80= =9Cwait, it doesn=E2=80=99t > feel right to pass that argument around everywhere!=E2=80=9D. :-) Yep, agreed :) > We already have that with #:container?, and I think that=E2=80=99s a bit = of a > problem. The =E2=80=98linux-bare-metal=E2=80=99 service addresses it som= ewhat in a > more elegant way, I think. >=20 > What about this: >=20 > 1. Remove from =E2=80=98operating-system-etc-service=E2=80=99 all the > shared-network-related files; >=20 > 2. Add a =E2=80=98shared-network-service=E2=80=99 that simply adds thos= e file > to /etc; >=20 > 3. Add a =E2=80=98containerized-operating-system=E2=80=99 that removes = it. >=20 > There=E2=80=99s the problem, though, that /etc/hosts can only be added fr= om > =E2=80=98essential-services=E2=80=99. >=20 > Now, this: >=20 > +(define %network-configuration-files > + '("/etc/resolv.conf" > + "/etc/nsswitch.conf" > + "/etc/services" > + "/etc/hosts")) >=20 > =E2=80=A6 is exactly what (gnu system file-systems) defines. >=20 > Also, we should map the host=E2=80=99s /var/run/nscd/socket (if it exists= ) in > the guest, and remove nscd from the guest. >=20 > Thoughts? This sounds really good, I'll try and make some time to implement it :) --Sig_/hSvP4gYARe6IAW.KL=0GgT5 Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAlnCEvJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE 9XcHxQ//Tv1r/Oh1qaHOB/2Cp7xwiyb1WOv8Gg0qfabWOtDKr0sQtLtkkS7A8ozz XTOsABhSwXofQHPEE3+GMlQZlb7K0R1XjduJQn/zApDg2V3GXx4rgeLPgco330OG UWRhkxof8OPbJdyp7i4KVAthynQOAuFV9I0RM5K7Rct0JVXACERExAKkDFiXJO0J rm/sC+94ApIk5Xl+R8GLJtpnQ7a7723xHGVMoEs+EyAtAsfMxF9FaCUVC4xrJIh8 yZFy2t5Gg4YGJIrhCBz9HDIUjxZDeYvsnKDKXwL8utSuiN7PWeDsWnzqBovTL4vG 3es/Vz2DdKRDtQrQvpYvVZUYu+hMXSw4cBp3wpCu+QodYjUhqfsWHFADvPUFwpzJ r9y4tX95P6sx9G8pR+QuSBusdI6SSEJ64j3CBIXIohtGkkdYVmdfiHh3spImiv3R kvYX8WE846XMq/HQMsMse0Iihre5sSiQUwa2WeoCh/p55IxKtWlhkfMLON3zmZBS 3oG4M8oP4swZCTusTnNM4AOb6ckggbiYvVoJKQ0meLh3Uoiv8o7izTiZhIC5Wi2b tZbkADVQNOZR+QqDQ6AHnMB96smI6/2jKzTMSy79i70IgN0w/pJ5lsDFuY3oylAI RJ5ZrHT2j1caNkdhTXq5wpprMsg2LAtT/N0cGPrV3rVzpeUhxgo= =7ab0 -----END PGP SIGNATURE----- --Sig_/hSvP4gYARe6IAW.KL=0GgT5--