GNU bug report logs - #28128
[PATCH] scripts: system: Add support for container network sharing.

Previous Next

Full log

Message #14 received at 28128 <at> debbugs.gnu.org (full text, mbox):

From: Christopher Baines <mail <at> cbaines.net>
To: ludo <at> gnu.org (Ludovic Courtès)
Cc: 28128 <at> debbugs.gnu.org
Subject: Re: [bug#28128] [PATCH] scripts: system: Add support for container
 network sharing.
Date: Wed, 20 Sep 2017 08:04:18 +0100

[Message part 1 (text/plain, inline)]

On Tue, 19 Sep 2017 23:39:34 +0200
ludo <at> gnu.org (Ludovic Courtès) wrote:

> Hi!
> 
> Sorry for the delay!
> 
> Christopher Baines <mail <at> cbaines.net> skribis:
> 
> > This is a port of the functionality in the Guix environment command
> > to the guix system container command.
> >
> > This requires additional changes to the operating-system
> > definitions used, in particular, networking related services may
> > need removing if the host network is shared.
> >
> > * guix/scripts/system.scm (system-derivation-for-action): Add
> >   #:container-shared-network? argument.
> >   (perform-action): Add #:container-shared-network? argument.
> >   (show-help): Add "-N, --network" help information.
> >   (%options): Add network option.
> >   (process-action): Call perform-action with
> > #:container-shared-network?.
> > * gnu/system/linux-container.scm (%network-configuration-files):
> > New variable. (container-script): Add support for returning a
> > container script that shares the host network.
> > * gnu/system.scm (essential-services): Add
> > #:container-shared-network? argument.
> >   (operating-system-services): Add #:container-shared-network?
> > argument. (operating-system-etc-service): Add
> > #:container-shared-network? argument, and support for ommiting some
> > configuration if the network is shared.
> > (operating-system-activation-script): Add
> > #:container-shared-network? argument, and pass this through to the
> > operating-system-services procedure.
> > (operating-system-boot-script): Add #:container-shared-network?
> > argument, and pass this through to the operating-system-services
> > procedure. (operating-system-derivation): Add the
> > #:container-shared-network? argument, and pass this through to the
> > operating-system-services procedure. (operating-system-profile):
> > Add the #:container-shared-network? argument, and pass this through
> > to the operating-system-services procedure.  
> 
> My gut reaction was “hey this is cool!”, and then “wait, it doesn’t
> feel right to pass that argument around everywhere!”.   :-)

Yep, agreed :)

> We already have that with #:container?, and I think that’s a bit of a
> problem.  The ‘linux-bare-metal’ service addresses it somewhat in a
> more elegant way, I think.
> 
> What about this:
> 
>   1. Remove from ‘operating-system-etc-service’ all the
>      shared-network-related files;
> 
>   2. Add a ‘shared-network-service’ that simply adds those file
> to /etc;
> 
>   3. Add a ‘containerized-operating-system’ that removes it.
> 
> There’s the problem, though, that /etc/hosts can only be added from
> ‘essential-services’.
> 
> Now, this:
> 
> +(define %network-configuration-files
> +  '("/etc/resolv.conf"
> +    "/etc/nsswitch.conf"
> +    "/etc/services"
> +    "/etc/hosts"))
> 
> … is exactly what (gnu system file-systems) defines.
> 
> Also, we should map the host’s /var/run/nscd/socket (if it exists) in
> the guest, and remove nscd from the guest.
> 
> Thoughts?

This sounds really good, I'll try and make some time to implement it :)

[Message part 2 (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.