[OpenIndiana-discuss] DHCP auto-configuration for local zones and sysidcfg

Jim Klimov jimklimov at cos.ru
Thu Jun 7 18:32:02 UTC 2012 

Hello all,

   I am trying to get automatic networking provisioning for local
zones working, ultimately in order to simplify rapid deployments
of testbeds and per-bug build environments.

   In the process I found a few nits, and wondered if I am doing
something wrong or things are according to current design and
that can be revised, perhaps? So, here goes:

1) In the SMF framework, local zones can not use netstrategy=dhcp
    by the definition in /lib/svc/share/smf_include.sh:
---
#   The network boot strategy for a zone is always "none".
#
smf_netstrategy () {
         if smf_is_nonglobalzone; then
                 _INIT_NET_STRATEGY="none" export _INIT_NET_STRATEGY
                 return 0
         fi
...
---

    This does make sense for shared-IP zones, but for exclusive-IP
    ones which can be DHCP clients indeed, this seems wrong (and
    further on forbids configuration of DNS resolver (resolv.conf,
    nsswitch.conf) from DHCP data via svc:/network/service:default
    method script /lib/svc/method/net-svc.

    Also, I did some limited testing:
    * on SXCE the "/sbin/netstrategy" returns "zfs none none"
      for both shared and exclusive-IP zones (all with static
      IP configuration),
    * on OI (oi_151a3) the exclusive-IP zone which is a DHCP
      client does return "zfs vnic127101 dhcp" properly,
    * while OI local zones with static IP config also return
      "zfs none none".

    Is there any known rationale for the snippet above from
    smf_netstrategy() - or can it be just removed? What are
    the possible negative consequences if this check is dropped?
    Is there a simple reliable way to check the zone's ip-type,
    or why don't we trust /sbin/netstrategy output?


2) In /etc/sysidcfg templates we can set name_service to be
    DNS, LDAP, NIS or NONE. Would it be inappropriate to define
    a new type and set it to "DHCP" (and then fetch name-service
    info from DHCP)?


3) Some networking clients might want the changes to their
    DNS/nsswitch config files from a dynamic wizard, others
    might not. The policy might even differ per-local zone.
    For example, there is "fear" of scripts which might
    corrupt manually crafted settings for files+dns+ldap
    host lookups, etc.

    So far I have not seen any configurable switch that would
    *request* or *forbid* changes to the /etc/resolv.conf and
    /etc/nsswitch.conf files using data from DHCP.
    Does such a switch exist?
    Is it reasonable to add one (if not)?

    As an option, might it make sense to integrate this solution
    (an SMF service to combine user-preferred and DHCP-dynamic
    resolver options, which can then be enabled or disabled on
    a particular zone)?

 
http://thestaticvoid.com/post/2011/01/11/persistent-search-domains-with-nwam-and-dhcp/


Thanks,
//Jim Klimov

PS: A draft Wiki page is cooking here so far:
http://wiki.illumos.org/display/~jimklimov/Using+host-only+networking+to+get+from+build+zones+and+test+VMs+to+the+Internet

More information about the OpenIndiana-discuss mailing list