[lxc-devel] [RFC] [PATCH] lxc-fedora template - Add --fqdn option for utsname.
Michael H. Warfield
mhw at WittsEnd.com
Thu May 23 16:26:50 UTC 2013
On Thu, 2013-05-23 at 10:41 -0500, Serge Hallyn wrote:
> Quoting Michael H. Warfield (mhw at WittsEnd.com):
> > All,
> >
> > After comments from Serge, attached is a suggested patch to the Fedora
> > template to incorporate the FQDN (Fully Qualified Domain Name) of the
> > container as the utsname in the container configuration and in the host
> > name of the system. It adds a "--fqdn" long option to explicitly
> > specify the value for utsname and hostname.
> >
> > The logic contains one default behavior change. If an FQDN is not
> > specified or is a host simple name, the logic will use the domain name
> > of the host appended to either the container name or the simple name to
> > generate an FQDN.
> >
> > There were some comments on the -users list about determining the name
> > of a container based on it's host name. That's never a good idea
> > anyways because they can be independently changed but this would also
> > change the default case. Please looks that over and comment. Other
> > container owners might consider a similar modification.
> >
> > Regards,
> > Mike
> > --
> > Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
> > /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
> > NIC whois: MHW9 | An optimist believes we live in the best of all
> > PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
> > --
> >
> > Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
> >
> > ---
> > diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
> > index 481f718..8cc1699 100644
> > --- a/templates/lxc-fedora.in
> > +++ b/templates/lxc-fedora.in
> > @@ -66,7 +66,7 @@ configure_fedora()
> > DEVICE=eth0
> > BOOTPROTO=dhcp
> > ONBOOT=yes
> > -HOSTNAME=${name}
> > +HOSTNAME=${utsname}
> > NM_CONTROLLED=no
> > TYPE=Ethernet
> > MTU=${MTU}
> > @@ -75,17 +75,17 @@ EOF
> > # set the hostname
> > cat <<EOF > ${rootfs_path}/etc/sysconfig/network
> > NETWORKING=yes
> > -HOSTNAME=${name}
> > +HOSTNAME=${utsname}
> > EOF
> >
> > # set hostname on systemd Fedora systems
> > if [ $release -gt 14 ]; then
> > - echo "${name}" > ${rootfs_path}/etc/hostname
> > + echo "${utsname}" > ${rootfs_path}/etc/hostname
> > fi
> >
> > # set minimal hosts
> > cat <<EOF > $rootfs_path/etc/hosts
> > -127.0.0.1 localhost $name
> > +127.0.0.1 localhost.localdomain localhost $utsname
> > ::1 localhost6.localdomain6 localhost6
> > EOF
> >
> > @@ -287,7 +287,7 @@ copy_configuration()
> > mkdir -p $config_path
> > grep -q "^lxc.rootfs" $config_path/config 2>/dev/null || echo "lxc.rootfs = $rootfs_path" >> $config_path/config
> > cat <<EOF >> $config_path/config
> > -lxc.utsname = $name
> > +lxc.utsname = $utsname
> > lxc.tty = 4
> > lxc.pts = 1024
> > lxc.mount = $config_path/fstab
> > @@ -355,7 +355,7 @@ usage()
> > cat <<EOF
> > usage:
> > $1 -n|--name=<container_name>
> > - [-p|--path=<path>] [-c|--clean] [-R|--release=<Fedora_release>] [-A|--arch=<arch of the container>]
> > + [-p|--path=<path>] [-c|--clean] [-R|--release=<Fedora_release>] [--fqdn=<network name of container>] [-A|--arch=<arch of the container>]
> > [-h|--help]
> > Mandatory args:
> > -n,--name container name, used to as an identifier for that container from now on
> > @@ -363,13 +363,14 @@ Optional args:
> > -p,--path path to where the container rootfs will be created, defaults to @LXCPATH at . The container config will go under @LXCPATH@ in that case
> > -c,--clean clean the cache
> > -R,--release Fedora release for the new container. if the host is Fedora, then it will default to the host's release.
> > + --fqdn fully qualified domain name (FQDN) for DNS and system naming
> > -A,--arch NOT USED YET. Define what arch the container will be [i686,x86_64]
> > -h,--help print this help
> > EOF
> > return 0
> > }
> >
> > -options=$(getopt -o hp:n:cR: -l help,path:,name:,clean,release: -- "$@")
> > +options=$(getopt -o hp:n:cR: -l help,path:,name:,clean,release:,fqdn: -- "$@")
> > if [ $? -ne 0 ]; then
> > usage $(basename $0)
> > exit 1
> > @@ -384,6 +385,7 @@ do
> > -n|--name) name=$2; shift 2;;
> > -c|--clean) clean=$2; shift 2;;
> > -R|--release) release=$2; shift 2;;
> > + --fqdn) utsname=$2; shift 2;;
> > --) shift 1; break ;;
> > *) break ;;
> > esac
> > @@ -394,6 +396,29 @@ if [ ! -z "$clean" -a -z "$path" ]; then
> > exit 0
> > fi
> >
> > +if [ -z "${utsname}" ]; then
> > + utsname=${name}
> > +fi
> > +
> > +# This follows a standard "resolver" convention that an FQDN must have
> > +# at least two dots or it is considered a local relative host name.
> > +# If it doesn't, append the dns domain name of the host system.
> > +#
> > +# This changes one significant behavior when running
> > +# "lxc_create -n Container_Name" without using the
> > +# --fqdn option.
> > +#
> > +# Old behavior:
> > +# utsname and hostname = Container_Name
> > +# New behavior:
> > +# utsname and hostname = Container_Name.Domain_Name
> > +
> > +if [ $(expr "$utsname" : '.*\..*\.') = 0 ]; then
> Is this definately what you want? I realize 'fqdn' probably really
> means legit, but I coudl see people saying
> lxc-create ... --fqdn n1.lxc --domainname lxc
> and now they'll end up with n1.lxc.lxc as utsname, right?
Right. Wait... What's that "--domainname" option?? I don't have that.
Your paraphrased example of say "lxc-create -n nl -- --fqdn nl.lxc"
would result in ln.lxc.lxc, true. The question is, which is the desired
behavior. That is what I intended based on general conventions of
FQDNs. That's open for debate and discussion however, if anyone has
arguments for reducing it to one dot in an FQDN for a system name. I
can see both sides of the argument and is exactly I was was calling for
comments.
In principle, use of the name ln.lxc would imply lxc was a top level
domain or TLD
(i.e. .com, .gov, .mil, .net, .org, .info, .name, .uk, .se, .us, etc...)
and having a simple host under one of those should be an extremely rare
circumstance. Of course that gets even more complicated when you
consider the ccTLD's (country code TLD's) as opposed to the gTLD (global
TLD's) where everything is abstracted one more level in the DNS.
Based on what I learned back in the old days, the convention for name
resolution and /etc/resolv.conf entries for "search" and "domain" was
that the resolver libraries would look at the name to be resolved and,
if it contained fewer than two dots, it would assume that the name was
relative. The resolver libraries would then apply the "domain" name
and / or successively the "search" domain names in attempting to resolve
a name (lookup). You could always force the resolver to make a name
"absolute" by explicitly appending a terminating dot (the implicity "."
anchor of the DNS) for name resolution (but you wouldn't want that
explicitly in a system name FQDN).
Now that all may be way out of date (I first learned this in the old
days of SunOS 2.x - pre Solaris - and SCO Unix). So you really should
very rarely ever see an FQDN with less than two dots in it for the host
name though that is much more relaxed with things like A records and
CNAME records in the DNS pointing to alternate hosts for lookups.
OTOH, maybe it's intended as a subdomain like this...
"lxc-create -n rasputin ... -- --fqdn rasputin.ip6"
Which would (in my domain of WittsEnd.com) result in
"rasputin.ip6.wittsend.com" which is actually correct (.ip6. is my
IPv6-only subdomain), but could be a little confusing and probably
shouldn't be encouraged.
> > + if [ -n "$(dnsdomainname)" ]; then
> > + utsname=${utsname}.$(dnsdomainname)
> > + fi
> > +fi
> > +
> > needed_pkgs=""
> > type yum >/dev/null 2>&1
> > if [ $? -ne 0 ]; then
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20130523/f8d93e6b/attachment.pgp>
More information about the lxc-devel
mailing list