Update services for non-global, exclusive-IP DHCP zone

Review Request #289 - Created Dec. 7, 2016 and updated

Information
C Fraire
illumos-gate
2875, 7650, 8587, 8689, 8690, 8691
Reviewers
general

8691 net-routing-setup does a match for "current=enabled" against the ipv[46]-routing "persistent" field

net-routing-setup does a check to determine "Are we routing dynamically?", but the nawk prog prints field $2 (persistent=enabled|disabled) and tries to match "current=enabled".

2875 local zones should not enforce "smf_netstrategy==none" regardless of reality

Historical issue regarding ngz and netstrategy

7650 Update net-svc to work for an exclusive-IP, DHCP non-global zone

For a DHCP global zone, net-svc (svc:/network/service:default) creates/updates resolv.conf to incorporate DHCP DNSserv and DNSdmain parameter values and updates nsswitch.conf to ensure dns is set as an active database for hosts/ipnodes.

net-svc does nothing for an exclusive-IP, DHCP, non-global zone; but it could do easily the equivalent. Moreover, net-svc only tries once to fetch DNSserv and DNSdmain from dhcpagent (dhcpinfo), which generally works for a global zone. For fast-booting non-global zones, there needs to be a few seconds allowance.

8689 Update identity-node to work for an exclusive-IP, DHCP, non-global zone

For a DHCP global zone, identity-node (svc:/system/identity:node) will use DHCP Hostname if returned. As with 7650, identity-node does nothing for an exclusive-IP, DHCP, non-global zone; but it could do easily the equivalent. One particular difference is that the previously-existing, non-global zone fallback to uname -n after /etc/nodename must be preserved for DHCP-handling as well.

8690 Update net-routing-setup to work for an exclusive-IP, DHCP, non-global zone

For a DHCP global zone, net-routing-setup (svc:/network/routing-setup:default) will use DHCP Router if defined as a signal to disable routeadm/default-ipv4-routing. net-routing-setup does nothing for an exclusive-IP, DHCP, non-global zone; but it could do easily the same.

8587 svc:/network/routing/route:default usually is not needed nowadays

net-routing-setup uses defined "defrouters" as a signal to disable routing. Default, static routes from /etc/inet/static_routes should also be included in this signal. (net-routing-setup reads /etc/inet/static_routes as the last step in its handling, so this is not a major change to the script.)

Global zone

  • affirmed that DHCP Hostname was used if defined for DHCP address (as before)
  • affirmed that resolv.conf was created/revised and nsswitch.conf was revised for a DHCP address (as before)
  • affirmed that DHCP IPv4 address (with DHCP Router defined) resulted in disabled routeadm/default-ipv4-routing (as before)
  • affirmed that static IPv4 address with default, static route resulted in disabled routeadm/default-ipv4-routing (new)

Non-global zone

  • affirmed that first boot (no addresses) has routeadm/default-ipv4-routing enabled (as before)
  • after creating DHCP address and rebooting:
    1) affirmed that defined DHCP Router resulted in disabled routeadm/default-ipv4-routing (new)
    2) affirmed that DHCP Hostname was used if defined for DHCP address (new)
    3) affirmed that resolv.conf was created/revised and nsswitch.conf was revised (new)
  • For testing 8691: removed address and rebooted to see routeadm/default-ipv4-routing enabled. Added a debug statement to net-routing-setup to affirm the expected assignment: dynamic_routing="true".

Files


Issues

  • 0
  • 0
  • 1
  • 1
Description From Last Updated
Hans Rosenfeld
Jens Elkner
C Fraire
C Fraire
C Fraire
C Fraire
C Fraire
C Fraire
Review request changed

Change Summary:

  • Also upload a test script of smf_netstrategy*

Added Files:

Peter Tribble

Why introduce smf_netstrategy2?

Please just fix smf_netstrategy.

  1. I don't think you can prove that no illumos user with some custom SMF service would be impacted by the redefinition of that public function. I can prove though that it would have broken identity-node if smf_netstrategy were redefined that way.

  2. This is deeply internal code, not only can I not see anyone doing so, but it would be unwise and fragile to depend on it.

    The current smf_netstrategy behaviour is plain wrong; it dates back to before exclusive-ip stacks were introduced.

    (I believe Oracle Solaris fixed this in both S10 and S11 so that smf_netstrategy returns valid answers for an exclusive-stack zone.)

Peter Tribble

In net-routing-setup, you've added a check for static_routes.

First - should the /etc/svc/volatile stuff have happened before that first check?

Second - would it be easier to simply move the entire static_routes handling (both the /etc/svc/volatile movement and the actual setting of routes) from the end of the file to before the section with the netstat in it? That way you don't need to add the separate check for static_routes (and you can just rely on the netstat check to see if a default route has been added).

Loading...