Re: systemd-nspawn and /run/resolvconf/resolv.conf
On Tue, Sep 22, 2015 at 10:19 AM, Ralf Mardorfwrote: > On Tue, 22 Sep 2015 08:36:27 -0400, Tom H wrote: > Thank you Tom for taking the time. You're welcome. >> So it works when using "-b". >> >> But you're right, it doesn't when not using "-b". >> >> Ubuntu decided to default to using resolvconf with 12.04. I suspect >> that it'll take more than "it doesn't work when using systemd-nspawn >> as a basic chroot process" for this change to be reversed. > > So I don't report it as a bug. It might be worth reporting it so something like what lxc used to do (see below; I grepped through the various lxc scripts and didn't find anything resolv.conf related, so it no longer does this AFAICS). When systemd-nspawn is used without "-b" it's eseentially a chroot without having to mount/bind-mount anything before entering the chroot. You need to ensure that a proper resolv.conf exists in a chroot before switching to it. When installing Gentoo, for example, you "cp -L /etc/resolv.conf $chroot/etc" before chrooting because the installation tarball doesn't have a resolv.conf. I'm sure that if you check the Arch installation scripts, you'll find something similar. >> Do you have lxc installed? How does it handle resolv.conf as a symlink? > > No. Since I never used it, it's too time consuming to care about > LinuxContainers now. I installed lxc and set up a container. I'd forgotten that it starts up with the systemd-nspawn "-b" by default so a resolv.conf symlink works. I haven't used lxc in a while but I remembered as I was setting up my container that there used to be a routine to detect whether resolv.conf was a symlink and, if it was, back it up and copy the host's resolv.conf. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: systemd-nspawn and /run/resolvconf/resolv.conf
On Thu, 24 Sep 2015 13:03:32 -0400, Tom H wrote: > chroot_add_mount /etc/resolv.conf "$resolv_conf" --bind >} > >So they mount the host's resolv.conf on the chroot's. > >And there's the following patch in lxc 0.7.5-3ubuntu69: > ># cat 0031-ubuntu-template-resolvconf.patch >Description: handle /etc/resolv.conf being a symlink :) Since I don't want to use the systemd-nspawn boot option, I'll keep a resolv.conf in Ubuntu's /etc. Regards, Ralf PS: OT: Today I replaced my ADSL-modem with a router. # pidof pppd || echo ":D" :D I still use a LAN cable for my PC and WLAN only for a tablet PC. I wonder how secure the WLAN is and how to disable it, so I have to read a little bit. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: systemd-nspawn and /run/resolvconf/resolv.conf
On Thu, Sep 24, 2015 at 10:18 AM, Tom Hwrote: > > You need to ensure that a proper resolv.conf exists in a chroot before > switching to it. When installing Gentoo, for example, you "cp -L > /etc/resolv.conf $chroot/etc" before chrooting because the > installation tarball doesn't have a resolv.conf. I'm sure that if you > check the Arch installation scripts, you'll find something similar. The arch-chroot installation script has the following function: chroot_add_resolv_conf() { local chrootdir=$1 resolv_conf=$1/etc/resolv.conf # Handle resolv.conf as a symlink to somewhere else. if [[ -L $chrootdir/etc/resolv.conf ]]; then # readlink(1) should always give us *something* since we know at this point # it's a symlink. For simplicity, ignore the case of nested symlinks. resolv_conf=$(readlink "$chrootdir/etc/resolv.conf") if [[ $resolv_conf = /* ]]; then resolv_conf=$chrootdir$resolv_conf else resolv_conf=$chrootdir/etc/$resolv_conf fi # ensure file exists to bind mount over if [[ ! -f $resolv_conf ]]; then install -Dm644 /dev/null "$resolv_conf" || return 1 fi elif [[ ! -e $chrootdir/etc/resolv.conf ]]; then # The chroot might not have a resolv.conf. return 0 fi chroot_add_mount /etc/resolv.conf "$resolv_conf" --bind } So they mount the host's resolv.conf on the chroot's. And there's the following patch in lxc 0.7.5-3ubuntu69: # cat 0031-ubuntu-template-resolvconf.patch Description: handle /etc/resolv.conf being a symlink This will be forwarded upstream. Author: Serge Hallyn Forwarded: no Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/922706 Index: lxc/templates/lxc-ubuntu.in === --- lxc.orig/templates/lxc-ubuntu.in 2012-01-27 10:45:16.167886074 -0600 +++ lxc/templates/lxc-ubuntu.in 2012-01-27 10:50:39.567880601 -0600 @@ -389,9 +389,13 @@ chroot $rootfs apt-get install --force-yes -y python-software-properties chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa fi -cp /etc/resolv.conf "${rootfs}/etc" + cresolvonf="${rootfs}/etc/resolv.conf" + mv $cresolvonf ${cresolvonf}.lxcbak +cat /etc/resolv.conf > ${cresolvonf} chroot $rootfs apt-get update chroot $rootfs apt-get install --force-yes -y lxcguest + rm -f ${cresolvonf} + mv ${cresolvonf}.lxcbak ${cresolvonf} fi } -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: systemd-nspawn and /run/resolvconf/resolv.conf
On Mon, 21 Sep 2015 21:51:35 -0400, Tom H wrote: >On Sun, Sep 20, 2015 at 1:11 PM, Ralf Mardorf >wrote: >> >> by default Wily's /etc/resolv.conf is a link against >> ../run/resolvconf/resolv.conf. If you want to maintain Wily from >> another install in a systemd-nspawn container, the link needs to be >> replaced by a file /etc/resolv.conf. Since Wily is based on systemd >> by itself, it IMO should care about systemd-nspawn compatibility and >> by default not link against /run. >> >> Assumed nobody should be aware about a reason that a link is a better >> solution, I would report it as a bug. > >If you were to set up the "full systemd upstream experience", you'd be >using systemd-resolved and "/etc/resolv.conf" would be a symlink to >"/run/systemd/resolve/resolv.conf", so there's no reason why Ubuntu's >default resolvconf setup shouldn't work, at least when using >"systemd-nspawn -bD ...". You are missing the point, Arch Linux does not split packages from upstream. If I want to maintain Ubuntu from my Arch Linux install I only get access to the Ubuntu repositories, if Ubuntu does not link. [rocketmouse@archlinux ~]$ sudo systemd-nspawn -qD /mnt/moonstudio [root@moonstudio ~]# ls -l /etc/resolv.* -rw-r--r-- 1 root root 48 Sep 22 08:43 /etc/resolv.conf lrwxrwxrwx 1 root root 29 Jul 25 22:50 /etc/resolv.conf.bak -> ../run/resolvconf/resolv.conf [root@moonstudio ~]# dpkg -l systemd-resolved dpkg-query: no packages found matching systemd-resolved As you can see systemd-resolved isn't installed, but I needed to replace the link with a resolve.conf file. Now I can [root@moonstudio ~]# apt-get update Ign http://de.archive.ubuntu.com wily InRelease Ign http://de.archive.ubuntu.com wily-updates InRelease Ign http://de.archive.ubuntu.com wily-backports InRelease Ign http://security.ubuntu.com wily-security InRelease Get:1 http://de.archive.ubuntu.com wily Release.gpg [933 B] Hit http://de.archive.ubuntu.com wily-updates Release.gpg Hit http://de.archive.ubuntu.com wily-backports Release.gpg Hit http://security.ubuntu.com wily-security Release.gpg Get:2 http://de.archive.ubuntu.com wily Release [217 kB] Hit http://security.ubuntu.com wily-security Release Hit http://security.ubuntu.com wily-security/main Sources Hit http://security.ubuntu.com wily-security/restricted Sources Hit http://security.ubuntu.com wily-security/universe Sources 99% [2 Release 214 kB/217 kB 99%] [Waiting for headers]^C But if I would keep the link [root@moonstudio ~]# mv -i /etc/resolv.conf /etc/resolv.conf.fix [root@moonstudio ~]# mv -i /etc/resolv.conf.bak /etc/resolv.conf [root@moonstudio ~]# ls -l /etc/resolv.* lrwxrwxrwx 1 root root 29 Jul 25 22:50 /etc/resolv.conf -> ../run/resolvconf/resolv.conf -rw-r--r-- 1 root root 48 Sep 22 08:43 /etc/resolv.conf.fix [root@moonstudio ~]# apt-get update Err http://de.archive.ubuntu.com wily InRelease Err http://security.ubuntu.com wily-security InRelease Err http://de.archive.ubuntu.com wily-updates InRelease Err http://de.archive.ubuntu.com wily-backports InRelease Err http://security.ubuntu.com wily-security Release.gpg Temporary failure resolving 'security.ubuntu.com' Err http://de.archive.ubuntu.com wily Release.gpg Temporary failure resolving 'de.archive.ubuntu.com' Err http://de.archive.ubuntu.com wily-updates Release.gpg Temporary failure resolving 'de.archive.ubuntu.com' Err http://de.archive.ubuntu.com wily-backports Release.gpg Temporary failure resolving 'de.archive.ubuntu.com' ^Cading package lists... 17% And again, if I remove the annoying Ubuntu default link everything is working again. [root@moonstudio ~]# mv -i /etc/resolv.conf /etc/resolv.conf.bak [root@moonstudio ~]# mv -i /etc/resolv.conf.fix /etc/resolv.conf [root@moonstudio ~]# ls -l /etc/resolv.* -rw-r--r-- 1 root root 48 Sep 22 08:43 /etc/resolv.conf lrwxrwxrwx 1 root root 29 Jul 25 22:50 /etc/resolv.conf.bak -> ../run/resolvconf/resolv.conf [root@moonstudio ~]# apt-get update Ign http://de.archive.ubuntu.com wily InRelease Ign http://security.ubuntu.com wily-security InRelease Ign http://de.archive.ubuntu.com wily-updates InRelease Hit http://security.ubuntu.com wily-security Release.gpg Ign http://de.archive.ubuntu.com wily-backports InRelease Hit http://security.ubuntu.com wily-security Release sytemd from upstream doesn't contain /etc/resolv.conf https://www.archlinux.org/packages/core/x86_64/systemd/files/ Ubuntu and Arch's systemd from upstream contain another file. [root@moonstudio ~]# cat /etc/systemd/resolved.conf # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. # # Entries in this file show the
Re: systemd-nspawn and /run/resolvconf/resolv.conf
On Mon, 21 Sep 2015 21:51:35 -0400, Tom H wrote: >"systemd-nspawn -bD ...". I missed this. -b --boot I'll test it now ... -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: systemd-nspawn and /run/resolvconf/resolv.conf
On Tue, 22 Sep 2015 10:19:11 +0200, Ralf Mardorf wrote: >On Mon, 21 Sep 2015 21:51:35 -0400, Tom H wrote: >>"systemd-nspawn -bD ...". > >I missed this. > > -b --boot > >I'll test it now ... [rocketmouse@archlinux ~]$ sudo mv -i /mnt/moonstudio/etc/resolv.conf /mnt/moonstudio/etc/resolv.conf.fix [rocketmouse@archlinux ~]$ sudo mv -i /mnt/moonstudio/etc/resolv.conf.bak /mnt/moonstudio/etc/resolv.conf [rocketmouse@archlinux ~]$ ls -l /mnt/moonstudio/etc/resolv.conf lrwxrwxrwx 1 root root 29 Jul 25 22:50 /mnt/moonstudio/etc/resolv.conf -> ../run/resolvconf/resolv.conf [rocketmouse@archlinux ~]$ sudo systemd-nspawn -qbD /mnt/moonstudio [snip] Ubuntu Wily Werewolf (development branch) moonstudio console moonstudio login: root Password: The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. [root@moonstudio ~]# apt-get update Err http://de.archive.ubuntu.com wily InRelease Err http://de.archive.ubuntu.com wily-updates InRelease Err http://de.archive.ubuntu.com wily-backports InRelease Err http://security.ubuntu.com wily-security InRelease Err http://security.ubuntu.com wily-security Release.gpg Temporary failure resolving 'security.ubuntu.com' Err http://de.archive.ubuntu.com wily Release.gpg Temporary failure resolving 'de.archive.ubuntu.com' Err http://de.archive.ubuntu.com wily-updates Release.gpg Temporary failure resolving 'de.archive.ubuntu.com' Err http://de.archive.ubuntu.com wily-backports Release.gpg Temporary failure resolving 'de.archive.ubuntu.com' ^Cading package lists... 33% [root@moonstudio ~]# [root@moonstudio ~]# mv -i /etc/resolv.conf /etc/resolv.conf.bak [root@moonstudio ~]# mv -i /etc/resolv.conf.fix /etc/resolv.conf [root@moonstudio ~]# ls -l /etc/resolv.* -rw-r--r-- 1 root root 48 Sep 22 08:43 /etc/resolv.conf lrwxrwxrwx 1 root root 29 Jul 25 22:50 /etc/resolv.conf.bak -> ../run/resolvconf/resolv.conf [root@moonstudio ~]# apt-get update Ign http://security.ubuntu.com wily-security InRelease Ign http://de.archive.ubuntu.com wily InRelease Hit http://security.ubuntu.com wily-security Release.gpg Ign http://de.archive.ubuntu.com wily-updates InRelease Hit http://security.ubuntu.com wily-security Release Ign http://de.archive.ubuntu.com wily-backports InRelease Hit http://de.archive.ubuntu.com wily Release.gpg Hit http://security.ubuntu.com wily-security/main Sources Hit http://de.archive.ubuntu.com wily-updates Release.gpg Hit http://security.ubuntu.com wily-security/restricted Sources Hit http://de.archive.ubuntu.com wily-backports Release.gpg It's the same issue. It only works without the link, but starting in the container takes longer. The only advantage seems to be the possibility to login as user without root privileges. Regards, Ralf -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: systemd-nspawn and /run/resolvconf/resolv.conf
On Tue, Sep 22, 2015 at 4:16 AM, Ralf Mardorfwrote: > On Mon, 21 Sep 2015 21:51:35 -0400, Tom H wrote: >> On Sun, Sep 20, 2015 at 1:11 PM, Ralf Mardorf >> wrote: >>> by default Wily's /etc/resolv.conf is a link against >>> ../run/resolvconf/resolv.conf. If you want to maintain Wily from >>> another install in a systemd-nspawn container, the link needs to be >>> replaced by a file /etc/resolv.conf. Since Wily is based on systemd >>> by itself, it IMO should care about systemd-nspawn compatibility and >>> by default not link against /run. >>> >>> Assumed nobody should be aware about a reason that a link is a better >>> solution, I would report it as a bug. >> >> If you were to set up the "full systemd upstream experience", you'd be >> using systemd-resolved and "/etc/resolv.conf" would be a symlink to >> "/run/systemd/resolve/resolv.conf", so there's no reason why Ubuntu's >> default resolvconf setup shouldn't work, at least when using >> "systemd-nspawn -bD ...". > > You are missing the point, Arch Linux does not split packages from > upstream. If I want to maintain Ubuntu from my Arch Linux install I > only get access to the Ubuntu repositories, if Ubuntu does not link. I didn't realize that your point was about Ubuntu splitting up upstream packages. It seemed to be about Ubuntu defaulting to using resolvconf. :) > [rocketmouse@archlinux ~]$ sudo systemd-nspawn -qD /mnt/moonstudio > [root@moonstudio ~]# ls -l /etc/resolv.* > -rw-r--r-- 1 root root 48 Sep 22 08:43 /etc/resolv.conf > lrwxrwxrwx 1 root root 29 Jul 25 22:50 /etc/resolv.conf.bak -> > ../run/resolvconf/resolv.conf > [root@moonstudio ~]# dpkg -l systemd-resolved > dpkg-query: no packages found matching systemd-resolved > > As you can see systemd-resolved isn't installed, but I needed to replace > the link with a resolve.conf file. systemd-resolved is a service not a package. I've just installed systemd-container and set up an Arch container (on a laptop running 15.10). I enabled systemd-resolved.service in the container and set up resolv.conf as a symlink. /var/lib/machines# systemd-nspawn -bD arch [root@arch ~]# ls -l /etc/resolv.conf lrwxrwxrwx 1 root root 34 Sep 22 11:37 /etc/resolv.conf -> ../run/systemd/resolve/resolv.conf [root@arch ~]# cat /etc/resolv.conf # This file is managed by systemd-resolved(8). Do not edit. # # Third party programs must not access this file directly, but # only through the symlink at /etc/resolv.conf. To manage # resolv.conf(5) in a different way, replace the symlink by a # static file or a different symlink. nameserver 8.8.4.4 [root@arch ~]# cat /etc/systemd/resolved.conf.d/google.conf [Resolve] DNS=8.8.4.4 [root@arch ~]# pacman -S ldns [root@arch ~]# drill ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 2211 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; . IN NS ;; ANSWER SECTION: . 9635 IN NS h.root-servers.net. . 9635 IN NS k.root-servers.net. . 9635 IN NS i.root-servers.net. . 9635 IN NS g.root-servers.net. . 9635 IN NS a.root-servers.net. . 9635 IN NS m.root-servers.net. . 9635 IN NS b.root-servers.net. . 9635 IN NS d.root-servers.net. . 9635 IN NS l.root-servers.net. . 9635 IN NS c.root-servers.net. . 9635 IN NS f.root-servers.net. . 9635 IN NS j.root-servers.net. . 9635 IN NS e.root-servers.net. ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 47 msec ;; SERVER: 8.8.4.4 ;; WHEN: Tue Sep 22 12:17:40 2015 ;; MSG SIZE rcvd: 228 [root@arch ~]# So it works when using "-b". But you're right, it doesn't when not using "-b". Ubuntu decided to default to using resolvconf with 12.04. I suspect that it'll take more than "it doesn't work when using systemd-nspawn as a basic chroot process" for this change to be reversed. Do you have lxc installed? How does it handle resolv.conf as a symlink? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: systemd-nspawn and /run/resolvconf/resolv.conf
Thank you Tom for taking the time. On Tue, 22 Sep 2015 08:36:27 -0400, Tom H wrote: >systemd-resolved is a service not a package. Ok, I didn't know it. [rocketmouse@archlinux ~]$ systemctl status systemd-resolved ● systemd-resolved.service - Network Name Resolution Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:systemd-resolved.service(8) >So it works when using "-b". > >But you're right, it doesn't when not using "-b". > >Ubuntu decided to default to using resolvconf with 12.04. I suspect >that it'll take more than "it doesn't work when using systemd-nspawn >as a basic chroot process" for this change to be reversed. So I don't report it as a bug. >Do you have lxc installed? How does it handle resolv.conf as a symlink? No. Since I never used it, it's too time consuming to care about LinuxContainers now. Regards, Ralf -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: systemd-nspawn and /run/resolvconf/resolv.conf
On Sun, Sep 20, 2015 at 1:11 PM, Ralf Mardorfwrote: > > by default Wily's /etc/resolv.conf is a link against > ../run/resolvconf/resolv.conf. If you want to maintain Wily from another > install in a systemd-nspawn container, the link needs to be replaced by a > file /etc/resolv.conf. Since Wily is based on systemd by itself, it IMO > should care about systemd-nspawn compatibility and by default not link > against /run. > > Assumed nobody should be aware about a reason that a link is a better > solution, I would report it as a bug. If you were to set up the "full systemd upstream experience", you'd be using systemd-resolved and "/etc/resolv.conf" would be a symlink to "/run/systemd/resolve/resolv.conf", so there's no reason why Ubuntu's default resolvconf setup shouldn't work, at least when using "systemd-nspawn -bD ...". -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss