[bug#28128] [PATCH 2/2] scripts: system: Support container network sharing.

[Ludovic Courtès]

Hello!

Some comments below.

Arun Isaac <address@hidden> skribis:

> * gnu/services.scm (shared-network-service-type): New variable.
> * gnu/services/base.scm (%base-services): Add shared-network-service.
> * gnu/system.scm (essential-services): If shared-network-service exists,
> extend it to add /etc/services, /etc/nsswitch.conf and /etc/hosts.
> (operating-system-etc-service): Do not add /etc/services, /etc/nsswitch.conf
> and /etc/hosts.
> * gnu/system/linux-container.scm (container-script): Support returning a
> container script that shares the host network.
> * guix/scripts/system.scm (system-derivation-for-action, perform-action): Add
> #:container-shared-network? argument.
> (show-help): Add "-N, --network" help information.
> (%options): Add network option.
> (process-action): Call perform-action with #:container-shared-network?.
>
> Co-authored-by: Christopher Baines <address@hidden>

[...]

> +(define shared-network-service-type
> +  (service-type (name 'shared-network)
> +                (extensions (list (service-extension etc-service-type 
> identity)))
> +                (compose concatenate)
> +                (extend append)
> +                (default-value '())))

I’d encourage you to add a ‘description’ field as well.  :-)

> --- a/gnu/system.scm
> +++ b/gnu/system.scm
> @@ -5,6 +5,7 @@
>  ;;; Copyright © 2016 Chris Marusich <address@hidden>
>  ;;; Copyright © 2017 Mathieu Othacehe <address@hidden>
>  ;;; Copyright © 2019 Meiyo Peng <address@hidden>
> +;;; Copyright © 2019 Arun Isaac <address@hidden>
>  ;;;
>  ;;; This file is part of GNU Guix.
>  ;;;
> @@ -501,7 +502,21 @@ a container or that of a \"bare metal\" system."
>                         (list %containerized-shepherd-service)
>                         (list %linux-bare-metal-service
>                               (service firmware-service-type
> -                                      (operating-system-firmware os))))))))
> +                                      (operating-system-firmware os))))
> +                   (if (find (lambda (service)
> +                               (eq? (service-type-name (service-kind 
> service))
> +                                    'shared-network))
> +                             (operating-system-user-services os))
> +                       (let ((nsswitch (plain-file "nsswitch.conf"
> +                                                   
> (name-service-switch->string
> +                                                    
> (operating-system-name-service-switch os)))))
> +                         (list (simple-service 'shared-network-extension
> +                                               shared-network-service-type
> +                                               `(("services" ,(file-append 
> net-base "/etc/services"))
> +                                                 ("nsswitch.conf" 
> ,#~#$nsswitch)
> +                                                 ("hosts" ,#~#$(or 
> (operating-system-hosts-file os)
> +                                                                   
> (default-/etc/hosts (operating-system-host-name os))))))))
> +                       (list))))))

A couple of things:

  1. ‘service-type-name’ exists for debugging purposes, and I think we
     shouldn’t rely on it at all in our code.  Instead, we should
     compare service types by identity, as in:

       (eq? (service-kind service) foo-service-type)

  2. The notion of “shared network” is very much a container (or VM)
     thing, so somehow it still doesn’t feel right to me that (gnu
     system) has to be aware of these special cases.

I think the ‘host-database-service-type’ wouldn’t have this problem, but
maybe it has other issues.  I guess this needs more experimentation,
sorry for not coming up with clearer ideas!

Ludo’.