diff mbox

Network with QEMU generated image (guix system vm)?

Message ID 87h9928t7j.fsf@gnu.org
State New
Headers show

Commit Message

Jan Nieuwenhuizen Sept. 26, 2016, 5:30 p.m. UTC
ng0 writes:

> For a considerable long time and countless tries, that's why I'm asking
> about any way to do this as it just does not work. Just about anything
> which would work on GuixSD from a git checkout of guix.git is welcome.

Find attached my ssh/lsh-seed hack to allow unattended entry into a vm
and a minimal vm description.

Here's what I did

    19:18:45 janneke@dundal:~/src/guix 
    $ guix system vm os.scm
    /gnu/store/4rqrzxz8amzq7j599sfr2vsbwy01fx04-run-vm.sh -net user,hostfwd=tcp::2223-:2222&
    19:19:37 janneke@dundal:~/src/guix 
    $ ssh-keygen -f "$HOME/.ssh/known_hosts" -R [localhost]:2223
    [wait]
    19:19:40 janneke@dundal:~/src/guix 
    $ ssh localhost -p 2223
    .. RET RET
    janneke@os ~$ GIT_SSL_NO_VERIFY=1 git clone https://gitlab.com/janneke/mes.git
    Cloning into 'mes'...
    remote: Counting objects: 969, done.        
    remote: Compressing objects: 100% (348/348), done.        
    remote: Total 969 (delta 654), reused 886 (delta 610)        
    Receiving objects: 100% (969/969), 316.35 KiB | 0 bytes/s, done.
    Resolving deltas: 100% (654/654), done.

What I don't understand: sometimes the clone works instantly, sometimes
I need to "wait a bit" until cloning or `ping gitlab.com' works.  It
seemed to be always immediately available when I added the mcron and
rottlog test services, which confuses me even more.  Might just be
coincidence.

Greetings,
Jan

Comments

ng0 Sept. 27, 2016, 7:25 a.m. UTC | #1
Thanks,

I've tried to apply a bit of this, however the problem seems to be no
matter what I do, I get a read only filesystem. But strange enough: I
can touch files. Having a readonly filesystem should prevent me from
ping and git clone, but it can't do this.
Because the file system is read only, gnunet-service can't write files I
think, which prevents fetching the initial hostlist I configured to be
fetched.
But it could also be because I need to change some defaults I've set,
however it should not prevent me from git clone and ping.
Jan Nieuwenhuizen <janneke@gnu.org> writes:

> ng0 writes:
>
>> For a considerable long time and countless tries, that's why I'm asking
>> about any way to do this as it just does not work. Just about anything
>> which would work on GuixSD from a git checkout of guix.git is welcome.
>
> Find attached my ssh/lsh-seed hack to allow unattended entry into a vm
> and a minimal vm description.
>
> Here's what I did
>
>     19:18:45 janneke@dundal:~/src/guix 
>     $ guix system vm os.scm
>     /gnu/store/4rqrzxz8amzq7j599sfr2vsbwy01fx04-run-vm.sh -net user,hostfwd=tcp::2223-:2222&
>     19:19:37 janneke@dundal:~/src/guix 
>     $ ssh-keygen -f "$HOME/.ssh/known_hosts" -R [localhost]:2223
>     [wait]
>     19:19:40 janneke@dundal:~/src/guix 
>     $ ssh localhost -p 2223
>     .. RET RET
>     janneke@os ~$ GIT_SSL_NO_VERIFY=1 git clone https://gitlab.com/janneke/mes.git
>     Cloning into 'mes'...
>     remote: Counting objects: 969, done.        
>     remote: Compressing objects: 100% (348/348), done.        
>     remote: Total 969 (delta 654), reused 886 (delta 610)        
>     Receiving objects: 100% (969/969), 316.35 KiB | 0 bytes/s, done.
>     Resolving deltas: 100% (654/654), done.
>
> What I don't understand: sometimes the clone works instantly, sometimes
> I need to "wait a bit" until cloning or `ping gitlab.com' works.  It
> seemed to be always immediately available when I added the mcron and
> rottlog test services, which confuses me even more.  Might just be
> coincidence.
>
> Greetings,
> Jan
>
> From 8c8687407057ca9caa123905f7ca2e3feeffa203 Mon Sep 17 00:00:00 2001
> From: Jan Nieuwenhuizen <janneke@gnu.org>
> Date: Thu, 8 Sep 2016 14:09:28 +0200
> Subject: [PATCH] gnu: Add lsh-seed, lsh-service: use it.
>
> ---
>  gnu/packages/ssh.scm | 26 ++++++++++++++++++++++++++
>  gnu/services/ssh.scm |  7 +++++++
>  2 files changed, 33 insertions(+)
>
> diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
> index b2612a4..5255848 100644
> --- a/gnu/packages/ssh.scm
> +++ b/gnu/packages/ssh.scm
> @@ -517,3 +517,29 @@ manipulating key files.")
>  authentication with SSH's so-called @dfn{interactive keyboard password
>  authentication}.")
>      (license license:gpl2+)))
> +
> +(use-modules (guix build-system trivial))
> +(define-public lsh-seed
> +  (package
> +    (name "lsh-seed")
> +    (version "0")
> +    (source #f)
> +    (build-system trivial-build-system)
> +    (arguments
> +     '(#:modules ((guix build utils))
> +       #:builder
> +       (begin
> +         (use-modules (guix build utils))
> +         (let* ((source (assoc-ref %build-inputs "source"))
> +                (out (assoc-ref %outputs "out"))
> +                (etc (string-append out "/etc"))
> +                (seed (string-append etc "/lsh-seed")))
> +           (mkdir-p etc)
> +           (with-output-to-file seed
> +             (lambda () (display "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")))
> +           (chmod seed #o400)
> +           #t))))
> +    (home-page "http://localhost")
> +    (synopsis "lsh-seed")
> +    (description "lsh-seed")
> +    (license license:gpl3+)))
> diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
> index 462988c..96ba3d7 100644
> --- a/gnu/services/ssh.scm
> +++ b/gnu/services/ssh.scm
> @@ -68,6 +68,13 @@
>  (define (lsh-initialization lsh host-key)
>    "Return the gexp to initialize the LSH service for HOST-KEY."
>    #~(begin
> +
> +      (unless (file-exists? #$%yarrow-seed)
> +        (when (file-exists? #$lsh-seed)
> +          (mkdir-p (dirname #$%yarrow-seed))
> +          (copy-file (string-append #$lsh-seed "/etc/lsh-seed") #$%yarrow-seed)
> +          (chmod #$%yarrow-seed #o400)))
> +
>        (unless (file-exists? #$%yarrow-seed)
>          (system* (string-append #$lsh "/bin/lsh-make-seed")
>                   "--sloppy" "-o" #$%yarrow-seed))
> -- 
> 2.9.3
>
>
>
> -- 
> Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
> Freelance IT http://JoyofSource.com | AvatarĀ®  http://AvatarAcademy.nl
Aljosha Papsch Sept. 27, 2016, 6:47 p.m. UTC | #2
On 26.09.2016 19:30, Jan Nieuwenhuizen wrote:
> What I don't understand: sometimes the clone works instantly, sometimes
> I need to "wait a bit" until cloning or `ping gitlab.com' works.  It
> seemed to be always immediately available when I added the mcron and
> rottlog test services, which confuses me even more.  Might just be
> coincidence.
>
> Greetings,
> Jan
>
I'm guessing here but it sounds alot like neighbor discovery being slow 
with ARP. I had the same issue few months ago with GNS3 where I created 
a virtual topology. They use qemu VMs for each host. After creating 
topology I wanted to ping a little and some packages would be dropped 
before they went through.

http://wiki.qemu.org/Documentation/Networking suggests in section 
"Network backend types" that user networking is slow while tap 
networking is fast. So ARP discovery performance might just suffer from 
qemu user networking. Maybe it's worth trying tap networking. I used it 
a few weeks ago (with lxc containers) and it's pretty flexible. Haven't 
paid attention to performance though.

I might be able to dig up notes on topology if you are interested. In 
it, hypervisors form a VPN and integrate guests in the VPN using taps 
and bridges. It's not a guix recipe unfortunately, just a Gnome Dia file.

Best regards
ng0 Sept. 27, 2016, 8:14 p.m. UTC | #3
Aljosha Papsch <lists@rpapsch.de> writes:

> On 26.09.2016 19:30, Jan Nieuwenhuizen wrote:
>> What I don't understand: sometimes the clone works instantly, sometimes
>> I need to "wait a bit" until cloning or `ping gitlab.com' works.  It
>> seemed to be always immediately available when I added the mcron and
>> rottlog test services, which confuses me even more.  Might just be
>> coincidence.
>>
>> Greetings,
>> Jan
>>
> I'm guessing here but it sounds alot like neighbor discovery being slow 
> with ARP. I had the same issue few months ago with GNS3 where I created 
> a virtual topology. They use qemu VMs for each host. After creating 
> topology I wanted to ping a little and some packages would be dropped 
> before they went through.
>
> http://wiki.qemu.org/Documentation/Networking suggests in section 
> "Network backend types" that user networking is slow while tap 
> networking is fast. So ARP discovery performance might just suffer from 
> qemu user networking. Maybe it's worth trying tap networking. I used it 
> a few weeks ago (with lxc containers) and it's pretty flexible. Haven't 
> paid attention to performance though.

Afaik gnunet uses tun/tap when available[0]. My limited knowledge about
qemu I assumed that those modules in the way I can configure guix so far
do not exist in the way I might want them in the vm (maybe) (different
story, different problem).
As far as my goals are concerned, this try and and error of something as
simple as a stupid ping is slowing me down in developing guix services
for my roadmap items.

> I might be able to dig up notes on topology if you are interested. In 
> it, hypervisors form a VPN and integrate guests in the VPN using taps 
> and bridges. It's not a guix recipe unfortunately, just a Gnome Dia file.

I'm very much interested, throw anything at me which helps me to solve
this somehow.

> Best regards
>
>

[0] However, the lack of calling outside world is not gnunet exclusive.
diff mbox

Patch

From 8c8687407057ca9caa123905f7ca2e3feeffa203 Mon Sep 17 00:00:00 2001
From: Jan Nieuwenhuizen <janneke@gnu.org>
Date: Thu, 8 Sep 2016 14:09:28 +0200
Subject: [PATCH] gnu: Add lsh-seed, lsh-service: use it.

---
 gnu/packages/ssh.scm | 26 ++++++++++++++++++++++++++
 gnu/services/ssh.scm |  7 +++++++
 2 files changed, 33 insertions(+)

diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index b2612a4..5255848 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -517,3 +517,29 @@  manipulating key files.")
 authentication with SSH's so-called @dfn{interactive keyboard password
 authentication}.")
     (license license:gpl2+)))
+
+(use-modules (guix build-system trivial))
+(define-public lsh-seed
+  (package
+    (name "lsh-seed")
+    (version "0")
+    (source #f)
+    (build-system trivial-build-system)
+    (arguments
+     '(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let* ((source (assoc-ref %build-inputs "source"))
+                (out (assoc-ref %outputs "out"))
+                (etc (string-append out "/etc"))
+                (seed (string-append etc "/lsh-seed")))
+           (mkdir-p etc)
+           (with-output-to-file seed
+             (lambda () (display "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")))
+           (chmod seed #o400)
+           #t))))
+    (home-page "http://localhost")
+    (synopsis "lsh-seed")
+    (description "lsh-seed")
+    (license license:gpl3+)))
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 462988c..96ba3d7 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -68,6 +68,13 @@ 
 (define (lsh-initialization lsh host-key)
   "Return the gexp to initialize the LSH service for HOST-KEY."
   #~(begin
+
+      (unless (file-exists? #$%yarrow-seed)
+        (when (file-exists? #$lsh-seed)
+          (mkdir-p (dirname #$%yarrow-seed))
+          (copy-file (string-append #$lsh-seed "/etc/lsh-seed") #$%yarrow-seed)
+          (chmod #$%yarrow-seed #o400)))
+
       (unless (file-exists? #$%yarrow-seed)
         (system* (string-append #$lsh "/bin/lsh-make-seed")
                  "--sloppy" "-o" #$%yarrow-seed))
-- 
2.9.3