| Message ID | 87h9928t7j.fsf@gnu.org |
|---|---|
| State | New |
| Headers | show |
Thanks, I've tried to apply a bit of this, however the problem seems to be no matter what I do, I get a read only filesystem. But strange enough: I can touch files. Having a readonly filesystem should prevent me from ping and git clone, but it can't do this. Because the file system is read only, gnunet-service can't write files I think, which prevents fetching the initial hostlist I configured to be fetched. But it could also be because I need to change some defaults I've set, however it should not prevent me from git clone and ping. Jan Nieuwenhuizen <janneke@gnu.org> writes: > ng0 writes: > >> For a considerable long time and countless tries, that's why I'm asking >> about any way to do this as it just does not work. Just about anything >> which would work on GuixSD from a git checkout of guix.git is welcome. > > Find attached my ssh/lsh-seed hack to allow unattended entry into a vm > and a minimal vm description. > > Here's what I did > > 19:18:45 janneke@dundal:~/src/guix > $ guix system vm os.scm > /gnu/store/4rqrzxz8amzq7j599sfr2vsbwy01fx04-run-vm.sh -net user,hostfwd=tcp::2223-:2222& > 19:19:37 janneke@dundal:~/src/guix > $ ssh-keygen -f "$HOME/.ssh/known_hosts" -R [localhost]:2223 > [wait] > 19:19:40 janneke@dundal:~/src/guix > $ ssh localhost -p 2223 > .. RET RET > janneke@os ~$ GIT_SSL_NO_VERIFY=1 git clone https://gitlab.com/janneke/mes.git > Cloning into 'mes'... > remote: Counting objects: 969, done. > remote: Compressing objects: 100% (348/348), done. > remote: Total 969 (delta 654), reused 886 (delta 610) > Receiving objects: 100% (969/969), 316.35 KiB | 0 bytes/s, done. > Resolving deltas: 100% (654/654), done. > > What I don't understand: sometimes the clone works instantly, sometimes > I need to "wait a bit" until cloning or `ping gitlab.com' works. It > seemed to be always immediately available when I added the mcron and > rottlog test services, which confuses me even more. Might just be > coincidence. > > Greetings, > Jan > > From 8c8687407057ca9caa123905f7ca2e3feeffa203 Mon Sep 17 00:00:00 2001 > From: Jan Nieuwenhuizen <janneke@gnu.org> > Date: Thu, 8 Sep 2016 14:09:28 +0200 > Subject: [PATCH] gnu: Add lsh-seed, lsh-service: use it. > > --- > gnu/packages/ssh.scm | 26 ++++++++++++++++++++++++++ > gnu/services/ssh.scm | 7 +++++++ > 2 files changed, 33 insertions(+) > > diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm > index b2612a4..5255848 100644 > --- a/gnu/packages/ssh.scm > +++ b/gnu/packages/ssh.scm > @@ -517,3 +517,29 @@ manipulating key files.") > authentication with SSH's so-called @dfn{interactive keyboard password > authentication}.") > (license license:gpl2+))) > + > +(use-modules (guix build-system trivial)) > +(define-public lsh-seed > + (package > + (name "lsh-seed") > + (version "0") > + (source #f) > + (build-system trivial-build-system) > + (arguments > + '(#:modules ((guix build utils)) > + #:builder > + (begin > + (use-modules (guix build utils)) > + (let* ((source (assoc-ref %build-inputs "source")) > + (out (assoc-ref %outputs "out")) > + (etc (string-append out "/etc")) > + (seed (string-append etc "/lsh-seed"))) > + (mkdir-p etc) > + (with-output-to-file seed > + (lambda () (display "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"))) > + (chmod seed #o400) > + #t)))) > + (home-page "http://localhost") > + (synopsis "lsh-seed") > + (description "lsh-seed") > + (license license:gpl3+))) > diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm > index 462988c..96ba3d7 100644 > --- a/gnu/services/ssh.scm > +++ b/gnu/services/ssh.scm > @@ -68,6 +68,13 @@ > (define (lsh-initialization lsh host-key) > "Return the gexp to initialize the LSH service for HOST-KEY." > #~(begin > + > + (unless (file-exists? #$%yarrow-seed) > + (when (file-exists? #$lsh-seed) > + (mkdir-p (dirname #$%yarrow-seed)) > + (copy-file (string-append #$lsh-seed "/etc/lsh-seed") #$%yarrow-seed) > + (chmod #$%yarrow-seed #o400))) > + > (unless (file-exists? #$%yarrow-seed) > (system* (string-append #$lsh "/bin/lsh-make-seed") > "--sloppy" "-o" #$%yarrow-seed)) > -- > 2.9.3 > > > > -- > Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org > Freelance IT http://JoyofSource.com | AvatarĀ® http://AvatarAcademy.nl
On 26.09.2016 19:30, Jan Nieuwenhuizen wrote: > What I don't understand: sometimes the clone works instantly, sometimes > I need to "wait a bit" until cloning or `ping gitlab.com' works. It > seemed to be always immediately available when I added the mcron and > rottlog test services, which confuses me even more. Might just be > coincidence. > > Greetings, > Jan > I'm guessing here but it sounds alot like neighbor discovery being slow with ARP. I had the same issue few months ago with GNS3 where I created a virtual topology. They use qemu VMs for each host. After creating topology I wanted to ping a little and some packages would be dropped before they went through. http://wiki.qemu.org/Documentation/Networking suggests in section "Network backend types" that user networking is slow while tap networking is fast. So ARP discovery performance might just suffer from qemu user networking. Maybe it's worth trying tap networking. I used it a few weeks ago (with lxc containers) and it's pretty flexible. Haven't paid attention to performance though. I might be able to dig up notes on topology if you are interested. In it, hypervisors form a VPN and integrate guests in the VPN using taps and bridges. It's not a guix recipe unfortunately, just a Gnome Dia file. Best regards
Aljosha Papsch <lists@rpapsch.de> writes: > On 26.09.2016 19:30, Jan Nieuwenhuizen wrote: >> What I don't understand: sometimes the clone works instantly, sometimes >> I need to "wait a bit" until cloning or `ping gitlab.com' works. It >> seemed to be always immediately available when I added the mcron and >> rottlog test services, which confuses me even more. Might just be >> coincidence. >> >> Greetings, >> Jan >> > I'm guessing here but it sounds alot like neighbor discovery being slow > with ARP. I had the same issue few months ago with GNS3 where I created > a virtual topology. They use qemu VMs for each host. After creating > topology I wanted to ping a little and some packages would be dropped > before they went through. > > http://wiki.qemu.org/Documentation/Networking suggests in section > "Network backend types" that user networking is slow while tap > networking is fast. So ARP discovery performance might just suffer from > qemu user networking. Maybe it's worth trying tap networking. I used it > a few weeks ago (with lxc containers) and it's pretty flexible. Haven't > paid attention to performance though. Afaik gnunet uses tun/tap when available[0]. My limited knowledge about qemu I assumed that those modules in the way I can configure guix so far do not exist in the way I might want them in the vm (maybe) (different story, different problem). As far as my goals are concerned, this try and and error of something as simple as a stupid ping is slowing me down in developing guix services for my roadmap items. > I might be able to dig up notes on topology if you are interested. In > it, hypervisors form a VPN and integrate guests in the VPN using taps > and bridges. It's not a guix recipe unfortunately, just a Gnome Dia file. I'm very much interested, throw anything at me which helps me to solve this somehow. > Best regards > > [0] However, the lack of calling outside world is not gnunet exclusive.
From 8c8687407057ca9caa123905f7ca2e3feeffa203 Mon Sep 17 00:00:00 2001 From: Jan Nieuwenhuizen <janneke@gnu.org> Date: Thu, 8 Sep 2016 14:09:28 +0200 Subject: [PATCH] gnu: Add lsh-seed, lsh-service: use it. --- gnu/packages/ssh.scm | 26 ++++++++++++++++++++++++++ gnu/services/ssh.scm | 7 +++++++ 2 files changed, 33 insertions(+) diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm index b2612a4..5255848 100644 --- a/gnu/packages/ssh.scm +++ b/gnu/packages/ssh.scm @@ -517,3 +517,29 @@ manipulating key files.") authentication with SSH's so-called @dfn{interactive keyboard password authentication}.") (license license:gpl2+))) + +(use-modules (guix build-system trivial)) +(define-public lsh-seed + (package + (name "lsh-seed") + (version "0") + (source #f) + (build-system trivial-build-system) + (arguments + '(#:modules ((guix build utils)) + #:builder + (begin + (use-modules (guix build utils)) + (let* ((source (assoc-ref %build-inputs "source")) + (out (assoc-ref %outputs "out")) + (etc (string-append out "/etc")) + (seed (string-append etc "/lsh-seed"))) + (mkdir-p etc) + (with-output-to-file seed + (lambda () (display "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"))) + (chmod seed #o400) + #t)))) + (home-page "http://localhost") + (synopsis "lsh-seed") + (description "lsh-seed") + (license license:gpl3+))) diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index 462988c..96ba3d7 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -68,6 +68,13 @@ (define (lsh-initialization lsh host-key) "Return the gexp to initialize the LSH service for HOST-KEY." #~(begin + + (unless (file-exists? #$%yarrow-seed) + (when (file-exists? #$lsh-seed) + (mkdir-p (dirname #$%yarrow-seed)) + (copy-file (string-append #$lsh-seed "/etc/lsh-seed") #$%yarrow-seed) + (chmod #$%yarrow-seed #o400))) + (unless (file-exists? #$%yarrow-seed) (system* (string-append #$lsh "/bin/lsh-make-seed") "--sloppy" "-o" #$%yarrow-seed)) -- 2.9.3