Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos: write our hostname to /etc/hosts #18183

Closed
wants to merge 1 commit into from
Closed

nixos: write our hostname to /etc/hosts #18183

wants to merge 1 commit into from

Conversation

peterhoeg
Copy link
Member

Motivation for this change

The fqdn of the machine should always be resolvable.

  1. set networking.hostName = "f.q.d.n";
  2. move your machine to a LAN where that machine name is not known
  3. run hostname --fqdn
  4. you will get: hostname: Name or service not known

I addition to the hostname command, other software that wants to look up the name will also fail without with something like:

in `getaddrinfo': getaddrinfo: System error (SocketError)

This PR writes out the hostName to /etc/hosts so it is always resolvable.

Additionally, we need to keep it on 2 lines, as hostname --fqdn will otherwise return localhost instead of the actual name.

I'm not enough of a network guru to see if there are any downsides to this...

Things done
  • Tested using sandboxing
    (nix.useChroot on NixOS,
    or option build-use-chroot in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@mention-bot
Copy link

@peterhoeg, thanks for your PR! By analyzing the annotation information on this pull request, we identified @edolstra, @ardumont and @wkennington to be potential reviewers

@edolstra
Copy link
Member

edolstra commented Sep 1, 2016

It's the job of nss_myhostname (https://www.freedesktop.org/software/systemd/man/nss-myhostname.html) to ensure that the local hostname always resolves. Unlike a static /etc/hosts entry, it will return an IP address on the local network if available and fall back to 127.0.0.1 or ::1 otherwise.

@peterhoeg
Copy link
Member Author

I have this in /etc/nsswitch.conf (excluding non-relevant parts):

hosts:     files dns myhostname mymachines
networks:  files dns

So maybe it's because the dns returns an error before myhostname gets a chance to do its magic?

@danbst
Copy link
Contributor

danbst commented Sep 1, 2016

@peterhoeg we've done similar discovery in #16754 (comment)

@peterhoeg
Copy link
Member Author

@edolstra , myhostname is definitely not doing its job when the hostname is a fully qualified name.

Would you be open to working around it by adding the hostname to /etc/hosts?

@edolstra
Copy link
Member

edolstra commented Sep 5, 2016

I'm not sure if networking.hostName is intended to be a fully qualified name. Isn't that what networking.domain is for?

In any case, the workaround would completely break nss_myhostname for everybody (since /etc/hosts takes precedence), so that's not a good idea.

@Mic92
Copy link
Member

Mic92 commented Sep 17, 2016
edited
Loading

I think I found a bug: glibc seems not read /etc/nsswitch.conf at all:

strace getent hosts hostname 2>&1 | grep nsswitch

The output should actually be more like this:

$ strace getent hosts <hostname> 2>&1 | grep nsswitch                                                                                  
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
read(3, "# Begin /etc/nsswitch.conf\n\npass"..., 512) = 234

Update maybe this is because of nscd?

@dezgeg
Copy link
Contributor

dezgeg commented Sep 17, 2016

At least in the NSCD-disabled case the relevant NSS modules definitely don't get loaded, as glibc doesn't know where to look:

[root@jetson-3:~]# strace -f getent hosts $(hostname) 2>&1 | grep nss_
open("/nix/store/ncm44m05zfvj5656xgngc4im1x25iwif-glibc-2.24/lib/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/nix/store/ncm44m05zfvj5656xgngc4im1x25iwif-glibc-2.24/lib/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/nix/store/ncm44m05zfvj5656xgngc4im1x25iwif-glibc-2.24/lib/libnss_myhostname.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/nix/store/ncm44m05zfvj5656xgngc4im1x25iwif-glibc-2.24/lib/libnss_mymachines.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)

I wonder if we should patch glibc to search for NSS modules from an impure location (e.g. /run/nss-modules) managed by a NixOS service (just like we do OpenGL drivers). As I understand it, that would be required anyway to support SSSD as many places on the net recommend not combining SSSD with NSCD.

@Mic92
Copy link
Member

Mic92 commented Sep 17, 2016
edited
Loading

Yes. I can confirm that glibc cannot find the required nss module.

Just an idea: Cannot every glibc derivation have their own writable directory inside /run/nss-modules. Every nss module would depend on a glibc version and write to this specific path. This way different versions would not interfere.

@Mic92 Mic92 mentioned this pull request Sep 26, 2016
Closed
@Mic92 Mic92 mentioned this pull request Dec 15, 2016
Merged
6 tasks
Mic92
Mic92 reviewed Dec 15, 2016
View reviewed changes
nixos/modules/config/nsswitch.nix
@@ -10,6 +10,22 @@ let
inherit (config.services.samba) nsswins;
ldap = (config.users.ldap.enable && config.users.ldap.nsswitch);

hostArray = with lib; [
Copy link
Member

@Mic92 Mic92 Dec 15, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with lib; is unnecessary here.

@Mic92
Copy link
Member

Mic92 commented Dec 15, 2016

myhostname and mymachines should work again because #21175 was merged.

@Mic92
Copy link
Member

Mic92 commented Dec 17, 2016

Thanks. merged - but fixed order of mdns modules.

@Mic92 Mic92 closed this in 987aac7 Dec 17, 2016
@peterhoeg peterhoeg deleted the hosts branch December 20, 2016 08:18
@peterhoeg peterhoeg restored the hosts branch December 20, 2016 18:11
bartoldeman pushed a commit to ComputeCanada/nixpkgs that referenced this pull request Apr 12, 2017
@bartoldeman
/etc/hosts and /etc/nsswitch.conf cleanups
0b7f850 
fixes NixOS#18183
This was referenced Oct 16, 2017
Closed
Merged
Mic92 pushed a commit that referenced this pull request Oct 16, 2017
@zx2c4 @Mic92
nsswitch: use [NOTFOUND=return] for mdns
d95a0b9 
Commit 987aac7 and issue #18183 were intended to fix support for other
things, but in the process, changed mdns_minimal to use the wrong return
setting, resulting in permanent failures in early boot, affecting things
like issue #30459.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
@peterhoeg peterhoeg deleted the hosts branch March 5, 2018 02:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mic92 Mic92 Mic92 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@peterhoeg @mention-bot @edolstra @danbst @Mic92 @dezgeg