[9fans] playing with namespaces

[frank@inua.be]

Hi,

While setting up a diskless auth (only) server, that boots from a
cpu/file server, I decided to take a closer look at namespaces because
I wanted to keep the cpu/file server functionality separate from the
auth server functionality (i.o.w. share the common stuff, separate the
differences).

More specifically, I decided to move the auth server specific
functionality, which I had initially enabled on the fileserver itself
(e.g. /rc/bin/service.auth/tcp567) to the auth host specific
configuration (/cfg/<sysname-of-diskless-auth-server>).

The first step in doing this, was to setup all auth specific things in
the cpustart script of the auth host:

- I copied /rc/bin/service.auth to /cfg/<authhost>/slash and enabled
  tcp567 and then added a bind -b of that directory to the original
  /rc/bin/service.auth.

- I also moved startup of keyfs, cron and the listeners for
  /rc/bin/service.auth and /rc/bin/service to the cpustart script.

With this, the auth server was separated from the cpu/file server.

Then however, I started to look at netstat -n and ps | grep -i
listen's output and noticed a lot of services, most of which I wanted
to disable (on the auth server only for now).

My first take at it:

- I copied /rc/bin/service to /cfg/<authhost>/slash, disabled most of
  the services and added a bind to replace the original
  /rc/bin/sesrvice directory.

- However, I found out that, even though /rc/bin/service showed those
  services as being disabled, netstat and ps still showed them as
  being enabled.

- A closer look at /rc/bin/cpurc and re-reading man 8 listen indicated
  that those services were actually run as user none and with
  /lib/namespace as default. Thus, in /rc/bin/cpurc, aux/listen is
  executed before cpustart and runs as user none with namespace
  /lib/namespace; changing the namespace in cpustart is too late,
  doing it in cpurc should be ok but proved not to be... No idea why
  not?

My second take at it: I then found out that /lib/namespace sources
/cfg/$sysname/namespace. After adding the bind to disable the startup
of unnecessary services, the output of netstat and ps looked fine.

As this looked much cleaner, I then also moved the bind for
/rc/bin/service.auth to /cfg/<authhost>/namespace but this did not
work. The directory with tcp567 enabled was not bound and so
aux/listen in cpustart did not start the listener on port 567. I tried
to find out where the initial namespace was actually setup and from my
understanding, the sequence is as follows: boot -> init -c ->
namespace -> cpurc so the modified directory (with tcp567 enabled)
should have been visible. What am I missing here?


Kind regards,

--
Frank Lenaerts ---------------------------------------- frank@inua.be