Wider feedback requested on two changes to our base/core defaults

Simo Sorce simo at redhat.com
Mon Sep 9 22:30:07 UTC 2013


On Mon, 2013-09-09 at 21:30 +0200, Lennart Poettering wrote:
> On Wed, 21.08.13 18:45, J├│hann B. Gu├░mundsson (johannbg at gmail.com) wrote:
> 
> > And I have come across a bit of scalability issue due to us
> > defaulting to using short hostnames in login and command prompt when
> > creating OS containers in any real numbers.
> 
> I am pretty sure we should continue to default to "short" hostnames,
> i.e. not fqdns.
> 
> The thing is simply that in today's world hosts might appear on multiple
> networks and domains at the same time, and that dynamically, and not
> necessarily using IP or exposed via DNS. The domain suffix hence is
> frequently something that is more interface or state dependent rather
> than strictly host dependent. For example, the same host might have an
> mdns hostname in .local as well as one ISP assigned hostname on ppp0 and
> a hand chosen name on the LAN interface eth0. They might all share the
> same non-qualified name, but are hightly like to have different
> suffixes. Extending on that: sometimes a machine might be entirely
> disconnected, an fqdn then makes very little sense, because it suggests
> a world-wide reachable name which is misleading.
> 
> Enforcing a fixed fqdn for a a machine for its entire lifetime is
> like enforcing a single fixed IP address for it -- i.e. a setup that
> certainly makes sense but is probably not the common case for the vast
> majority of modern systems.
> 
> Also, the hostname of the system is not only used for IP purposes. For
> example bluetooth uses it too, and the shell displays it and whatnot.
> 
> In systemd's hostname support (as exposed via /etc/hostname, hostnamed,
> hostnamectl, ...) we hence generally prefer non-fqdn names, however do
> accept fqdns too. Server centric software like IPA requires FQDNs
> though (which I personally think is a poor choice, but whatever...)
> 
> If an ISP wants to set up multiple containers he should probably make
> sure on his own that the hostnames are unique on the container host, he
> can manually choose fqdns for that, or even use his own scheme, for
> example "customer23-host47" or whatever works for him... 
> 
> We try to find good defaults that work for everybody, not just specific
> ISP setups. ISP setups tend to be fairly static, and hence
> simple. However, static setups are generally just a boring special case
> of dynamic setups, hence we generally implement things to cover that
> well...

Kerberos and x509 both require FQDNs.
It makes no sense to stick to short names for servers, and having a FQDN
on a laptop does not hurt anything (a FreeIPA enrolled laptop must have
a FQDN anyway as it uses the keytab to do validation).

If you want pretty names, it is just FINE, just *show* pretty name to
the desktop, but the underlying system needs a fqdn, and you have no
issue using it, and you know it because you wrote a nss module that can
return automagically always 127.0.0.x for the machine hostname,
regardless of DNS or /etc/hosts, so we do not really have an issue with
resolving the machine own host name.

So can you please stop breaking servers just to show 'pretty' names ?

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



More information about the devel mailing list