Confconsole put incorrect hostname entry in interfaces file

[OnGle]

There seems to be a bug still in the "hostname stuff". I installed the latest turnkey-core on Proxmox. There is only one ethernet interface, eth0. It looks like turnkey added hostname core to eth1, even though that doesn't exist on my container and it's probably rare to have another ethernet interface in a container.

Also, the hostname has been changed to test2, but the one in the interfaces file has not been changed. I suspect that is because I didn't change the hostname in confconsole, yet. This might be a bug in the interaction between Proxmox's container setup and what Turnkey is expecting. I will have to learn more about that.

root@test2 ~# cat /etc/network/interfaces
# UNCONFIGURED INTERFACES
# remove the above line if you edit this file

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

allow-hotplug eth1
iface eth1 inet dhcp
 hostname core
root@test2 ~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: eth0@if44: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether bc:24:11:82:26:e3 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.1.1.170/24 brd 10.1.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::be24:11ff:fe82:26e3/64 scope link
       valid_lft forever preferred_lft forever
root@test2 ~# host core
Host core not found: 3(NXDOMAIN)
root@test2 ~# host test2
Host test2 not found: 3(NXDOMAIN)

(Let me know if I should create a new issue for this.)

Originally posted by @ebertland in #1711 (comment)

[OnGle]

I'm not entirely sure how/why the hostname got set where it did, a quick glance and these are the only files in confconsole that deal with the hostname:

https://github.com/turnkeylinux/confconsole/blob/master/plugins.d/System_Settings/hostname.py

and

https://github.com/turnkeylinux/confconsole/blob/master/ifutil.py

Although from a quick skim it doesn't seem like either of these could've caused it.

This is the initial overlayed interfaces file:
https://github.com/turnkeylinux/common/blob/18.x/overlays/turnkey.d/interfaces/etc/network/interfaces

And this is the inithook that sets the hostname:
https://github.com/turnkeylinux/common/blob/986c64c5bc0e229e6db92c6f189cc7c214beaf3e/conf/turnkey.d/hostname#L22

But neither of them seem suspect either.

[JedMeister]

Hi @ebertland & thanks @OnGle for opening this as a specific issue. To elaborate on @OnGle's response:

@OnGle:

I'm not entirely sure how/why the hostname got set where it did

FYI the base TurnKey interfaces file file (in common) includes the hostname directive for both default interfaces. It's then updated to the default appliance name in the hostname common conf script.

@ebertland:

It looks like turnkey added hostname core to eth1[...]

The reason for the discrepancy between eth0 & eth1 conf is because by default Proxmox manages the LXC container's network config - and PVE network config doesn't include the hostname in the interfaces file - as the eth0 conf noted. I haven't actually tested it, but if an LXC server has a 2nd vNIC I'd expect Proxmox to also overwrite the eth1 config too - removing the hostname directive there as well.

Note: to manage the network config within the container rather than on the host; in the guest run:

touch /etc/network/.pve-ignore.interfaces

[...] even though that doesn't exist on my container

The additional eth1 interface is intentional and provides convenience and flexibility. eth1 is defined as a hotplug device so won't cause any problems if there is only one NIC. If there is a 2nd NIC our default network config means it will "just work". So with only one interface, it's fine to leave eth1 it as is - or remove it if preferred.

One possible usage of a 2nd interface (i.e. eth1) is to provide additional security. E.g. 2 interfaces allow segregation/isolation of network traffic between public and private networks. I.e. internet and LAN/VPC/etc respectively. For example, a webserver exposed to the internet via one interface (usually within a DMZ) and other services (e.g. SSH) bound to the other interface so only available within a LAN/VPC/etc.

This might be a bug in the interaction between Proxmox's container setup and what Turnkey is expecting. I will have to learn more about that.

It's definitely related to some sort of conflict between the way that Proxmox configures containers (e.g. host controlled interfaces and hostname) and a TurnKey server expecting to be in control of that stuff itself.

I agree that addressing this is highly desirable, but making changes to the default TurnKey config will require a fair bit of thought and testing to ensure that it works reliably under a number of different possible host configurations which TurnKey guests do not have control over. OTOH so long as changes can be enabled/disabled easily enough (e.g. via scripts and/or confconsole plugins) then I have no issue including them as soon as they are ready.

[JedMeister]

Also related: #1992