Re: Port forwarding and `guix system vm`

[Jan Nieuwenhuizen]

Christopher Lemmer Webber writes:

Hello!

> Hello!
>
> I've been trying to figure out how to do port forwarding with
> `guix system vm` and have not (alas) yet succeeded.
>
> Here's what I've tried so far:

[..]

>   `guix system vm guix-config-dustycloud.scm 
> --share=$HOME/tmp/guix-vm-exchange=/exchange` -nic 
> user,model=virtio-net-pci,hostfwd=tcp::8088-:80

It looks like I definately need the -nic user,model=virtio-net-pci bit,
e.g. this for ssh

    /gnu/store/0gdyvca8czl2a62dyfmjjalxhibx53w9-run-vm.sh -nic 
user,model=virtio-net-pci,hostfwd=tcp::10022-:22

> ... same problem.  (However, it looks like the script adds the
> virtio-net-pci and stuff these days, so I'm not sure that stuff is
> necessary...)
>
> Any ideas?

After trying and looking at your config...yeah, 

> config looks like:
>
>   (operating-system
[...]
>     (services (cons* (service openssh-service-type
>                               (openssh-configuration
>                                (password-authentication? #f)
>                                (authorized-keys
>                                 `(("cwebber" ,(local-file 
> "/home/cwebber/.ssh/id_rsa.pub"))))))
>                      (service mcron-service-type
>                               (mcron-configuration (jobs (list %gc-job))))
>                      (service nginx-service-type
>                               (nginx-configuration
>                                (server-blocks
>                                 (list (nginx-server-configuration
>                                        (server-name '("www.dustycloud.org" 
> "dustycloud.org"))
>                                        (root "/srv/http/dustycloud.org")
>                                        (listen '("80")))))))
>                      %base-services)))

You want to add something like

                   (service dhcp-client-service-type)

This config worked for me:

--8<---------------cut here---------------start------------->8---
(use-modules (gnu))
(use-service-modules networking ssh web)
(use-package-modules admin certs screen ssh tls)

(operating-system
  (host-name "dustycloud")
  (timezone "America/")
  (locale "en_US.UTF-8")

  ;; TODO: this will need to switch out depending on if this is in a local VM 
or not
  (bootloader (grub-configuration (target "/dev/sda")))
  (file-systems (cons (file-system
                        (device "/dev/sda1")
                        (mount-point "/")
                        (type "ext4"))
                      %base-file-systems))

  (users (cons (user-account
                (name "janneke")
                (group "users")
                ;; Adding the account to the "wheel" group
                ;; makes it a sudoer.
                (supplementary-groups '("wheel"))
                (home-directory "/home/janneke"))
               %base-user-accounts))

  (packages (cons* nss-certs            ;for HTTPS access
                   openssh-sans-x
                   %base-packages))

  (services (cons* 
                   (service dhcp-client-service-type)
                   (service openssh-service-type
                            (openssh-configuration
                             (openssh openssh-sans-x)
                             (password-authentication? #f)
                             (authorized-keys
                              `(("janneke" ,(local-file 
"/home/janneke/.ssh/id_rsa.pub"))))))
                   (service nginx-service-type
                            (nginx-configuration
                             (server-blocks
                              (list (nginx-server-configuration
                                     (server-name '("www.dustycloud.org" 
"dustycloud.org"))
                                     (root "/srv/http")
                                     (listen '("80")))))))
                   %base-services)))
--8<---------------cut here---------------end--------------->8---

In our chat on IRC I mentioned that adding this "-nic user,virtio-net-pci bit",
I mentioned that this gives me two eth devices:

--8<---------------cut here---------------start------------->8---
eth0      Link encap:Ethernet  HWaddr 52:54:00:12:34:56
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1314  TX bytes:1286

eth1      Link encap:Ethernet  HWaddr 52:54:00:12:34:57
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1784  TX bytes:1706

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Bcast:0.0.0.0  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0  TX bytes:0
--8<---------------cut here---------------end--------------->8---

I noticed this yesterday while struggled similarly, and found that
removing this bit from run-sh; like so:

--8<---------------cut here---------------start------------->8---
sed 's,-nic user[^ ]* ,,' /gnu/store/j8fqc160diq82da7913gpdlcjca45rhz-run-vm.sh 
> run-vm.sh
--8<---------------cut here---------------end--------------->8---

and running "run-vm.sh, will create only eth0.  I blamed this second
eth1 device for my ssh'ing troubles...but I cannot reproduce that
today...dunno!

Greetings,
Janneke

-- 
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com