Gordon Messmer writes:
Thanks, Sam, that looks like very useful information. The logs you posted indicate that one interface, eno1, had no link when "ip addr show" ran, after NetworkManager reported itself online. This seems consistent with nm- online's man page which indicates that startup is complete when all connections are available "given the current network state.The old "network" service would simply set the interface state to "up" regardless of whether or not there was a link, and further it had a LINKDELAY setting to ensure that the system would pause some fixed time (the admin's best guess, I suppose) before it continued.
I follow this, mostly, but...The big picture is that many services expect to be able to bind to some preconfigured IP address. If this was just, say, privoxy, you could call it an outlier. But it's not just privoxy. Also openssh, and in fact openssh was so badly affected that it doesn't even bother having a dependency on network- online.target, it just hooks up to network.target, and the service file has a hardcoded retry interval of 40 seconds to try to restart the service.
Pretty sure that innd will also barf, although I'm not running it right now.It is also quite common to preconfigure well-known services to listen on specific IP addresses only, for security reasons, or otherwise policy reasons. HTTP (apache), SMTP (sendmail, postfix, etc…), IMAP. All quite common, and reasonable, to configure them to accept incoming connections on specific network ports only. Privoxy is a special case. You have to make it listen only on internal IP addresses, otherwise it's a gaping security hole.
The bottom line is that it is not unreasonable to preconfigure services to bind to specific, known, IP addresses; and furthermore to be able to reliably start them at system boot when those fixed, static, IP addresses are available. Things worked like that for a very, very long time.
That's the big picture. And looks like it's completely impossible to do that, in stock Fedora. Which is a shame. Whatever the actual reasons for this would be; I think it's purely acadamic. It should be possible to do this without pulling one's hair out, and without resorting to various workarounds.
Attachment:
pgpZIT4fvAy3u.pgp
Description: PGP signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx