Re: NetworkManager-wait-online is still utterly, and completely, broken

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gordon Messmer writes:

Thanks, Sam, that looks like very useful information.  The logs you posted indicate that one interface, eno1, had no link when "ip addr show" ran, after NetworkManager reported itself online.  This seems consistent with nm- online's man page which indicates that startup is complete when all connections are available "given the current network state.

The old "network" service would simply set the interface state to "up" regardless of whether or not there was a link, and further it had a LINKDELAY setting to ensure that the system would pause some fixed time (the admin's best guess, I suppose) before it continued.

I follow this, mostly, but...

The big picture is that many services expect to be able to bind to some preconfigured IP address. If this was just, say, privoxy, you could call it an outlier. But it's not just privoxy. Also openssh, and in fact openssh was so badly affected that it doesn't even bother having a dependency on network- online.target, it just hooks up to network.target, and the service file has a hardcoded retry interval of 40 seconds to try to restart the service.

Pretty sure that innd will also barf, although I'm not running it right now.

It is also quite common to preconfigure well-known services to listen on specific IP addresses only, for security reasons, or otherwise policy reasons. HTTP (apache), SMTP (sendmail, postfix, etc…), IMAP. All quite common, and reasonable, to configure them to accept incoming connections on specific network ports only. Privoxy is a special case. You have to make it listen only on internal IP addresses, otherwise it's a gaping security hole.

The bottom line is that it is not unreasonable to preconfigure services to bind to specific, known, IP addresses; and furthermore to be able to reliably start them at system boot when those fixed, static, IP addresses are available. Things worked like that for a very, very long time.

That's the big picture. And looks like it's completely impossible to do that, in stock Fedora. Which is a shame. Whatever the actual reasons for this would be; I think it's purely acadamic. It should be possible to do this without pulling one's hair out, and without resorting to various workarounds.

Attachment: pgpZIT4fvAy3u.pgp
Description: PGP signature

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux