On Sat, 18 Aug 2012 18:44:10 +0200, Bastian Blank <waldi@debian.org>
wrote:
>On Sat, Aug 18, 2012 at 06:31:08PM +0200, Marc Haber wrote:
>> On Sat, 18 Aug 2012 13:10:34 -0300, Henrique de Moraes Holschuh
>> >Anything that uses IPv6 and cannot deal with dynamic changes on the host
>> >addresses is critically broken.
>> That includes bind, radvd and apache, and, IIRC, sshd.
>
>bind does not listen on ::?
>
>Not sure about radvd, but it needs more than existing interfaces?
It chokes when the Interface changes after it was started, causing
very hard to debug connectivity outages.
>apache and sshd can listen on ::.
Configuring software to listen on all interfaces/IP is an unacceptable
solution, since it means losing significant functionality and/or
security.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: E1T2zg0-0002aJ-Jm@swivel.zugschlus.de">http://lists.debian.org/E1T2zg0-0002aJ-Jm@swivel.zugschlus.de
08-19-2012, 07:12 AM
Marc Haber
RFC: terminate init script when service is ready
On Sat, 18 Aug 2012 22:43:15 +0200, md@Linux.IT (Marco d'Itri) wrote:
>Non-static addresses on a web server are not a major use case.
IPv6 people say "renumbering is easy", which is only the case if SLAAC
is used and DNS doesn't matter or is dynamically used.
>But still, I agree that we should have a better way to signal to user
>space when an interface is ready. Not just for IPv6, but also more
>generally for interfaces which are subject to the STP delays.
Amen.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: E1T2zgs-0002aW-50@swivel.zugschlus.de">http://lists.debian.org/E1T2zgs-0002aW-50@swivel.zugschlus.de
08-19-2012, 08:18 AM
Bastian Blank
RFC: terminate init script when service is ready
On Sun, Aug 19, 2012 at 09:12:54AM +0200, Marc Haber wrote:
> On Sat, 18 Aug 2012 22:43:15 +0200, md@Linux.IT (Marco d'Itri) wrote:
> >Non-static addresses on a web server are not a major use case.
> IPv6 people say "renumbering is easy", which is only the case if SLAAC
> is used and DNS doesn't matter or is dynamically used.
DNS for outgoing stuff is dead, praise privacy extensions. So what is
the problem?
> >But still, I agree that we should have a better way to signal to user
> >space when an interface is ready. Not just for IPv6, but also more
> >generally for interfaces which are subject to the STP delays.
> Amen.
And not possible.
Bastian
--
Another dream that failed. There's nothing sadder.
-- Kirk, "This side of Paradise", stardate 3417.3
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120819081831.GA32689@wavehammer.waldi.eu.org">ht tp://lists.debian.org/20120819081831.GA32689@wavehammer.waldi.eu.org
08-19-2012, 08:29 AM
Bastian Blank
RFC: terminate init script when service is ready
On Sun, Aug 19, 2012 at 09:12:00AM +0200, Marc Haber wrote:
> On Sat, 18 Aug 2012 18:44:10 +0200, Bastian Blank <waldi@debian.org>
> wrote:
> >Not sure about radvd, but it needs more than existing interfaces?
> It chokes when the Interface changes after it was started, causing
> very hard to debug connectivity outages.
radvd runs on routers, which are not subject to SLAAC. So no dynamic
changes, only changes by the admin.
> >apache and sshd can listen on ::.
> Configuring software to listen on all interfaces/IP is an unacceptable
> solution, since it means losing significant functionality and/or
> security.
Listening on a specific address is no security feature. Even if Linux
will not response to neighbor discoveries on an interface without the
particular address configured, it will answer to other protocols.
You can use setsockopt(SO_BINDTODEVICE) to force a service on a
particular interface.
Bastian
--
Peace was the way.
-- Kirk, "The City on the Edge of Forever", stardate unknown
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120819082949.GB32689@wavehammer.waldi.eu.org">ht tp://lists.debian.org/20120819082949.GB32689@wavehammer.waldi.eu.org
08-19-2012, 08:39 AM
RFC: terminate init script when service is ready
On Aug 19, Marc Haber <mh+debian-devel@zugschlus.de> wrote:
> IPv6 people say "renumbering is easy", which is only the case if SLAAC
This is between wishful thinking and an urban legend, so people who
actually know about IPv6 have not been saying this much in the last
years.
--
ciao,
Marco
08-19-2012, 10:14 AM
Marc Haber
RFC: terminate init script when service is ready
On Sun, 19 Aug 2012 10:29:49 +0200, Bastian Blank <waldi@debian.org>
wrote:
>On Sun, Aug 19, 2012 at 09:12:00AM +0200, Marc Haber wrote:
>> On Sat, 18 Aug 2012 18:44:10 +0200, Bastian Blank <waldi@debian.org>
>> wrote:
>> >Not sure about radvd, but it needs more than existing interfaces?
>> It chokes when the Interface changes after it was started, causing
>> very hard to debug connectivity outages.
>
>radvd runs on routers, which are not subject to SLAAC.
But they frequently have bridge and dummy devices. That aside, you
should take a look on real world systems. The vast majority of my
radvd devices run on hosted servers which have their external IP
address assigned dynamically from the outside and run IPv6 to
internally virtualized systems.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: E1T32WA-0003dx-4p@swivel.zugschlus.de">http://lists.debian.org/E1T32WA-0003dx-4p@swivel.zugschlus.de
08-19-2012, 01:06 PM
Henrique de Moraes Holschuh
RFC: terminate init script when service is ready
On Sat, 18 Aug 2012, Marco d'Itri wrote:
> But still, I agree that we should have a better way to signal to user
> space when an interface is ready. Not just for IPv6, but also more
We need better userspace glue, then. Because the netlink interface to
the kernel network core and IP stack has existed for ages. FreeBSD has
something just as usable as well, and sample code to interface to both
can be found on the routing engines quagga and bird at the very least.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120819130621.GA20629@khazad-dum.debian.net">http://lists.debian.org/20120819130621.GA20629@khazad-dum.debian.net
08-19-2012, 01:11 PM
RFC: terminate init script when service is ready
On Aug 19, Henrique de Moraes Holschuh <hmh@debian.org> wrote:
> > But still, I agree that we should have a better way to signal to user
> > space when an interface is ready. Not just for IPv6, but also more
> We need better userspace glue, then. Because the netlink interface to
> the kernel network core and IP stack has existed for ages. FreeBSD has
Correct. With an event-driven init system it should be simple to write
a bridge which will translate netlink events, deal with delays, etc.
--
ciao,
Marco
08-19-2012, 02:44 PM
Clint Byrum
RFC: terminate init script when service is ready
Excerpts from Salvo Tomaselli's message of 2012-08-05 15:35:09 -0700:
> Hello,
>
> since services might depend on other services at boot, they must be sorted.
>
> But after doing a "service foo start", and waiting for its termination, we
> don't know if the service has started or not, maybe the process was just
> created and is kept waiting by the sheduler, so when the next service is
> started the service might not really be there.
>
Salvo, thanks for bringing up this issue.
I've been watching the various discussions of boot dependencies
and service dependencies and wondering about this issue for the last
couple of years. I think we all need to consider looking at some guiding
principles before we run off and start solving perceived problems that
may not even exist.
First, the number of actual dependencies between services at boot time
is quite low. There is a necessary sequencing of events that takes place
in all modern operating systems. Mount filesystems, start networking,
setup auth, mount remote filesystems, etc.
But we take this too far. If your auth depends on mysql, and the mysql
service happens to be local, then the only thing that is important is
that mysql is started without waiting for auth, and vice-versa. This
potentially circular dependency should not be a problem. Both services
should be able to "start" without the other, and should just keep trying
the other service.
This is important, because if mysql is not on the box with auth, it will
need to act this way. Otherwise, one no longer needs to define service to
service dependencies, but full blown server to server dependencies. Now
you're using a complicated distributed orchestration system to handle
large scale system bring-up (or medium scale power infrastructure
failures..).
Even if you reject this as dodging the problem, just conider that the
service which claimed to start successfully before the dependent service
starts may go away immediately thereafter, so without making your daemons
resilient, dependencies don't mean much anyway.
In summary:
* Services which "depend" on others should be re-evaluated to see if they
actually "depend" or just need them eventually.
* Consider the case of a service which may or may not be "local"
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1345386383-sup-7232@fewbar.com">http://lists.debian.org/1345386383-sup-7232@fewbar.com
08-19-2012, 11:31 PM
Henrique de Moraes Holschuh
RFC: terminate init script when service is ready
On Sun, 19 Aug 2012, Marco d'Itri wrote:
> On Aug 19, Henrique de Moraes Holschuh <hmh@debian.org> wrote:
> > > But still, I agree that we should have a better way to signal to user
> > > space when an interface is ready. Not just for IPv6, but also more
> > We need better userspace glue, then. Because the netlink interface to
> > the kernel network core and IP stack has existed for ages. FreeBSD has
> Correct. With an event-driven init system it should be simple to write
> a bridge which will translate netlink events, deal with delays, etc.
I suppose. Maybe startpar or openrc can be enhanced like that (to replace
sysv-rc), and it should be trivial to do it in a way systemd will also grok.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120819233147.GB8690@khazad-dum.debian.net">http://lists.debian.org/20120819233147.GB8690@khazad-dum.debian.net
RFC: terminate init script when service is ready
