Re: [gentoo-dev] rfc: only the loopback interface should provide net

[Alexandre Rostovtsev <tetromino@gentoo.org>]

On Mon, 2012-02-06 at 15:04 -0600, William Hubbs wrote:
> All,
> 
> I've been pondering for a while why All of OpenRC's network interfaces
> provide net.
> 
> My understanding of the "net" service is that it is there to signal that
> a generic network connection is active.
> 
> What I would like to do in OpenRC is change the network scripts so that
> only the loopback interface provides net.
> 
> The down side of this approach will be that if a daemon uses a specific
> ip address in its configuration, or if it binds to a specific address,
> the user will have to set up the appropriate configuration options in
> /etc/conf.d. For example, if I setup sshd to use 192.168.10.1 and eth0 has
> this address, I have to put the following line in /etc/conf.d/sshd:
> 
> rc_need="net.eth0"
> 
> One advantage I see of this approach is it will provide a fix for bugs like
> http://bugs.gentoo.org/show_bug.cgi?id=228973 by requiring users to
> configure services like this to start after the interface they use
> is started.
> 
> Attached to this message you will find the patch I want to apply to
> OpenRC to make this change.
> 
> Any thoughts, comments, or suggestions would be helpful.
> 
> William

I agree with the existence of the problem, but strongly disagree with
the solution.

There are three very different reasons why an openrc service may
currently "use net" or "need net":

1. Services that connect to remote machines via any available network
interface.
2. Services that listen to connections from remote machines on any
available network interface, and run correctly even if no non-lo
interfaces are up.
3. Services that require a specific network interface, bind to a
specific address, or connect to a specific machine on the local subnet.

Category 1 includes things like ntp-client (in the typical use case).
Category 2 includes things like sshd (in the typical use case).
Category 3 includes things like netmount (in the typical use case), or
your example of sshd that's bound to a specific static IP.

The proposal to provide net only from loopback may help with startup
issues for Category 2, but would break Category 1. (Category 3 is broken
in either case unless the user adds the appropriate rc_need lines
in /etc/conf.d).

My counterproposal is to 
(a) fix init scripts for Category 2 so that instead of "use net" or
"need net", they only "use net.lo" or "need net.lo"; and
(b) document (via pkg_postinst messages and comments in the default
conf.d file) the requirement to manually configure rc_need for services
in Category 3; and
(c) continue to provide net in network scripts so that Category 1
continues to work.

PS. Only 4 days ago, I deliberately changed /etc/init.d/NetworkManager
in net-misc/networkmanager-0.9.2.0-r3 so that it provides net to ensure
that Category 1 services work properly. It was rather an unpleasant
surprise to now read a proposal to make the default openrc setup as
broken as old networkmanager versions used to be :/

-Alexandre