Re: [gentoo-dev] Re: rfc: only the loopback interface should provide net

[Ian Stakenvicius <axs@gentoo.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/02/12 11:46 AM, Duncan wrote:
> Ian Stakenvicius posted on Tue, 07 Feb 2012 09:39:14 -0500 as
> excerpted:
> 
>> I think that "Category 2" needs to be separated into "2a - any
>> network", and "2b - any public network".  For instance, the
>> service 'net' (for 2a) and service 'inet' (for 2b).  If this were
>> the default case, then Cat.2 packages that by default want to
>> connect to the internet could 'need inet', and then the user
>> would only have to define which interfaces are included (or
>> excluded) from satisfying 'inet'.
>> 
>> The trick that I see here is that init.d scripts have to have
>> their 'depends' set up in such a way that the services can be
>> separated based on their need for public network or any network,
>> so that the user doesn't have to mess with those.  By default I
>> think it makes sense to keep both the 'net' and 'inet' pools the
>> same (ie, all ifaces but net.lo*), but have a simple ability to
>> separate interfaces from the 'public net' pool in rc.conf when
>> they do not provide a public network connection.
> 
> This boils down to the suggestion I made earlier.  Using current
> terms:
> 
> 1) Separate net.lo service for stuff that doesn't have to have an 
> external connection at all.
> 
> 2) A default net (or net*) service that is is composed of all
> non-net.lo services, with a default any-one-of-them policy.  Two
> reasons for this:
> 
> 2a) It'll "just work" in the simple case.
> 
> 2b) It's the easiest to automatically preconfigure without getting
> into lots of "detect all the networks and magically figure out
> whether they're lan-only or inet" hairballs.
> 
> 3) Allow the user/admin to configure net1, net2... just like the
> default net/net*, specifying individual interfaces for each as well
> as whether one or all of the configured interfaces must be up for
> the service to be provided.
> 
> This way, a user/admin can provide narrower-than-all groupings as 
> necessary, including net.lo if it makes sense for them, tho the
> defaults would be only one net.lo and the wildcard
> default-any-one-of-anything- else.
> 

Yes, it's very similar.  The only thing that I'm not sure of under the
above situation is how the depend in each init.d script would be
defined by default, so that IF the 'net' pool doesn't match up with
the 'inet' pool ('inet' would always be a subset of 'net'), then a
user/admin could just specify the pool(s) in rc.conf, etc and NOT have
to adjust the init scripts or assign specific ifaces/pools to each
service via rc.conf.

I do realize that there is a case that breaks pretty well every
example, but this one (a 'net' and 'inet' pool, which defaults to
being the same but can easily have an iface excluded) i think expands
to cover a larger slice of cases.

This would, of course, not keep the admin from doing #3 above, which
iirc can be done now in rc.conf

(please substitute 'inet' for 'publicnet' or whatever name makes more
send to you)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iF4EAREIAAYFAk8xW4QACgkQAJxUfCtlWe0zigD+M2epQlQPH+w1+cjgJsACF8AG
UggkmYgi5GjVxwmnxdEBAJwp0uMYnibnAEVLMibXcrvJq4ybsRBEMP5t4M9+cQm4
=aksR
-----END PGP SIGNATURE-----