[systemd-bugs] [Bug 80169] RFE: please introduce more special targets for facilities like entropy, or netfilter rules

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Jun 23 14:34:32 PDT 2014 

https://bugs.freedesktop.org/show_bug.cgi?id=80169

Christoph Anton Mitterer <calestyo at scientia.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |---

--- Comment #12 from Christoph Anton Mitterer <calestyo at scientia.net> ---
I'm not really happy with closing that bug before discussion has reached an end
or even consensus... o.O


>After=network.target means exactly what it seems to mean.
>So network-pre.target and network.target cover pretty much all common cases.
Well then why would you need "network-pre.target" if you can just say
Before=network.target ...

That's what I've meant... the concept of having and "*-pre" or "*-post" targets
or units is IMHO quite ugly and more sysvinit style.

And that applies to other ordering names as well,... like in Debian we've had
cryptsetup and cryptsetup-early sysv-init scripts... the -early version simply
was the same than the other just running before MD or LVM (forgot which)...
It is a mess, never worked really well.

That's what I've said... I think design-wise unit names shouldn't contain
qualifiers that order them.



>No, no, no.
Yes, yes, yes :P

>Individual services should be able to listen (securely)
>at any point in time.
What do you mean with this?

>Teaching them about network configuration stages is very wrong.
I haven't said we should teach them about network configuration or how they
listen to addresses...
I said we should teach them:
"If you write a unit file for something that does networking,... then include
Requires=network-secured.target
After=network-secured.target
cause this will make sure that any system services that secure networking are
already running.

And this guidelines or call it BCP doesn't change at all how some software
would be written... at most it changes how the sysadmin configures his
systems,... now giving him some easy way to control that services are not even
started if securing the network failed... or even then started (as I've
described).


>Great. They can run Before=network-pre.target.
>I think that this shows why existing targets are sufficient.
Well I don't really agree here....

For all the reasons laid out in my previous comment, I think network-pre.target
is too genetically named and vaguely defined.
All kinds of stuff will sooner or later use to hook on to network-pre...and
services/daemons will try to not use it, because these targets can more or less
pull anything which the service may not need/want at all.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20140623/82aec89e/attachment-0001.html>

More information about the systemd-bugs mailing list