[systemd-devel] Passive vs Active targets

[Thomas HUMMEL]

On 15/02/2022 18:13, Lennart Poettering wrote:
> On Di, 15.02.22 17:30, Thomas HUMMEL (thomas.hummel at pasteur.fr) wrote:
> 

> A passive unit is a sync point that should be pulled in by the service
> that actually needs it to operate correctly. hence: ask the question whether
> networkd/NetworkManager will operate only correctly if nftables
> finished start-up before it? I think that answer is a clear "no". But
> the opposite holds, i.e. nftables only operates as a safe firewall if
> it is run *before* networkd/NM start up. Thus it should be nftables
> that pulls network-pre.target in, not networkd/NM, because it matters
> to nftables, and it doesn't to networkd/NM.
> 
>> Or maybe it is the other way around : by pulling it *and* knowing that
>> network interface is configured After= nftable.service is guaranteed to set
>> up its firewall before any interface gets configured.
> 
> So yeah, passive units are mostly about synchronization, i.e. if they
> are pulled in they should have units on both sides, otherwise they
> make no sense.

Exactly: that's what I meant with my nftables/NetworkManger above: not 
that I thought it made sense for NetworkManager to pull 
network-pre.target in. I meant it made no sense for nftable alone to 
order Before= something it "created".
Hence I kinda wrongfully saw a passive target as a syncpoint for other 
units than those which pull them in. But you're right: one side of the 
synchonization is actually the unit pulling in the passive target ! I 
just took that for granted/forgot it.

I kinda thought/implied it was more or less required (or the way to do 
it) to order Before= a passive target we were pulling in.

So, although I did not see the case : would it be legit to pull a 
passive target and order After= it (I only saw Before= for the one I 
checked I think) ?

Thanks again for your help

--
Thomas HUMMEL