Date: Fri, 28 Nov 2003 08:41:04 -0200 From: "Daniel C. Sobral" <dcs@tcoip.com.br> To: Bruce M Simpson <bms@spc.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc rc.network src/etc/defaults rc.conf src/share/man/man5 rc.conf.5 Message-ID: <3FC72640.9060305@tcoip.com.br> In-Reply-To: <20031127213110.GA76702@saboteur.dek.spc.org> References: <200311270951.hAR9pT19090236@repoman.freebsd.org> <3FC65A71.3050104@tcoip.com.br> <20031127213110.GA76702@saboteur.dek.spc.org>
index | next in thread | previous in thread | raw e-mail
Bruce M Simpson wrote: >>What if /usr/local is NFS mounted? > > Up to the user where they put their isakmpd or racoon package. It is, after > all, relocatable for such a reason. This merely brings in the infrastructure > to make running it possible at the right time. > > This would certainly be the case in an embedded [wireless] system. I'm sorry, but I think an NFS mounted /usr is far more common than an NFS directory mounted over IPSEC. I advance that this commit priviledges an unusual setup over a more common one. We do install isakmpd on /usr/local by default, after all. If a directory depends on isakmpd being up, it shouldn't be auto-mounted through fstab, IMHO. But, alas, what rcNG *does not* do, which is it's greatest flaw IMO, is taking into account network dependencies correctly. Network dependencies change too much to have it statically ordered, beyond a certain point. One example is the case above. There are reasonable grounds for wanting isakmpd to be up both before and after NFS. Before if you want to mount NFS through IPSEC, and after if you keep isakmpd NFS-mounted, and doesn't care for encrypted NFS mounts. Another example is dynamic routers and ntpd. OSPF is very time-sensitive, and clock changes can play hell with the routing tables, so ntpd ought to be up before OSPF (or ntpdate ran before OSPF is brought up), which is no trouble if you have specialized hardware for synching the clock. OTOH, the route to ntpd servers might not be up before OSPF is run, and ntpd is completely incapable of handling non-existent routes (it gets stuck forever on using an incorrect interface, and has to be restarted). Sorry for the rant. :-( I could never think of a solution to this problem, and whenever I see a commit where I can see one wanting to do things in the very opposite order... it upsets me. :-( -- Daniel C. Sobral Gerência de Operações Divisão de Comunicação de Dados Coordenação de Segurança VIVO Centro Oeste Norte Fones: 55-61-313-7654/Cel: 55-61-9618-0904 E-mail: Daniel.Capo@tco.net.br Daniel.Sobral@tcoip.com.br dcs@tcoip.com.brhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FC72640.9060305>