From owner-freebsd-rc@FreeBSD.ORG Sun May 8 22:35:40 2011 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0CA2B106564A for ; Sun, 8 May 2011 22:35:40 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) by mx1.freebsd.org (Postfix) with ESMTP id C93E08FC08 for ; Sun, 8 May 2011 22:35:39 +0000 (UTC) Received: from SBHFISLREXT03 ([10.132.254.62]) by SCSFISLTC01 (8.14.3/8.14.3) with ESMTP id p48MZc3Z018882; Sun, 8 May 2011 17:35:38 -0500 Received: from sbhfisltcgw02.FNFIS.COM (Not Verified[10.132.248.122]) by SBHFISLREXT03 with MailMarshal (v6, 5, 4, 7535) id ; Sun, 08 May 2011 17:35:48 -0500 Received: from sbhfisltcgw01.FNFIS.COM ([10.132.248.121]) by sbhfisltcgw02.FNFIS.COM with Microsoft SMTPSVC(6.0.3790.4675); Sun, 8 May 2011 17:35:37 -0500 Received: from [10.0.0.102] ([10.132.254.136]) by sbhfisltcgw01.FNFIS.COM over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Sun, 8 May 2011 17:35:36 -0500 Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Devin Teske In-Reply-To: <20110508215432.GG3527@DataIX.net> Date: Sun, 8 May 2011 15:35:31 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20110508191336.GC3527@DataIX.net> <5474DF9C-500A-4B51-948F-F56A66051476@vicor.com> <20110508215432.GG3527@DataIX.net> To: Jason Hellenthal X-Mailer: Apple Mail (2.1084) X-OriginalArrivalTime: 08 May 2011 22:35:36.0504 (UTC) FILETIME=[40009380:01CC0DD0] Cc: Garrett Cooper , freebsd-rc@freebsd.org Subject: Re: [RFC][Change-Request] Create usefulness in rc.subr etc/rc.conf.d/*.conf namespace. X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2011 22:35:40 -0000 Jason, On May 8, 2011, at 2:54 PM, Jason Hellenthal wrote: >=20 > Devin, >=20 > On Sun, May 08, 2011 at 01:59:40PM -0700, Devin Teske wrote: >>=20 >> On May 8, 2011, at 1:13 PM, Garrett Cooper wrote: >>=20 >>> On May 8, 2011, at 12:13 PM, Jason Hellenthal wrote: >>>=20 >>>>=20 >>>> List, - Please reply-to freebsd-rc@freebsd.org >>>>=20 >>>> Recently I have been going over some changes in the configurations tha= t=20 >>>> are possible with the rc subsystem and to my dismay I have found some= =20 >>>> inconsistencies with in particular the way rc.conf.d directory is=20 >>>> processed and the arguments that are supplied to load_rc_config so I h= ave=20 >>>> patched it up... >>>>=20 >>>> Let me explain: As determined by rc.subr load_rc_config, config's fro= m=20 >>>> rc.conf.d are loaded by the scripts $name as an argument to load_rc_co= nfig=20 >>>> and thus only the name being parsed is is available to be used in the= =20 >>>> rc.conf.d directory. Why is this bad ? Its not! but it is inconvenient= as=20 >>>> the user has no direct way to know that a variable used by nfsd is als= o=20 >>>> needed by mountd or the same for various other scripts in the rc.d=20 >>>> directory. At this time these config's are explained to be available f= or=20 >>>> the user to utilize by rc.conf(5) but yet without much knowledge of th= e=20 >>>> inner workings of the rc subsystem it would be quite the feat to do. >>>>=20 >>>>=20 >>>> The attachment[1] keeps this functionality the same while introducing = a=20 >>>> more convenient approach for the user to modularize their configuratio= n=20 >>>> however they see fit within a couple constraints that work very well.= =20 >>>>=20 >>>>=20 >>>> What does it do ?: As stated above, current functionality is undisturb= ed=20 >>>> while allowing the user to create config's by any name they so desire = as=20 >>>> long as it has an extension of ".conf", also introducing the ability t= o=20 >>>> turn a configuration file off by using chmod(1). You can turn nfsc1.co= nf >>>> off/on by simply chmod [-/+]x etc/rc.conf.d/nfs1.conf >>>>=20 >>>>=20 >>>> Why ? Simple. How many times have you been bitten by disabling somethi= ng=20 >>>> in the rc.conf file and left to discover what you just disabled was al= so=20 >>>> used by another daemon but that daemon is now not starting ? This is a= way=20 >>>> to virtualize your configuration allowing you to add multiple _enable= =3D=20 >>>> lines to different configurations for different roles. For instance=20 >>>> rpcbind is used by both samba and nfs*. With this you can add=20 >>>> rpcbind_enable to both a configuration for samba and nfs and when you= =20 >>>> disable one service you know that you have not disabled a dependent fo= r=20 >>>> another. >>>>=20 >>>>=20 >>>> This is a small addition that fixes currently broken undesirable aspec= ts=20 >>>> of the configuration system that deals with the rc.conf.d directory wi= th a=20 >>>> SysV style init approach that is just as flexible. This should apply= =20 >>>> cleanly to current and stable/8 & 8.2-RELEASE systems. Once more feedb= ack=20 >>>> has been received Ill update the manual page with any suggestions=20 >>>> regenerate the patch to accommodate and file a PR. >>>>=20 >>>>=20 >>>> 1). http://patches.jhell.googlecode.com/hg/rc.subr_modular_conf.patch >>>=20 >>> Doing: >>>=20 >>> find /etc/rc.conf.d/ -type f -name '*.conf' -mindepth 1 -maxdepth 1 -pe= rm +111 | while read _modular_conf; do >>> debug "Sourcing $_modular_conf" >>> . "$_modular_conf" >>> done >>>=20 >>> might be better. There's some more magic that could ultimately be done= to make this more secure/robust using "-print0" | xargs, but it's up to yo= u how you might want to go about solving that problem. >>> Also, I don't know if depending on a .conf file to be executable is ne= cessarily the best course of action. >>>=20 >>=20 >> First, let me add that I really like the idea. This makes it akin to our= /usr/local/apache2/conf.d/ directory where we place our various configs by= many names, but always ending in `.conf'. >>=20 >> I'm anticipating the day where I can have /etc/rc.d/foo.conf and /etc/rc= .d/bar.conf, each configuring multiple (likely unrelated) services. >>=20 >> Better still, /etc/rc.d/jail1.conf, /etc/rc.d/jail2.conf, etc. etc. (I t= hink you just made my -- and everyone else whom uses jails -- day/week/mont= h/year). >>=20 >> However, I agree with GC that depending on a .conf file to be executable= is a bit non-standard, even if it is sourced like a shell-script (though I= can understand the historical heritage as /usr/local/etc/rc.d/ used to req= uire both `.sh' suffix and executable bits; but that is not to condone trea= ting `rc.conf.d' like `rc.d' in any way). >>=20 >=20 > I do agree with the -x bit concern yes. But thinking of the users to=20 > enable disable a particular config without having to open a editor is=20 What about: cd /etc/rc.conf.d mv myfoo.conf{,.bak} Simply renaming the file to not end in ".conf" should suffice. This should = counter the need for checking if the file is executable (which I still clai= m is a bit odd). > mainly why I have put that in place. It allows a lot of flexibility witho= ut=20 > a lot of extra work while also introducing the ability to check if a=20 > particular configuration is enabled by checking the bit rather than=20 > sourcing for a _enable. >=20 > Since these are only config files there will/should never be a=20 > config_enable for them as they are only config's, so providing a SysV ini= t=20 > style way of enabling/disabling them at will is prime. using mv(1), rm(1)= =20 > or possibly having to open a editor on multiple versions of the same=20 > config to disable a certain portion is far from ideal. Wouldn't it be easier to explain to a novice that "if the file ends in ``.c= onf''" (period) rather than "if the file ends in ``.conf'' and its executab= le bit is set"? I'd think the former is simpler than the latter and that the user can simpl= y use mv(1). >=20 > I really don't want to see the rc system subjected to a find(1) every tim= e=20 > it needs to do a load_rc_config since it can be done quicker with in-shel= l=20 > testing. I think a lot of people would agree with this. I didn't say anything about using find (that was GC). But while we're talki= ng about it... I agree on that point. I'd think this would be much faster (and be tolerant= of files with spaces in their name; though not newlines): ls /etc/rc.conf.d/*.conf | ( IFS=3D' ' while read file; do [ -f "$file" ] || continue . "$file" || exit $FAILURE done ) || debug "something went wrong" Keeping to ls(1) and shell builtins. >=20 > I would suggest at least for those that doubt the SysV style way of=20 > enabling disabling scripts give it a try for a couple weeks then report= =20 GC and I aren't arguing that the SysV style is not helpful (if I read GC's = post correctly). Just that these aren't wholly to-be considered SysV system= startup scripts, but instead "config files". If they had an interpreter sh= e-bang (e.g., #!/bin/sh), program-flow, or other logic, I'd not disagree wi= th the checking of the executable bit. But since these files are by-design = going to nearly always be KEY=3DVALUE pairs, I find it odd to think of them= as anything other than just regular text files. I think of the files in /etc/rc.conf.d/ as extensions of rc.conf(5) and the= notion that permissions might possibly matter on rc.conf(5) would be equal= ly foreign to me. I'm aware that both rc.conf(5), the local variant, and newly-conceived rc.c= onf.d/*.conf are really in-truth just shell scripts sourced into the curren= t interpreter. So in-reality they can contain any valid sh(1) syntax. Thoug= h in-practice the only script of its kind that routinely contains more than= just KEY=3DVALUE pairs is /etc/defaults/rc.conf (which defines the `source= _rc_confs' function). However, I find it to be more common that engineers and technicians think o= f rc.conf(5) as a flat text file, and thus will think of the `*.conf' files= in /etc/rc.conf.d/ similarly, as text files. Thus it is my objection that = the any permission other than the read-bit be checked. > back. If feed back is strong discouraging it then we can probably come to= =20 > common ground and find a way to work with both those who would like it an= d=20 > those who don't by default. I do have a pretty good idea what would work= =20 > to make it happen both ways but I really would like to advocate this in= =20 > place as it is now first. I think that I could live with the read-bit being a toggle. However, the mo= re experienced user may scratch his head, rationalizing that `root' should = be able to read anything (that is, unless something explicitly prevents it = such as perhaps TrustedBSD MACs). Right now, I'm still thinking that the best solution is to: a. Put into packages: /etc/rc.conf.d/name.conf.sample b. User enablement: mv /etc/rc.conf.d/name.conf{.sample,} c. User disablement: mv /etc/rc.conf.d/name.conf{,.bak} That's at least how I tend to think/operate. I know I can't speak for all o= f the dozens of field engineers in our corporation, but I've at least witne= ssed this behavior as a standard while troubleshooting machines. > Thanks you again Devin, Appreciate the feedback. No problem. I always appreciate yours as well. --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you. _____________