cvs commit: src/etc rc.network src/etc/defaults rc.conf
src/share/man/man5 rc.conf.5
Daniel C. Sobral
dcs at tcoip.com.br
Fri Nov 28 02:41:14 PST 2003
Bruce M Simpson wrote:
>>What if /usr/local is NFS mounted?
>
> Up to the user where they put their isakmpd or racoon package. It is, after
> all, relocatable for such a reason. This merely brings in the infrastructure
> to make running it possible at the right time.
>
> This would certainly be the case in an embedded [wireless] system.
I'm sorry, but I think an NFS mounted /usr is far more common than an
NFS directory mounted over IPSEC. I advance that this commit priviledges
an unusual setup over a more common one. We do install isakmpd on
/usr/local by default, after all. If a directory depends on isakmpd
being up, it shouldn't be auto-mounted through fstab, IMHO.
But, alas, what rcNG *does not* do, which is it's greatest flaw IMO, is
taking into account network dependencies correctly. Network dependencies
change too much to have it statically ordered, beyond a certain point.
One example is the case above. There are reasonable grounds for wanting
isakmpd to be up both before and after NFS. Before if you want to mount
NFS through IPSEC, and after if you keep isakmpd NFS-mounted, and
doesn't care for encrypted NFS mounts.
Another example is dynamic routers and ntpd. OSPF is very
time-sensitive, and clock changes can play hell with the routing tables,
so ntpd ought to be up before OSPF (or ntpdate ran before OSPF is
brought up), which is no trouble if you have specialized hardware for
synching the clock. OTOH, the route to ntpd servers might not be up
before OSPF is run, and ntpd is completely incapable of handling
non-existent routes (it gets stuck forever on using an incorrect
interface, and has to be restarted).
Sorry for the rant. :-( I could never think of a solution to this
problem, and whenever I see a commit where I can see one wanting to do
things in the very opposite order... it upsets me. :-(
--
Daniel C. Sobral
Gerência de Operações
Divisão de Comunicação de Dados
Coordenação de Segurança
VIVO Centro Oeste Norte
Fones: 55-61-313-7654/Cel: 55-61-9618-0904
E-mail: Daniel.Capo at tco.net.br
Daniel.Sobral at tcoip.com.br
dcs at tcoip.com.br
More information about the cvs-src
mailing list