On Tue, 2009-01-27 at 12:05 -0800, Erik Nordmark wrote: > Sebastien Roy wrote: > > >> Do we have examples of 3rd party software which invokes ifconfig to > >> change the IP configuration? > > > > Our punchin client and server are an example. > > Who is the 3rd party that wrote that? I thought it was us? ;-)
Well, I like to think of it as 3rd party software. The Cisco VPN running on Solaris has similar properties. Another example is the tunnel broker client software that configured IPv6-over-IPv4 tunnels on the fly. > > Panics and manually triggered reboots are two of my concerns. > > So let's figure out how to solve those, instead of trying to pretend > that 3rd party software doesn't have to undo the changes it does to the > running system. Sure, I'm certainly interested in discussions on alternative ideas. > I don't think it is to hard to come up with a scheme for that while > letting the core of ipadm only do persistent object creation and properties. > > A possibility would be an undo log which is cleanup up on boot. If the > software invokes libdladm to create a temporary object (e.g., the IP > interface ip.tun0) then library would create a persistent object but > also add an entry to the cleanup log which takes care of deleting it on > reboot (should the application forgot). Consider the following three classes of administrative events on an object: creation, deletion, and modification. In the case of creation, it's easy enough to "undo", it's a simple deletion. The other two are harder. The log has to keep track of how to re-create an object that was deleted, or how to unmodify an object that was previously modified. I think this is where SMF repository snapshots would come in handy. If the configuration self-contained in there, then the "undo" operation doesn't need to know anything about the objects and how to manipulate them, and it can be generalized to more things than just ipadm objects. > I think that approach is simpler for the admin (the admin would not have > to worry about anything but persistent configuration), and handles > applications which desire an implicit cleanup on reboot. Yes, if it can be made to work, the administrative model is in fact simpler. -Seb
