On 2018-04-10 10:55, Christoph Böhmwalder wrote:

> I was wondering how the OpenRC dependencies between start scripts
> work.

openvpn start-up dependencies (and, I imagine, any user space based VPN)
are definitely a pain point.  One part is the subject of the main thread
here ie. what other scripts openvpn itself should depend on.  Is it
really safe to start it before the hardware interfaces are up?  I guess
in its default config it will keep trying until it can connect to the
server, but I think it can also be configured to just give up.

Another part is the reverse dependencies.  On my systems, any network
service that provides the option is configured to only listen on the VPN
interface (plus localhost if necessary).  But that means the service
depends on the interface being functional - and, as I have learned, in
the case of openvpn and TUN interface that means not just being in the
UP state, but also the routing table being updated which happens _after_
it is put into UP state.  The work to ensure all this state is done by
the openvpn daemon in the background, out of control of openrc or
sysvinit, so it is definitely possible that the openvpn initscript
finishes before the final working state is reached.  Then I have network
service daemons failing to start (even if they have an explicit
dependency on openvpn) because they cannot listen() on the VPN
interface.  I have to work around this with nefarious hacks using netcat
or ping to test the VPN.

I assume systemd handles this correctly, and this is an occasion when I
envy systemd users and consider, for a few seconds, joining them.

Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.

Reply via email to