openrc questions (Re: [gentoo-user] pppoe questions)

2015-11-08 Thread lee 
Alon Bar-Lev  writes:

> On 7 November 2015 at 20:21, lee  wrote:
>> Alon Bar-Lev  writes:
>>
 How does pppoe work together with shorewall and bind?

 When I stop the net.ppp0 service, shorewall is automatically stopped as
 well.  When I start net.ppp0, shorewall is not started automatically.

 I would like to automatically have net.ppp0 first started and then
 shorewall.
>>>
>>> usually the firewall service should be started before all interfaces
>>> (except lo).
>>> add the following to /etc/conf.d/net.ppp0:
>>> ---
>>> rc_net_ppp0_need="firewall net.enp2s0"
>>> ---
>>
>> Thanks!  I copied net.lo to net.ppp0 and put it at the top so it now
>> goes:
>>
>>
>> #!/sbin/runscript
>> # Copyright (c) 2007-2009 Roy Marples 
>> # Released under the 2-clause BSD license.
>>
>> MODULESDIR="/lib/netifrc/net"
>> MODULESLIST="${RC_SVCDIR}/nettree"
>> _config_vars="config routes"
>
> you do not need these^

They were already there, so I'll leave them.

>> rc_net_ppp0_need="firewall net.enp2s0"
>>
>
> you do need ^

I took it out because when shorewall is started before ppp0 is up,
shorewall says it can't do things with ppp0.  So I think ppp0 needs to
be up for shorewall to work right and things have to be started in an
undesirable order (unless perhaps I would restart shorewall when ppp0 is
up).

What's the right way of handling this?

>> I'm not sure if that's right --- I guess I shouldn't make a copy?
>
> correct :)

ok

>>> this will make sure that the ppp0 interface is started after both
>>> firewall and enp2s0.
>>>
>>> I also have the following in /etc/rc.conf to avoid stopping services
>>> while network is down:
>>> ---
>>> rc_hotplug="!net.enp2s0 !net.ppp*"
>>> ---
>>
>> The comment in /etc/rc.conf says no hotplugging is done by default.
>> IIUC, you are hotplugging 'net.enp2s0' and 'net.ppp*'?  So allowing to
>> hotplug them would kinda make them independent of other services, or
>> other services independent from them?
>
> no... the opposite, we do not want to be effected (! == not) by
> hotplug of these devices.

The description of this option says:

,
| # rc_hotplug is a list of services that we allow to be hotplugged.
| # By default we do not allow hotplugging.
| # A hotplugged service is one started by a dynamic dev manager when a matching
| # hardware device is found.
| # This service is intrinsically included in the boot runlevel.
| # To disable services, prefix with a !
| # Example - rc_hotplug="net.wlan !net.*"
| # This allows net.wlan and any service not matching net.* to be plugged.
| # Example - rc_hotplug="*"
| # This allows all services to be hotplugged
| #rc_hotplug="*"
`

With 'rc_hotplug="!net.enp2s0 !net.ppp*"', you would:


[1] forbid 'net.enp2s0' to be hotplugged and
[2] allow all services that do not match 'net.ppp*' to be hotplugged.


[1] is not necessary because nothing can be hotplugged by default.
[2] is very likely /not/ what you want --- or why would you want this.


Aside from this, what exactly happens when you allow a service to be
hotplugged?  Is this service never started by openrc because openrc
figures that the service is started otherwise (like by a device
manager)?  What does it do about services that depend on a service that
can be hotplugged?


And yet another question:

Does rc-update, or something else, monitor the scripts in /etc/init.d?
When I remove a script, or a link to one, from there, 'rc-update show'
doesn't show the removed script anymore, and it cannot be deleted from
its runlevel.

Re: [gentoo-user] pppoe questions

2015-11-07 Thread Alon Bar-Lev 
On 7 November 2015 at 20:21, lee  wrote:
> Alon Bar-Lev  writes:
>
>> On 6 November 2015 at 17:28, lee  wrote:
>>> Hi,
>>>
>>> finally I got set up pppoe, which turned out to be surprisingly easy.
>>> It's working fine, though I'm getting a warning when the pppoe interface
>>> is brought up:
>>>
>>>
>>> heimdali init.d # service net.ppp0 start
>>>  * Bringing up interface ppp0
>>>  *   Starting pppd in ppp0 ...   [ ok ]
>>>  *   Backgrounding ...
>>>  * WARNING: net.ppp0 has started, but is inactive
>>> heimdali init.d #
>>>
>>>
>>> Why is this warning showing, and what can I do about it?
>>>
>>
>> this warning can be safely ignored, all it tells you is that the
>> service will be fully up when connection will be established.
>> the same state is for ethernet until the ifplugd detects connection to 
>> network.
>>
>>> How does pppoe work together with shorewall and bind?
>>>
>>> When I stop the net.ppp0 service, shorewall is automatically stopped as
>>> well.  When I start net.ppp0, shorewall is not started automatically.
>>>
>>> I would like to automatically have net.ppp0 first started and then
>>> shorewall.
>>
>> usually the firewall service should be started before all interfaces
>> (except lo).
>> add the following to /etc/conf.d/net.ppp0:
>> ---
>> rc_net_ppp0_need="firewall net.enp2s0"
>> ---
>
> Thanks!  I copied net.lo to net.ppp0 and put it at the top so it now
> goes:
>
>
> #!/sbin/runscript
> # Copyright (c) 2007-2009 Roy Marples 
> # Released under the 2-clause BSD license.
>
> MODULESDIR="/lib/netifrc/net"
> MODULESLIST="${RC_SVCDIR}/nettree"
> _config_vars="config routes"

you do not need these^

> rc_net_ppp0_need="firewall net.enp2s0"
>

you do need ^
and you probably need to configure the pppoe with these:

config_ppp1="ppp"
plugins_ppp1="pppoe"
link_ppp1="enp2s0"# PPPoE requires an ethernet interface
username_ppp1='1@1'
password_ppp1=''

> I'm not sure if that's right --- I guess I shouldn't make a copy?

correct :)

>> this will make sure that the ppp0 interface is started after both
>> firewall and enp2s0.
>>
>> I also have the following in /etc/rc.conf to avoid stopping services
>> while network is down:
>> ---
>> rc_hotplug="!net.enp2s0 !net.ppp*"
>> ---
>
> The comment in /etc/rc.conf says no hotplugging is done by default.
> IIUC, you are hotplugging 'net.enp2s0' and 'net.ppp*'?  So allowing to
> hotplug them would kinda make them independent of other services, or
> other services independent from them?

no... the opposite, we do not want to be effected (! == not) by
hotplug of these devices.

>>> When net.ppp0 is stopped and restarted, I also must restart the name
>>> server (bind) :(  Otherwise it is unable to resolve anything.
>>>
>>> Can this somehow be avoided?  If not, can this be done automatically?
>>
>> this is strange... why bind must be restarted?
>> I use dnsmasq and it survive network down without any issue.
>> but if you must, add the following to /etc/conf.d/net.ppp0:
>> ---
>> postup() {
>> # whatever required after interface is up
>> return 0
>> }
>> ---
>
> Ah, yes, good idea :)
>
> Fortunately, everything survives when the link goes down and comes back
> up, so this would only be an issue when I manually stop/start the
> net.ppp0 service.  I can live with that.
>
>
>>> The log files show martian sources from a bridge device which is used
>>> for the networking of a container:
>>>
>>>
>>> [1734776.722127] IPv4: martian source 255.255.255.255 from 192.168.1.1, on 
>>> dev enp2s0
>>> [1734776.722132] ll header: : ff ff ff ff ff ff 00 0b 6b 81 c9 44 
>>> 08 00k..D..
>>>
>>>
>>> The enp2s0 interface is used for pppoe, 192.168.1.1 is the IP of the
>>> bridge.  The bridge does not have a physical network interface assigned
>>> to it.
>>>
>>> The routefilter option is enabled on all interfaces.  Why would there be
>>> such a broadcast originating from the bridge, and how can I prevent it?
>>
>> not sure what you describe here, but maybe you would like to disable
>> spanning tree, add the following to disable spanning tree to
>> /etc/conf.d/br0.conf (provided br0 is the name of the bridge).
>> ---
>> stp_state_br0=0
>> ---
>
> STP is disabled when the bridge is brought up with
>
>
> config_br_dmz="192.168.1.1 netmask 255.255.255.0 brd 192.168.1.255"
> brctl_br_dmz="setfd 0 sethello 10 stp off"
>
> ... in /etc/conf.d/net.
>
>
> heimdali init.d # brctl show
> bridge name bridge id   STP enabled interfaces
> br_dmz  8000.fe150e283be5   no  vethJRMBC7
> heimdali init.d #
>
>
> [1829515.036283] IPv4: martian source 255.255.255.255 from 192.168.1.1, on 
> dev enp2s0
> [1829515.036296] ll header: : ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 
> 00k..D..
> [1829575.021793] IPv4: martian source 255.255.255.255 from 192.168.1.1, on 
> dev enp2s0
> [1829575.021806]

Re: [gentoo-user] pppoe questions

2015-11-07 Thread lee 
Alon Bar-Lev  writes:

> On 6 November 2015 at 17:28, lee  wrote:
>> Hi,
>>
>> finally I got set up pppoe, which turned out to be surprisingly easy.
>> It's working fine, though I'm getting a warning when the pppoe interface
>> is brought up:
>>
>>
>> heimdali init.d # service net.ppp0 start
>>  * Bringing up interface ppp0
>>  *   Starting pppd in ppp0 ...   [ ok ]
>>  *   Backgrounding ...
>>  * WARNING: net.ppp0 has started, but is inactive
>> heimdali init.d #
>>
>>
>> Why is this warning showing, and what can I do about it?
>>
>
> this warning can be safely ignored, all it tells you is that the
> service will be fully up when connection will be established.
> the same state is for ethernet until the ifplugd detects connection to 
> network.
>
>> How does pppoe work together with shorewall and bind?
>>
>> When I stop the net.ppp0 service, shorewall is automatically stopped as
>> well.  When I start net.ppp0, shorewall is not started automatically.
>>
>> I would like to automatically have net.ppp0 first started and then
>> shorewall.
>
> usually the firewall service should be started before all interfaces
> (except lo).
> add the following to /etc/conf.d/net.ppp0:
> ---
> rc_net_ppp0_need="firewall net.enp2s0"
> ---

Thanks!  I copied net.lo to net.ppp0 and put it at the top so it now
goes:


#!/sbin/runscript
# Copyright (c) 2007-2009 Roy Marples 
# Released under the 2-clause BSD license.

MODULESDIR="/lib/netifrc/net"
MODULESLIST="${RC_SVCDIR}/nettree"
_config_vars="config routes"

rc_net_ppp0_need="firewall net.enp2s0"


I'm not sure if that's right --- I guess I shouldn't make a copy?

> this will make sure that the ppp0 interface is started after both
> firewall and enp2s0.
>
> I also have the following in /etc/rc.conf to avoid stopping services
> while network is down:
> ---
> rc_hotplug="!net.enp2s0 !net.ppp*"
> ---

The comment in /etc/rc.conf says no hotplugging is done by default.
IIUC, you are hotplugging 'net.enp2s0' and 'net.ppp*'?  So allowing to
hotplug them would kinda make them independent of other services, or
other services independent from them?

>> When net.ppp0 is stopped and restarted, I also must restart the name
>> server (bind) :(  Otherwise it is unable to resolve anything.
>>
>> Can this somehow be avoided?  If not, can this be done automatically?
>
> this is strange... why bind must be restarted?
> I use dnsmasq and it survive network down without any issue.
> but if you must, add the following to /etc/conf.d/net.ppp0:
> ---
> postup() {
> # whatever required after interface is up
> return 0
> }
> ---

Ah, yes, good idea :)

Fortunately, everything survives when the link goes down and comes back
up, so this would only be an issue when I manually stop/start the
net.ppp0 service.  I can live with that.


>> The log files show martian sources from a bridge device which is used
>> for the networking of a container:
>>
>>
>> [1734776.722127] IPv4: martian source 255.255.255.255 from 192.168.1.1, on 
>> dev enp2s0
>> [1734776.722132] ll header: : ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 
>> 00k..D..
>>
>>
>> The enp2s0 interface is used for pppoe, 192.168.1.1 is the IP of the
>> bridge.  The bridge does not have a physical network interface assigned
>> to it.
>>
>> The routefilter option is enabled on all interfaces.  Why would there be
>> such a broadcast originating from the bridge, and how can I prevent it?
>
> not sure what you describe here, but maybe you would like to disable
> spanning tree, add the following to disable spanning tree to
> /etc/conf.d/br0.conf (provided br0 is the name of the bridge).
> ---
> stp_state_br0=0
> ---

STP is disabled when the bridge is brought up with


config_br_dmz="192.168.1.1 netmask 255.255.255.0 brd 192.168.1.255"
brctl_br_dmz="setfd 0 sethello 10 stp off"


... in /etc/conf.d/net.


heimdali init.d # brctl show
bridge name bridge id   STP enabled interfaces
br_dmz  8000.fe150e283be5   no  vethJRMBC7
heimdali init.d # 


[1829515.036283] IPv4: martian source 255.255.255.255 from 192.168.1.1, on dev 
enp2s0
[1829515.036296] ll header: : ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 00 
   k..D..
[1829575.021793] IPv4: martian source 255.255.255.255 from 192.168.1.1, on dev 
enp2s0
[1829575.021806] ll header: : ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 00 
   k..D..
[1829634.958151] IPv4: martian source 255.255.255.255 from 192.168.1.1, on dev 
enp2s0
[1829634.958164] ll header: : ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 00 
   k..D..
[1829694.919256] IPv4: martian source 255.255.255.255 from 192.168.1.1, on dev 
enp2s0
[1829694.919269] ll header: : ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 00 
   k..D..
[1829754.880046] IPv4: martian source 255.255.255.255 from 192.168.1.1, on dev 
enp2s0
[1829754.880059] ll

Re: [gentoo-user] pppoe questions

2015-11-06 Thread Alon Bar-Lev 
On 6 November 2015 at 17:28, lee  wrote:
> Hi,
>
> finally I got set up pppoe, which turned out to be surprisingly easy.
> It's working fine, though I'm getting a warning when the pppoe interface
> is brought up:
>
>
> heimdali init.d # service net.ppp0 start
>  * Bringing up interface ppp0
>  *   Starting pppd in ppp0 ...   [ ok ]
>  *   Backgrounding ...
>  * WARNING: net.ppp0 has started, but is inactive
> heimdali init.d #
>
>
> Why is this warning showing, and what can I do about it?
>

this warning can be safely ignored, all it tells you is that the
service will be fully up when connection will be established.
the same state is for ethernet until the ifplugd detects connection to network.

> How does pppoe work together with shorewall and bind?
>
> When I stop the net.ppp0 service, shorewall is automatically stopped as
> well.  When I start net.ppp0, shorewall is not started automatically.
>
> I would like to automatically have net.ppp0 first started and then
> shorewall.

usually the firewall service should be started before all interfaces
(except lo).
add the following to /etc/conf.d/net.ppp0:
---
rc_net_ppp0_need="firewall net.enp2s0"
---

this will make sure that the ppp0 interface is started after both
firewall and enp2s0.

I also have the following in /etc/rc.conf to avoid stopping services
while network is down:
---
rc_hotplug="!net.enp2s0 !net.ppp*"
---

> When net.ppp0 is stopped and restarted, I also must restart the name
> server (bind) :(  Otherwise it is unable to resolve anything.
>
> Can this somehow be avoided?  If not, can this be done automatically?

this is strange... why bind must be restarted?
I use dnsmasq and it survive network down without any issue.
but if you must, add the following to /etc/conf.d/net.ppp0:
---
postup() {
# whatever required after interface is up
return 0
}
---

>
> The log files show martian sources from a bridge device which is used
> for the networking of a container:
>
>
> [1734776.722127] IPv4: martian source 255.255.255.255 from 192.168.1.1, on 
> dev enp2s0
> [1734776.722132] ll header: : ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 
> 00k..D..
>
>
> The enp2s0 interface is used for pppoe, 192.168.1.1 is the IP of the
> bridge.  The bridge does not have a physical network interface assigned
> to it.
>
> The routefilter option is enabled on all interfaces.  Why would there be
> such a broadcast originating from the bridge, and how can I prevent it?

not sure what you describe here, but maybe you would like to disable
spanning tree, add the following to disable spanning tree to
/etc/conf.d/br0.conf (provided br0 is the name of the bridge).
---
stp_state_br0=0
---

>
> --
> Again we must be afraid of speaking of daemons for fear that daemons
> might swallow us.  Finally, this fear has become reasonable.
>