Re: autopkgtest-build-lxd failing with bionic
On Tuesday, February 20, 2018 10:44:42 PM Martin Pitt wrote: > Steve Langasek [2018-02-16 11:12 -0800]: ... > > I think the network-online.target is the better thing to key on. > > I still don't like that much, though: > - there is no requirement that this actually gets "implemented" or even > started (it's a passive target) > > - it's supposed to be a SysV backwards compat shim for LSB's "network" > dependency, and not well-defined > > - These tools should also work with Debian containers, which in theory > could also run sysvinit. This is also the reason why they still use > `runlevel` instead of `systemctl is-system-running` or something similar. > > All of these are just heuristics, though; you could have all sorts of cases > where all of these break, like sharing the host's network namespace, having > no default route but a route to the configured apt proxy, etc. Maybe the > closest approximation to this would be to grab the archive URL from > /etc/apt/sources.list and put it in a curl loop, but (1) neither wget nor > curl are in minimal installs, and (2) at that point it could just as well > be an apt-get retry loop. So what's the right systemd way to ensure the network is up? I continue to fight bugs in the postfix unit file both in Debian and Ubuntu over things happening before the network is up. As far as I can determine from the documentation, network-online.target should work, but I agree it doesn't do so reliably. Currently postfix@.service has: After=network-online.target nss-lookup.target Wants=network-online.target If inet_interfaces has been set to a specific IP address (which is a legitimate use), then if postfix tries to start before that IP address is available errors ensue. Scott K -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Re: autopkgtest-build-lxd failing with bionic
Steve Langasek [2018-02-16 11:12 -0800]: > > > [ -n "$(ip route show to 0/0)" ] > > > This is better though, and works too. Please take a look at the attached > > patch. Thanks! :-) > > Actually no, this is racy, because the route comes up before DNS resolution > is in place. I'm not actually sure if network-online.target would actually guard against that with all implementations. But in practice, in most cases you'll get DNS either via static configuration (in which case there's nothing further to wait for) or via DHCP (in which case your address and DNS solvers ought to arrive at the same time). And there's still the "apt retries several times" fallback (which is why I do see the initial apt failure, but the retry works). > It's also not forwards-compatible with ipv6-only deploys. Right now the container network config created by lxc/lxd/netplan assumes IPv4 only, so let's cross that bridge when we get to it. Indeed adding an alternative `ip -6 show...` would easily rectify that. > I think the network-online.target is the better thing to key on. I still don't like that much, though: - there is no requirement that this actually gets "implemented" or even started (it's a passive target) - it's supposed to be a SysV backwards compat shim for LSB's "network" dependency, and not well-defined - These tools should also work with Debian containers, which in theory could also run sysvinit. This is also the reason why they still use `runlevel` instead of `systemctl is-system-running` or something similar. All of these are just heuristics, though; you could have all sorts of cases where all of these break, like sharing the host's network namespace, having no default route but a route to the configured apt proxy, etc. Maybe the closest approximation to this would be to grab the archive URL from /etc/apt/sources.list and put it in a curl loop, but (1) neither wget nor curl are in minimal installs, and (2) at that point it could just as well be an apt-get retry loop. So in summary, IMHO the "wait for default route" heuristics is simple and effective enough for now. Martin signature.asc Description: PGP signature -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Re: autopkgtest-build-lxd failing with bionic
Hello all, Iain Lane [2018-02-16 11:52 +]: > > I wouldn't pick on any of these: network-online.target is a sloppily defined > > shim for SysV init backwards compatibility, and may not ever get started (in > > fact, that's the goal ☺); and the container might not use networkd, so I > > wouldn't use s-n-wait-online either. I think querying > > Interesting. I thought that it was the systemd way to say 'I am online > now' --- i.e. nm-online or systemd-networkd-wait-online, which is the > question I wanted to get a positive answer to. I can see that the SysV > implementation isn't great, but it's not clear to me that it was ill > defined for this case. "ill defined" is too strong, but it's "sloppy", just as the mere question of what "the network is up" means in a world of dynamic interfaces, proxies, VPNs, dynamic resolvers, etc. > > [ -n "$(ip route show to 0/0)" ] > > This is better though, and works too. Please take a look at the attached > patch. Thanks! :-) Cheers! I reworked it a bit, applied the same strategy to LXC (which is equally affected), tested it, and landed https://anonscm.debian.org/cgit/autopkgtest/autopkgtest.git/commit/?id=20f479254 I'm going to overhaul setup-testbed too, as it still creates an ifupdown config for modern (netplan) Ubuntu containers - I want to teach it to stop that. Martin signature.asc Description: PGP signature -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel