Re: Read sysctl from file
On Tue, Jul 25, 2017 at 09:32:33AM +0300, Mihai Popescu wrote: > > As I see it everybody has agreed upon that and some are now just making > > suggestions on how to solve the OP's problem, that do not involve adding -p > > to > > OpenBSD's sysctl. So I thik that was uncalled for. > > Not everybody! Man, you talk like a black suit manager here. Maybe I am ;-) But I saw nobody in the thread that still advocated that sysctl -p should be added to OpenBSD. So that was what i saw was agreed upon by everybody (in the thread). Therefore it was not necessary to once again point out that sysctl -p will never be added to OpenBSD. Because it will not. Never. Already said that. > > > I just do not get that. > > Yes, you obviously don't. It has been explained that the CONCEPT of -p > is WRONG in OpenBSD area and maybe other areas, too. IF you can grasp > that, then think why the hell would someone try to implement this and > find a solution for the OP? Now that is a different, and valid argument. To tell someone that implementing a substitute for sysctl -p is a bad idea because that would send the wrong message (no message) to the Ansible folks. But that was not the response the implementer got. > > I think one of the reasons that OpenBSD avoided to become useless > swiss army knife of OSes is exactly that resitance to implement crap > "just because ...". Bla bla bla. Heard it before. Agrees completely. Have said it myself many times. Nothing new. And that was not the subject. Sorry, maybe it was the subject, but very indirectly. As I see it is the message that helping someone solve a problem in a way that encourages other OS:es bad decision is a bad strategy that did not get through the usual @misc communication style of go f*ck your self you know nothing. There are better ways to send that message then what used in this thread. For example by writing it up front. -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: Read sysctl from file
> As I see it everybody has agreed upon that and some are now just making > suggestions on how to solve the OP's problem, that do not involve adding -p to > OpenBSD's sysctl. So I thik that was uncalled for. Not everybody! Man, you talk like a black suit manager here. > I just do not get that. Yes, you obviously don't. It has been explained that the CONCEPT of -p is WRONG in OpenBSD area and maybe other areas, too. IF you can grasp that, then think why the hell would someone try to implement this and find a solution for the OP? I think one of the reasons that OpenBSD avoided to become useless swiss army knife of OSes is exactly that resitance to implement crap "just because ...".
Re: Read sysctl from file
On Fri, Jul 21, 2017 at 05:30:32PM -0600, Theo de Raadt wrote: > > > On Jul 21, 2017, at 3:42 PM, li...@wrant.com wrote: > > >=20 > > > Fri, 21 Jul 2017 12:33:31 -0700 Peter Faiman > > >> # ./sysctl -p example.conf > > >> Peter > > >=20 > > > Hi Peter, ansibles, > > >=20 > > > No guarantee systems controls stay affixed, wrapper tools comply got = > > it? > > > > The point of sysctl -p is reloading from a file. So that you put controls in > > the file and load that file, exactly as happens in system startup. The whole > > point is to ensure consistency with system startup. True, securelevel throws > > a bit of a wrench in that, but this works for all other settings. > > We don't have -p. > > It is an addition made by a foreign system which barely uses sysctl, > and has been acting for years like they will be removing support. > > THERE IS NO SUPPORT FOR -p. > > It is unlikely to happen. As I see it everybody has agreed upon that and some are now just making suggestions on how to solve the OP's problem, that do not involve adding -p to OpenBSD's sysctl. So I thik that was uncalled for. > > Let's just stop this. You just aren't capable of listening to what > is being said. Also, you are ridiculously rude. I just do not get that. I think Peter has listened to what was said and that others are rude to him for no (very little) reason. Best regards -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: Read sysctl from file
On Fri, Jul 21, 2017 at 05:40:04PM -0600, Theo de Raadt wrote: > Peter, please leave. People around here don't need to read your > insults. > Peter, you do not have to leave. Theo says that all the time. I did not read your posts as particulary insulting to anyone and understand why you feel you ought to defend yourself for getting maybe deliberately misunderstood. Best regards -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: Read sysctl from file
Peter, please leave. People around here don't need to read your insults.
Re: Read sysctl from file
> On Jul 21, 2017, at 1:30 PM, Mihai Popescu wrote: > >> Also it does not fail halfway, it will report errors for each of the >> settings that cannot > be applied, > > So Peter, just to check if i got it right, you did a script who > reports errors about things people knows in advance they will generate > errors, that despite the warnings that the concept is wrong from the > start till the end. > > Nice, I remember about a Dilbert situation, but I'm too lazy to search for it. Yes, my script reports errors. Since apparently everyone knows in advance which sysctls will produce errors, it is bad for me to report them? Is that what you're saying? Well then you should submit a patch to /sbin/sysctl that stops reporting errors. After all, as you say, "people knows in advance they will generate errors.” Now THAT is a Dilbert situation. Peter
Re: Read sysctl from file
> > On Jul 21, 2017, at 3:42 PM, li...@wrant.com wrote: > >=20 > > Fri, 21 Jul 2017 12:33:31 -0700 Peter Faiman > >> # ./sysctl -p example.conf > >> Peter > >=20 > > Hi Peter, ansibles, > >=20 > > No guarantee systems controls stay affixed, wrapper tools comply got = > it? > > The point of sysctl -p is reloading from a file. So that you put controls in > the file and load that file, exactly as happens in system startup. The whole > point is to ensure consistency with system startup. True, securelevel throws > a bit of a wrench in that, but this works for all other settings. We don't have -p. It is an addition made by a foreign system which barely uses sysctl, and has been acting for years like they will be removing support. THERE IS NO SUPPORT FOR -p. It is unlikely to happen. Let's just stop this. You just aren't capable of listening to what is being said. Also, you are ridiculously rude.
Re: Read sysctl from file
> On Jul 21, 2017, at 3:42 PM, li...@wrant.com wrote: > > Fri, 21 Jul 2017 12:33:31 -0700 Peter Faiman >> # ./sysctl -p example.conf >> Peter > > Hi Peter, ansibles, > > No guarantee systems controls stay affixed, wrapper tools comply got it? The point of sysctl -p is reloading from a file. So that you put controls in the file and load that file, exactly as happens in system startup. The whole point is to ensure consistency with system startup. True, securelevel throws a bit of a wrench in that, but this works for all other settings. > Wrap around as advised for a system operator, don't push for short cuts. It’s not a short cut. Ansible wants sysctl -p, I implemented sysctl -p exactly as Linux does it, using the OpenBSD /etc/rc code that actually applies sysctls from /etc/sysctl.conf. I never said anyone should use Ansible. I don't use it, I don't like it. But clearly this person is going to use it, so I might as well give them something that will do what they want, even if I don't agree with it. > Please, stop imposing your designs on our systems wasting precious time. I'm not imposing my designs on anyone. Someone on the mailing list needed the exact Linux behavior, so I spent 5 minutes on the train to work writing and testing a compatible tool. I already _specifically_ said I wrote a wrapper this way because it's the easiest way to be compatible without changing ANY OpenBSD code, or ANYTHING else about the OpenBSD system. In other words I deliberately chose to solve this problem in a way that imposes NOTHING on anyone else. > Kind regards, You should stop putting this at the bottom of your emails if you think it's acceptable to talk to others this way. When you send out half-baked responses that clearly demonstrate you did not bother to read what I said, you're the one wasting my time. Peter
Re: Read sysctl from file
Fri, 21 Jul 2017 12:33:31 -0700 Peter Faiman > # ./sysctl -p example.conf > Peter Hi Peter, ansibles, No guarantee systems controls stay affixed, wrapper tools comply got it? Wrap around as advised for a system operator, don't push for short cuts. Please, stop imposing your designs on our systems wasting precious time. Kind regards, Anton Lazarov
Re: Read sysctl from file
> Also it does not fail halfway, it will report errors for each of the settings > that cannot > be applied, So Peter, just to check if i got it right, you did a script who reports errors about things people knows in advance they will generate errors, that despite the warnings that the concept is wrong from the start till the end. Nice, I remember about a Dilbert situation, but I'm too lazy to search for it.
Re: Read sysctl from file
> On Jul 21, 2017, at 12:22 PM, Theo de Raadt wrote: > >>> On Jul 21, 2017, at 3:47 AM, Stuart Henderson = >> wrote: >>> =20 >>> On 2017-07-20, BARDOU Pierre wrote: Is there a way to make sysctl re-read its conf file, or even another = >> file, like sysctl -p does on linux systems ? Supporting this option would be nice, as it is used by the sysctl = >> module of ansible. >>> =20 >>> Sounds risky. It won't reset default values thag are unspecified in >>> sysctl.conf, so you could be sitting on a configuration that appears = >> ok, >>> but will fail after a reboot. >> >> Stuart makes a good point. So does Theo, adding -p to the sysctl binary = >> when >> it doesn't currently do any file handling at all seems extreme. So I = >> wrote a >> wrapper script that emulates Linux sysctl -p. I put very simple = >> directions >> at the top of the file. Find it here: >> >> https://gist.github.com/PeterFaiman/5b67c530b0ffa009ebef904ed0678e26 >> >> Ideally these tools wouldn't use Linux-specific features. But emulating >> simple features like sysctl -p in a non-invasive way isn't too hard. > > One more point to add: > > Some setting can only be changed before securelevel. They fail afterwards. > > I'd say the entire approach is wrong, because it cannot tell them apart. > It will fail halfway. > > It was obviously written by people who don't care. True, there is no way to get around the securelevel problem without rebooting, by definition. But if this MUST be done with these workflow constraints, I think this is the "best" way to do it. Also it does not fail halfway, it will report errors for each of the settings that cannot be applied, e.g. with a config that sets kern.securelevel=0 and net.inet.udp.sendspace=9216, this happens: # ./sysctl -p example.conf sysctl: kern.securelevel: Operation not permitted net.inet.udp.sendspace: 9216 -> 9216 Peter
Re: Read sysctl from file
> > On Jul 21, 2017, at 3:47 AM, Stuart Henderson = > wrote: > >=20 > > On 2017-07-20, BARDOU Pierre wrote: > >> Is there a way to make sysctl re-read its conf file, or even another = > file, like sysctl -p does on linux systems ? > >> Supporting this option would be nice, as it is used by the sysctl = > module of ansible. > >=20 > > Sounds risky. It won't reset default values thag are unspecified in > > sysctl.conf, so you could be sitting on a configuration that appears = > ok, > > but will fail after a reboot. > > Stuart makes a good point. So does Theo, adding -p to the sysctl binary = > when > it doesn't currently do any file handling at all seems extreme. So I = > wrote a > wrapper script that emulates Linux sysctl -p. I put very simple = > directions > at the top of the file. Find it here: > > https://gist.github.com/PeterFaiman/5b67c530b0ffa009ebef904ed0678e26 > > Ideally these tools wouldn't use Linux-specific features. But emulating > simple features like sysctl -p in a non-invasive way isn't too hard. One more point to add: Some setting can only be changed before securelevel. They fail afterwards. I'd say the entire approach is wrong, because it cannot tell them apart. It will fail halfway. It was obviously written by people who don't care.
Re: Read sysctl from file
> On Jul 21, 2017, at 3:47 AM, Stuart Henderson wrote: > > On 2017-07-20, BARDOU Pierre wrote: >> Is there a way to make sysctl re-read its conf file, or even another file, >> like sysctl -p does on linux systems ? >> Supporting this option would be nice, as it is used by the sysctl module of >> ansible. > > Sounds risky. It won't reset default values thag are unspecified in > sysctl.conf, so you could be sitting on a configuration that appears ok, > but will fail after a reboot. Stuart makes a good point. So does Theo, adding -p to the sysctl binary when it doesn't currently do any file handling at all seems extreme. So I wrote a wrapper script that emulates Linux sysctl -p. I put very simple directions at the top of the file. Find it here: https://gist.github.com/PeterFaiman/5b67c530b0ffa009ebef904ed0678e26 Ideally these tools wouldn't use Linux-specific features. But emulating simple features like sysctl -p in a non-invasive way isn't too hard. Peter
Re: Read sysctl from file
On 2017-07-20, BARDOU Pierre wrote: > Is there a way to make sysctl re-read its conf file, or even another file, > like sysctl -p does on linux systems ? > Supporting this option would be nice, as it is used by the sysctl module of > ansible. Sounds risky. It won't reset default values thag are unspecified in sysctl.conf, so you could be sitting on a configuration that appears ok, but will fail after a reboot.
Re: Read sysctl from file
Hello, I didn't realized that, but you have a point here. For future reference, I got ansible sysctl working tuning the options : Task : - name: "Tuning sysctl" sysctl: name: "{{ item.name }}" value: "{{ item.value }}" reload: no sysctl_set: yes with_items: "{{ sysctl }}" Vars : sysctl: - name: "net.inet.ip.forwarding" value: 1 - name: "net.inet.carp.preempt" value: 1 -- Cordialement, Pierre BARDOU -Message d'origine- De : Theo de Raadt [mailto:dera...@openbsd.org] Envoyé : jeudi 20 juillet 2017 15:46 À : BARDOU Pierre Cc : misc@openbsd.org Objet : Re: Read sysctl from file > Is there a way to make sysctl re-read its conf file, or even another > file, like sysctl -p does on linux systems ? > Supporting this option would be nice, as it is used by the sysctl > module of= ansible. But sysctl doesn't have a configuration file. there is a file called sysctl.conf, but it isn't a configuration file for the command. It is a list of sysctl changes, which will be made by the rc scripts at startup. someone in linux land went off the map here. and then another piece of software started un-portably assuming that's the way to do things?
Re: Read sysctl from file
On Thu, Jul 20, 2017 at 06:14:03PM -0700, Lyndon Nerenberg wrote: > > > On Jul 20, 2017, at 6:35 AM, BARDOU Pierre wrote: > > > > Hello, > > > > Is there a way to make sysctl re-read its conf file, or even another file, > > like sysctl -p does on linux systems ? > > Supporting this option would be nice, as it is used by the sysctl module of > > ansible. I'm also using Ansible to distribute sysctl configs to OpenBSD hosts. In the sysctl tasks I set sysctl_set to yes and reload to no. That works fine. Remi
Re: Read sysctl from file
> On Jul 20, 2017, at 6:35 AM, BARDOU Pierre wrote: > > Hello, > > Is there a way to make sysctl re-read its conf file, or even another file, > like sysctl -p does on linux systems ? > Supporting this option would be nice, as it is used by the sysctl module of > ansible. Here's the script we call (ansible handler, or as an rdist 'special') whenever we push a new sysctl.conf. It's the same code the system runs at boot time, lifted out into a standalone script. #!/bin/sh # sysctlreload: apply sysctl.conf(5) settings. # Strip in- and whole-line comments from a file. # Strip leading and trailing whitespace if IFS is set. # Usage: stripcom /path/to/file stripcom() { local _file=$1 _line [[ -s $_file ]] || return while read _line ; do _line=${_line%%#*} [[ -n $_line ]] && print -r -- "$_line" done <$_file } stripcom /etc/sysctl.conf | while read _line; do sysctl "$_line" done
Re: Read sysctl from file
On 20/07/17 18:48, Consus wrote: On 07:08 Thu 20 Jul, Kai Wetlesen wrote: Because it's a nice way to apply configuration changes made to /etc/sysctl.conf without restarting the whole server? Systemctl doesn't offer hot reload unless the controlled daemon offers the capability in the first place. The only thing systemd does is hits the controlling process on the head with a known conf-reload signal or (gasp) a DBus control statement. Both of these can be done just as well with an rc script, and without restarting the service. What systemd has to do with anything? We are talking about sysctl(8) and sysctl.conf(5). Guys, it's easy to emulate sysctl -p with a simple 4 line (maybe less) script. In advance, /etc/rc already does that. G
Re: Read sysctl from file
> Because it's a nice way to apply configuration changes made to > /etc/sysctl.conf without restarting the whole server? Systemctl doesn't offer hot reload unless the controlled daemon offers the capability in the first place. The only thing systemd does is hits the controlling process on the head with a known conf-reload signal or (gasp) a DBus control statement. Both of these can be done just as well with an rc script, and without restarting the service.
Re: Read sysctl from file
On 07:08 Thu 20 Jul, Kai Wetlesen wrote: > > Because it's a nice way to apply configuration changes made to > > /etc/sysctl.conf without restarting the whole server? > > Systemctl doesn't offer hot reload unless the controlled daemon offers > the capability in the first place. The only thing systemd does is hits > the controlling process on the head with a known conf-reload signal or > (gasp) a DBus control statement. Both of these can be done just as > well with an rc script, and without restarting the service. What systemd has to do with anything? We are talking about sysctl(8) and sysctl.conf(5).
Re: Read sysctl from file
> > > On 07:39 Thu 20 Jul, Theo de Raadt wrote: > > > > someone in linux land went off the map here. and then another piece of > > > > software started un-portably assuming that's the way to do things? > > > > > > Because it's a nice way to apply configuration changes made to > > > /etc/sysctl.conf without restarting the whole server? > > > > only thinking of yourself, and missing the point. > > > > the point is that the 25-year old sysctl design had no such feature, > > and now other things are changing that. > > > > No, what you want does not exist. > > He just asks if OpenBSD supports such a feature. Why so butthurt? I said no the first time, and provided a detailed explaination. Why did you feel the need jump in? Ichy butt?
Re: Read sysctl from file
On 07:45 Thu 20 Jul, Theo de Raadt wrote: > > On 07:39 Thu 20 Jul, Theo de Raadt wrote: > > > someone in linux land went off the map here. and then another piece of > > > software started un-portably assuming that's the way to do things? > > > > Because it's a nice way to apply configuration changes made to > > /etc/sysctl.conf without restarting the whole server? > > only thinking of yourself, and missing the point. > > the point is that the 25-year old sysctl design had no such feature, > and now other things are changing that. > > No, what you want does not exist. He just asks if OpenBSD supports such a feature. Why so butthurt?
Re: Read sysctl from file
> On 07:39 Thu 20 Jul, Theo de Raadt wrote: > > someone in linux land went off the map here. and then another piece of > > software started un-portably assuming that's the way to do things? > > Because it's a nice way to apply configuration changes made to > /etc/sysctl.conf without restarting the whole server? only thinking of yourself, and missing the point. the point is that the 25-year old sysctl design had no such feature, and now other things are changing that. No, what you want does not exist.
Re: Read sysctl from file
On 07:39 Thu 20 Jul, Theo de Raadt wrote: > someone in linux land went off the map here. and then another piece of > software started un-portably assuming that's the way to do things? Because it's a nice way to apply configuration changes made to /etc/sysctl.conf without restarting the whole server?
Re: Read sysctl from file
> Is there a way to make sysctl re-read its conf file, or even another file, > like sysctl -p does on linux systems ? > Supporting this option would be nice, as it is used by the sysctl module of= > ansible. But sysctl doesn't have a configuration file. there is a file called sysctl.conf, but it isn't a configuration file for the command. It is a list of sysctl changes, which will be made by the rc scripts at startup. someone in linux land went off the map here. and then another piece of software started un-portably assuming that's the way to do things?