Penned by Mike Belopuhov on 20140711 6:49.19, we have:
| On 11 July 2014 10:29, Antoine Jacoutot <ajacou...@bsdfrog.org> wrote:
| > On Thu, Jul 10, 2014 at 06:51:01PM +0200, Loďc BLOT wrote:
| >> Hello all,
| >> I use rdomains to split routing domains per company and also separate
| >> administration interfaces from routing interfaces on my routers (sshd,
| >> bacula, postfix and puppetd running on a dedicated rdomain)
| >>
| >> Actually there is a problem with rdomains, we need to modify /etc/rc.d
| >> scripts to add rdomain execution environment to the specified service.
| >> If rc.subr have support to rdomains, we can let the rc.d scripts clean.
| >>
| >> To resolve those rdomain issues, I created a patch and I added a new
| >> variable we could use on rc.conf(.local), ${_name}_rdomain. (This
| >> variable needs a signed integer and use an existing rdomain, this is
| >> checked by rc.subr.
| >>
| >> I want to contribute to OpenBSD and I give you this patch. If you have
| >> any suggestions to improve it, tell me.
| >
| > I don't use rdomain so someone knowledgeable should comment here.
| > But it does look like a nice idea.
| >
|
| having something like this would be really cool. in case you'll be
| tweaking the code, make sure that the "route -T exec printf" check
| is preserved. i would use "true" in this test however.
|
| as far as i can tell the daemon_rdomain bit that goes into the rc
| script is fine, however i'm not quite sure how can i start two
| daemons in different rdomains via rc.conf.local. looks like this
| diff doesn't handle this and allows only one instance in the
| ${_name}_rdomain rdomain. but sometimes you want multiple, say
| sshd in rdomain 0 and 1. daemon_rdomain flag allows me to go and
| create another rc.d/sshd-rdomain-1 script and stuff daemon_rdomain=1
| in there. but then i'd have to add it to the pkg_scripts... this
| is a minor issue that i see. perhaps ${_name}_rdomain should list
| multiple values, like sshd_rdomain=0,1,2,3.
multiple rdomain instances might even have different daemon_flags.
I think in addition to sshd_rdomain=0,1,2,3 the patch might handle
ssh_rdomain_0_flags="-C /etc/ssh/sshd_0_config". I'm guessing it
makes sense to add to sshd_flags= rather than over-write it, but
that's splitting hairs.
I've been wondering about how to implement what you've done, and
have ended up with 'route -T 3 exec /etc/rc.d/... -f' in /etc/rc.local.
I like this direction.
Thanks,
--
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries
