Ok ok ok .. having the ability to specify the rdomain for the one instance of a daemon started by /etc/rc does let other monkeying to be done from /etc/rc.local if desired.
Thanks, Penned by Loïc Blot on 20140711 9:56.35, we have: | Of course, | I have set the fewer modification on rc.subr because cases mentionned by Todd are more rare. I think those cases must be handled by rc.local. (but i agree with todd concept, but his modification is too big for majority of systems). | | Loïc Blot, | Ingénieur systèmes UNIX, Sécurité et Réseaux | http://www.unix-experience.fr | | Theo de Raadt <dera...@cvs.openbsd.org> a écrit : | | >> Penned by Mike Belopuhov on 20140711 6:49.19, we have: | >> | On 11 July 2014 10:29, Antoine Jacoutot <ajacou...@bsdfrog.org> wrote: | >> | > On Thu, Jul 10, 2014 at 06:51:01PM +0200, Lo��c BLOT wrote: | >> | >> Hello all, | >> | >> I use rdomains to split routing domains per company and also separate | >> | >> administration interfaces from routing interfaces on my routers (sshd, | >> | >> bacula, postfix and puppetd running on a dedicated rdomain) | >> | >> | >> | >> Actually there is a problem with rdomains, we need to modify /etc/rc.d | >> | >> scripts to add rdomain execution environment to the specified service. | >> | >> If rc.subr have support to rdomains, we can let the rc.d scripts clean. | >> | >> | >> | >> To resolve those rdomain issues, I created a patch and I added a new | >> | >> variable we could use on rc.conf(.local), ${_name}_rdomain. (This | >> | >> variable needs a signed integer and use an existing rdomain, this is | >> | >> checked by rc.subr. | >> | >> | >> | >> I want to contribute to OpenBSD and I give you this patch. If you have | >> | >> any suggestions to improve it, tell me. | >> | > | >> | > I don't use rdomain so someone knowledgeable should comment here. | >> | > But it does look like a nice idea. | >> | > | >> | | >> | having something like this would be really cool. in case you'll be | >> | tweaking the code, make sure that the "route -T exec printf" check | >> | is preserved. i would use "true" in this test however. | >> | | >> | as far as i can tell the daemon_rdomain bit that goes into the rc | >> | script is fine, however i'm not quite sure how can i start two | >> | daemons in different rdomains via rc.conf.local. looks like this | >> | diff doesn't handle this and allows only one instance in the | >> | ${_name}_rdomain rdomain. but sometimes you want multiple, say | >> | sshd in rdomain 0 and 1. daemon_rdomain flag allows me to go and | >> | create another rc.d/sshd-rdomain-1 script and stuff daemon_rdomain=1 | >> | in there. but then i'd have to add it to the pkg_scripts... this | >> | is a minor issue that i see. perhaps ${_name}_rdomain should list | >> | multiple values, like sshd_rdomain=0,1,2,3. | >> | >> multiple rdomain instances might even have different daemon_flags. | >> | >> I think in addition to sshd_rdomain=0,1,2,3 the patch might handle | >> ssh_rdomain_0_flags="-C /etc/ssh/sshd_0_config". I'm guessing it | >> makes sense to add to sshd_flags= rather than over-write it, but | >> that's splitting hairs. | >> | >> I've been wondering about how to implement what you've done, and | >> have ended up with 'route -T 3 exec /etc/rc.d/... -f' in /etc/rc.local. | >> | >> I like this direction. | > | >For crazy stuff, use /etc/rc.local -- Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries
