Autor: Ian Zimmerman Data: Dla: dng Temat: Re: [DNG] Apparently Jessie has runit
On 2016-01-21 20:28 -0500, Steve Litt wrote:
> LSB's provides, requires, required_by, before, after, etc is pure
> genius: I should have thought of it. But my three months of using
> Runit indicates that it's not really necessary with Runit, even though
> Runit instantiates respawning processes in undefined and probably
> random order.
>
> Nevertheless, I've found Runit boots to be perfectly determinate, with
> no problem created when one process requires another process to be
> already running. Nevertheless, if such a problem ever did occur, it
> would be trivial to add a few lines of shellscript in the ./run script
> of the process that required a previously running process.
>
> In other words, from my experience with Runit, over 95% of our
> discussions about dependency, and when to declare a depended-upon
> process actually running, and how a daemon can notify its init system
> that it's now functional, is purely academic.
I agree that dependencies are not necessary nearly as often as they're
declared in sysvinit and similar setups. I also won't dispute the 95%
datum even though (or because :-P ) I don't quite get what it means.
But I do know that some dependencies are real. Furthermore, they can be
more subtle than daemon B not working at all until daemon A is in its
inner loop. And arguably, it is such subtle cases that are potentially
most dangerous because you don't know that anything failed, but you're
left vulnerable (for example).
One such subtle case is named, the well loved DNS serving daemon. named
by default binds to all active network interfaces on the system. _But_ this
means only interfaces that are up at the time named starts; unlike some
other more enlightened daemons, named doesn't dynamically scan for new
interfaces. Now assume one of your interfaces is a "soft" one, for
instance an openvpn tunnel. Voila, you have a dependency and a race; if
openvpn hasn't managed to bring the tunnel up by the time named starts,
named will never bind to it, and you may end up doing all of your DNS
resolution in the clear without knowing.
True story, of course. s/you/me/
--
Please *no* private copies of mailing list or newsgroup messages.
Rule 420: All persons more than eight miles high to leave the court.