Hi, I just adopted ifupdown from Andrew Shadura. Incidentally I'm also the ifenslave maintainer :)
On Tue, Jun 09, 2015 at 04:35:00PM +0200, Dariusz Gadomski wrote: > After some discussions with Rafael and users affected by the race > condition I have prepared a patch solving the problem by introducing a > new stanza to the interfaces file: > allow-group-X-Y <interfaces> > where: > X is the group index > Y is the level in the hierarchy > > This stanza allows to group interfaces into hierarchies to ensure > hierarchy locking below any given interface while ifupdown operates on > it. > > E.g. if we have a bond0 interface built on top of eth0 and eth1 the > user would have to add the following to the interfaces file: > allow-group-1-1 bond0 > allow-group-1-2 eth0 eth1 > > This would cause locking of eth0 and eth1 from any modification while > bond0 is handled by ifupdown. It is of course not so nice to have to specify those groups by hand, especially to assign numbers to them. It would be nicer to just have a statement you can put in an interface stanza that tells you which interfaces are depending on it, like: iface bond0 inet static depending-interfaces eth0 eth1 This could then implicitly generate the same groups as you have to specify explicitly in your case. Even better would be to have the race condition be dealt with without any changes to /e/n/interfaces. One issue is of course that the /r/n/ifstate file is only locked to update the state, and there is no state indicating that an interface is in the process of being configured. So indeed, a per-interface lockfile should be used, which will be locked for the whole duration the interface is being (de)configured. Something like /r/n/ifstate-bond0, which is locked using fcntl(), and into which the process holding the lock will write the state (up/down). To prevent deadlocks (scripts calling ifup/ifdown recursively), environment variables are set to indicate which interfaces are being configured, like IFUPDOWN_bond0=up, and before trying to lock the per-interface lockfile, presence of this environment variable is checked. I already have an implementation of the deadlock detection, but not yet of per-interface lockfiles. But in the case of bonding, there is already a mechanism in place that can prevent conflicts between ifup -a and ifup bond0 running simultaneously. If you write /e/n/interfaces like this: allow-bond0 eth0 iface eth0 inet manual bond-master bond0 allow-bond0 eth1 iface eth1 inet manual bond-master bond0 auto bond0 iface bond0 inet dhcp bond-slaves eth0 eth1 ... Note that I replaced "auto" with "allow-bond0" for the Ethernet interfaces. This causes ifup -a to skip those interfaces, but instead will cause ifup bond0 to run ifup eth0 and eth1. -- Met vriendelijke groet / with kind regards, Guus Sliepen <g...@debian.org>
signature.asc
Description: Digital signature