Bug#798625: systemd-networkd: Runs arbitrary inappropriate scripts on network changes

Mon Sep 28 22:22:48 BST 2015

Hello Josh,

sorry for the late answer.

Josh Triplett [2015-09-20 13:37 -0700]:
> > The missing hook/extension mechanism in networkd is something which is
> > an issue.
> 
> I wouldn't necessarily put it *that* way.  The functionality currently
> handled by ifupdown hooks needs handling in some way; that doesn't mean
> networkd needs to run arbitrary hooks.  That needs some very careful
> thought before creating what amounts to a new API expectation.

The alternative is to teach all the affected software to listen to
networkd events, which seems much more intrusive? I don't think that
most sofware will want to do this, but at the same time networkd
upstream seems to be against adding a hooks mechanism. TBH, I don't
want to invent a completely new downstream-only hooks mechanism;
if-*.d/ has been around for a long time, but if we don't want to use
that, I'd just declare bancrupcy from my POV and say "if you use any
of this software, then you can't use networkd".

> > If we are going to provide a hook mechanism, maybe defining our own is
> > better then an incomplete/incompatbile ifup.d hooks support.
> 
> At the very least, any such mechanism should go through systemd unit
> files.  That would have several advantages: for instance, units that
> want to run both periodically and "when the network comes up" can DTRT
> (see .timer units with OnCalendar and Persistent, or with
> OnUnitInactiveSec; policies like "once a day but only with the network
> up" don't seem far-fetched here).  That would also provide the full
> functionality from "man systemd.exec".

This is indeed quite obvious, and was discussed with Tom back then.
But right now there are no plans for integrating networkd with systemd
units. The only interface that one has are the D-Bus notifications.

> Done; I've gone throuh the entire set of extracted hooks and documented
> them all in the titanpad.

Awesome, thanks for that!

> And if, in the short term, some users say "I can't migrate to networkd
> yet, it doesn't support $foo", that seems fine; we certainly don't plan
> to eliminate all other network configuration systems from Debian, and
> eventually someone might decide to add support to networkd.

We seem to be at an impasse here, with a "damned if you do, damned if
you don't" situation wrt. running if-*.d/ hooks. From the 50 hooks, 24
are relevant for netword, 26 aren't. A third of them can be fixed with
IP_FREEBIND, the others would need to grow custom support for
networkd, or a networkd specific plugin mechanism.

I'm ok with reverting the hook support then, and adjust README.Debian
with a big warning about the lack of if*.d/ hook integration instead.
Michael, ok with you?

Thanks,

Martin

-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)