On Tue, 17 Apr 2018, Zbigniew Jędrzejewski-Szmek wrote:
> On Tue, Apr 17, 2018 at 12:41:15PM -0400, R P Herrold wrote:
> To make this work, we could either require that maintainers of A add
> Requires(post): B, or delay the starting of services until the end
> of the transaction, using a transfiletrigger. This second approach
> is much more attractive. Actually we already od a delayed
> 'systemctl daemon-reload' after the transaction, and we could start
> the services after that.
Thank you ... but:
you trimmed off and did not respond to the harder part of my
real-world example
herrold earlier:
> I know I need to go in and manually create and add files
> like:
> /etc/systemd/system/var-ftp-pub-nfs-mirror2.mount
>
> and then link in that file in:
> /etc/systemd/system/machines.target.wants/
>
> to get NFS working as I want -- I cannot imagine that** any
> ** install tool knows how to read my desires as a deploying
> owner
which in this case is a RO NFS mount of a third party SAN
device, and which contains site specific matter needed for an
install needs to access to be useful
There are companion files, such as one with a RW:
/etc/systemd/system/home-nfs.mount
and more, and the RW case is much 'harder' to solve
(rootsquash, NFSv4, restricted IP ranges, more). This is for
a workstation class unit
How is chasing down a rabbit hole of unknowable configuration
possibilities, to start things during deployment, and before
hardening even vaguely 'solveable' even with unlimited **
packager ** effort? Augeas sort of tried to do this, and got
mired in complexity quicksand. Trying to enable install time
startups is in no way a 'costless' decision and adding new and
ill-defined 'requirements' for unclear reasons will tend to
reduce packager willingness to participate
As I pointed out, install order matters, and in testing alone,
the big O() complexity testing matrix explodes at a O(N^M)
rate. That is, it is simply untestable in very short order
And just WHY do we want to start services during deployment,
and before hardening? Why would we WANT to enable services
_before_ application of potential security updates recognized
and released after a media freeze? Setting up the firewalld,
particularly with the demise and eradication of host name
based resolution wrappers, is not an install time task at all,
other than
'deny all but ssh'
I do not understand the use case at all
-- Russ herrold
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
