On Thu, May 13, 2021 at 4:12 PM Steve Langasek <steve.langa...@ubuntu.com> wrote: > > Hi there, > > On Wed, May 12, 2021 at 05:52:07PM +1000, Christopher James Halse Rogers > wrote: > > There's an nfs-utils SRUĀ¹ hanging around waiting for a policy decision on > > use of the After=network-online.target systemd unit dependency. I'm not an > > expert here, but it looks like part of my SRU rotation today is starting the > > discussion on this so we can resolve it one way or another! > > > I am not an expert in this area, but as I understand it, the tradeoff here > > is: > > 1. Without a dependency on After=network-online.target there is no guarantee > > that the network interface(s) will be usable at the time the nfs-utils unit > > triggers, and nfs-utils will fail if the relevant ntwork interface is not > > usable, or > > 2. With a dependency on After=network-online.target nfs-utils will reliably > > start, but if there are any interfaces which are configured but do not come > > up this will result in the boot hanging until the timeout is hit. > > > In mitigation of (2), there are apparently a number of default packages > > which already have a dependency on After=network-online.target, so boot > > hanging if interfaces are down is the status quo? > > From one of the comments in the bug report, I gathered that systemd upstream > (who, specifically?) was taking a position that distributions should not use > After=network-online.target. I think this is entirely unhelpful; the target > exists for this purpose, it is not required for systemd internally to get > the system up but exists only for other services to depend on. > > There are risks of services not starting on boot because the network-online > target is not reached. However, that is not the same thing as a "hung > boot", because other services will still start on their own, and things like > gdm and tty don't depend on network-online.target, *unless* you're in a > situation where you've introduced a dependency between the filesystem and > network-online. This is possible when we're talking about nfs, because the > same system might both export nfs filesystems and mount them from localhost. > But I'm not sure it should block this specific change. > > > The obvious thing to do here would be to follow Debian, but as far as I can > > tell there is not currently a Debian policy about this - the best I can find > > is an ancient draft of a best-practises-guideĀ² suggesting that pacakages > > SHOULD handle networking dynamically, but if they do not MUST have a > > dependency on After=network-online.target > > > As far I understand it, handling networking dynamically requires upstream > > code changes (although maybe fairly simple code changes?). > > It does require upstream code changes; not always simple. And it's not > always *correct* to make upstream code changes instead of simply starting > the service when the system is "online"; you can find a number of examples > in Ubuntu of services that it only makes sense to start once your network is > "up" - e.g. apt-daily.service, update-notifier, whoopsie, ... > > > There are issues with the network-online target, to be sure. There is not a > clear definition of the target, and there have definitely been > implementation bugs in what does/does not block the target. I've had > discussions with the Foundations Team in the past about this but it has yet > to result in a specification. > > My working definition of what network-online.target SHOULD mean is: > > - at least one interface is up, with routes > - all interfaces which are 'optional: no' (netplan sense) are up > - including completion of ipv6 RA and ipv4 link-local if enabled on the > interface > - there is a default route for at least one configured address family > - attempts to discover default routes for other configured address families > have completed (success or fail) > - DNS is configured > > Thinks that must not block the network-online target: > - interfaces that are marked 'optional: yes' > - address sources that are listed in 'optional-addresses' for an interface > - default route for an address family for which no interfaces have > addresses > > At least historically, neither networkd nor NetworkManager has fulfilled > this definition. It would be nice to get there, but the first step is > having some agreed definition such as the above so that we can treat > deviations as bugs. >
If netplan.io can implement that would be nice. I.e. either synthetically (i.e. by generating a service unit on the fly that calls systemd-networkd-wait-online with extra arguments specifying all the non-optional interfaces) , or by creating a new binary which is "netplan-wait-online" which will be wanted by network-online.target and perform all of the above. > > It seems unlikely that, whatever we decide, we'll immediately do a full > > sweep of the archive and fix everything, so it looks like our choice is > > between: > > > 1. The long-term goal is to have no After=network-online.target dependencies > > in default boot (stretch goal: in main). Whenever we run into a > > package-fails-if-network-is-not-yet-up bug, we patch the code and submit > > upstream. Over time we audit existing users of After=network-online.target > > and patch them for dynamic networking, as time permits. > > > 2. We don't expect to be able to reach no After=network-online.target > > dependencies in the default boot, so it's not a priority to avoid them. > > Whenever we run into a package-fails-if-network-is-not-yet-up bug, we add an > > After=network-online.target dependency. > > 3. We expect to reach network-online.target in the common case, but accept > that there are systems for which it will ordinarily not be reached on boot > (i.e. offline systems). Services which depend on network-online.target > should be those which it is reasonable to not start if the system is not > connected to the Internet. This includes systems that are connected to a > local network, but have no default route. > So from my point of view a short term fix of like having After=network-online.target or even [Unit] After=systemd-resolved.service [Service] ExecStartPre=-/lib/systemd/systemd-networkd-wait-online --any --timeout 30 Is fine to be SRUed. However, I still have the same question - what if network connectivity drops & gets re-established? Should we bounce the network-online.target (aka restart it)? We can declare for units to be restarted, when network-online.target is restarted, if they otherwise themselves are incapable to dynamically detect networking loss & networking resumption. > > If we use this as the standard, it's easy to see that *in principle* > nfs-utils shouldn't depend on there being a route to the global Internet. > It does, however, at least give us a framework for understanding the > behavior, and for users to modify the behavior if they have different > requirements. > > > None of this makes it any safer for an SRU, since at the end of the day if > users have such a config that is impacted if you set > After=network-online.target for nfs-utils, it would still be a regression. > > -- > Steve Langasek Give me a lever long enough and a Free OS > Debian Developer to set it on, and I can move the world. > Ubuntu Developer https://www.debian.org/ > slanga...@ubuntu.com vor...@debian.org > -- > ubuntu-devel mailing list > ubuntu-devel@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel -- Regards, Dimitri. -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
