starting Fedora Server SIG

Les Mikesell lesmikesell at gmail.com
Thu Nov 13 19:29:17 UTC 2008 

Dan Williams wrote:
> 
>> Dan Horák wrote:
>>> Chris Adams píše v Čt 13. 11. 2008 v 10:02 -0600:
>>>> Once upon a time, Dan Williams <dcbw at redhat.com> said:
>>>>> You can certainly disable NetworkManager and use manual configuration of
>>>>> your network devices.
>>>> For how long?  I thought I'd read that the plan was to use NM for
>>>> everything and eliminate /etc/init.d/network.
>>> We will keep/maintain /etc/init.d/network forever :-) They don't
>>> conflict, so there is no reason to completely drop the old method.
>> Who wins if they both want to set the default route and DNS servers? 
> 
> If two equal class devices (ethernet > wifi > mobile broadband) are
> capable of being the default route, the one detected earliest from HAL
> wins.

OK, what does HAL know about multi-homed servers?  And by the way, a 
common scenario with servers is to clone them with image copies.  How do 
I establish which interface is which when the drive boots in hardware 
that is identical except for the NIC mac addresses?

> The default device's DNS information gets added first, and each active
> device's DNS information is appended.

That sounds like the worst possible scenario.  I'd more likely want the 
latest device activated to be the first choice or not included at all, 
depending on what is really going on.

> Thus you can certainly get more
> than 3 nameservers in /etc/resolv.conf, but 3 is all that the glibc
> resolver allows. 

If these are dynamically added, are they tracked and removed as the 
corresponding interfaces go down?

> In the future we can resurrect caching nameserver to
> support split DNS, but that's based on _domain name_, not IP address, so
> the best solution there, by default (but allow manual override) is to
> use the DHCP-returned search domains (if any) as the domains to split
> DNS for.

There are too many possibilities to even guess at how to intertwine 
multiple DNS servers.  The main thing I'd want is a yes or no option on 
whether to install them if offered by DHCP.  The DNS servers themselves 
may need local zone files and forwarders specified for public lookups.

>> Chances are that if you have a working statically assigned interface you 
>> would not want to switch them to subsequent DHCP assigned NIC - but on 
>> the other hand if you bring up a VPN tunnel, you might.  And does NM 
> 
> Why's that?

My scenario is where servers have multiple NICs to talk to the direct 
neighbors on each subnet that intentionally don't route to each other or 
where you want to isolate the traffic.  For example, I run OpenNMS on an 
internal server that has static routing on the interfaces where I want 
it, but it also picks up a DHCP address from an otherwise isolated 
subnet so it can monitor those devices.  The DHCP server offers a 
default route and DNS servers but if those are installed, I can't reach 
my internal network.

>> know enough to drop routes through an interface that is physically down 
>> (no link, not ifdown) statically assigned or not?
> 
> If the interface is physically down, NM will deactivate the connection
> and addresses and routes get flushed.  Fine-grained modification of
> device parameters and configuration while the interface is
> down/disconnected isn't supported and likely won't be.

So you can alternate between several ethernet and wireless interfaces 
and as long as one is active everything will be happy?  That's not a 
typical server scenario, but a good thing to have.  Does route removal 
for down interface propagate so routing protocols (quagga) know to 
remove them from the advertised set?

> I tend to think there will be a place for manual network configuration
> for a long time (no matter what jeremy says :), because there are some
> situations that are just too borderline to support in the short term, or
> are sufficiently borderline that the maintenance cost of adding the
> feature outweighs the benefit of the feature in the first place.
> There's always a tradeoff to feature addition.

There is no way any software could guess the correct configuration for 
my multihomed machines and I don't think my dns servers could be 
automatically constructed either.  If you think otherwise, consider 
situations where everything is firewalled and you have a lot of wires 
connected.  But I'd be happy if I knew how to pre-configure some file 
that would be associated with a known interface when I swap disks among 
different servers or image copy and ship them out.

-- 
    Les Mikesell
      lesmikesell at gmail.com

More information about the fedora-devel-list mailing list