Bug#818978: New issues with bridges in Debian Jessie/Stretch

Maciej Delmanowski drybjed at drybjed.net
Tue Feb 28 15:49:28 GMT 2017 

On Feb 28, Michael Biebl wrote:
> You can still use "ifdown br0" and "ifup br0" if this an auto interface.
> But I get your point, that then the resulting processes are no longer
> part of networking.service or a specific cgroup which can be used to
> reliably kill all process started by ifup.

Yes, they end up in current user's session CGroup. If 'systemd' is configured
to kill user processes after logout, this would result in even more broken
configuration.

> I think, one solution for this would be, if ifupdown would use
> ifup at .service for auto interfaces as well, and networking.service would
> simply become a wrapper/dummy service/target which simply triggers the
> start of all auto interfaces as instances of ifup at .service.

That would be fantastic, my wrapper wouldn't be needed in this case.

> This is something for stretch+1 though.

Yes, I know, and I'm fine with it. Debian Stable is the main targed of my
project, so I will still need to have a solution for this issue for some time.

> specifically After=sys-subsystem-net-devices-%i.device which means the
> ifup at .service instance needs to be started after the device has been
> created.
> 
> You already found that out yourself and Guus also confirmed it, that if
> you use allow-hotplug, you need to make sure that the device is created
> by something else

I'm trying to avoid modification of the files included in Debian package to
be able to get upgrades, so I don't want to mess with 'ifup at .service'
directly. What to do, what to do...

Can 'systemd' instance units pass the "instance name" to other units that
register themselves as dependencies of them? To explain a bit better, I'm
thinking about 'ifup-bridge-wrapper at .service' unit which would get the
instance id from 'ifup at .service', check if it's a bridge in
'/etc/network/interfaces' and create it if it doesn't exist. That way usage of
'systemctl <start|stop> ifup at .service' would be preserved, and the wrapper
could be extended to other interface types if necessary.

Another solution that comes to mind would be to create a separate
'ifup-bridge at .service' that creates the bridge and runs the 'ifup' command the
same as 'ifup at .service'. But that would leave the 'systemctl <start|stop>
ifup at .service' in a broken state, so I would want to avoid it.

I suppose that there's also an option of overloading the 'ifup at .service'
ExecStart= parameter using '/etc/systemd/system/ifup at .service.d/' directory
but I'm not sure if this works for instanced units, and if 'systemd' will let
me overload ExecStart.

Well, I'll explore some possibilites for this soon, this issue breaks a few
things in my project so it should be handled quickly.

Thanks for your help,
Maciej
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 585 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20170228/efddfdf0/attachment-0002.sig>

More information about the Pkg-systemd-maintainers mailing list