[CentOS] Network services start before network is up since migrating to 7.2

Thu Dec 17 15:59:12 UTC 2015
Sylvain CANOINE <sylvain.canoine at tv5monde.org>

Hello James,

> Well it looks like you are using the network service rather than the
> recommended NetworkManager ...
Yes. That's the way our security experts made the models I use to setup my servers.
I'll test a migration to NetworkManager, and take their advice on it.

> The network service is not blocking  the flow so it executes and systemd
> carries on ...
> From the point of view of the system as soon as /etc/init.d/network start
> has been called the service is running as a state... as you can see from
> your logs lots of other services also start before the network interface
> itself is up.
I understand this, but why only on one of my servers ? Is the order the services start only a question of latencies ?

> There's a few of different ways of accomplishing what you want ...
> Keep in mind that you must not edit files in /usr/lib/systemd/ if you want
> to maintain your sanity for future updates... use overrides in
> /etc/systemd/system/foo.service.d
Ok. Thank you for the tip. I'm trying to avoid this workaround, anyway.

> The real reason httpd/sshd/snmpd failed there is that unlike the default
> configuration of these you aren't listening on all addresses (:: or
> but on a specific 172.X address ... which isn't present until the
> network adaptor is up and configured.
It is by design, for security considerations. So I can't make the services listen on all interfaces.

> 3) Provide overrides for each service to order it after
> network-online.target (which is effectively when the non-local IP address
> can be found on the interface) as per the systemd.special man page
> documenting this.
> Look at man systemd.special for more detail on this ...
I'll take a look on this.

> Incidentally I just tried a quick test in a VM and it would appear
> NetworkManager.service completed with an IP on the network interface before
> network.target was considered reached ... you may want to test this on your
> system to see if it's a race condition or it actually works out that way
> for you as a systemctl cat NetworkManager indicates it should be before
> network and it looks like it may block progress until it's on dbus ...
Ok, I'll try, and see if that solves my problem. Thank you.

Sylvain CANOINE.

Pensez ENVIRONNEMENT : n'imprimer que si ncessaire