Summary: | net/kea: new rc script | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Martin Pietsch <pmfoss> | ||||||||||||||||
Component: | Individual Port(s) | Assignee: | Li-Wen Hsu <lwhsu> | ||||||||||||||||
Status: | Closed FIXED | ||||||||||||||||||
Severity: | Affects Only Me | CC: | apevnev, jad, jeff+freebsd, jlduran, lwhsu, pi, pmfoss | ||||||||||||||||
Priority: | --- | ||||||||||||||||||
Version: | Latest | ||||||||||||||||||
Hardware: | Any | ||||||||||||||||||
OS: | Any | ||||||||||||||||||
Attachments: |
|
Description
Martin Pietsch
2019-05-15 10:40:01 UTC
(In reply to Martin Pietsch from comment #0) 1. Regarding the first issue, if you just remove the 'nojail' keyword, are you able to run Kea successfully inside a jail? I am interested in using this approach as well. 2. I do not think this is a future-proof solution. I would suggest fixing keactrl's '-s' switch upstream (I don't think it's working at the moment), altogether with its exit code. As a side note, could you submit your suggestions as a patch (uncompressed)? Thank you! Created attachment 208936 [details]
patch for Kea's rc file without nojail keyword
Created attachment 208937 [details]
Makefile patch of Kea's port to provide a new rc file
Comment on attachment 208936 [details]
patch for Kea's rc file without nojail keyword
--- kea.orig/files/kea.in 2019-11-05 13:39:02.428216863 +0100
+++ kea/files/kea.in 2019-11-05 13:53:53.760854516 +0100
@@ -3,7 +3,7 @@
#
# PROVIDE: kea
# REQUIRE: netif routing
-# KEYWORD: nojail shutdown
+# KEYWORD: shutdown
#
# Add the following to /etc/rc.conf[.local] to enable this service
Comment on attachment 208936 [details]
patch for Kea's rc file without nojail keyword
--- kea.orig/files/kea.in 2019-11-05 13:39:02.428216863 +0100
+++ kea/files/kea.in 2019-11-05 13:53:53.760854516 +0100
@@ -3,7 +3,7 @@
#
# PROVIDE: kea
# REQUIRE: netif routing
-# KEYWORD: nojail shutdown
+# KEYWORD: shutdown
#
# Add the following to /etc/rc.conf[.local] to enable this service
Created attachment 208938 [details]
patch for Kea's rc file without nojail keyword
Created attachment 208939 [details]
pkg-plist patch of Kea's port to provide a new rc file
Created attachment 208940 [details]
new rc file for Kea
I'm sorry the answer took so long. Here are my answers now: Yes, Kea runs very well inside a jail. There is even the possibility to run a HA-cluster with primary, secondary and backup (jail)nodes. My current configuration consists of a primary and secondary node on two machines. But you have to pay attention, if you want run a Kea jail with a virtual network interface that is connected with the real network via NAT and port forwarding. In this case "bootp" requests will not reach the server inside the jail. In order to ensure that "bootp" requests can also be processed by the server, it is necessary to "unhide" the bpf-devices of the jail host for the Kea jail. This is done with the devfs rules. The keyword "nojail" prevents the automatic start of a rc file inside a jail. This is also described in the man page of rc(8) in point 5 of the section "Operation of rc". A service marked with this keywork is not automatically executed when the jail starts. But that is not what I want. So I removed it and everything was well. The patch file "patch-files-kea.in" contains this change. The patch files "patch-Makefile" and "patch-pkg-plist" and the file kea_dhcp4.in are used for my suggestion of a new rc file for Kea. I hope that is right. The patch files "patch-Makefile" and "patch-pkg-plist" and the file kea_dhcp4.in are used for my suggestion of a new rc file for Kea. By linking the rc file kea_dhcp4 to kea_dhcp6, kea_ctrl_agent etc it is possible to start each server individually and to get the correct exit code of them. I hope this is the right way to provide such patches. (In reply to Martin Pietsch from comment #9) Thank you for your explanation. I'll test Kea contained in a jail, that one should be an easy fix. Regarding the other suggestion, splitting the services into individual services (and rc scripts) instead of using keactrl, I still think it's better to fix it upstream. Right now, issuing `keactrl status -s dhcp6`, for example, does not work, as can be seen in the current implementation of keactrl: https://gitlab.isc.org/isc-projects/kea/blob/628d764179824329a5c654d69a9934f174d23e4a/src/bin/keactrl/keactrl.in#L395 The `-s|--server` flag is essentially a NOP. Once this is working, you should be able to control individual servers using this flag regardless of the platform you are running Kea on, and have the appropriate exit code. So I still think you should pursue your suggestion (2) upstream. However, this decision is up to the maintainer. +1 on there being no good reason to prevent running kea in a jail. Kea runs quite well in a jail, either with UDP or raw sockets. It was rather puzzling to wonder why DHCP didn't come back up after a power outage here, after configuring HA, especially as the jails were running. Seems as though you can manually start the service, but it won't start on boot with the `nojail` keyword present. There's not a good reason I can think of to prevent it from running in a jail. If your'e trying to run it with raw sockets, well, read the jail and devfs man pages. I think that the rc script should also have NETWORK in its PROVIDE. Other wise (in my case) kea-dhcp6 will not start at boot. (In reply to jad from comment #12) Sorry that should be in its REQUIRE not PROVIDE Created attachment 218091 [details]
add require NETWORK, remove nojail
Let's fix this one.
This is fixed in ports 5d3a48d7fef24a13a831425e53ee8fc466e88872 |