On 20 Dec 2017 04:54, "Gordon Messmer" <gordon.messmer(a)gmail.com> wrote:
On 12/19/2017 04:46 PM, Sam Varshavchik wrote:
That's the big picture. And looks like it's completely impossible to do
that, in stock Fedora.
Right now, yes. And that's completely and entirely down to NetworkManager
bringing interfaces up in an event-driven fashion, when link is detected.
Nothing at all to do with systemd.
You're right this has nothing to do with systemd ... and it's honestly a
difficult problem to solve within NM without risking a system that fails to
boot at all without a network detected online.
It is worth looking into how we might improve the nm-online behaviour
In the meanwhile when there are services that require binding to a specific
address and it's possible that address hasn't yet arrived on the system
there is a better way to handle it, one which is well tested as it's
frequently used with software for high availability such as keepalived ...
There is an option when creating a socket called FREEBIND which allows
binding too an address not present in the system.
This is required to be set during the actual binding of the socket by the
For applications using a systemd socket this is as simple as setting
Freebind=true in the .socket file.
For other applications there may be a configuration option or command
argument to enable it. Consider filing upstream bugs where you want this
possible with an application. For example haproxy has this as optional
For applications where this is not an option there is a sledgehammer
approach at the kernel level to enable this behaviour on all socket binds
via the sysctl
Also consider if you *really need* that specific IP bind as binding to
0.0.0.0 or :: and using firewall rules to allow or prevent access per
interface will never face this problem.