Help with systemd service files

[Lennart Poettering]

On Mon, 10.10.11 23:06, Reindl Harald (h.reindl at thelounge.net) wrote:

> 
> 
> Am 10.10.2011 20:27, schrieb Lennart Poettering:
> > Unless really necessary please drop After=network.target. Applications
> > that just bind on 0.0.0.0 don't need to synchronize on the network.
> 
> more general as question to the topic:
> 
> how we do know exactly if they really bind to 0.0.0.0 if the user
> can configure services? i tried to remove this from httpd.service
> on F15 some minutes ago and if there are ssl-hosts configured httpd
> fails to start
> 
> what about bind to 127.0.0.1 and using "classical network (ifcfg-ethx)"
> is it safe to remove After=network.target in this case?

systemd guarantees you that 0.0.0.0 and 127.0.0.1 are always bindable
(and the IPv6 equivalents, too). To ensure this we'll actually configure
the loopback device very very early at boot already.

My recommendation to make services which are configured to listen on a
specific static IP address robust against dynamic network changes is to
make use of the IP_FREEBIND feature of the Linux kernel:

#include <netinet/ip.h>
#ifdef IP_FREEBIND
{
        int one = 1;
        setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one);
}
#endif

It's a two line change that allows servers to bind to addresses that are
not configured locally, thus making them independent from the fact that
a network interface is up or down or configured or in whatever state it
might be.

So, as long as you only bind on 0.0.0.0 or 127.0.0.1, or you use
IP_FREEBIND you can entirely remove any dependency on network.target --
under the condition you only serve stuff, but are not a network client
of your own.

Of course, using IP_FREEBIND might hide configuration errors. But given
that dynamic network changes are common, and problems related to this
still easy to detect I'd recommend everybody to set IP_FREEBIND if he
listens on a user-configured IP address.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.