[PVE-User] Interfaces startup and ip-up.d scripts...

dORSY dorsyka at yahoo.com
Fri May 18 17:38:56 CEST 2018 

 
"So, now i cannot play with networking. ;-)"
Then don't play with them. Simply use the "old-school" working post-up and pre-down directives for the interfaces. As we all linux admins do for ages. And use built-in firewall tools (iptables/netfilter-persistent or proxmox's fireall or anything coming as a debian package) All in all proxmox5 is debian9 and works exactly as one :).

    On Friday, 18 May 2018, 17:23:20 CEST, Marco Gaiarin <gaio at sv.lnf.it> wrote:  
 
 Mandi! Josh Knight
  In chel di` si favelave...

> Interesting, I couldn't reproduce the problem on my server.

I'm not a very large user case: i've many PVE system, but they are 4.4
and not ''firewalled'', this is a 5.2 and a case ''per se''...

> I set
> verbose=yes, I created a test script that simply did echo $IFACE and after
> 3 reboots it seems to execute each time. After boot I just did  journalctl
> -b | grep ifup  and I was able to see the interface names printed.

Boh...


> in journalctl -b, are you seeing anything related to run-parts? Or does
> ifup not print anything at all?

In a ''falied'' boot i can se the logs for interfaces 'lo' and '--all'
(why '--all'?). Logs report, for every interface:
    /bin/ip link set dev <iface> up
and then the run of the 'run-parts':
    run-parts: executing /etc/network/if-up.d/0sysctl
and the the single runs of the scripts:
    run-parts: executing /etc/network/if-up.d/bridgevlan

In a good boot, i can se the logs for interfaces 'lo', 'vmbr0', 'vmbr1'
and '--all''. Same logs.


> Is your firewall script using anything interface specific?  If you put it
> in that directory, it will be executed for each interface. 

My script are parametrizied, and get runned only on particular
interfaces.


> I'm curious if
> you add a post-up line to your /etc/network/interfaces file, it would be
> called only once when your mgt interface comes up.

I was short on time, and so i was forced to put that server
in production, in a non too easy reachable place.

So, now i cannot play with networking. ;-)

-- 
dott. Marco Gaiarin                        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG  -  Via della Bontà, 7 - 33078  -  San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it  t +39-0434-842711  f +39-0434-842797

        Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
    (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
_______________________________________________
pve-user mailing list
pve-user at pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

More information about the pve-user mailing list