[opensuse-factory] can if-up/if-down networking be restored to 13.2 to replace wicked until it's fixed?
Upgrade from 13.1 -> 13.2 removed support for traditional/stable if-up/if-down network control, replacing it with wicked. In 13.2, wicked's currently badly broken; there are existing/critical issues, that prevent production use; those issues include, among mounting others, e.g., (1) tun https://bugzilla.suse.com/show_bug.cgi?id=904903 (2) up/down script usage https://bugzilla.suse.com/show_bug.cgi?id=907215 (3) ipv6 https://bugzilla.suse.com/show_bug.cgi?id=907694 Those issues need fixing, and are getting some attention already. In current state, these network problems leave 13.2 unstable at best, unusable at worst. In 13.1 all the aforementioned issues are not a problem -- everything was working. IMO, disabling working if up/down prior to full-release-vetting of wicked et al is an operational mistake. We'd prefer to stay with 13.2 .... but our available production solutions atm are (1) downgrade 13.2 -> 13.1 (2) switch to a known/working other distribution (Redhat/Centos 7, e.g.) (1) is messy and painful, and functionally regresses many of the OTHER solutions that modern/current 13.2 brings. (2) is what we've done -- currently at all our production/edge boxes. In lieu of immeidate fixes to 13.2, is it possible to reenable 'old' ifup/ifdown networking, disabling wicked, so we can get the distro back to working/production state? Or is wicked simply too wired-into 13.2? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
I have to say, on the laptops which run KDE, using network manager is *great*. It has stabilized and works very well. Not being able to have more than one VPN is a problem, but it's a bit on the esoteric side. That said, wicked has caused me some real pain. On my non-GUI machines (servers, etc), wicked has been a real problem: - No support for if-up/if-down/if-services - Assumes all wireless devices will want to be clients, no ability to just configure the interface so I can run hostapd. - wicked uses the MTU from dhcp, and it can't be over-ridden (my provider chooses a poor MTU which - to date - I've been able to override) - *Weird* problems with routing table when interfaces come up or go down. I have captured at least *three* different routing tables, only one of which is correct, after an interface went down and came up. No amount of massaging seemed to work, and only a reboot seemed to help. Supremely irritating. On my servers, without access to traditional ifup/ifdown, I installed network manager and configured (most!) of the interfaces using the nmtui program (woo! a HUGE improvement in the utility of network manager). For the wireless, I had to figure out three things: 1. how to make network manager ignore interfaces (I chose to ignore by mac addr) 2. how to get udev to trigger a service when an interface becomes available 3. how to write a systemd service to come up/go down the the interface comes up/goes down 4. I had to remember to make sure to run SuSEfirewall2 via dispatcher.d. That this is not the default I consider a significant security hole! Now, if you can believe it, hostapd comes up automatically when the wireless interface (a usb device) appears, and goes away when the interface does. The weird routing problems are gone. I'm dismayed to see that systemd-networkd is not available as an alternative, but at least network manager works well enough. Perhaps using wicked "natively" (using the wicked-specific config files) would have been better, but the integration of wicked and/or the support for "legacy" if-up-style needs improvement. One has to ask if perhaps any efforts there might have been better spent in improving wicked *before* using it to replace an existing system. Summary: wicked *misconfigures* my routes, *mishandles* my wireless devices, and doesn't provide if-up compatibility for my needs. Network Manager gets close enough, configures all of my interfaces properly[1], routes properly, and allows me to override the MTU. [1] I can't seem to make network manager configure the wireless device *without* making it a wireless client or making it an AP. I *just want* to configure it with an IP address. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sat, Nov 29, 2014, at 03:01 PM, Jon Nelson wrote:
I have to say, on the laptops which run KDE, using network manager is *great*.
agreed.
It has stabilized and works very well. Not being able to have more than one VPN is a problem, but it's a bit on the esoteric side.
Not so esoteric, it's a frequent use case here. Which is why laptops have always (prior to 13.2/wicked) been config'd to switch between traditional ifup/down control & NM
I'm dismayed to see that systemd-networkd is not available as an alternative, but at least network manager works well enough.
NM can be made to work in some cases, certainly. Admittedly, it's a far better option than wicked currently is -- at least routing isn't flaky (I see similar issues), and tunnels are reliable. That said, NM is not a robust server solution and, at least here, will never be seen production servers. For all the whining about "global death & destruction" wrought by have systemd forced upon us with little alternative, (personally, I find it very useful), this wicked situation is far, far more destructive from our perspective. At least with systemd on opensuse, there was at a release cycle + where the previous alternative, sysVinit remained available and fully functional. Not so with wicked. Or, afaict. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Noting the lack of info/comment suse/opensuse dev re: plans/progress on (m)any of the wicked related issues since 13.2 release -- either here, wicked list, or @ bugzilla, and taking a look at https://github.com/openSUSE/wicked/issues it's not clear to me what's prioritized, or timeframe for fixes -- soon? next release? never? Since we certainly can't make progress alone in a vaccuum, we're evaluating (comparing to alternatives) ripping wicked out, and reenabling traditional if-up/down network mgmt in an internal fork 13.2+. at best, it looks messy; but, we intend to have a working solution. b4 reinventing the wheel, thought I'd ask in here: is anyone here aware of any work already done in this direction? specifically, removing/replacing wicked with 'old, traditional' networking, either as an optional alternative or a complete replacement? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
* Jon Nelson <jnelson-suse@jamponi.net> [12-01-14 13:24]:
I have to say, on the laptops which run KDE, using network manager is *great*. It has stabilized and works very well. Not being able to have more than one VPN is a problem, but it's a bit on the esoteric side.
That said, wicked has caused me some real pain.
On my non-GUI machines (servers, etc), wicked has been a real problem:
- No support for if-up/if-down/if-services
openSUSE 13.2 # ifup wlp3s0 wlp3s0 up rpm -qf `which ifup` wicked-service-0.6.12-1.1.x86_64 ?? -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 12/01/2014 04:31 PM, Patrick Shanahan wrote:
* Jon Nelson <jnelson-suse@jamponi.net> [12-01-14 13:24]:
I have to say, on the laptops which run KDE, using network manager is *great*. It has stabilized and works very well. Not being able to have more than one VPN is a problem, but it's a bit on the esoteric side.
That said, wicked has caused me some real pain.
On my non-GUI machines (servers, etc), wicked has been a real problem:
- No support for if-up/if-down/if-services
openSUSE 13.2
# ifup wlp3s0 wlp3s0 up
rpm -qf `which ifup` wicked-service-0.6.12-1.1.x86_64
??
Verified here: finger@linux:~/rtl8188eu> sudo ifup enp0s25 wicked: ifup: no matching interfaces Configured here finger@linux:~/rtl8188eu> sudo ifup enp0s25 enp0s25 up finger@linux:~/rtl8188eu> sudo ifdown enp0s25 enp0s25 device-ready finger@linux:~/rtl8188eu> sudo ifup wlp4s0 wlp4s0 up finger@linux:~/rtl8188eu> ping -c 5 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=3.96 ms 64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=2.79 ms 64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=2.60 ms 64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=2.31 ms 64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=2.47 ms --- 192.168.1.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4006ms rtt min/avg/max/mdev = 2.317/2.831/3.962/0.590 ms Larry -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Op maandag 1 december 2014 17:31:58 schreef Patrick Shanahan:
* Jon Nelson <jnelson-suse@jamponi.net> [12-01-14 13:24]:
I have to say, on the laptops which run KDE, using network manager is *great*. It has stabilized and works very well. Not being able to have more than one VPN is a problem, but it's a bit on the esoteric side.
That said, wicked has caused me some real pain.
On my non-GUI machines (servers, etc), wicked has been a real problem:
- No support for if-up/if-down/if-services
openSUSE 13.2
# ifup wlp3s0 wlp3s0 up
rpm -qf `which ifup` wicked-service-0.6.12-1.1.x86_64
??
Easy. The file ifup is present in the package wicked-service. So you still can use the commands ifup, ifdown and other if... commands. Maybe the problem is the dash (-) in the above mentioned commands. -- fr.gr. Freek de Kruijf -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi there, On Tue, 02 Dec 2014, 09:42:43 +0100, Freek de Kruijf wrote:
Op maandag 1 december 2014 17:31:58 schreef Patrick Shanahan:
* Jon Nelson <jnelson-suse@jamponi.net> [12-01-14 13:24]:
I have to say, on the laptops which run KDE, using network manager is *great*. It has stabilized and works very well. Not being able to have more than one VPN is a problem, but it's a bit on the esoteric side.
That said, wicked has caused me some real pain.
On my non-GUI machines (servers, etc), wicked has been a real problem:
- No support for if-up/if-down/if-services
openSUSE 13.2
# ifup wlp3s0 wlp3s0 up
rpm -qf `which ifup` wicked-service-0.6.12-1.1.x86_64
??
Easy. The file ifup is present in the package wicked-service. So you still can use the commands ifup, ifdown and other if... commands. Maybe the problem is the dash (-) in the above mentioned commands.
"normal" ifup/ifdown works, that's not the issue. wicked's ifup and ifdown however have silently removed support for scripts which are executed when an interface comes up or goes down. These scripts are typically stored in the /etc/sysconfig/network/if-{up,down}.d/ directories. Here is an excerpt from the ifup manual page on 13.1: /etc/sysconfig/network/if-{up,down}.d/ Scripts in these directories will be executed when any interface is started, if-up.d, and when any interface is stopped, if-down.d. They have to be exe- cutable and may also be binary. The execution of these programs is controlled by the variables GLOBAL_POST_UP_EXEC and GLOBAL_PRE_DOWN_EXEC in the network configuration file /etc/sysconfig/network/config These are not interface spe- cific, and can have any name. If you need interface/configfile specific scripts to be executed have a look at PRE_UP_SCRIPT, POST_UP_SCRIPT, PRE_DOWN_SCRIPTand POST_DOWN_SCRIPT. HTH, cheers. l8er manfred
On Tue, Dec 2, 2014 at 2:55 AM, Manfred Hollstein <mhollstein@t-online.de> wrote:
"normal" ifup/ifdown works, that's not the issue. wicked's ifup and ifdown however have silently removed support for scripts which are executed when an interface comes up or goes down. These scripts are typically stored in the /etc/sysconfig/network/if-{up,down}.d/ directories. Here is an excerpt from the ifup manual page on 13.1:
That's exactly right, and what I meant to type. I have been away from my computer and unable to respond properly, so thank you for correcting my typo!
/etc/sysconfig/network/if-{up,down}.d/ Scripts in these directories will be executed when any interface is started, if-up.d, and when any interface is stopped, if-down.d. They have to be exe- cutable and may also be binary. The execution of these programs is controlled by the variables GLOBAL_POST_UP_EXEC and GLOBAL_PRE_DOWN_EXEC in the network configuration file /etc/sysconfig/network/config These are not interface spe- cific, and can have any name. If you need interface/configfile specific scripts to be executed have a look at PRE_UP_SCRIPT, POST_UP_SCRIPT, PRE_DOWN_SCRIPTand POST_DOWN_SCRIPT.
-- Jon -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Manfred Hollstein wrote:
Hi there,
On Tue, 02 Dec 2014, 09:42:43 +0100, Freek de Kruijf wrote:
Op maandag 1 december 2014 17:31:58 schreef Patrick Shanahan:
* Jon Nelson <jnelson-suse@jamponi.net> [12-01-14 13:24]:
I have to say, on the laptops which run KDE, using network manager is *great*. It has stabilized and works very well. Not being able to have more than one VPN is a problem, but it's a bit on the esoteric side.
That said, wicked has caused me some real pain.
On my non-GUI machines (servers, etc), wicked has been a real problem:
- No support for if-up/if-down/if-services
openSUSE 13.2
# ifup wlp3s0 wlp3s0 up
rpm -qf `which ifup` wicked-service-0.6.12-1.1.x86_64
??
Easy. The file ifup is present in the package wicked-service. So you still can use the commands ifup, ifdown and other if... commands. Maybe the problem is the dash (-) in the above mentioned commands.
"normal" ifup/ifdown works, that's not the issue. wicked's ifup and ifdown however have silently removed support for scripts which are executed when an interface comes up or goes down. These scripts are typically stored in the /etc/sysconfig/network/if-{up,down}.d/ directories.
This was surely already reported as bug? -- Per Jessen, Zürich (5.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Moin, On Wed, 03 Dec 2014, 12:32:07 +0100, Per Jessen wrote:
Manfred Hollstein wrote: [...]
"normal" ifup/ifdown works, that's not the issue. wicked's ifup and ifdown however have silently removed support for scripts which are executed when an interface comes up or goes down. These scripts are typically stored in the /etc/sysconfig/network/if-{up,down}.d/ directories.
This was surely already reported as bug?
I did not; what I did was to ask on this list if this is known/wanted behaviour: <http://lists.opensuse.org/opensuse-factory/2014-10/msg00685.html>, but did not receive any feedback. So I worked around the issue by creating a systemd file as a work-around. My use-case was actually to add IP aliases to an interface depending on the current role of a system (probably similar to what ipvsadm does, but I invented that for my own purposes long before then; maybe I should look at ipvsadm now...). The issue is not that relevant for me therefore. Cheers. l8er manfred
<grantksupport <at> operamail.com> writes:
Upgrade from 13.1 -> 13.2 removed support for traditional/stable
if-up/if-down network control,
replacing it with wicked.
[...] Any progress on replacing this horrible network management approach? I have only ever used the traditional/stable if-up/if-down network control on my laptop. In previous versions, individuals could chose between a the largely broken NetworkManager and a reliable set of scripts. A horrible decision was made here to force users into a choice between a largely broken NetworkManager and the broken and untested wicked. I highly doubt that anyone has done any serious code review on the project from a security perspective. This alone is reason for me to avoid it for years. Is there a plan to use update-alternatives to offer a choice between the reliable, working set of if-up/if-down network control and the "sexy", non-working wicked? It was a terrible decision to rip out working functionality in the 13.2 distribution without allowing users to have a fallback to a functioning alternative. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
John, On Sun, Feb 01, 2015 at 10:29:07PM +0000, John S wrote:
<grantksupport <at> operamail.com> writes:
Upgrade from 13.1 -> 13.2 removed support for traditional/stable
if-up/if-down network control,
replacing it with wicked.
[...]
Any progress on replacing this horrible network management approach?
If this is about a defect in openSUSE 13.2 please use bugzilla to track the issue. It's also of some value to report the bug IDs back to the general openSUSE lists aka opensuse@opensuse.org No, we don't need 13.2 bug report IDs here. Also ensure to have the recent wicked update installed (0.6.14-4.1).
I have only ever used the traditional/stable if-up/if-down network control on my laptop. In previous versions, individuals could chose between a the largely broken NetworkManager and a reliable set of scripts. A horrible decision was made here to force users into a choice between a largely broken NetworkManager and the broken and untested wicked.
I highly doubt that anyone has done any serious code review on the project from a security perspective. This alone is reason for me to avoid it for years.
I'm using wicked with my openSUSE Factory install and it works reliable. But here the actual use case might make the difference.
Is there a plan to use update-alternatives to offer a choice between the reliable, working set of if-up/if-down network control and the "sexy", non-working wicked?
Please be more productive. Such general criticism - I could even name it FUD ;) - doesn't bring the project forward. Thanks, Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team + SUSE Labs SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
On Tuesday 2015-02-03 10:15, Lars Müller wrote:
Is there a plan to use update-alternatives to offer a choice between the reliable, working set of if-up/if-down network control and the "sexy", non-working wicked?
Please be more productive. Such general criticism - I could even name it FUD ;) - doesn't bring the project forward.
No - stop running a project that shoots people and then calls for the medic. wickedd was dropped onto openSUSE without a release transitional period like we had for kde4, systemd, ... -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (10)
-
Freek de Kruijf -
grantksupport@operamail.com -
Jan Engelhardt -
John S -
Jon Nelson -
Larry Finger -
Lars Müller -
Manfred Hollstein -
Patrick Shanahan -
Per Jessen