[CentOS] Cemtos 7 : Systemd alternatives ?

classic Classic list List threaded Threaded
260 messages Options
1234 ... 13
Reply | Threaded
Open this post in threaded view
|

[CentOS] Cemtos 7 : Systemd alternatives ?

Always Learning-3
Reading about systemd, it seems it is not well liked and reminiscent of
Microsoft's "put everything into the Windows Registry" (Win 95 onwards).

Is there a practical alternative to omnipresent, or invasive, systemd ?

--
Regards,

Paul.
England, EU.

   Centos, Exim, Apache, Libre Office.
   Linux is the future. Micro$oft is the past.

_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Robert Moskowitz

On 07/07/2014 07:47 PM, Always Learning wrote:
> Reading about systemd, it seems it is not well liked and reminiscent of
> Microsoft's "put everything into the Windows Registry" (Win 95 onwards).
>
> Is there a practical alternative to omnipresent, or invasive, systemd ?
>
So you are following the thread on the Fedora list?  I have been
ignoring it.

Best I can tell is learn it and use it.  And if you have any services,
fix them so that they work with systemd.  I work with one that does not
and it is very slow to complete its startup.


_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Scott Robbins
In reply to this post by Always Learning-3
On Tue, Jul 08, 2014 at 12:47:38AM +0100, Always Learning wrote:
> Reading about systemd, it seems it is not well liked and reminiscent of
> Microsoft's "put everything into the Windows Registry" (Win 95 onwards).
>
> Is there a practical alternative to omnipresent, or invasive, systemd


To the tune of YMCA

Young man, you don't like systemd
Oh young man, you get no sympathy
Young man, you will find that your luck
Is slowly running out with Linux

So young man, if you want to stick
To something, that more resembles Unix
And young man, if you want to sing
Goodbye to Poettering,

(bah bah bah bah)

FreeeeeeeeeBSD  (yeah yeah yeah)
FreeeeeeeeeBSD


etc.  I just made this up at work today, and that's as far as I got.



--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Always Learning-3
In reply to this post by Robert Moskowitz

On Mon, 2014-07-07 at 20:46 -0400, Robert Moskowitz wrote:

> On 07/07/2014 07:47 PM, Always Learning wrote:
> > Reading about systemd, it seems it is not well liked and reminiscent of
> > Microsoft's "put everything into the Windows Registry" (Win 95 onwards).
> >
> > Is there a practical alternative to omnipresent, or invasive, systemd ?

> So you are following the thread on the Fedora list?  I have been
> ignoring it.

No. I read some of
http://www.phoronix.com/scan.php?page=news_topic&q=systemd

The systemd proponent, advocate and chief developer? wants to
abolish /etc and /var in favour of having the /etc and /var data
in /usr.

Seems a big revolution is being forced on Linux users when stability and
the "same old familiar Linux" is desired by many, including me.

> Best I can tell is learn it and use it.  And if you have any services,
> fix them so that they work with systemd.  I work with one that does not
> and it is very slow to complete its startup.

I was keenly waiting to upgrade to C7. Perhaps I'll upgrade to C6 and
retain familiar Linux.


--
Regards,

Paul.
England, EU.

   Centos, Exim, Apache, Libre Office.
   Linux is the future. Micro$oft is the past.

_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Always Learning-3
In reply to this post by Scott Robbins

On Mon, 2014-07-07 at 20:59 -0400, Scott Robbins wrote:

> On Tue, Jul 08, 2014 at 12:47:38AM +0100, Always Learning wrote:
> > Reading about systemd, it seems it is not well liked and reminiscent of
> > Microsoft's "put everything into the Windows Registry" (Win 95 onwards).
> >
> > Is there a practical alternative to omnipresent, or invasive, systemd


> To the tune of YMCA
>
> Young man, you don't like systemd
> Oh young man, you get no sympathy
> Young man, you will find that your luck
> Is slowly running out with Linux
>
> So young man, if you want to stick
> To something, that more resembles Unix
> And young man, if you want to sing
> Goodbye to Poettering,
>
> (bah bah bah bah)
>
> FreeeeeeeeeBSD  (yeah yeah yeah)
> FreeeeeeeeeBSD
>
>
> etc.  I just made this up at work today, and that's as far as I got.

Ah, a Broadway musical next ?  :-)

I'm an old man who remembers multics, GECOS/GCOS and the 'B' programming
language.

Is FeeBSD systemd-less ?  Got a FreeBSD manual.


--
Regards,

Paul.
England, EU.

   Centos, Exim, Apache, Libre Office.
   Linux is the future. Micro$oft is the past.

_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

David Both
In reply to this post by Robert Moskowitz


On 07/07/2014 08:46 PM, Robert Moskowitz wrote:

> On 07/07/2014 07:47 PM, Always Learning wrote:
>> Reading about systemd, it seems it is not well liked and reminiscent of
>> Microsoft's "put everything into the Windows Registry" (Win 95 onwards).
>>
>> Is there a practical alternative to omnipresent, or invasive, systemd ?
>>
> So you are following the thread on the Fedora list?  I have been
> ignoring it.
>
> Best I can tell is learn it and use it.  And if you have any services,
> fix them so that they work with systemd.  I work with one that does not
> and it is very slow to complete its startup.
>
As far as I know there is no going back to SystemV at this point and I am fine
with that.

systemd is just fine. It has been around on Fedora for a few releases now. It is
quite compatible with old SystemV start scripts and systemd simply uses the
SystemV start scripts as configuration files to start those services.

What you are probably seeing is the result of a side effect of the new systemd
strategy. systemd only starts services when they are actually needed. systemd
does this by simply creating a socket on which it listens for requests for that
service. The service is only started when a request is made to that socket. Of
course some services are up and running from the beginning, but those not needed
are left to load and start when a request is made on the socket for that
service. So the delay in starting your SystemV service means that your service
is waiting for a reply from a service on which it depends and which has not yet
been started. systemd receives the request from your service on the socket
intended for the service yours is requesting. systemd then starts that service
and returns the result - after a bit of a delay - to your SystemV service. After
the first request to the systemd managed service, there should be no further
delays. Unless the service is seldom used and systemd determines it can remove
the service from memory with minimal impact.

I like systemd a lot. I still like SystemV a lot, too.

I have a page on one of my web sites that does not explain systemd, but rather
provides a number of very good links that do explain it - in morbid detail.
These links also discuss the philosophy behind the change. Good reading!

http://www.databook.bz/?page_id=2578

The latest Fedora documentation has good information about using systemd to
manage services and managing and configuring systemd itself.

> _______________________________________________
> CentOS mailing list
> [hidden email]
> http://lists.centos.org/mailman/listinfo/centos
>
> --
>
>
> *********************************************************
> David P. Both, RHCE
> Millennium Technology Consulting LLC
> 919-389-8678
>
> [hidden email]
>
> www.millennium-technology.com
> www.databook.bz - Home of the DataBook for Linux
> DataBook is a Registered Trademark of David Both
> *********************************************************
> This communication may be unlawfully collected and stored by the National Security Agency (NSA) in secret. The parties to this email do not consent to the retrieving or storing of this communication and any related metadata, as well as printing, copying, re-transmitting, disseminating, or otherwise using it. If you believe you have received this communication in error, please delete it immediately.
>
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Scott Robbins
In reply to this post by Always Learning-3
On Tue, Jul 08, 2014 at 02:26:59AM +0100, Always Learning wrote:

>
> On Mon, 2014-07-07 at 20:59 -0400, Scott Robbins wrote:
>
> > To the tune of YMCA
> >
> > So young man, if you want to stick
> > To something, that more resembles Unix
> > And young man, if you want to sing
> > Goodbye to Poettering,
> >
> > (bah bah bah bah)
> >
> > FreeeeeeeeeBSD  (yeah yeah yeah)
> > FreeeeeeeeeBSD
> >
> >
> > etc.  I just made this up at work today, and that's as far as I got.
>
> Ah, a Broadway musical next ?  :-)
>
> I'm an old man who remembers multics, GECOS/GCOS and the 'B' programming
> language.
>
> Is FeeBSD systemd-less ?  Got a FreeBSD manual.

No systemd in FreeBSD.  It isn't Linux, and like any O/S, has its own
oddities.  

It would take more adjustment, IMHO, to go from CentOS 6.x to FreeBSD than
to go to 7.x.  (I'm saying this as someone who uses both FreeBSD and
Fedora which has given a hint of what we'll see in CentOS 7.)


--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Always Learning-3

On Mon, 2014-07-07 at 21:34 -0400, Scott Robbins wrote:

> No systemd in FreeBSD.  It isn't Linux, and like any O/S, has its own
> oddities.  
>
> It would take more adjustment, IMHO, to go from CentOS 6.x to FreeBSD than
> to go to 7.x.  (I'm saying this as someone who uses both FreeBSD and
> Fedora which has given a hint of what we'll see in CentOS 7.)

Thanks. I've deployed C 5.10 and C 6.5. Thought I'll play with C 7.

I notice, from http://wiki.centos.org/Manuals/ReleaseNotes/CentOS7, the
apparent replacement of IPtables by firewalld

https://fedoraproject.org/wiki/FirewallD


--
Regards,

Paul.
England, EU.

   Centos, Exim, Apache, Libre Office.
   Linux is the future. Micro$oft is the past.

_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Russell Miller
In reply to this post by Scott Robbins

On Jul 7, 2014, at 6:34 PM, Scott Robbins <[hidden email]> wrote:
>
> No systemd in FreeBSD.  It isn't Linux, and like any O/S, has its own
> oddities.  
>
> It would take more adjustment, IMHO, to go from CentOS 6.x to FreeBSD than
> to go to 7.x.  (I'm saying this as someone who uses both FreeBSD and
> Fedora which has given a hint of what we'll see in CentOS 7.)
>

That's a good point.  Systemd may be the "abomination of desolation" that
causes me to finally start moving to a BSD variant.  Or at least start looking at one.

And I chose the word "abomination" carefully and deliberately.  And I also chose
the Biblical allegory very deliberately.  Just as the "abomination of desolation" is
that which will portend the end of the world, systemd is the "abomination of desolation"
that will portend the beginnings of the destruction of the Linux most of us hold dear.

But that's not why I mentioned this... I'd never thought of BSDs before, but considering
heartbleed and how OpenBSD forked LibreSSL and is taking security very seriously,
it's actually something I am going to give a great deal of consideration to.

I've been a Linux admin for nearly 20 years now - I was around when it was 0.99 and
everyone was cheering about it being POSIX finally.  Maybe it's just time to move on.

--Russell
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Ljubomir Ljubojevic-2
In reply to this post by Always Learning-3
On 07/08/2014 03:41 AM, Always Learning wrote:

>
> On Mon, 2014-07-07 at 21:34 -0400, Scott Robbins wrote:
>
>> No systemd in FreeBSD.  It isn't Linux, and like any O/S, has its own
>> oddities.  
>>
>> It would take more adjustment, IMHO, to go from CentOS 6.x to FreeBSD than
>> to go to 7.x.  (I'm saying this as someone who uses both FreeBSD and
>> Fedora which has given a hint of what we'll see in CentOS 7.)
>
> Thanks. I've deployed C 5.10 and C 6.5. Thought I'll play with C 7.
>
> I notice, from http://wiki.centos.org/Manuals/ReleaseNotes/CentOS7, the
> apparent replacement of IPtables by firewalld
>
> https://fedoraproject.org/wiki/FirewallD
>
>

Check "Static_Firewall" Chapter:
https://fedoraproject.org/wiki/FirewallD#Static_Firewall_.28system-config-firewall.2Flokkit.29

and one below it. You can have iptables rules and also rules from
system-config-firewall

--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

StarOS, Mikrotik and CentOS/RHEL/Linux consultant
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Johnny Hughes
In reply to this post by Always Learning-3
On 07/07/2014 06:47 PM, Always Learning wrote:
> Reading about systemd, it seems it is not well liked and reminiscent of
> Microsoft's "put everything into the Windows Registry" (Win 95 onwards).
>
> Is there a practical alternative to omnipresent, or invasive, systemd ?
>

The answer to this is no, replacing systemd with something else is just
way to invasive.

Since new versions of CentOS, Ubuntu, Debian, RHEL, Fedora, OpenSUSE,
Arch, Mageia and other Linux distros are all switching to systemd as the
default .. I would suggest that learning how to use it is going to be
the way to go.

Of course, there are alternatives, including using CentOS-6 until 2020.




_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Frantisek Hanzlik
Johnny Hughes wrote:

> On 07/07/2014 06:47 PM, Always Learning wrote:
>> Reading about systemd, it seems it is not well liked and reminiscent of
>> Microsoft's "put everything into the Windows Registry" (Win 95 onwards).
>>
>> Is there a practical alternative to omnipresent, or invasive, systemd ?
>>
>
> The answer to this is no, replacing systemd with something else is just
> way to invasive.
>
> Since new versions of CentOS, Ubuntu, Debian, RHEL, Fedora, OpenSUSE,
> Arch, Mageia and other Linux distros are all switching to systemd as the
> default .. I would suggest that learning how to use it is going to be
> the way to go.

I just hope that the distribution of implementing systemd are not so
shortsighted (or rather pushing force) as Fedora/RHEL and besides him also
offer other alternative (OpenRC is IMO very good candidate, although
with sysvinit and upstart I was also satisfied - both did _reliably_
their jobs).

Franta Hanzlik

_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Ned Slider
In reply to this post by Always Learning-3
On 08/07/14 02:22, Always Learning wrote:

>
> On Mon, 2014-07-07 at 20:46 -0400, Robert Moskowitz wrote:
>
>> On 07/07/2014 07:47 PM, Always Learning wrote:
>>> Reading about systemd, it seems it is not well liked and reminiscent of
>>> Microsoft's "put everything into the Windows Registry" (Win 95 onwards).
>>>
>>> Is there a practical alternative to omnipresent, or invasive, systemd ?
>
>> So you are following the thread on the Fedora list?  I have been
>> ignoring it.
>
> No. I read some of
> http://www.phoronix.com/scan.php?page=news_topic&q=systemd
>
> The systemd proponent, advocate and chief developer? wants to
> abolish /etc and /var in favour of having the /etc and /var data
> in /usr.
>
> Seems a big revolution is being forced on Linux users when stability and
> the "same old familiar Linux" is desired by many, including me.
>

It's already started. Some configs have already moved from /etc to /usr
under el7.

Whilst I'm as resistant to change as the next man, I've learned you
can't fight it so best start getting used to it ;-)

>> Best I can tell is learn it and use it.  And if you have any services,
>> fix them so that they work with systemd.  I work with one that does not
>> and it is very slow to complete its startup.
>
> I was keenly waiting to upgrade to C7. Perhaps I'll upgrade to C6 and
> retain familiar Linux.
>
>

_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Scott Robbins
In reply to this post by Russell Miller
On Mon, Jul 07, 2014 at 06:50:21PM -0700, Russell Miller wrote:

>
> On Jul 7, 2014, at 6:34 PM, Scott Robbins <[hidden email]> wrote:
> >
> > No systemd in FreeBSD.  It isn't Linux, and like any O/S, has its own
> > oddities.  
> >
> > It would take more adjustment, IMHO, to go from CentOS 6.x to FreeBSD than
> > to go to 7.x.  (I'm saying this as someone who uses both FreeBSD and
> > Fedora which has given a hint of what we'll see in CentOS 7.)
> >
>
> That's a good point.  Systemd may be the "abomination of desolation" that
> causes me to finally start moving to a BSD variant.  Or at least start looking at one.

Y'know, I was considered a troll when I said on Fedora forums that systemd
going into server systems might start driving people away from RH to the
BSDs.  (And to be honest, I was being trollish there, in a friendly way--in
the same way at work I'll say something about Arch loudly enough for our
Arch lover to hear.)  

Now that it's insinuated itself in the RHEL system, I do wonder if it is
going to start driving people away.  In many ways, IMHO, RH has become the
Windows of Linux, with no serious competitors, at least here in the US.
Sure, some companies use something else, but when I had to job hunt last
year, 90-95 percent of the Linux admin jobs were for RedHat/CentOS/OEL/SL
admins.


--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Dennis Jacobfeuerborn
In reply to this post by Ljubomir Ljubojevic-2
On 08.07.2014 09:12, Ljubomir Ljubojevic wrote:

> On 07/08/2014 03:41 AM, Always Learning wrote:
>>
>> On Mon, 2014-07-07 at 21:34 -0400, Scott Robbins wrote:
>>
>>> No systemd in FreeBSD.  It isn't Linux, and like any O/S, has its own
>>> oddities.  
>>>
>>> It would take more adjustment, IMHO, to go from CentOS 6.x to FreeBSD than
>>> to go to 7.x.  (I'm saying this as someone who uses both FreeBSD and
>>> Fedora which has given a hint of what we'll see in CentOS 7.)
>>
>> Thanks. I've deployed C 5.10 and C 6.5. Thought I'll play with C 7.
>>
>> I notice, from http://wiki.centos.org/Manuals/ReleaseNotes/CentOS7, the
>> apparent replacement of IPtables by firewalld
>>
>> https://fedoraproject.org/wiki/FirewallD
>>
>>
>
> Check "Static_Firewall" Chapter:
> https://fedoraproject.org/wiki/FirewallD#Static_Firewall_.28system-config-firewall.2Flokkit.29
>
> and one below it. You can have iptables rules and also rules from
> system-config-firewall
>

If you want to avoid firewalld for now you can uninstall it and instead
install the iptables-services package. This replaces the old init
scripts and provides an "iptables" systemd unit file that starts and
stops iptables and if you require the old "service iptables save"
command you can reach that using "/usr/libexec/iptables/iptables.init".

Also if you want to keep NetworkManager on a Server you can install the
NetworkManager-config-server package. This only contains a config chunk
with two settings:
no-auto-default=*
ignore-carrier=*

With this package installed you get a more traditional handling of the
network. Interfaces don't get shutdown when the cable is pulled, no
automatic configuration of unconfigured interfaces and no automatic
reload of configuration files (the last one doesn't require the package
and is now the NetworkManager default behaviour).

Regards,
  Dennis

_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Dennis Jacobfeuerborn
In reply to this post by Scott Robbins
On 08.07.2014 13:57, Scott Robbins wrote:

> On Mon, Jul 07, 2014 at 06:50:21PM -0700, Russell Miller wrote:
>>
>> On Jul 7, 2014, at 6:34 PM, Scott Robbins <[hidden email]> wrote:
>>>
>>> No systemd in FreeBSD.  It isn't Linux, and like any O/S, has its own
>>> oddities.  
>>>
>>> It would take more adjustment, IMHO, to go from CentOS 6.x to FreeBSD than
>>> to go to 7.x.  (I'm saying this as someone who uses both FreeBSD and
>>> Fedora which has given a hint of what we'll see in CentOS 7.)
>>>
>>
>> That's a good point.  Systemd may be the "abomination of desolation" that
>> causes me to finally start moving to a BSD variant.  Or at least start looking at one.
>
> Y'know, I was considered a troll when I said on Fedora forums that systemd
> going into server systems might start driving people away from RH to the
> BSDs.  (And to be honest, I was being trollish there, in a friendly way--in
> the same way at work I'll say something about Arch loudly enough for our
> Arch lover to hear.)  
>
> Now that it's insinuated itself in the RHEL system, I do wonder if it is
> going to start driving people away.  In many ways, IMHO, RH has become the
> Windows of Linux, with no serious competitors, at least here in the US.
> Sure, some companies use something else, but when I had to job hunt last
> year, 90-95 percent of the Linux admin jobs were for RedHat/CentOS/OEL/SL
> admins.

That presumes that your conservative attitude is the majority opinion
though. Systemd is one of the features that I have been looking forward
to in CentOS 7 because of the new capabilities it provides so while this
will surely drive some people away it will actually attract others and
if you think that this will lead to some sort of great exodus then I
think you are mistaken. Not everybody is this uncomfortable with change.

Regards,
  Dennis
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

David Both
In reply to this post by Dennis Jacobfeuerborn
I still prefer IPTables, so in Fedora I simply disabled firewalld and enabled
IPTables. No need to uninstall. I have read that IPTables will continue to be
available alongside firewalld for the unspecified future.

Note that IPTables rule syntax and structure have evolved so your ruleset may
need to be updated. I did find that the current version of IPTables will
actually convert old rulesets on the fly, at least as far as the syntax of the
individual rules is concerned. From there you can simply use iptables-save to
save the converted ruleset.

One of the items on my tudo list is to learn firewalld. The switch from ipchains
took a bit of learning and I expect this switch will as well.

One of the stated reasons for firewalld is that dynamic rule changes do not
clear the old rules before loading the new ones, to paraphrase, "where IPTables
does." If true, that would leave a very small amount of time in which the host
would be vulnerable. I have no desire to peruse the source code to determine the
veracity of that statement, so if there is someone here who could verify that
changing the rules in IPTables, whether using the iptables command or the
iptables-restore command, I would be very appreciative. No need to go to any
trouble to locate that answer as I am merely curious.

Thanks!


On 07/08/2014 08:00 AM, Dennis Jacobfeuerborn wrote:

> On 08.07.2014 09:12, Ljubomir Ljubojevic wrote:
>> On 07/08/2014 03:41 AM, Always Learning wrote:
>>> On Mon, 2014-07-07 at 21:34 -0400, Scott Robbins wrote:
>>>
>>>> No systemd in FreeBSD.  It isn't Linux, and like any O/S, has its own
>>>> oddities.
>>>>
>>>> It would take more adjustment, IMHO, to go from CentOS 6.x to FreeBSD than
>>>> to go to 7.x.  (I'm saying this as someone who uses both FreeBSD and
>>>> Fedora which has given a hint of what we'll see in CentOS 7.)
>>> Thanks. I've deployed C 5.10 and C 6.5. Thought I'll play with C 7.
>>>
>>> I notice, from http://wiki.centos.org/Manuals/ReleaseNotes/CentOS7, the
>>> apparent replacement of IPtables by firewalld
>>>
>>> https://fedoraproject.org/wiki/FirewallD
>>>
>>>
>> Check "Static_Firewall" Chapter:
>> https://fedoraproject.org/wiki/FirewallD#Static_Firewall_.28system-config-firewall.2Flokkit.29
>>
>> and one below it. You can have iptables rules and also rules from
>> system-config-firewall
>>
> If you want to avoid firewalld for now you can uninstall it and instead
> install the iptables-services package. This replaces the old init
> scripts and provides an "iptables" systemd unit file that starts and
> stops iptables and if you require the old "service iptables save"
> command you can reach that using "/usr/libexec/iptables/iptables.init".
>
> Also if you want to keep NetworkManager on a Server you can install the
> NetworkManager-config-server package. This only contains a config chunk
> with two settings:
> no-auto-default=*
> ignore-carrier=*
>
> With this package installed you get a more traditional handling of the
> network. Interfaces don't get shutdown when the cable is pulled, no
> automatic configuration of unconfigured interfaces and no automatic
> reload of configuration files (the last one doesn't require the package
> and is now the NetworkManager default behaviour).
>
> Regards,
>    Dennis
>
> _______________________________________________
> CentOS mailing list
> [hidden email]
> http://lists.centos.org/mailman/listinfo/centos
>
> --
>
>
> *********************************************************
> David P. Both, RHCE
> Millennium Technology Consulting LLC
> 919-389-8678
>
> [hidden email]
>
> www.millennium-technology.com
> www.databook.bz - Home of the DataBook for Linux
> DataBook is a Registered Trademark of David Both
> *********************************************************
> This communication may be unlawfully collected and stored by the National Security Agency (NSA) in secret. The parties to this email do not consent to the retrieving or storing of this communication and any related metadata, as well as printing, copying, re-transmitting, disseminating, or otherwise using it. If you believe you have received this communication in error, please delete it immediately.
>
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Adrian Sevcenco
In reply to this post by Always Learning-3
On 07/08/2014 04:22 AM, Always Learning wrote:

>
> On Mon, 2014-07-07 at 20:46 -0400, Robert Moskowitz wrote:
>
>> On 07/07/2014 07:47 PM, Always Learning wrote:
>>> Reading about systemd, it seems it is not well liked and reminiscent of
>>> Microsoft's "put everything into the Windows Registry" (Win 95 onwards).
>>>
>>> Is there a practical alternative to omnipresent, or invasive, systemd ?
>
>> So you are following the thread on the Fedora list?  I have been
>> ignoring it.
>
> No. I read some of
> http://www.phoronix.com/scan.php?page=news_topic&q=systemd
>
> The systemd proponent, advocate and chief developer? wants to
> abolish /etc and /var in favour of having the /etc and /var data
> in /usr.
err.. what? even on that wild fedora thread this did not come up!!!

i will presume that you understood well your information source and you
are actually know what you are referring to ... so, could you elaborate
more about this?(with some references)
i use systemd for some time (and i keep myslef informed about it) and i
would need to know in time about this kind of change..

Thanks!
Adrian



_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Dennis Jacobfeuerborn
In reply to this post by David Both
On 08.07.2014 14:35, David Both wrote:
> I still prefer IPTables, so in Fedora I simply disabled firewalld and enabled
> IPTables. No need to uninstall. I have read that IPTables will continue to be
> available alongside firewalld for the unspecified future.

Be careful with this though. A while ago I tried this on a system that
also had libvirtd running and ran into the problem that libvirt detected
the existence of firewalld and as a result tried to use it even though
it was disables. It took a while to figure this out once I actually
uninstalled firewalld and restarted libvirtd it started to use iptables.
This might have been fixed by now but you should keep that in mind when
you run into firewall trouble. Some software might mistakenly assume
that just because firewalld is present is must also be in active use.

> Note that IPTables rule syntax and structure have evolved so your ruleset may
> need to be updated. I did find that the current version of IPTables will
> actually convert old rulesets on the fly, at least as far as the syntax of the
> individual rules is concerned. From there you can simply use iptables-save to
> save the converted ruleset.
>
> One of the items on my tudo list is to learn firewalld. The switch from ipchains
> took a bit of learning and I expect this switch will as well.

There was a discussion a while ago on fedora-devel that the current
handling of firewalld and zones is not ideal and there might be changes
in store for the future. This will probably not hit CentOS 7 but you
might to want to keep an ear out in case some deeper structural changes
happen. Always good to be ahead of the curve.

> One of the stated reasons for firewalld is that dynamic rule changes do not
> clear the old rules before loading the new ones, to paraphrase, "where IPTables
> does." If true, that would leave a very small amount of time in which the host
> would be vulnerable. I have no desire to peruse the source code to determine the
> veracity of that statement, so if there is someone here who could verify that
> changing the rules in IPTables, whether using the iptables command or the
> iptables-restore command, I would be very appreciative. No need to go to any
> trouble to locate that answer as I am merely curious.

iptables-restore is atomic. It builds completely new tables and then
just tells the kernel to switch the old version with the new version.
Depending on the timing the packets are either handled by complete old
rule set or the complete new rule set. There is never any moment where
no rules are applied or only half of the new rules are inserted.

The problem firewalld tries to solve is that nowadays you often want to
insert temporary rules that should only be active while a certain
application is running. This collides a bit with the way iptables works.
For example libvirt inserts specific rules when you define networks for
virtualization dynamically. If you now do an iptables-save these rules
get saved and on next boot when these rules are restored the exist again
but now libvirt will add them dynamically a second time.

Firewalld is simply a framework built around iptables that allows for
applications to "register" rules with additional information such as
"this rule is a static one" or "this rule should only be used
dynamically while application X is running". Then there is of course the
handling of zones which is a concept iptables by itself does not know about.

Regards,
  Dennis


_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

Scott Robbins
In reply to this post by Dennis Jacobfeuerborn
On Tue, Jul 08, 2014 at 02:09:49PM +0200, Dennis Jacobfeuerborn wrote:


> On 08.07.2014 13:57, Scott Robbins wrote:

> >
> > Now that it's insinuated itself in the RHEL system, I do wonder if it is
> > going to start driving people away.  In many ways, IMHO, RH has become the
> > Windows of Linux, with no serious competitors, at least here in the US.
> > Sure, some companies use something else, but when I had to job hunt last
> > year, 90-95 percent of the Linux admin jobs were for RedHat/CentOS/OEL/SL
> > admins.
>
> That presumes that your conservative attitude is the majority opinion
> though.

Very true. I do remember Adam Williamson of Fedora commenting on their
forums that he pictured many of the complainers about various changes,
including systemd, to be old white guys, which fit me to a T.  


Systemd is one of the features that I have been looking forward
> to in CentOS 7 because of the new capabilities it provides so while this
> will surely drive some people away it will actually attract others and
> if you think that this will lead to some sort of great exodus then I
> think you are mistaken.


That's not what I said.  I said I wondered if it would.  
I suspect it won't. Whether this is good or not depends upon one's point of
view.

--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
1234 ... 13