m.roth at 5-cent.us
2015-Dec-22 21:27 UTC
[CentOS] Network services start before network is up since migrating to 7.2
Yamaban wrote:> On Tue, 22 Dec 2015 14:29, James Hogarth wrote: >> On 22 December 2015 at 10:33, Sylvain CANOINE wrote >>> ----- Mail original ----- >>>> De: "Marcelo Ricardo Leitner" >>>> ?: "centos" >>>> Envoy?: Lundi 21 D?cembre 2015 21:46:10 >>>> Objet: Re: [CentOS] Network services start before network is up since >>> migrating to 7.2 >>> > [snip] > On Avahi: well, the job it SHOULD do is: to announce the services running > on the machine to the network. As this is done via broadcast, these > announcements should not be routed to outside, anyway. > > But yes, there are many admins, who do not like this 'auto-discovery' > stuff. > To 'MS Windows' / 'Apple MacOS' like, not 'pure' or 'hardcore' enough.I beg your pardon. What *possible* reason is there for a server, hardwired, to "announce" itself to anything, other than DHCP? Everywhere I've worked, and what I know, is that servers are assigned IP addresses, they don't just take whatever's offered, willy-nilly. And if they do... I do *not* want to work there. That's not only unprofessional, it's an insane security risk. Suppose someone puts their laptop on the intranet, and has *it* running a DHCP server? mark
Yamaban
2015-Dec-22 22:20 UTC
[CentOS] Re: Network services start before network is up since migrating to 7.2
On Tue, 22 Dec 2015 22:27, m.roth at ... wrote:> Yamaban wrote: >> On Tue, 22 Dec 2015 14:29, James Hogarth wrote: >>> On 22 December 2015 at 10:33, Sylvain CANOINE wrote >>>> ----- Mail original ----- >>>>> De: "Marcelo Ricardo Leitner" >>>>> ?: "centos" >>>>> Envoy?: Lundi 21 D?cembre 2015 21:46:10 >>>>> Objet: Re: [CentOS] Network services start before network is up since >>>> migrating to 7.2 >>>> >> [snip] >> On Avahi: well, the job it SHOULD do is: to announce the services running >> on the machine to the network. As this is done via broadcast, these >> announcements should not be routed to outside, anyway. >> >> But yes, there are many admins, who do not like this 'auto-discovery' >> stuff. >> To 'MS Windows' / 'Apple MacOS' like, not 'pure' or 'hardcore' enough. > > I beg your pardon. What *possible* reason is there for a server, > hardwired, to "announce" itself to anything, other than DHCP? Everywhere > I've worked, and what I know, is that servers are assigned IP addresses, > they don't just take whatever's offered, willy-nilly. And if they do... I > do *not* want to work there. That's not only unprofessional, it's an > insane security risk. Suppose someone puts their laptop on the intranet, > and has *it* running a DHCP server?Sorry, but lookup was Avahi really is before posting anything else on this: Start-point: https://en.wikipedia.org/wiki/Avahi_%28software%29 Avahi is NOT about addresses of a box, its about services (e.g. ssh, http, ftp) running on this box, and announceing them via answering a broadcast. What you have done is exactly what we others are exposing here as uninformed and and ignorant by those in charge. Do you really want to show yourself here in that light? - Just asking. - Yamaban
John R Pierce
2015-Dec-22 22:25 UTC
[CentOS] Network services start before network is up since migrating to 7.2
On 12/22/2015 1:27 PM, m.roth at 5-cent.us wrote:> I beg your pardon. What*possible* reason is there for a server, > hardwired, to "announce" itself to anything, other than DHCP? Everywhere > I've worked, and what I know, is that servers are assigned IP addresses, > they don't just take whatever's offered, willy-nilly. And if they do... I > do*not* want to work there. That's not only unprofessional, it's an > insane security risk. Suppose someone puts their laptop on the intranet, > and has*it* running a DHCP server?You do know there's more to life than static IP webapp servers, right? how about a internal media server cluster being used in a professional video editing environment with workstations running various sorts of editing software, monitors doing streaming playback and such ? that world relies heavily on uPnP, BonJour, etc. My development lab environment, most of my servers (75% VMs) are DHCP configured (using static and/or long lease time reservations), which makes doing PXE and such much easier. A foreign DHCP server would quickly be detected by the corporate IDS and cut off the network. -- john r pierce, recycling bits in santa cruz
m.roth at 5-cent.us
2015-Dec-22 22:36 UTC
[CentOS] Network services start before network is up since migrating to 7.2
John R Pierce wrote:> On 12/22/2015 1:27 PM, m.roth at 5-cent.us wrote: >> I beg your pardon. What*possible* reason is there for a server, >> hardwired, to "announce" itself to anything, other than DHCP? Everywhere >> I've worked, and what I know, is that servers are assigned IP addresses, >> they don't just take whatever's offered, willy-nilly. And if they do... >> I do*not* want to work there. That's not only unprofessional, it's an >> insane security risk. Suppose someone puts their laptop on the intranet, >> and has*it* running a DHCP server? > > You do know there's more to life than static IP webapp servers, right?You mean, like dhcp-served IP addresses that are tied to MAC addresses for compute nodes, and heavy-duty research servers? No, really? <snip>> My development lab environment, most of my servers (75% VMs) are DHCP > configured (using static and/or long lease time reservations), which > makes doing PXE and such much easier. A foreign DHCP server would > quickly be detected by the corporate IDS and cut off the network. >Sorry, I believe I've mentioned here, before, that we only have a couple-three VMs... we run the o/s on bare metal, because we need every cycle. Though I will admit that the system that I had to power cycle this morning, where one of my user's week-long job had toasted, top showing a load of (I'm not making this up) 286, and no response on the console, is an extreme case. Normal for some of these week and two week-long jobs is 30-75.... mark