Differences between revisions 36 and 37
Revision 36 as of 2012-08-03 22:25:02
Size: 10532
Editor: ?ShawnLandden
Comment:
Revision 37 as of 2017-06-15 10:02:27
Size: 10806
Editor: DaveSp
Comment: Added steps for stopping & disabling Avahi.
Deletions are marked like this. Additions are marked like this.
Line 58: Line 58:
 Avahi
  The Avahi daemon can be temporarily stopped by running:
  {{{
systemctl stop avahi-daemon.socket
systemctl stop avahi-daemon.service
  }}}

  It can be disabled (prevented from starting at bootup) by running:
  {{{
systemctl disable avahi-daemon
  }}}

Translation(s): none


Automatic local network configuration and discovery for Debian

This page exists to track and coordinate support for zeroconf networking, mdns, etc in Debian. These technologies allow a machine to be added to a local network and automatically obtain an IP address (without using a dhcp server), and discover services such as printers, file shares, and web servers on the local network, without any special configuration or centralised network management.

Quick start for your machine

To try this on your machine, try installing these packages:

apt-get install avahi-daemon avahi-discover libnss-mdns

Now run avahi-discover.

See below for additional stuff to try.

Status

Place a {*} ({*}) in front of things that are in Debian and ready for wide use, {o} ({o}) in front of things still in progress, and /!\ (/!\) in front of things that should be used with some caution.||

{*} avahi

works great, current best of breed mdns service publication and discovery framework.

{o} avahi-autoipd

An alternative to the zeroconf package, it integrates with dhcp3-client to remove the zeroconf IP when a real IP is assigned.

/!\ zeroconf

works ok for most, but many people don't like its behavior of "hiding" the primary IP address in ifconfig (bug 307480), and it may break other things. Many people can happily use mdns w/o zeroconf. In /etc/defaults/zeroconf it's possible disable zeroconf, black-list interfaces and have zeroconf only use interfaces that isn't set up by DHCP.

{*} libnss-mdns

new version uploaded that works with no manual config.

{*} libapache2-mod-dnssd

lets avahi publish info about apache2 web server. No config needed for basic publication.

{o} openssh-server

avahi-daemon has an example file to publish a ssh server. Should ssh automatically add this file to /etc/avahi/services, so if the user installs avahi it will get published?

{*} rhythmbox

can publish/browse DAAP music shares using avahi, tested and works.

{*} banshee

support DAAP with avahi, through the banshee-daap Debian package.

{o} service-discovery-applet

Available, but not installed automatically with rest of gnome.

{*} epiphany-browser

Browse local web sites via "local sites" bookmarks. Uses gnome-vfs2's dns-sd layer. Tested and works

{*} gnome-vfs

supports mdns browsing in Nautilus (sftp, webdav and ftp) and provides a generic mdns/dns-sd layer to applications.

? gnome-games

supposed to support howl, and there's an avahi patch

? kde

supposed to have excellent support throughout for mdns, can someone verify all the KDE stuff listed here works in Debian?

{o} vlc

supposed to support mdns publishing of video streams, is this enabled in debian? -- VLC in debian also supports bonjour services via playlist (ctrl-p then manage->service discovery->bonjour services) needs to be tested, I don't know how to publish streams

{*} ekiga (aka gnomemeeting 2.0)

Publishes SIP and H323 contacts with Avahi

{*} gobby

supports collaborative text editing, uses Avahi's compatibility layer

{o} wzdftpd

The SVN trunk contains a Zerconf module which supports Avahi, Bonjour and Howl (so not in Debian yet?)

{o} daapd

not in Debian yet, RFP bug filed (359771). Does it support avahi, or only howl?

{*} mt-daapd

Are in testing and working. Non-free source removed. ITPs filed (285789); has non-free mdns server embedded that needs to be removed. Patches to use avahi are available and work-for-me

{o} vino

GNOME vnc server, has avahi support and is in debian, not tested yet

{o} apt-zeroconf

decentralised apt cache, under development, not in Debian yet (announcement)

{*} distcc

Debian version has bug when client machine has any ipv6 addresses, fixed upstream. otherwise supports ipv6. Thundering herd problem with server slot allocation, often causes distcc to complain and too much to be compiled locally. (patch attempted, no bug reported) Lennart Poettering announcement

The avahi walk of fame is a comprehensive list of all sorts of software that can be made to use avahi.

Other possible things that could be set up to publish services include: ntp server ISC ntpd patch GNOME time-admin patch, dns server, ftp server, mail server (for ssmtp automatic relay?), cups print server, gaim, scanner, proxy configuration.

Web applications like SquirrelMail should ship with <?IfModule> sections for mod_dnssd in their apache.conf fragments.

The DebianInstaller supports installation using a network ssh console, but you have to work out what IP to log into. Wouldn't it be nice if this was published as an mdns service?

turning it off

Several people have expressed that they would appreciate a way to turn all of this stuff off, either at the package level (apt-get install disable-zeroconf) and/or temporarily when on an untrusted network.

There should be a well-documented way to do that.

  • Avahi
    • The Avahi daemon can be temporarily stopped by running:
      systemctl stop avahi-daemon.socket
      systemctl stop avahi-daemon.service
      It can be disabled (prevented from starting at bootup) by running:
      systemctl disable avahi-daemon

zeroconf task

Once we have a fully working and widely used set of packages, it should be possible to add a task to tasksel to offer zeroconf networking support to new Debian installs. Selecting the task alone would enable resolving mdns names and avahi-daemon. Selecting the task and the desktop task would ensure that the desktop supports zeroconf networking (if it doesn't by default). Selecting the task and a web or print server would make sure that avahi was set up to publish those servers. But print server cupsys has own mechanisms for this to work.

Currently, the desktop task installs avahi and services for the desktop.

discussion

Here is a very interesting blog entry by Jim Gettys, who is working on the one laptop per child project about some of the issues they face: OLPC and system management:

Imagine an apartment building with kids from several schools; we want them
to be able to go home at night, and, without any additional infrastructure,
work together as they need to.
[...]
We also need to rethink how we configure much of our infrastructure pieces
to be much less dependent the the conventional central, always available
servers. Here are a couple examples: we want IM to always be available; but
do so even without global connectivity or fixed servers. And every kid
should be able to publish content on their laptop, (potentially) available
to others anywhere.
[...]
So one aspect of this is that we probably want to rethink the configuration
of (and sometimes modify) many of our existing services, to allow them to
be used in a much more ad-hoc, mobile, opportunistic fashion.

Relating some of these challanges back to Debian and ZeroConf stuff is very interesting. -- JoeyHess

Confidential to ?LoyeYoung: I've moved your various comments which you interspersed throughout this page to here, where they belong. This page is primarily for tracking how Debian supports mdns and zeroconf stuff, and not for arguments about it, so I won't respond in detail. (Suffice to say that I disagree with most of your opinions, and furthermore think that many of your assertians are just plain wrong (for example, systems that use avahi do not automatically make connections to each other).) Please don't clutter the top of the page with personal opinions in future. Also, the semi-personal attacks (ie "stretch of the truth that borders on the irresponsible") are not appreciated. -- JoeyHess

/!\ ?LoyeYoung Comment: Be sure you do all this behind a firewall in a trusted environment.

/!\ ?LoyeYoung

mDNS is a bad idea, and avahi is a bad implementation of it. Avahi works great for discovering printers, so using the client libraries is sometimes useful. But if you plan on having the printer around a while, it's much less trouble just to give the printers fixed IP addresses. Computers who find each other via avahi automatically establish connections, independently of the interface configurations and irrespective of the network administrator's setup. Some advocates of avahi will tell you that you can just disable it in a configuration file, but the thing doesn't go away that easily. Bottom line: If you are going to share files at a LAN party or if you are going to a hacker convention, it's awesome but otherwise you'd be better off using your router's on-board dhcp server to assign IP addresses.

/!\ ?LoyeYoung

"Integrates with dhcp3-client" is a stretch of the truth that borders on irresponsible. "Hijacks DHCP" would be a more accurate description. Essentially, zeroconf aka avahi-autoipd is a parallel system for obtaining IP addresses without telling the human beings. Do NOT install avahi-autoipd in environments that require security, that require stable networking, or that do not have a well-configured firewall protecting the hosts that are exposing themselves with avahi-autoipd.

/!\ ?LoyeYoung

Is "no manual configuration" a feature or a bug?

||

/!\ openssh-server

?LoyeYoung Comment -- The answer to your question is NO!

/!\ gnome-vfs

?LoyeYoung Comment: This is an example of rampant dependency inflation. Even if you want gnome-vfs to support avahi/mdns, gnome-vfs not depend on avahi.

?LoyeYoung Comment: Has anyone stopped to think that people might NOT want their contacts automatically published with Avahi, even if Avahi is installed on the machine?

  • ?LoyeYoung Comment: So now everyone is going to be an untrusted respository? (Maybe the folks migrating from Windows have an emotional need to attract viruses.)

Maybe you are not familiar with the strong crypto SecureApt uses to validate every package download? -- JoeyHess

?LoyeYoung Comment: Yeah, like an easy way to "aptitude purge" all this stuff without breaking the system. Making sure that avahi packages are NEVER more than a "suggests" dependency would be a good start.