From patchwork Sun Mar 24 15:25:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nick Howitt X-Patchwork-Id: 7675 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4V2fyK1mcSz3wtq for ; Sun, 24 Mar 2024 15:25:13 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4V2fyG3kkRz15d; Sun, 24 Mar 2024 15:25:10 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4V2fyG29Q8z2xJT; Sun, 24 Mar 2024 15:25:10 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4V2fyC3vFrz2xJT for ; Sun, 24 Mar 2024 15:25:07 +0000 (UTC) Received: from mailserver.howitts.co.uk (mailserver.howitts.co.uk [62.30.63.90]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4V2fy92j8hz15d for ; Sun, 24 Mar 2024 15:25:05 +0000 (UTC) Authentication-Results: mail01.ipfire.org; dkim=pass header.d=howitts.co.uk header.s=202403 header.b=mzTvo0ao; spf=pass (mail01.ipfire.org: domain of nick@howitts.co.uk designates 62.30.63.90 as permitted sender) smtp.mailfrom=nick@howitts.co.uk; dmarc=pass (policy=quarantine) header.from=howitts.co.uk ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1711293905; a=rsa-sha256; cv=none; b=hGKc+jNaGO7rUU4kMdSamAKj8/eqfSWiLo4n8lXoX4c17+wkIb7Qxwm9YM57v+pTXxK3VT rwKWtEmZJ/+HJF0s3AILy8nhLROvk3NM4XUp4kXamaH0gydYJFnFCRUk1ah3iGxZbEOrND Xasrlfp77e9Z7pT5U1qicDpYA0/BbKlLtLKILxRly/50jxZ7YaTC+4EV2ORU1tixoiNN1R 6JPgFaIEjq3b/XhtcZq9zX11q+m/6uTm/AmJVrHKs6wSBqoY95iFZq5BeYzrljg0bu0HrY 0jvtR/US7RobmDQNv3ibQC9PreCjGaCU7knIL3Q4QAitSWWc9FMiHGwoeqBW9w== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=howitts.co.uk header.s=202403 header.b=mzTvo0ao; spf=pass (mail01.ipfire.org: domain of nick@howitts.co.uk designates 62.30.63.90 as permitted sender) smtp.mailfrom=nick@howitts.co.uk; dmarc=pass (policy=quarantine) header.from=howitts.co.uk ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1711293905; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding:dkim-signature; bh=8m24uXmjOtuv94mE/uk2iAXcnr4XagxcgLVY23xmVys=; b=UfCgiXVY/tkvwWnGnqlKCUjOwBpD0AHmp/W6C8uDCoPW0VHfXSar4ww+DQEbNzy6xi0gzz SmoYht6rjCJS96v3dqTy5CNcjlTAdY9yTWJjM7rG30gxMCIRJkTIVP21NY806gXLxu6oKM 4HlKdOpGPq+iYnzMg9/F3qlMzGoW4TgKMcEi3tZE7swCcbix4EknbY/+9AWxOKwhzIrHb/ TyI6RWrco6qnPgVMbRb6eZF3kUOa9fNQxWTnbspzZfp5Bi4U7Yx9MNXepI0ASzliibHZ5D 8HU0L3md1C0M6BDzphh1cu1Zs82HZX4rRMhNjDeRp8Y0c81NdASzmonPgcVE3Q== Received: from localhost (localhost [127.0.0.1]) by mailserver.howitts.co.uk (Postfix) with ESMTP id DD07DC20EA3F for ; Sun, 24 Mar 2024 15:25:04 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=howitts.co.uk; h= content-transfer-encoding:content-type:content-type:subject :subject:from:from:content-language:user-agent:mime-version:date :date:message-id:received:received:received; s=202403; t= 1711293902; x=1713108303; bh=rmTtefR80IUAQlIInbgzleiuXCQTOlYe/IU ch5alLTo=; b=mzTvo0ao4rgiQCnleVOvJO0QbQU485pQogbS24QFCxRfQkxd1dW Zv80frEkzFnsKqMuLxMTkHPwQxgj35EExTjWF4GV4diAIFjffjzlnmvFgT+Ernhd KQXLbXRMGxRMAg8dvQAtd2ZYShcadEJBOxgJQKU0bvjVMooaqZJhAkuXh95vLwnP z2dzeB6OYQwxLJ9VED3EYJ8u2eWEdTKYjlCG2ycYLR4rcKuyHrKkaW5BW27lhZ6u eLDbVGYaRlOp85aC1mJRplKpqgWjBWigywYyG1rF/vrxwu+hW6m7vRRoGak+PFHY lWZnRDVQrc9aXjpn0rWlSF0POcoz5YTC/ohKuFcYj3ALGCwfYS/CllwL+123jM5P V7w0hGuFhUG4x00nstlOL2zuvok0GY3iSngRSLZA//hc/Uht2vlPeZVQ1eOou9lK dpL4PvrbMDYu5dyzgm6NrI+sHS163n8KAQRkKZCDAxHuUucPnmZvE1/sUERX2YwD gnb788CuZg2xzm+dT+hL4v1gR3meKCvO04/Q97TeUIILAll3c8hq5O5sL3XJxiCt LmnKXR/LJBWDf0R7xHLjHfDLWceqTInyIUoEUvV3owdbLf9PFklS3c71O2NtJKdc PwkmSB2ktelnzhB+oWGhjK9dI1V4E49FRDbhxZ3l8KRfxUniayrKMALA= X-Virus-Scanned: amavisd-new at howitts.co.uk Received: from mailserver.howitts.co.uk ([127.0.0.1]) by localhost (server.howitts.co.uk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u36de3TAvJCj for ; Sun, 24 Mar 2024 15:25:02 +0000 (GMT) Received: from localhost (localhost [127.0.0.1]) by mailserver.howitts.co.uk (Postfix) with ESMTP id 63D3AC20EAB4 for ; Sun, 24 Mar 2024 15:25:02 +0000 (GMT) Received: from [172.17.4.212] (unknown [172.17.4.212]) by mailserver.howitts.co.uk (Postfix) with ESMTPSA id 5026BC20EA3F for ; Sun, 24 Mar 2024 15:25:02 +0000 (GMT) Message-ID: Date: Sun, 24 Mar 2024 15:25:02 +0000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: development@lists.ipfire.org Content-Language: en-GB From: Nick Howitt Subject: Stop unbound-dhcp-leases-bridge from continually restarting unbound X-Rspamd-Queue-Id: 4V2fy92j8hz15d X-Spamd-Result: default: False [-4.72 / 11.00]; BAYES_HAM(-2.99)[99.96%]; NEURAL_HAM(-0.74)[-0.740]; DMARC_POLICY_ALLOW(-0.50)[howitts.co.uk,quarantine]; R_DKIM_ALLOW(-0.20)[howitts.co.uk:s=202403]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; IP_REPUTATION_SPAM(0.02)[asn: 5089(0.00), country: GB(0.00), ip: 62.30.63.90(0.00)]; XM_UA_NO_VERSION(0.01)[]; MX_GOOD(-0.01)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; ASN(0.00)[asn:5089, ipnet:62.30.0.0/16, country:GB]; RCPT_COUNT_ONE(0.00)[1]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; DKIM_REPUTATION(0.00)[0]; MID_RHS_MATCH_FROM(0.00)[]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; RCVD_TLS_LAST(0.00)[]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; DKIM_TRACE(0.00)[howitts.co.uk:+] X-Rspamd-Server: mail01.haj.ipfire.org X-Rspamd-Action: no action Message-ID-Hash: FMTEBPIB4MJXM7PHPISQP3A67YERUYTZ X-Message-ID-Hash: FMTEBPIB4MJXM7PHPISQP3A67YERUYTZ X-MailFrom: nick@howitts.co.uk X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Hi all, Please bear with me as I am new to IPFire and not at all used to this style of development, so any guidance would be appreciated. There is a bug, https://bugzilla.ipfire.org/show_bug.cgi?id=13254, where unbound-dhcp-leases-bridge restarts unbound a lot when it is totally unnecessary. It appears to be because when a lease is renewed, the script gets triggered, created a new /etc/unbound/dhcp-leases.conf then restarts Unbound to read the file. Generally this seems to be unnecessary as, with a renewed lease, the old and new /etc/unbound/dhcp-leases.conf files are the same. With 5 leases in that file (one for a machine not active) I am getting 3-4 restarts an hour of Unbound when I have a min/max lease time of 60/120min. Looking at the code, it is fairly easy to fix. The current code creates a temp file then copies it into place then restarts unbound. All I am doing is doing a file comparison before the copy and skipping the restart if the files are the same. There were a couple of gotchas because setting the file attributes and copying the file were done inside the "with" block for generating the temporary file. This meant a file comparison always returned False as the temp file was still open and so never the same is the old file. I moved those two statements outside the "with". This forced me to change the fchmod to chmod. It could be argued that the file copy should not be done if the files are not different, but it would take an extra "if" and you'd have to remember to delete the temp file. If required, I can make that change. Also, one small thing I noticed once is that the old and new dhcp-leases.conf files could occasionally contain the same leases but in a different order. I have been unable to reproduce, but to sidestep it, instead of stepping through the leases variable directly, I sort it and step through that. It should make the resulting file completely deterministic and make the file comparison more effective. My patch is: From 73873d4944944a2f02317a73074a6894726f36f7 Mon Sep 17 00:00:00 2001 From: Nick Howitt Date: Sun, 24 Mar 2024 15:17:19 +0000 Subject: [PATCH] Stop unbound-dhcp-leases-bridge from restarting unbound every time it write dhcp-leases.conf as it is very often unchanged and does not require a restart. --- config/unbound/unbound-dhcp-leases-bridge | 28 +++++++++++++++-------- 1 file changed, 19 insertions(+), 9 deletions(-) command = ["unbound-control"] diff --git a/config/unbound/unbound-dhcp-leases-bridge b/config/unbound/unbound-dhcp-leases-bridge index e9f022aff..d22772066 100644 --- a/config/unbound/unbound-dhcp-leases-bridge +++ b/config/unbound/unbound-dhcp-leases-bridge @@ -22,6 +22,7 @@ import argparse import datetime import daemon +import filecmp import functools import ipaddress import logging @@ -516,26 +517,35 @@ class UnboundConfigWriter(object): def update_dhcp_leases(self, leases): # Write out all leases - self.write_dhcp_leases(leases) + if self.write_dhcp_leases(leases): - log.debug("Reloading Unbound...") + log.debug("Reloading Unbound...") - # Reload the configuration without dropping the cache - self._control("reload_keep_cache") + # Reload the configuration without dropping the cache + self._control("reload_keep_cache") + + else: + + log.debug("Not reloading Unbound. Leases not changed.") def write_dhcp_leases(self, leases): log.debug("Writing DHCP leases...") with tempfile.NamedTemporaryFile(mode="w", delete=False) as f: - for l in leases: + for l in sorted(leases): for rr in l.rrset: f.write("local-data: \"%s\"\n" % " ".join(rr)) - # Make file readable for everyone - os.fchmod(f.fileno(), stat.S_IRUSR|stat.S_IWUSR|stat.S_IRGRP|stat.S_IROTH) + filecmp.clear_cache() + RequireUnboundReload = not filecmp.cmp(f.name, self.path, shallow=False) + + # Make file readable for everyone + os.chmod(f.name, stat.S_IRUSR|stat.S_IWUSR|stat.S_IRGRP|stat.S_IROTH) + + # Move the file to its destination + os.rename(f.name, self.path) - # Move the file to its destination - os.rename(f.name, self.path) + return RequireUnboundReload def _control(self, *args):