Fix the status check of unbound

Message ID	20170610105644.28854-1-christian+ipfire@kohlsted.de
State	Dropped
Headers	sender: christian@kohlsted.de) by tethys.hosts.c9n.de (Postfix) with ESMTPSA for <development@lists.ipfire.org>; Sat, 10 Jun 2017 12:56:51 +0200 (CEST) From: Christian Kohlstedde <christian+ipfire@kohlsted.de> To: development@lists.ipfire.org Subject: [PATCH] Fix the status check of unbound Date: Sat, 10 Jun 2017 12:56:44 +0200 Message-Id: <20170610105644.28854-1-christian+ipfire@kohlsted.de> Precedence: list Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>

Message ID

20170610105644.28854-1-christian+ipfire@kohlsted.de

State

Dropped

Headers

From: Christian Kohlstedde <christian+ipfire@kohlsted.de>
To: development@lists.ipfire.org
Subject: [PATCH] Fix the status check of unbound
Date: Sat, 10 Jun 2017 12:56:44 +0200
Message-Id: <20170610105644.28854-1-christian+ipfire@kohlsted.de>
Precedence: list
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Message

Christian Kohlstedde June 10, 2017, 8:56 p.m. UTC

  From: Christian Kohlstedde <christian@kohlsted.de>

---
 src/initscripts/system/unbound | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Michael Tremer June 13, 2017, 3:06 a.m. UTC | #1

Hello Christian,

thank you very much for your submissing.

What is the bug this is trying to fix? I never noticed that something is not
working okay here.

Best,
-Michael

On Sat, 2017-06-10 at 12:56 +0200, Christian Kohlstedde wrote:
> From: Christian Kohlstedde <christian@kohlsted.de>
> 
> ---
>  src/initscripts/system/unbound | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
> index 7437d93b8..04de3c1e0 100644
> --- a/src/initscripts/system/unbound
> +++ b/src/initscripts/system/unbound
> @@ -457,7 +457,7 @@ disable_dnssec() {
>  case "$1" in
>  	start)
>  		# Print a nicer messagen when unbound is already running
> -		if pidofproc -s unbound; then
> +		if pidofproc -s /usr/sbin/unbound; then
>  			statusproc /usr/sbin/unbound
>  			exit 0
>  		fi
> @@ -503,7 +503,7 @@ case "$1" in
>  
>  	update-forwarders)
>  		# Do not try updating forwarders when unbound is not running
> -		if ! pgrep unbound &>/dev/null; then
> +		if pidofproc -s /usr/sbin/unbound; then
>  			exit 0
>  		fi
>

Christian Kohlstedde June 13, 2017, 4:56 a.m. UTC | #2

Hello Michael,

tl;dr: pgrep delivers the pid of unbound and unbound-dhcp-leases-bridge.
I compared the init script of unbound to the other ones, only unbound
and squid uses pgrep. The init script only wants the pid of unbound. I
didn't open a bug report (yet).

Full story (unfortunately story telling mode):
I was debugging why the start up and shutdown or also the network
reconfiguring of my ipfire machine takes more then 3 minutes configured
red static instead of red dhcp and sometimes the dns forwarders reported
as unsecure. I traced this behavior to the unbound init script. Then I
stumbled over bug 11351 [1] and commit ebf64a93ee0 [2]. This fixed the
shutdown part of my problem. But the start is still sometimes unstable.
Also the reportage of insecure dns forwarders occurred still. I debugged
with "set -x" the process of testing of nameservers and of updating the
forwarders and noticed the update-forwarders still tries to do it if
unbound is stopped. Some boots later currently the startup is stable.

Back to the original bug: unbound-control runs in to timeouts connecting
to the normal unbound daemon, but only on boot. Restart, stop, start
unbound is fine in a normal running ipfire.
I can provide /var/log/messages and /var/log/unbound.log - separate
unbound log file with increased verbosity - currently private data no
removed. (Logs of ipfire in a local virtualbox network - red bridged;
live environment with belwue/university as uplink I haven't created
logs, but just captured the network traffic of the interface to exclude
strange behavior of the upstream).

Christian

[1] https://bugzilla.ipfire.org/show_bug.cgi?id=11351
[2]
http://cgit.ipfire.org/ipfire-2.x.git/commit/src/initscripts/networking/red?h=core111&id=ebf64a93ee01f18226a8ed465a188f976097ee34

Am 12.06.2017 um 19:06 schrieb Michael Tremer:
> Hello Christian,
> 
> thank you very much for your submissing.
> 
> What is the bug this is trying to fix? I never noticed that something is not
> working okay here.
> 
> Best,
> -Michael
> 
> On Sat, 2017-06-10 at 12:56 +0200, Christian Kohlstedde wrote:
>> From: Christian Kohlstedde <christian@kohlsted.de>
>>
>> ---
>>  src/initscripts/system/unbound | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
>> index 7437d93b8..04de3c1e0 100644
>> --- a/src/initscripts/system/unbound
>> +++ b/src/initscripts/system/unbound
>> @@ -457,7 +457,7 @@ disable_dnssec() {
>>  case "$1" in
>>  	start)
>>  		# Print a nicer messagen when unbound is already running
>> -		if pidofproc -s unbound; then
>> +		if pidofproc -s /usr/sbin/unbound; then
>>  			statusproc /usr/sbin/unbound
>>  			exit 0
>>  		fi
>> @@ -503,7 +503,7 @@ case "$1" in
>>  
>>  	update-forwarders)
>>  		# Do not try updating forwarders when unbound is not running
>> -		if ! pgrep unbound &>/dev/null; then
>> +		if pidofproc -s /usr/sbin/unbound; then
>>  			exit 0
>>  		fi
>>