[1/3] unbound-dhcp-leases-bridge : fix bug 12694 - DHCP hosts not reliably propagated to DNS
| Message ID | 20220322034756.36327-1-ajrh@ajrh.net |
|---|---|
| State | Superseded |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4KMyCd3KGrz3xlr for <patchwork@web04.haj.ipfire.org>; Tue, 22 Mar 2022 03:49:17 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4KMyBT383Rz1Wd; Tue, 22 Mar 2022 03:48:17 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4KMyBT226tz2yrp; Tue, 22 Mar 2022 03:48:17 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4KMyBR1DZ6z2x9p for <development@lists.ipfire.org>; Tue, 22 Mar 2022 03:48:15 +0000 (UTC) Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4KMyBQ1Sd9z1TN for <development@lists.ipfire.org>; Tue, 22 Mar 2022 03:48:14 +0000 (UTC) Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 9D855320112B; Mon, 21 Mar 2022 23:48:12 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Mon, 21 Mar 2022 23:48:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ajrh.net; h=cc :cc:content-transfer-encoding:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:sender:subject:subject:to:to; s=mesmtp; bh=UPoEvzcPSzaI+zQQGyyNMvist9mVwWrGH2CvoTWH6rE=; b=UZ bBTroJPWzRQWzZpz0wS581bm9Gd8h8EiLzIVG95qFJ5ddn65yozGaBfjN3EtPpZq +alio6IqMHd9wbe/t2rRjhcE4jVZDf4Aj7ZMPE3MVnVUaHTglXmjmANPsOqdt7eB wBsZ7xhC1BnpOy0onfkoiOSBFJd/wyNYKoUlwXt3c= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding:date:date :from:from:in-reply-to:message-id:mime-version:reply-to:sender :subject:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=UPoEvzcPSzaI+zQQGyyNMvist9mVw WrGH2CvoTWH6rE=; b=bnKMbhybjJT51EEhY0XCXPOMAwnv4ZIg37+IO5xFOYziN ID33/1m4p71QVqwtKxf1ioUi21bswGZaiyt+jXBFC8/myRakwiIKolHnS6DO3Bi+ dOyyDZB+3LQ4gLC6UBo00eoT1TP7LHHAdZO+GD2TS27NGQ/gzzx3CdPOaazrWxyT 8/WsX/TkUGavafhbnZcxlbUdzd6njq23UWc/uW9pHoPGwohclirlpbZ7RTmP/nXR gY00h2zHPZovasOaa8Xez8oUi/YXIv2+reMfDRkStqwfVN3ItW5bBHifjo9tXOBc 5ZSLW+VymIwKeuQed/0QhaEGB/aQZlTEFd1N9ScWw== X-ME-Sender: <xms:-0Y5YmgQLckNW0fUPi5s0m12BH-C2KffGdEWJ8a77CEIuDZWOua8fw> <xme:-0Y5YnCIw7wlHQT-YzISnqYPDZCbJuaZoo_gPY8y0vOyAKczOjI1l8Ys27QIYp3zj 9kqTEKLORF24nPl> X-ME-Received: <xmr:-0Y5YuEPdupuGnTMQe_JQhRBkmdpmIhn_6CXestTnXWY_lr6pfNY8XEW49q8GMPNg6Ycem_58lGD6VpMBhopUKix8n0D> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrudeggedgieduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgggfestdekredtre dttdenucfhrhhomheptehnthhhohhnhicujfgvrgguihhnghcuoegrjhhrhhesrghjrhhh rdhnvghtqeenucggtffrrghtthgvrhhnpeeghedvgeejueffvdevveejfeefgeefieduue fgleegvdeufefhhfejvdfgtdehieenucffohhmrghinheptghonhhsthgrnhhtshdrihhn necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprghjrh hhsegrjhhrhhdrnhgvth X-ME-Proxy: <xmx:_EY5YvRU2Oy5JKpkxVXZ4qGNAoeEaA3Vhxr5-zG-jmngawIZMJ3Liw> <xmx:_EY5Yjwoo1mNVX-zMaLRcyqaJWmjpjV2gFUUDiVLVEyQLPAQ_h4QSA> <xmx:_EY5Yt6l1GA47QnaerqJz80vcZZ8Eap_Y_Qk_pUPEL6LDQrHYbvneA> <xmx:_EY5Yu-AfLX8qC1g7_sESlHEvbkT_UUBL-lSBPUYKvsSt0OhJnSlow> Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 21 Mar 2022 23:48:11 -0400 (EDT) From: Anthony Heading <ajrh@ajrh.net> To: development@lists.ipfire.org Subject: [PATCH 1/3] unbound-dhcp-leases-bridge : fix bug 12694 - DHCP hosts not reliably propagated to DNS Date: Mon, 21 Mar 2022 23:47:54 -0400 Message-Id: <20220322034756.36327-1-ajrh@ajrh.net> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 Status: RO Lines: 90 Content-Transfer-Encoding: 8bit ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1647920894; a=rsa-sha256; cv=none; b=mUAEO94OENMi4Ab2OQZQwn3TT4quwGuW8Nfs/uy50jG5nDL1ZfCJb7NBKSxPltb2tIOPU0 MFPKcvNjOIWVl1MWD8RDLq8L0CNQYATCT4jBVADNxgW5IZLr3WmUEBV1mmyCTfALgxGqJX s1AWLfxaq1n/WdTafCIYmlckmHfyaaWAQg2/89ObvRKIlBBKmFcW+G0v8DM5MZZ6VSf1rq zFCaC0ER92/v3Ytw2JQpaOZpSqCwY48HvDTIAVLlRb1kkE+ANjaJUUy+Jr136h2piuD8k3 DIQU2ugYI1IlRm30oZxNeAvmscXF7gdyi73CUXwDrXun+suWaLfiRkfZcrpmHQ== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=ajrh.net header.s=mesmtp header.b="UZ bBTro"; dkim=pass header.d=messagingengine.com header.s=fm3 header.b=bnKMbhyb; dmarc=none; spf=pass (mail01.ipfire.org: domain of ajrh@ajrh.net designates 64.147.123.25 as permitted sender) smtp.mailfrom=ajrh@ajrh.net ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1647920894; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:dkim-signature; bh=UPoEvzcPSzaI+zQQGyyNMvist9mVwWrGH2CvoTWH6rE=; b=FNnvl4HnOuYJeTmnDMT4siod3OIL2cU5CfJQBZsElnweYpicSVFULF/SxD7hTOvLbq5SQ6 weuLbD/rPlI/vn0re4DvwvMKFDOfPp9iWjO/h5ObQwTAnRC1vwzK8aImGLKRdDwKm1qz7S 5FzKrf4f8S4jeZCB4taZm5I7VsGipgXPYiqfZZCG1onltHs/7V4e0C0LulUQ5iAgb6u+Mz wcoaPaMeblmTCaHAgQkqK3LqsimbYTvSayDjUeL9tGitLblN45VlH+j15oK/XiNCqRrOUn Zw5RQjaw6E9o9Goa4S1MPm1AqC4/4cm3y1hOFJ9p483OxkcQ1JqhJwLHEw7m+g== Authentication-Results: mail01.ipfire.org; dkim=pass header.d=ajrh.net header.s=mesmtp header.b="UZ bBTro"; dkim=pass header.d=messagingengine.com header.s=fm3 header.b=bnKMbhyb; dmarc=none; spf=pass (mail01.ipfire.org: domain of ajrh@ajrh.net designates 64.147.123.25 as permitted sender) smtp.mailfrom=ajrh@ajrh.net X-Rspamd-Server: mail01.haj.ipfire.org X-Spamd-Result: default: False [-4.12 / 11.00]; BAYES_HAM(-3.00)[99.98%]; MID_CONTAINS_FROM(1.00)[]; DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim]; NEURAL_HAM(-1.00)[-1.000]; R_MISSING_CHARSET(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:64.147.123.25:c]; R_DKIM_ALLOW(-0.20)[ajrh.net:s=mesmtp,messagingengine.com:s=fm3]; RCVD_IN_DNSWL_LOW(-0.10)[64.147.123.25:from]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; IP_REPUTATION_HAM(-0.01)[asn: 29838(0.00), country: US(-0.01), ip: 64.147.123.25(0.00)]; FROM_HAS_DN(0.00)[]; DMARC_NA(0.00)[ajrh.net]; TO_MATCH_ENVRCPT_SOME(0.00)[]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; TO_DN_SOME(0.00)[]; ASN(0.00)[asn:29838, ipnet:64.147.123.0/24, country:US]; RWL_MAILSPIKE_EXCELLENT(0.00)[64.147.123.25:from]; RCPT_COUNT_TWO(0.00)[2]; DKIM_TRACE(0.00)[ajrh.net:+,messagingengine.com:+]; FROM_EQ_ENVFROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[] X-Rspamd-Queue-Id: 4KMyBQ1Sd9z1TN X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
[1/3] unbound-dhcp-leases-bridge : fix bug 12694 - DHCP hosts not reliably propagated to DNS
|
|
Commit Message
Anthony Heading
March 22, 2022, 3:47 a.m. UTC
Switch from inotify watching individual files to monitoring the containing directories, as because dhcpd renames its leases file into a backup, monitoring the single inode does not work well. Additionally, python appears to have a bug with replacing expired inotify watches on single files. --- unbound-dhcp-leases-bridge | 47 +++++++++++++++++++++++++------------- 1 file changed, 31 insertions(+), 16 deletions(-)
Comments
Hello Anthony, Thank you very much for submitting this patch and welcome to the list. I understand that it is easier to track any changes in the directory, but I don’t quite understand why the logic had to be changed that the changes will be applied at the end only. Is this just to avoid that multiple updates happen one after the other or what are you trying to achieve? -Michael > On 22 Mar 2022, at 03:47, Anthony Heading <ajrh@ajrh.net> wrote: > > Switch from inotify watching individual files to monitoring the > containing directories, as because dhcpd renames its leases file into a > backup, monitoring the single inode does not work well. Additionally, > python appears to have a bug with replacing expired inotify watches on > single files. > --- > unbound-dhcp-leases-bridge | 47 +++++++++++++++++++++++++------------- > 1 file changed, 31 insertions(+), 16 deletions(-) > > diff --git unbound-dhcp-leases-bridge unbound-dhcp-leases-bridge > index a2df5f1..6e22066 100644 > --- unbound-dhcp-leases-bridge > +++ unbound-dhcp-leases-bridge > @@ -72,6 +72,15 @@ class UnboundDHCPLeasesBridge(object): > self.fix_leases_file = fix_leases_file > self.hosts_file = hosts_file > > + # base mask for a completed file change > + mask = inotify.constants.IN_CLOSE_WRITE | inotify.constants.IN_MOVED_TO > + # IN_MODIFY since dhcpd appends lease updates to an open file > + self.watches = { > + self.leases_file: mask | inotify.constants.IN_MODIFY, > + self.fix_leases_file: mask, > + self.hosts_file: mask > + } > + > self.unbound = UnboundConfigWriter(unbound_leases_file) > self.running = False > > @@ -80,36 +89,42 @@ class UnboundDHCPLeasesBridge(object): > self.running = True > > # Initial setup > - self.hosts = self.read_static_hosts() > - self.update_dhcp_leases() > + update_hosts = True > + update_leases = True > + > + i = inotify.adapters.Inotify() > > - i = inotify.adapters.Inotify([ > - self.leases_file, > - self.fix_leases_file, > - self.hosts_file, > - ]) > + for f in self.watches: > + i.add_watch(os.path.dirname(f), self.watches[f]) > > for event in i.event_gen(): > # End if we are requested to terminate > if not self.running: > break > > + # Make pending updates once inotify queue is empty > if event is None: > + if update_hosts: > + self.hosts = self.read_static_hosts() > + update_hosts = False > + if update_leases: > + self.update_dhcp_leases() > + update_leases = False > continue > > header, type_names, watch_path, filename = event > > - # Update leases after leases file has been modified > - if "IN_MODIFY" in type_names: > - # Reload hosts > - if watch_path == self.hosts_file: > - self.hosts = self.read_static_hosts() > + file = os.path.join(watch_path, filename) > + > + if not file in self.watches: > + continue > + > + log.debug("Inotify %s: %s", file, " ".join(type_names)) > > - self.update_dhcp_leases() > + update_leases = True > > - # If the file is deleted, we re-add the watcher > - if "IN_IGNORED" in type_names: > - i.add_watch(watch_path) > + if file == self.hosts_file: > + update_hosts = True > > log.info("Unbound DHCP Leases Bridge terminated") > > -- > 2.34.1 >
Sorry for interrupting this train of thought. Wouldn’t it be easier to use the tools available from dhcpd? dhcpd seems to have a way execute commands. And I would guess this would be cleaner than "watching" a file. There are three execute commands: on commit on release on expiry and these could be used to launch the needed unbound bridge command. Here is where I found this: https://jpmens.net/2011/07/06/execute-a-script-when-isc-dhcp-hands-out-a-new-lease/ <https://jpmens.net/2011/07/06/execute-a-script-when-isc-dhcp-hands-out-a-new-lease/> And here is additional info: https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records <https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records> (Search for "on commit" on this page) Jon > On Mar 28, 2022, at 12:00 PM, Michael Tremer <michael.tremer@ipfire.org <mailto:michael.tremer@ipfire.org>> wrote: > > Hello Anthony, > > Thank you very much for submitting this patch and welcome to the list. > > I understand that it is easier to track any changes in the directory, but I don’t quite understand why the logic had to be changed that the changes will be applied at the end only. > > Is this just to avoid that multiple updates happen one after the other or what are you trying to achieve? > > -Michael > >> On 22 Mar 2022, at 03:47, Anthony Heading <ajrh@ajrh.net <mailto:ajrh@ajrh.net>> wrote: >> >> Switch from inotify watching individual files to monitoring the >> containing directories, as because dhcpd renames its leases file into a >> backup, monitoring the single inode does not work well. Additionally, >> python appears to have a bug with replacing expired inotify watches on >> single files. >> --- >> unbound-dhcp-leases-bridge | 47 +++++++++++++++++++++++++------------- >> 1 file changed, 31 insertions(+), 16 deletions(-) >> >> diff --git unbound-dhcp-leases-bridge unbound-dhcp-leases-bridge >> index a2df5f1..6e22066 100644 >> --- unbound-dhcp-leases-bridge >> +++ unbound-dhcp-leases-bridge >> @@ -72,6 +72,15 @@ class UnboundDHCPLeasesBridge(object): >> self.fix_leases_file = fix_leases_file >> self.hosts_file = hosts_file >> >> + # base mask for a completed file change >> + mask = inotify.constants.IN_CLOSE_WRITE | inotify.constants.IN_MOVED_TO >> + # IN_MODIFY since dhcpd appends lease updates to an open file >> + self.watches = { >> + self.leases_file: mask | inotify.constants.IN_MODIFY, >> + self.fix_leases_file: mask, >> + self.hosts_file: mask >> + } >> + >> self.unbound = UnboundConfigWriter(unbound_leases_file) >> self.running = False >> >> @@ -80,36 +89,42 @@ class UnboundDHCPLeasesBridge(object): >> self.running = True >> >> # Initial setup >> - self.hosts = self.read_static_hosts() >> - self.update_dhcp_leases() >> + update_hosts = True >> + update_leases = True >> + >> + i = inotify.adapters.Inotify() >> >> - i = inotify.adapters.Inotify([ >> - self.leases_file, >> - self.fix_leases_file, >> - self.hosts_file, >> - ]) >> + for f in self.watches: >> + i.add_watch(os.path.dirname(f), self.watches[f]) >> >> for event in i.event_gen(): >> # End if we are requested to terminate >> if not self.running: >> break >> >> + # Make pending updates once inotify queue is empty >> if event is None: >> + if update_hosts: >> + self.hosts = self.read_static_hosts() >> + update_hosts = False >> + if update_leases: >> + self.update_dhcp_leases() >> + update_leases = False >> continue >> >> header, type_names, watch_path, filename = event >> >> - # Update leases after leases file has been modified >> - if "IN_MODIFY" in type_names: >> - # Reload hosts >> - if watch_path == self.hosts_file: >> - self.hosts = self.read_static_hosts() >> + file = os.path.join(watch_path, filename) >> + >> + if not file in self.watches: >> + continue >> + >> + log.debug("Inotify %s: %s", file, " ".join(type_names)) >> >> - self.update_dhcp_leases() >> + update_leases = True >> >> - # If the file is deleted, we re-add the watcher >> - if "IN_IGNORED" in type_names: >> - i.add_watch(watch_path) >> + if file == self.hosts_file: >> + update_hosts = True >> >> log.info <http://log.info/>("Unbound DHCP Leases Bridge terminated") >> >> -- >> 2.34.1 >> >
Hello Michael, That was exactly it, just sidestepping an intuitive race with dhcpd writing. Somewhat hypothetical why that would happen, e.g. clustered updates for multiple NICs or whatever similar non-atomicity, but it was easy to express that way, put the update logic in one place (including the initial one at startup), and made the event timestamps sequences a little easier to follow when it wasn't clear why the updates were getting lost at all. I thought the boolean variables helped document the admittedly simple logic too. But none of that is critical. A On Mon, Mar 28, 2022, at 1:00 PM, Michael Tremer wrote: > Hello Anthony, > > Thank you very much for submitting this patch and welcome to the list. > > I understand that it is easier to track any changes in the directory, > but I don’t quite understand why the logic had to be changed that the > changes will be applied at the end only. > > Is this just to avoid that multiple updates happen one after the other > or what are you trying to achieve? > > -Michael > >> On 22 Mar 2022, at 03:47, Anthony Heading <ajrh@ajrh.net> wrote: >> >> Switch from inotify watching individual files to monitoring the >> containing directories, as because dhcpd renames its leases file into a >> backup, monitoring the single inode does not work well. Additionally, >> python appears to have a bug with replacing expired inotify watches on >> single files. >> --- >> unbound-dhcp-leases-bridge | 47 +++++++++++++++++++++++++------------- >> 1 file changed, 31 insertions(+), 16 deletions(-) >> >> diff --git unbound-dhcp-leases-bridge unbound-dhcp-leases-bridge >> index a2df5f1..6e22066 100644 >> --- unbound-dhcp-leases-bridge >> +++ unbound-dhcp-leases-bridge >> @@ -72,6 +72,15 @@ class UnboundDHCPLeasesBridge(object): >> self.fix_leases_file = fix_leases_file >> self.hosts_file = hosts_file >> >> + # base mask for a completed file change >> + mask = inotify.constants.IN_CLOSE_WRITE | inotify.constants.IN_MOVED_TO >> + # IN_MODIFY since dhcpd appends lease updates to an open file >> + self.watches = { >> + self.leases_file: mask | inotify.constants.IN_MODIFY, >> + self.fix_leases_file: mask, >> + self.hosts_file: mask >> + } >> + >> self.unbound = UnboundConfigWriter(unbound_leases_file) >> self.running = False >> >> @@ -80,36 +89,42 @@ class UnboundDHCPLeasesBridge(object): >> self.running = True >> >> # Initial setup >> - self.hosts = self.read_static_hosts() >> - self.update_dhcp_leases() >> + update_hosts = True >> + update_leases = True >> + >> + i = inotify.adapters.Inotify() >> >> - i = inotify.adapters.Inotify([ >> - self.leases_file, >> - self.fix_leases_file, >> - self.hosts_file, >> - ]) >> + for f in self.watches: >> + i.add_watch(os.path.dirname(f), self.watches[f]) >> >> for event in i.event_gen(): >> # End if we are requested to terminate >> if not self.running: >> break >> >> + # Make pending updates once inotify queue is empty >> if event is None: >> + if update_hosts: >> + self.hosts = self.read_static_hosts() >> + update_hosts = False >> + if update_leases: >> + self.update_dhcp_leases() >> + update_leases = False >> continue >> >> header, type_names, watch_path, filename = event >> >> - # Update leases after leases file has been modified >> - if "IN_MODIFY" in type_names: >> - # Reload hosts >> - if watch_path == self.hosts_file: >> - self.hosts = self.read_static_hosts() >> + file = os.path.join(watch_path, filename) >> + >> + if not file in self.watches: >> + continue >> + >> + log.debug("Inotify %s: %s", file, " ".join(type_names)) >> >> - self.update_dhcp_leases() >> + update_leases = True >> >> - # If the file is deleted, we re-add the watcher >> - if "IN_IGNORED" in type_names: >> - i.add_watch(watch_path) >> + if file == self.hosts_file: >> + update_hosts = True >> >> log.info("Unbound DHCP Leases Bridge terminated") >> >> -- >> 2.34.1 >>
Since I'm new here, and was just aiming for a (somewhat) minimal inotify bug-fix, I defer and won't comment. But I was unaware of the capability and appreciate the pointer. On Mon, Mar 28, 2022, at 3:32 PM, Jon Murphy wrote: > Sorry for interrupting this train of thought. Wouldn’t it be easier to use the tools available from dhcpd? > > dhcpd seems to have a way execute commands. And I would guess this would be cleaner than "watching" a file. > > There are three execute commands: > on commit > on release > on expiry > > and these could be used to launch the needed unbound bridge command. > > Here is where I found this: > https://jpmens.net/2011/07/06/execute-a-script-when-isc-dhcp-hands-out-a-new-lease/ > > And here is additional info: > https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records > > (Search for "on commit" on this page) > > > Jon > >> On Mar 28, 2022, at 12:00 PM, Michael Tremer <michael.tremer@ipfire.org> wrote: >> >> Hello Anthony, >> >> Thank you very much for submitting this patch and welcome to the list. >> >> I understand that it is easier to track any changes in the directory, but I don’t quite understand why the logic had to be changed that the changes will be applied at the end only. >> >> Is this just to avoid that multiple updates happen one after the other or what are you trying to achieve? >> >> -Michael >> >>> On 22 Mar 2022, at 03:47, Anthony Heading <ajrh@ajrh.net> wrote: >>> >>> Switch from inotify watching individual files to monitoring the >>> containing directories, as because dhcpd renames its leases file into a >>> backup, monitoring the single inode does not work well. Additionally, >>> python appears to have a bug with replacing expired inotify watches on >>> single files. >>> --- >>> unbound-dhcp-leases-bridge | 47 +++++++++++++++++++++++++------------- >>> 1 file changed, 31 insertions(+), 16 deletions(-) >>> >>> diff --git unbound-dhcp-leases-bridge unbound-dhcp-leases-bridge >>> index a2df5f1..6e22066 100644 >>> --- unbound-dhcp-leases-bridge >>> +++ unbound-dhcp-leases-bridge >>> @@ -72,6 +72,15 @@ class UnboundDHCPLeasesBridge(object): >>> self.fix_leases_file = fix_leases_file >>> self.hosts_file = hosts_file >>> >>> + # base mask for a completed file change >>> + mask = inotify.constants.IN_CLOSE_WRITE | inotify.constants.IN_MOVED_TO >>> + # IN_MODIFY since dhcpd appends lease updates to an open file >>> + self.watches = { >>> + self.leases_file: mask | inotify.constants.IN_MODIFY, >>> + self.fix_leases_file: mask, >>> + self.hosts_file: mask >>> + } >>> + >>> self.unbound = UnboundConfigWriter(unbound_leases_file) >>> self.running = False >>> >>> @@ -80,36 +89,42 @@ class UnboundDHCPLeasesBridge(object): >>> self.running = True >>> >>> # Initial setup >>> - self.hosts = self.read_static_hosts() >>> - self.update_dhcp_leases() >>> + update_hosts = True >>> + update_leases = True >>> + >>> + i = inotify.adapters.Inotify() >>> >>> - i = inotify.adapters.Inotify([ >>> - self.leases_file, >>> - self.fix_leases_file, >>> - self.hosts_file, >>> - ]) >>> + for f in self.watches: >>> + i.add_watch(os.path.dirname(f), self.watches[f]) >>> >>> for event in i.event_gen(): >>> # End if we are requested to terminate >>> if not self.running: >>> break >>> >>> + # Make pending updates once inotify queue is empty >>> if event is None: >>> + if update_hosts: >>> + self.hosts = self.read_static_hosts() >>> + update_hosts = False >>> + if update_leases: >>> + self.update_dhcp_leases() >>> + update_leases = False >>> continue >>> >>> header, type_names, watch_path, filename = event >>> >>> - # Update leases after leases file has been modified >>> - if "IN_MODIFY" in type_names: >>> - # Reload hosts >>> - if watch_path == self.hosts_file: >>> - self.hosts = self.read_static_hosts() >>> + file = os.path.join(watch_path, filename) >>> + >>> + if not file in self.watches: >>> + continue >>> + >>> + log.debug("Inotify %s: %s", file, " ".join(type_names)) >>> >>> - self.update_dhcp_leases() >>> + update_leases = True >>> >>> - # If the file is deleted, we re-add the watcher >>> - if "IN_IGNORED" in type_names: >>> - i.add_watch(watch_path) >>> + if file == self.hosts_file: >>> + update_hosts = True >>> >>> log.info("Unbound DHCP Leases Bridge terminated") >>> >>> -- >>> 2.34.1
Hello, This is indeed an absolute nightmare what I built here. It has some advantages over the alternatives of which one is to have the DHCP server execute a couple of commands. The problems there are as follows: * unbound does not keep a state, so we will have to make sure that we keep the state of all records somewhere and can reload it when the system roboots. * I have installations with thousands of devices in a single subnet. The DHCP server would just be busy constantly executing any commands which would cause a lot of load. The current Python bridge can use up to 40% of one CPU core at busy times on the same system. I would argue that this approach does not scale well. * RFC2136 would be great, but we lack too many things to run this properly. That being said, this is not a great way to solve this problem. I would like to replace some components entirely but probably not soon. The approach that we have works and - apart from the bug - doesn’t suck too hard. Should we do it this way again? No, but we had to try to learn that lesson. -Michael > On 28 Mar 2022, at 20:32, Jon Murphy <jcmurphy26@gmail.com> wrote: > > Sorry for interrupting this train of thought. Wouldn’t it be easier to use the tools available from dhcpd? > > dhcpd seems to have a way execute commands. And I would guess this would be cleaner than "watching" a file. > > There are three execute commands: > on commit > on release > on expiry > > and these could be used to launch the needed unbound bridge command. > > Here is where I found this: > https://jpmens.net/2011/07/06/execute-a-script-when-isc-dhcp-hands-out-a-new-lease/ > > And here is additional info: > https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records > > (Search for "on commit" on this page) > > > Jon > > >> On Mar 28, 2022, at 12:00 PM, Michael Tremer <michael.tremer@ipfire.org> wrote: >> >> Hello Anthony, >> >> Thank you very much for submitting this patch and welcome to the list. >> >> I understand that it is easier to track any changes in the directory, but I don’t quite understand why the logic had to be changed that the changes will be applied at the end only. >> >> Is this just to avoid that multiple updates happen one after the other or what are you trying to achieve? >> >> -Michael >> >>> On 22 Mar 2022, at 03:47, Anthony Heading <ajrh@ajrh.net> wrote: >>> >>> Switch from inotify watching individual files to monitoring the >>> containing directories, as because dhcpd renames its leases file into a >>> backup, monitoring the single inode does not work well. Additionally, >>> python appears to have a bug with replacing expired inotify watches on >>> single files. >>> --- >>> unbound-dhcp-leases-bridge | 47 +++++++++++++++++++++++++------------- >>> 1 file changed, 31 insertions(+), 16 deletions(-) >>> >>> diff --git unbound-dhcp-leases-bridge unbound-dhcp-leases-bridge >>> index a2df5f1..6e22066 100644 >>> --- unbound-dhcp-leases-bridge >>> +++ unbound-dhcp-leases-bridge >>> @@ -72,6 +72,15 @@ class UnboundDHCPLeasesBridge(object): >>> self.fix_leases_file = fix_leases_file >>> self.hosts_file = hosts_file >>> >>> + # base mask for a completed file change >>> + mask = inotify.constants.IN_CLOSE_WRITE | inotify.constants.IN_MOVED_TO >>> + # IN_MODIFY since dhcpd appends lease updates to an open file >>> + self.watches = { >>> + self.leases_file: mask | inotify.constants.IN_MODIFY, >>> + self.fix_leases_file: mask, >>> + self.hosts_file: mask >>> + } >>> + >>> self.unbound = UnboundConfigWriter(unbound_leases_file) >>> self.running = False >>> >>> @@ -80,36 +89,42 @@ class UnboundDHCPLeasesBridge(object): >>> self.running = True >>> >>> # Initial setup >>> - self.hosts = self.read_static_hosts() >>> - self.update_dhcp_leases() >>> + update_hosts = True >>> + update_leases = True >>> + >>> + i = inotify.adapters.Inotify() >>> >>> - i = inotify.adapters.Inotify([ >>> - self.leases_file, >>> - self.fix_leases_file, >>> - self.hosts_file, >>> - ]) >>> + for f in self.watches: >>> + i.add_watch(os.path.dirname(f), self.watches[f]) >>> >>> for event in i.event_gen(): >>> # End if we are requested to terminate >>> if not self.running: >>> break >>> >>> + # Make pending updates once inotify queue is empty >>> if event is None: >>> + if update_hosts: >>> + self.hosts = self.read_static_hosts() >>> + update_hosts = False >>> + if update_leases: >>> + self.update_dhcp_leases() >>> + update_leases = False >>> continue >>> >>> header, type_names, watch_path, filename = event >>> >>> - # Update leases after leases file has been modified >>> - if "IN_MODIFY" in type_names: >>> - # Reload hosts >>> - if watch_path == self.hosts_file: >>> - self.hosts = self.read_static_hosts() >>> + file = os.path.join(watch_path, filename) >>> + >>> + if not file in self.watches: >>> + continue >>> + >>> + log.debug("Inotify %s: %s", file, " ".join(type_names)) >>> >>> - self.update_dhcp_leases() >>> + update_leases = True >>> >>> - # If the file is deleted, we re-add the watcher >>> - if "IN_IGNORED" in type_names: >>> - i.add_watch(watch_path) >>> + if file == self.hosts_file: >>> + update_hosts = True >>> >>> log.info("Unbound DHCP Leases Bridge terminated") >>> >>> -- >>> 2.34.1 >>> >> >
Hello, > On 28 Mar 2022, at 20:55, Anthony Heading <ajrh@ajrh.net> wrote: > > Hello Michael, > > That was exactly it, just sidestepping an intuitive race with dhcpd writing. Somewhat hypothetical why that would happen, e.g. clustered updates for multiple NICs or whatever similar non-atomicity, but it was easy to express that way, put the update logic in one place (including the initial one at startup), and made the event timestamps sequences a little easier to follow when it wasn't clear why the updates were getting lost at all. I thought the boolean variables helped document the admittedly simple logic too. But none of that is critical. Okay. Thank you for the explanation. I will take this into account, but I will add some more changes, since we are performing a reload every time something changes which is causing a lot of load on busy systems. Reloading this all multiple times a second isn’t a good idea. We should rather reload and then wait at least 5 seconds and then reload again if we had another inotify event. This is probably slightly unrelated with your patch, but since we are already on it, I would like to have those changes implemented now. I will get back to the list with those changes and submit them for review. Best, -Michael > > A > > On Mon, Mar 28, 2022, at 1:00 PM, Michael Tremer wrote: >> Hello Anthony, >> >> Thank you very much for submitting this patch and welcome to the list. >> >> I understand that it is easier to track any changes in the directory, >> but I don’t quite understand why the logic had to be changed that the >> changes will be applied at the end only. >> >> Is this just to avoid that multiple updates happen one after the other >> or what are you trying to achieve? >> >> -Michael >> >>> On 22 Mar 2022, at 03:47, Anthony Heading <ajrh@ajrh.net> wrote: >>> >>> Switch from inotify watching individual files to monitoring the >>> containing directories, as because dhcpd renames its leases file into a >>> backup, monitoring the single inode does not work well. Additionally, >>> python appears to have a bug with replacing expired inotify watches on >>> single files. >>> --- >>> unbound-dhcp-leases-bridge | 47 +++++++++++++++++++++++++------------- >>> 1 file changed, 31 insertions(+), 16 deletions(-) >>> >>> diff --git unbound-dhcp-leases-bridge unbound-dhcp-leases-bridge >>> index a2df5f1..6e22066 100644 >>> --- unbound-dhcp-leases-bridge >>> +++ unbound-dhcp-leases-bridge >>> @@ -72,6 +72,15 @@ class UnboundDHCPLeasesBridge(object): >>> self.fix_leases_file = fix_leases_file >>> self.hosts_file = hosts_file >>> >>> + # base mask for a completed file change >>> + mask = inotify.constants.IN_CLOSE_WRITE | inotify.constants.IN_MOVED_TO >>> + # IN_MODIFY since dhcpd appends lease updates to an open file >>> + self.watches = { >>> + self.leases_file: mask | inotify.constants.IN_MODIFY, >>> + self.fix_leases_file: mask, >>> + self.hosts_file: mask >>> + } >>> + >>> self.unbound = UnboundConfigWriter(unbound_leases_file) >>> self.running = False >>> >>> @@ -80,36 +89,42 @@ class UnboundDHCPLeasesBridge(object): >>> self.running = True >>> >>> # Initial setup >>> - self.hosts = self.read_static_hosts() >>> - self.update_dhcp_leases() >>> + update_hosts = True >>> + update_leases = True >>> + >>> + i = inotify.adapters.Inotify() >>> >>> - i = inotify.adapters.Inotify([ >>> - self.leases_file, >>> - self.fix_leases_file, >>> - self.hosts_file, >>> - ]) >>> + for f in self.watches: >>> + i.add_watch(os.path.dirname(f), self.watches[f]) >>> >>> for event in i.event_gen(): >>> # End if we are requested to terminate >>> if not self.running: >>> break >>> >>> + # Make pending updates once inotify queue is empty >>> if event is None: >>> + if update_hosts: >>> + self.hosts = self.read_static_hosts() >>> + update_hosts = False >>> + if update_leases: >>> + self.update_dhcp_leases() >>> + update_leases = False >>> continue >>> >>> header, type_names, watch_path, filename = event >>> >>> - # Update leases after leases file has been modified >>> - if "IN_MODIFY" in type_names: >>> - # Reload hosts >>> - if watch_path == self.hosts_file: >>> - self.hosts = self.read_static_hosts() >>> + file = os.path.join(watch_path, filename) >>> + >>> + if not file in self.watches: >>> + continue >>> + >>> + log.debug("Inotify %s: %s", file, " ".join(type_names)) >>> >>> - self.update_dhcp_leases() >>> + update_leases = True >>> >>> - # If the file is deleted, we re-add the watcher >>> - if "IN_IGNORED" in type_names: >>> - i.add_watch(watch_path) >>> + if file == self.hosts_file: >>> + update_hosts = True >>> >>> log.info("Unbound DHCP Leases Bridge terminated") >>> >>> -- >>> 2.34.1 >>>
Please see the patch set that I just posted which is strongly based on your patches, but incorporates a couple of new changes, too. Let me know if this looks good to you. Best, -Michael > On 29 Mar 2022, at 10:39, Michael Tremer <michael.tremer@ipfire.org> wrote: > > Hello, > >> On 28 Mar 2022, at 20:55, Anthony Heading <ajrh@ajrh.net> wrote: >> >> Hello Michael, >> >> That was exactly it, just sidestepping an intuitive race with dhcpd writing. Somewhat hypothetical why that would happen, e.g. clustered updates for multiple NICs or whatever similar non-atomicity, but it was easy to express that way, put the update logic in one place (including the initial one at startup), and made the event timestamps sequences a little easier to follow when it wasn't clear why the updates were getting lost at all. I thought the boolean variables helped document the admittedly simple logic too. But none of that is critical. > > Okay. Thank you for the explanation. > > I will take this into account, but I will add some more changes, since we are performing a reload every time something changes which is causing a lot of load on busy systems. > > Reloading this all multiple times a second isn’t a good idea. We should rather reload and then wait at least 5 seconds and then reload again if we had another inotify event. > > This is probably slightly unrelated with your patch, but since we are already on it, I would like to have those changes implemented now. > > I will get back to the list with those changes and submit them for review. > > Best, > -Michael > >> >> A >> >> On Mon, Mar 28, 2022, at 1:00 PM, Michael Tremer wrote: >>> Hello Anthony, >>> >>> Thank you very much for submitting this patch and welcome to the list. >>> >>> I understand that it is easier to track any changes in the directory, >>> but I don’t quite understand why the logic had to be changed that the >>> changes will be applied at the end only. >>> >>> Is this just to avoid that multiple updates happen one after the other >>> or what are you trying to achieve? >>> >>> -Michael >>> >>>> On 22 Mar 2022, at 03:47, Anthony Heading <ajrh@ajrh.net> wrote: >>>> >>>> Switch from inotify watching individual files to monitoring the >>>> containing directories, as because dhcpd renames its leases file into a >>>> backup, monitoring the single inode does not work well. Additionally, >>>> python appears to have a bug with replacing expired inotify watches on >>>> single files. >>>> --- >>>> unbound-dhcp-leases-bridge | 47 +++++++++++++++++++++++++------------- >>>> 1 file changed, 31 insertions(+), 16 deletions(-) >>>> >>>> diff --git unbound-dhcp-leases-bridge unbound-dhcp-leases-bridge >>>> index a2df5f1..6e22066 100644 >>>> --- unbound-dhcp-leases-bridge >>>> +++ unbound-dhcp-leases-bridge >>>> @@ -72,6 +72,15 @@ class UnboundDHCPLeasesBridge(object): >>>> self.fix_leases_file = fix_leases_file >>>> self.hosts_file = hosts_file >>>> >>>> + # base mask for a completed file change >>>> + mask = inotify.constants.IN_CLOSE_WRITE | inotify.constants.IN_MOVED_TO >>>> + # IN_MODIFY since dhcpd appends lease updates to an open file >>>> + self.watches = { >>>> + self.leases_file: mask | inotify.constants.IN_MODIFY, >>>> + self.fix_leases_file: mask, >>>> + self.hosts_file: mask >>>> + } >>>> + >>>> self.unbound = UnboundConfigWriter(unbound_leases_file) >>>> self.running = False >>>> >>>> @@ -80,36 +89,42 @@ class UnboundDHCPLeasesBridge(object): >>>> self.running = True >>>> >>>> # Initial setup >>>> - self.hosts = self.read_static_hosts() >>>> - self.update_dhcp_leases() >>>> + update_hosts = True >>>> + update_leases = True >>>> + >>>> + i = inotify.adapters.Inotify() >>>> >>>> - i = inotify.adapters.Inotify([ >>>> - self.leases_file, >>>> - self.fix_leases_file, >>>> - self.hosts_file, >>>> - ]) >>>> + for f in self.watches: >>>> + i.add_watch(os.path.dirname(f), self.watches[f]) >>>> >>>> for event in i.event_gen(): >>>> # End if we are requested to terminate >>>> if not self.running: >>>> break >>>> >>>> + # Make pending updates once inotify queue is empty >>>> if event is None: >>>> + if update_hosts: >>>> + self.hosts = self.read_static_hosts() >>>> + update_hosts = False >>>> + if update_leases: >>>> + self.update_dhcp_leases() >>>> + update_leases = False >>>> continue >>>> >>>> header, type_names, watch_path, filename = event >>>> >>>> - # Update leases after leases file has been modified >>>> - if "IN_MODIFY" in type_names: >>>> - # Reload hosts >>>> - if watch_path == self.hosts_file: >>>> - self.hosts = self.read_static_hosts() >>>> + file = os.path.join(watch_path, filename) >>>> + >>>> + if not file in self.watches: >>>> + continue >>>> + >>>> + log.debug("Inotify %s: %s", file, " ".join(type_names)) >>>> >>>> - self.update_dhcp_leases() >>>> + update_leases = True >>>> >>>> - # If the file is deleted, we re-add the watcher >>>> - if "IN_IGNORED" in type_names: >>>> - i.add_watch(watch_path) >>>> + if file == self.hosts_file: >>>> + update_hosts = True >>>> >>>> log.info("Unbound DHCP Leases Bridge terminated") >>>> >>>> -- >>>> 2.34.1 >>>> >
Michael, Looks great to me. Glad we're getting it fixed. Only very minor comments: 1) It looks like stderr is now left open even in daemon mode? I doubt it's connected to anything that would block, nor even that anything is actually written to stderr, but not sure if you intended it. 2) More generally, the bridge is somewhat taciturn in comparison to both dhcpd and unbound, I think a little more logging by default would be helpful for users looking at the syslog logs. Either adding a single '-v' to the init.d script, or perhaps you might want to rebalance it differently, but logging the DNS changes that are being made would be very useful I think, and that would not be heavy when compared to what dhcpd is already generating in syslog. Regards Anthony On Tue, Mar 29, 2022, at 7:35 AM, Michael Tremer wrote: > Please see the patch set that I just posted which is strongly based on > your patches, but incorporates a couple of new changes, too. > > Let me know if this looks good to you. > > Best, > -Michael > >> On 29 Mar 2022, at 10:39, Michael Tremer <michael.tremer@ipfire.org> wrote: >> >> Hello, >> >>> On 28 Mar 2022, at 20:55, Anthony Heading <ajrh@ajrh.net> wrote: >>> >>> Hello Michael, >>> >>> That was exactly it, just sidestepping an intuitive race with dhcpd writing. Somewhat hypothetical why that would happen, e.g. clustered updates for multiple NICs or whatever similar non-atomicity, but it was easy to express that way, put the update logic in one place (including the initial one at startup), and made the event timestamps sequences a little easier to follow when it wasn't clear why the updates were getting lost at all. I thought the boolean variables helped document the admittedly simple logic too. But none of that is critical. >> >> Okay. Thank you for the explanation. >> >> I will take this into account, but I will add some more changes, since we are performing a reload every time something changes which is causing a lot of load on busy systems. >> >> Reloading this all multiple times a second isn’t a good idea. We should rather reload and then wait at least 5 seconds and then reload again if we had another inotify event. >> >> This is probably slightly unrelated with your patch, but since we are already on it, I would like to have those changes implemented now. >> >> I will get back to the list with those changes and submit them for review. >> >> Best, >> -Michael >> >>> >>> A >>> >>> On Mon, Mar 28, 2022, at 1:00 PM, Michael Tremer wrote: >>>> Hello Anthony, >>>> >>>> Thank you very much for submitting this patch and welcome to the list. >>>> >>>> I understand that it is easier to track any changes in the directory, >>>> but I don’t quite understand why the logic had to be changed that the >>>> changes will be applied at the end only. >>>> >>>> Is this just to avoid that multiple updates happen one after the other >>>> or what are you trying to achieve? >>>> >>>> -Michael >>>> >>>>> On 22 Mar 2022, at 03:47, Anthony Heading <ajrh@ajrh.net> wrote: >>>>> >>>>> Switch from inotify watching individual files to monitoring the >>>>> containing directories, as because dhcpd renames its leases file into a >>>>> backup, monitoring the single inode does not work well. Additionally, >>>>> python appears to have a bug with replacing expired inotify watches on >>>>> single files. >>>>> --- >>>>> unbound-dhcp-leases-bridge | 47 +++++++++++++++++++++++++------------- >>>>> 1 file changed, 31 insertions(+), 16 deletions(-) >>>>> >>>>> diff --git unbound-dhcp-leases-bridge unbound-dhcp-leases-bridge >>>>> index a2df5f1..6e22066 100644 >>>>> --- unbound-dhcp-leases-bridge >>>>> +++ unbound-dhcp-leases-bridge >>>>> @@ -72,6 +72,15 @@ class UnboundDHCPLeasesBridge(object): >>>>> self.fix_leases_file = fix_leases_file >>>>> self.hosts_file = hosts_file >>>>> >>>>> + # base mask for a completed file change >>>>> + mask = inotify.constants.IN_CLOSE_WRITE | inotify.constants.IN_MOVED_TO >>>>> + # IN_MODIFY since dhcpd appends lease updates to an open file >>>>> + self.watches = { >>>>> + self.leases_file: mask | inotify.constants.IN_MODIFY, >>>>> + self.fix_leases_file: mask, >>>>> + self.hosts_file: mask >>>>> + } >>>>> + >>>>> self.unbound = UnboundConfigWriter(unbound_leases_file) >>>>> self.running = False >>>>> >>>>> @@ -80,36 +89,42 @@ class UnboundDHCPLeasesBridge(object): >>>>> self.running = True >>>>> >>>>> # Initial setup >>>>> - self.hosts = self.read_static_hosts() >>>>> - self.update_dhcp_leases() >>>>> + update_hosts = True >>>>> + update_leases = True >>>>> + >>>>> + i = inotify.adapters.Inotify() >>>>> >>>>> - i = inotify.adapters.Inotify([ >>>>> - self.leases_file, >>>>> - self.fix_leases_file, >>>>> - self.hosts_file, >>>>> - ]) >>>>> + for f in self.watches: >>>>> + i.add_watch(os.path.dirname(f), self.watches[f]) >>>>> >>>>> for event in i.event_gen(): >>>>> # End if we are requested to terminate >>>>> if not self.running: >>>>> break >>>>> >>>>> + # Make pending updates once inotify queue is empty >>>>> if event is None: >>>>> + if update_hosts: >>>>> + self.hosts = self.read_static_hosts() >>>>> + update_hosts = False >>>>> + if update_leases: >>>>> + self.update_dhcp_leases() >>>>> + update_leases = False >>>>> continue >>>>> >>>>> header, type_names, watch_path, filename = event >>>>> >>>>> - # Update leases after leases file has been modified >>>>> - if "IN_MODIFY" in type_names: >>>>> - # Reload hosts >>>>> - if watch_path == self.hosts_file: >>>>> - self.hosts = self.read_static_hosts() >>>>> + file = os.path.join(watch_path, filename) >>>>> + >>>>> + if not file in self.watches: >>>>> + continue >>>>> + >>>>> + log.debug("Inotify %s: %s", file, " ".join(type_names)) >>>>> >>>>> - self.update_dhcp_leases() >>>>> + update_leases = True >>>>> >>>>> - # If the file is deleted, we re-add the watcher >>>>> - if "IN_IGNORED" in type_names: >>>>> - i.add_watch(watch_path) >>>>> + if file == self.hosts_file: >>>>> + update_hosts = True >>>>> >>>>> log.info("Unbound DHCP Leases Bridge terminated") >>>>> >>>>> -- >>>>> 2.34.1 >>>>> >>
Hello, > On 30 Mar 2022, at 04:30, Anthony Heading <ajrh@ajrh.net> wrote: > > Michael, > > Looks great to me. Glad we're getting it fixed. Only very minor comments: > > 1) It looks like stderr is now left open even in daemon mode? I doubt it's connected to anything that would block, nor even that anything is actually written to stderr, but not sure if you intended it. Yeah, I couldn’t merge your patch straight away and so I carried over the change manually. Since I am not entirely sure what all the daemon stuff is doing there, I thought that it would be enough to do what I did. I will look into it again and fix this. Thank you for pointing this out. > 2) More generally, the bridge is somewhat taciturn in comparison to both dhcpd and unbound, I think a little more logging by default would be helpful for users looking at the syslog logs. Either adding a single '-v' to the init.d script, or perhaps you might want to rebalance it differently, but logging the DNS changes that are being made would be very useful I think, and that would not be heavy when compared to what dhcpd is already generating in syslog. Getting logging right is one of the hardest thing in software development I think. There is normally way too much logging or way too little. Balancing it exactly right is quite impossible for the developer, because they think about the program differently. I probably care about different things when writing software than a user. I suppose changing the default log level doesn’t hurt anyone, and I suppose logging what you said into the syslog isn’t a bad idea. But is it needed during regular operation? No, because it should just work. We don’t want to clutter the logs with unnecessary stuff (there is already way too much in there that makes it impossible to follow it). I will have a look as well what I can change. Best, -Michael > Regards > > Anthony > > On Tue, Mar 29, 2022, at 7:35 AM, Michael Tremer wrote: >> Please see the patch set that I just posted which is strongly based on >> your patches, but incorporates a couple of new changes, too. >> >> Let me know if this looks good to you. >> >> Best, >> -Michael >> >>> On 29 Mar 2022, at 10:39, Michael Tremer <michael.tremer@ipfire.org> wrote: >>> >>> Hello, >>> >>>> On 28 Mar 2022, at 20:55, Anthony Heading <ajrh@ajrh.net> wrote: >>>> >>>> Hello Michael, >>>> >>>> That was exactly it, just sidestepping an intuitive race with dhcpd writing. Somewhat hypothetical why that would happen, e.g. clustered updates for multiple NICs or whatever similar non-atomicity, but it was easy to express that way, put the update logic in one place (including the initial one at startup), and made the event timestamps sequences a little easier to follow when it wasn't clear why the updates were getting lost at all. I thought the boolean variables helped document the admittedly simple logic too. But none of that is critical. >>> >>> Okay. Thank you for the explanation. >>> >>> I will take this into account, but I will add some more changes, since we are performing a reload every time something changes which is causing a lot of load on busy systems. >>> >>> Reloading this all multiple times a second isn’t a good idea. We should rather reload and then wait at least 5 seconds and then reload again if we had another inotify event. >>> >>> This is probably slightly unrelated with your patch, but since we are already on it, I would like to have those changes implemented now. >>> >>> I will get back to the list with those changes and submit them for review. >>> >>> Best, >>> -Michael >>> >>>> >>>> A >>>> >>>> On Mon, Mar 28, 2022, at 1:00 PM, Michael Tremer wrote: >>>>> Hello Anthony, >>>>> >>>>> Thank you very much for submitting this patch and welcome to the list. >>>>> >>>>> I understand that it is easier to track any changes in the directory, >>>>> but I don’t quite understand why the logic had to be changed that the >>>>> changes will be applied at the end only. >>>>> >>>>> Is this just to avoid that multiple updates happen one after the other >>>>> or what are you trying to achieve? >>>>> >>>>> -Michael >>>>> >>>>>> On 22 Mar 2022, at 03:47, Anthony Heading <ajrh@ajrh.net> wrote: >>>>>> >>>>>> Switch from inotify watching individual files to monitoring the >>>>>> containing directories, as because dhcpd renames its leases file into a >>>>>> backup, monitoring the single inode does not work well. Additionally, >>>>>> python appears to have a bug with replacing expired inotify watches on >>>>>> single files. >>>>>> --- >>>>>> unbound-dhcp-leases-bridge | 47 +++++++++++++++++++++++++------------- >>>>>> 1 file changed, 31 insertions(+), 16 deletions(-) >>>>>> >>>>>> diff --git unbound-dhcp-leases-bridge unbound-dhcp-leases-bridge >>>>>> index a2df5f1..6e22066 100644 >>>>>> --- unbound-dhcp-leases-bridge >>>>>> +++ unbound-dhcp-leases-bridge >>>>>> @@ -72,6 +72,15 @@ class UnboundDHCPLeasesBridge(object): >>>>>> self.fix_leases_file = fix_leases_file >>>>>> self.hosts_file = hosts_file >>>>>> >>>>>> + # base mask for a completed file change >>>>>> + mask = inotify.constants.IN_CLOSE_WRITE | inotify.constants.IN_MOVED_TO >>>>>> + # IN_MODIFY since dhcpd appends lease updates to an open file >>>>>> + self.watches = { >>>>>> + self.leases_file: mask | inotify.constants.IN_MODIFY, >>>>>> + self.fix_leases_file: mask, >>>>>> + self.hosts_file: mask >>>>>> + } >>>>>> + >>>>>> self.unbound = UnboundConfigWriter(unbound_leases_file) >>>>>> self.running = False >>>>>> >>>>>> @@ -80,36 +89,42 @@ class UnboundDHCPLeasesBridge(object): >>>>>> self.running = True >>>>>> >>>>>> # Initial setup >>>>>> - self.hosts = self.read_static_hosts() >>>>>> - self.update_dhcp_leases() >>>>>> + update_hosts = True >>>>>> + update_leases = True >>>>>> + >>>>>> + i = inotify.adapters.Inotify() >>>>>> >>>>>> - i = inotify.adapters.Inotify([ >>>>>> - self.leases_file, >>>>>> - self.fix_leases_file, >>>>>> - self.hosts_file, >>>>>> - ]) >>>>>> + for f in self.watches: >>>>>> + i.add_watch(os.path.dirname(f), self.watches[f]) >>>>>> >>>>>> for event in i.event_gen(): >>>>>> # End if we are requested to terminate >>>>>> if not self.running: >>>>>> break >>>>>> >>>>>> + # Make pending updates once inotify queue is empty >>>>>> if event is None: >>>>>> + if update_hosts: >>>>>> + self.hosts = self.read_static_hosts() >>>>>> + update_hosts = False >>>>>> + if update_leases: >>>>>> + self.update_dhcp_leases() >>>>>> + update_leases = False >>>>>> continue >>>>>> >>>>>> header, type_names, watch_path, filename = event >>>>>> >>>>>> - # Update leases after leases file has been modified >>>>>> - if "IN_MODIFY" in type_names: >>>>>> - # Reload hosts >>>>>> - if watch_path == self.hosts_file: >>>>>> - self.hosts = self.read_static_hosts() >>>>>> + file = os.path.join(watch_path, filename) >>>>>> + >>>>>> + if not file in self.watches: >>>>>> + continue >>>>>> + >>>>>> + log.debug("Inotify %s: %s", file, " ".join(type_names)) >>>>>> >>>>>> - self.update_dhcp_leases() >>>>>> + update_leases = True >>>>>> >>>>>> - # If the file is deleted, we re-add the watcher >>>>>> - if "IN_IGNORED" in type_names: >>>>>> - i.add_watch(watch_path) >>>>>> + if file == self.hosts_file: >>>>>> + update_hosts = True >>>>>> >>>>>> log.info("Unbound DHCP Leases Bridge terminated") >>>>>> >>>>>> -- >>>>>> 2.34.1 >>>>>> >>>
diff --git unbound-dhcp-leases-bridge unbound-dhcp-leases-bridge index a2df5f1..6e22066 100644 --- unbound-dhcp-leases-bridge +++ unbound-dhcp-leases-bridge @@ -72,6 +72,15 @@ class UnboundDHCPLeasesBridge(object): self.fix_leases_file = fix_leases_file self.hosts_file = hosts_file + # base mask for a completed file change + mask = inotify.constants.IN_CLOSE_WRITE | inotify.constants.IN_MOVED_TO + # IN_MODIFY since dhcpd appends lease updates to an open file + self.watches = { + self.leases_file: mask | inotify.constants.IN_MODIFY, + self.fix_leases_file: mask, + self.hosts_file: mask + } + self.unbound = UnboundConfigWriter(unbound_leases_file) self.running = False @@ -80,36 +89,42 @@ class UnboundDHCPLeasesBridge(object): self.running = True # Initial setup - self.hosts = self.read_static_hosts() - self.update_dhcp_leases() + update_hosts = True + update_leases = True + + i = inotify.adapters.Inotify() - i = inotify.adapters.Inotify([ - self.leases_file, - self.fix_leases_file, - self.hosts_file, - ]) + for f in self.watches: + i.add_watch(os.path.dirname(f), self.watches[f]) for event in i.event_gen(): # End if we are requested to terminate if not self.running: break + # Make pending updates once inotify queue is empty if event is None: + if update_hosts: + self.hosts = self.read_static_hosts() + update_hosts = False + if update_leases: + self.update_dhcp_leases() + update_leases = False continue header, type_names, watch_path, filename = event - # Update leases after leases file has been modified - if "IN_MODIFY" in type_names: - # Reload hosts - if watch_path == self.hosts_file: - self.hosts = self.read_static_hosts() + file = os.path.join(watch_path, filename) + + if not file in self.watches: + continue + + log.debug("Inotify %s: %s", file, " ".join(type_names)) - self.update_dhcp_leases() + update_leases = True - # If the file is deleted, we re-add the watcher - if "IN_IGNORED" in type_names: - i.add_watch(watch_path) + if file == self.hosts_file: + update_hosts = True log.info("Unbound DHCP Leases Bridge terminated")