bind: Use rndc to control the daemon #26675
Conversation
|
@kirelagin, thanks for your PR! By analyzing the history of the files in this pull request, we identified @edolstra, @peti and @MarcWeber to be potential reviewers. |
| ${pkgs.coreutils}/bin/mkdir -p /var/run/named | ||
| chown ${bindUser} /var/run/named | ||
| ''; | ||
|
|
||
| script = "${pkgs.bind.out}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f"; | ||
| script = "${pkgs.bind.out}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f"; | ||
| reload = "${pkgs.bind.out}/sbin/rndc -k '/etc/bind/rndc.key' reload"; |
There was a problem hiding this comment.
/etc/bind/rndc.key is nice to have for other reasons,
but for simplicity, I would use the following in the unit file:
serviceConfig.ExecReload="${coreutils}/bin/kill -HUP $MAINPID";
There was a problem hiding this comment.
man named says that
In routine operation, signals should not be used to control the nameserver; rndc should be used instead.
So, basically, signals will work, but they are not the right way of getting things done. As far as I understand the plan is to get rid of signals eventually (which is impossible, of course).
| script = "${pkgs.bind.out}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f"; | ||
| script = "${pkgs.bind.out}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f"; | ||
| reload = "${pkgs.bind.out}/sbin/rndc -k '/etc/bind/rndc.key' reload"; | ||
| preStop = "${pkgs.bind.out}/sbin/rndc -k '/etc/bind/rndc.key' stop"; |
There was a problem hiding this comment.
What advantage do we get with this line? Is the SIGTERM signal not enough?
There was a problem hiding this comment.
Same thing. Doing things the right way.
There was a problem hiding this comment.
Then it should be serviceConfig.ExecStop
| ${pkgs.coreutils}/bin/mkdir -p /var/run/named | ||
| chown ${bindUser} /var/run/named | ||
| ''; | ||
|
|
||
| script = "${pkgs.bind.out}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f"; | ||
| script = "${pkgs.bind.out}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f"; |
There was a problem hiding this comment.
This could be actually also rewritten as:
serviceConfig.ExecStart= "${pkgs.bind.out}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f"
The shell script wrapper does not provide any benefit here.
There was a problem hiding this comment.
Yes, I agree. I have no idea why so many services use script instead of ExecStart for single line commands. I just did not feel like I was the one to change that. But if you insist, I can :).
There was a problem hiding this comment.
Please do so. It is a left-over from the old upstart job.
|
Thanks! |
No description provided.