From d218af54a5284ff3508ad697176ee8167a0e3bd0 Mon Sep 17 00:00:00 2001 From: Adam Tkac Date: Jan 30 2012 15:59:01 +0000 Subject: retire initscript in favour of systemd unit files (#719419) Signed-off-by: Adam Tkac --- diff --git a/bind.spec b/bind.spec index c15f240..169ee76 100644 --- a/bind.spec +++ b/bind.spec @@ -22,7 +22,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.9.0 -Release: 0.5.%{PREVER}%{?dist} +Release: 0.6.%{PREVER}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -30,7 +30,6 @@ Group: System Environment/Daemons # Source: ftp://ftp.isc.org/isc/bind9/%{VERSION}/bind-%{VERSION}.tar.gz Source1: named.sysconfig -Source2: named.init Source3: named.logrotate Source4: named.NetworkManager Source7: bind-9.3.1rc1-sdb_tools-Makefile.in @@ -45,6 +44,11 @@ Source33: zonetodb.1 Source34: zone2sqlite.1 Source35: bind.tmpfiles.d Source36: trusted-key.key +Source37: named.service +Source38: named-chroot.service +Source39: named-sdb.service +Source40: named-sdb-chroot.service +Source41: setup-named-chroot.sh # Common patches Patch5: bind-nonexec.patch @@ -90,9 +94,8 @@ Patch94: bind95-rh461409.patch # Requires: coreutils Requires: systemd-units -Requires(post): grep, chkconfig +Requires(post): grep Requires(pre): shadow-utils -Requires(preun):chkconfig Requires: bind-libs = %{epoch}:%{version}-%{release} Obsoletes: bind-config < 30:9.3.2-34.fc6 Provides: bind-config = 30:9.3.2-34.fc6 @@ -102,6 +105,7 @@ Obsoletes: dnssec-conf < 1.27-2 Provides: dnssec-conf = 1.27-1 BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel BuildRequires: libidn-devel, libxml2-devel +BuildRequires: systemd-units %if %{SDB} BuildRequires: openldap-devel, postgresql-devel, sqlite-devel, mysql-devel %endif @@ -112,6 +116,7 @@ BuildRequires: net-tools BuildRequires: krb5-devel %endif + %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), @@ -137,6 +142,7 @@ will have a label of "zone,zsk|ksk,xxx" and an id of the keytag in hex. Summary: BIND server with database backends and DLZ support Group: System Environment/Daemons Requires: bind +Requires: systemd-units %description sdb BIND (Berkeley Internet Name Domain) is an implementation of the DNS @@ -220,6 +226,7 @@ Prefix: %{chroot_prefix} Requires(post): grep Requires(preun):grep Requires: bind = %{epoch}:%{version}-%{release} +Requires: systemd-units %description chroot This package contains a tree of files which can be used as a @@ -375,7 +382,7 @@ rm -rf ${RPM_BUILD_ROOT} gzip -9 doc/rfc/* # Build directory hierarchy -mkdir -p ${RPM_BUILD_ROOT}/etc/{rc.d/init.d,logrotate.d,NetworkManager/dispatcher.d} +mkdir -p ${RPM_BUILD_ROOT}/etc/{logrotate.d,NetworkManager/dispatcher.d} mkdir -p ${RPM_BUILD_ROOT}%{_libdir}/bind mkdir -p ${RPM_BUILD_ROOT}/var/named/{slaves,data,dynamic} mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/{man1,man5,man8} @@ -402,7 +409,16 @@ make DESTDIR=${RPM_BUILD_ROOT} install # Remove unwanted files rm -f ${RPM_BUILD_ROOT}/etc/bind.keys -install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}/etc/rc.d/init.d/named +# Systemd unit files +mkdir -p ${RPM_BUILD_ROOT}%{_unitdir} +install -m 644 %{SOURCE37} ${RPM_BUILD_ROOT}%{_unitdir} +install -m 644 %{SOURCE38} ${RPM_BUILD_ROOT}%{_unitdir} +install -m 644 %{SOURCE39} ${RPM_BUILD_ROOT}%{_unitdir} +install -m 644 %{SOURCE40} ${RPM_BUILD_ROOT}%{_unitdir} + +mkdir -p ${RPM_BUILD_ROOT}%{_libexecdir} +install -m 755 %{SOURCE41} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh + install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/etc/logrotate.d/named install -m 755 %SOURCE4 ${RPM_BUILD_ROOT}/etc/NetworkManager/dispatcher.d/13-named mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig @@ -474,8 +490,9 @@ fi; %post /sbin/ldconfig -/sbin/chkconfig --add named if [ "$1" -eq 1 ]; then + # Initial installation + /bin/systemctl daemon-reload > /dev/null 2>&1 || : if [ ! -e /etc/rndc.key ]; then /usr/sbin/rndc-confgen -a > /dev/null 2>&1 fi @@ -487,25 +504,42 @@ fi :; %preun -if [ "$1" -eq 0 ]; then - /sbin/service named stop >/dev/null 2>&1 || :; - /sbin/chkconfig --del named || :; -fi; +if [ "$1" -eq 0 ] ; then + # Package removal, not upgrade + /bin/systemctl --no-reload disable named.service > /dev/null 2>&1 || : + /bin/systemctl stop named.service > /dev/null 2>&1 || : +fi :; %postun /sbin/ldconfig -if [ "$1" -ge 1 ]; then - /sbin/service named try-restart >/dev/null 2>&1 || :; -fi; +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ "$1" -ge 1 ] ; then + # Package upgrade, not uninstall + /bin/systemctl try-restart named.service >/dev/null 2>&1 || : +fi :; %if %{SDB} %post sdb -/sbin/service named try-restart > /dev/null 2>&1 || :; +if [ "$1" -eq 1 ] ; then + # Initial installation + /bin/systemctl daemon-reload >/dev/null 2>&1 || : +fi + +%preun sdb +if [ $1 -eq 0 ] ; then + # Package removal, not upgrade + /bin/systemctl --no-reload disable named-sdb.service > /dev/null 2>&1 || : + /bin/systemctl stop named-sdb.service > /dev/null 2>&1 || : +fi %postun sdb -/sbin/service named try-restart > /dev/null 2>&1 || :; +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ $1 -ge 1 ] ; then + # Package upgrade, not uninstall + /bin/systemctl try-restart named-sdb.service >/dev/null 2>&1 || : +fi %endif %triggerpostun -n bind -- bind <= 32:9.5.0-20.b1 @@ -515,6 +549,10 @@ if [ "$1" -gt 0 ]; then fi :; +%triggerun -- bind < bind-9.9.0-0.6.rc1 +/sbin/chkconfig --del named >/dev/null 2>&1 || : +/bin/systemctl try-restart named.service >/dev/null 2>&1 || : + %post libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig @@ -524,39 +562,6 @@ fi %postun libs-lite /sbin/ldconfig -# Automatically update configuration from "dnssec-conf-based" to "BIND-based" -%triggerpostun -n bind -- dnssec-conf -if [ -r '/etc/named.conf' ]; then -cp -fp /etc/named.conf /etc/named.conf.rpmsave -if grep -Eq '/etc/(named.dnssec.keys|pki/dnssec-keys)' /etc/named.conf; then - if grep -q 'dlv.isc.org.conf' /etc/named.conf; then - # DLV is configured, reconfigure it to new configuration - sed -i -e 's/.*dnssec-lookaside.*dlv\.isc\.org\..*/dnssec-lookaside auto;\ -bindkeys-file "\/etc\/named.iscdlv.key";\ -managed-keys-directory "\/var\/named\/dynamic";/' /etc/named.conf - fi - sed -i -e '/.*named\.dnssec\.keys.*/d' -e '/.*pki\/dnssec-keys.*/d' \ - /etc/named.conf - /sbin/service named try-restart > /dev/null 2>&1 || :; -fi -fi - -# Ditto for chroot -if [ -r '/var/named/chroot/etc/named.conf' ]; then -cp -fp /var/named/chroot/etc/named.conf /var/named/chroot/etc/named.conf.rpmsave -if grep -Eq '/etc/(named.dnssec.keys|pki/dnssec-keys)' /var/named/chroot/etc/named.conf; then - if grep -q 'dlv.isc.org.conf' /var/named/chroot/etc/named.conf; then - # DLV is configured, reconfigure it to new configuration - sed -i -e 's/.*dnssec-lookaside.*dlv\.isc\.org\..*/dnssec-lookaside auto;\ -bindkeys-file "\/etc\/named.iscdlv.key";\ -managed-keys-directory "\/var\/named\/dynamic";/' /var/named/chroot/etc/named.conf - fi - sed -i -e '/.*named\.dnssec\.keys.*/d' -e '/.*pki\/dnssec-keys.*/d' \ - /var/named/chroot/etc/named.conf - /sbin/service named try-restart > /dev/null 2>&1 || :; -fi -fi - %post chroot if [ "$1" -gt 0 ]; then [ -e %{chroot_prefix}/dev/random ] || \ @@ -567,10 +572,7 @@ if [ "$1" -gt 0 ]; then /bin/mknod %{chroot_prefix}/dev/null c 1 3 rm -f %{chroot_prefix}/etc/localtime cp /etc/localtime %{chroot_prefix}/etc/localtime - if ! grep -q '^ROOTDIR=' /etc/sysconfig/named; then - echo 'ROOTDIR=/var/named/chroot' >> /etc/sysconfig/named - /sbin/service named try-restart > /dev/null 2>&1 || :; - fi + /bin/systemctl daemon-reload >/dev/null 2>&1 || : fi; :; @@ -582,22 +584,25 @@ fi; %preun chroot if [ "$1" -eq 0 ]; then + # Package removal, not upgrade + /bin/systemctl --no-reload disable named-chroot.service > /dev/null 2>&1 || : + /bin/systemctl --no-reload disable named-sdb-chroot.service > /dev/null 2>&1 || : + /bin/systemctl stop named-chroot.service > /dev/null 2>&1 || : + /bin/systemctl stop named-sdb-chroot.service > /dev/null 2>&1 || : rm -f %{chroot_prefix}/dev/{random,zero,null} rm -f %{chroot_prefix}/etc/localtime - if grep -q '^ROOTDIR=' /etc/sysconfig/named; then - # NOTE: Do NOT call `service named try-restart` because chroot - # files will remain mounted. - START=no - [ -e /var/lock/subsys/named ] && START=yes - /sbin/service named stop > /dev/null 2>&1 || :; - sed -i -e '/^ROOTDIR=.*/d' /etc/sysconfig/named - if [ "x$START" = xyes ]; then - /sbin/service named start > /dev/null 2>&1 || :; - fi - fi fi :; +%postun chroot +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ $1 -ge 1 ] ; then + # Package upgrade, not uninstall + /bin/systemctl try-restart named-chroot.service >/dev/null 2>&1 || : + /bin/systemctl try-restart named-sdb-chroot.service >/dev/null 2>&1 || : +fi +;; + %clean rm -rf ${RPM_BUILD_ROOT} :; @@ -609,7 +614,7 @@ rm -rf ${RPM_BUILD_ROOT} %config(noreplace) %attr(0644,root,named) %{_sysconfdir}/named.iscdlv.key %config(noreplace) %attr(0644,root,named) %{_sysconfdir}/named.root.key %{_sysconfdir}/tmpfiles.d/named.conf -%{_sysconfdir}/rc.d/init.d/named +%{_unitdir}/named.service %{_sysconfdir}/NetworkManager/dispatcher.d/13-named %{_sbindir}/arpaname %{_sbindir}/ddns-confgen @@ -674,6 +679,7 @@ rm -rf ${RPM_BUILD_ROOT} %if %{SDB} %files sdb %defattr(-,root,root,-) +%{_unitdir}/named-sdb.service %{_mandir}/man1/zone2ldap.1* %{_mandir}/man1/ldap2zone.1* %{_mandir}/man1/zonetodb.1* @@ -736,6 +742,9 @@ rm -rf ${RPM_BUILD_ROOT} %files chroot %defattr(-,root,root,-) +%{_unitdir}/named-chroot.service +%{_unitdir}/named-sdb-chroot.service +%{_libexecdir}/setup-named-chroot.sh %ghost %{chroot_prefix}/dev/null %ghost %{chroot_prefix}/dev/random %ghost %{chroot_prefix}/dev/zero @@ -767,6 +776,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif %changelog +* Mon Jan 30 2012 Adam Tkac 32:9.9.0-0.6.rc1 +- retire initscript in favour of systemd unit files (#719419) + * Thu Jan 12 2012 Adam Tkac 32:9.9.0-0.5.rc1 - update to 9.9.0rc1 diff --git a/named-chroot.service b/named-chroot.service new file mode 100644 index 0000000..193fc1f --- /dev/null +++ b/named-chroot.service @@ -0,0 +1,30 @@ +# Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log" +# line to your /etc/rsyslog.conf file. Otherwise your logging becomes +# broken when rsyslogd daemon is restarted (due update, for example). + +[Unit] +Description=Berkeley Internet Name Domain (DNS) +Wants=nss-lookup.target +Before=nss-lookup.target +After=network.target + +[Service] +Type=forking +EnvironmentFile=-/etc/sysconfig/named +Environment=KRB5_KTNAME=/etc/named.keytab +PIDFile=/var/named/chroot/var/run/named/named.pid + +ExecStartPre=/usr/libexec/setup-named-chroot.sh /var/named/chroot on +ExecStartPre=/usr/sbin/named-checkconf -t /var/named/chroot -z /etc/named.conf +ExecStart=/usr/sbin/named -u named -t /var/named/chroot $OPTIONS + +ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID' + +ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID' +ExecStopPost=/usr/libexec/setup-named-chroot.sh /var/named/chroot off + +PrivateTmp=true +TimeoutSec=25 + +[Install] +WantedBy=multi-user.target diff --git a/named-sdb-chroot.service b/named-sdb-chroot.service new file mode 100644 index 0000000..85cd10c --- /dev/null +++ b/named-sdb-chroot.service @@ -0,0 +1,30 @@ +# Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log" +# line to your /etc/rsyslog.conf file. Otherwise your logging becomes +# broken when rsyslogd daemon is restarted (due update, for example). + +[Unit] +Description=Berkeley Internet Name Domain (DNS) +Wants=nss-lookup.target +Before=nss-lookup.target +After=network.target + +[Service] +Type=forking +EnvironmentFile=-/etc/sysconfig/named +Environment=KRB5_KTNAME=/etc/named.keytab +PIDFile=/var/named/chroot/var/run/named/named.pid + +ExecStartPre=/usr/libexec/setup-named-chroot.sh /var/named/chroot on +ExecStartPre=/usr/sbin/named-checkconf -t /var/named/chroot -z /etc/named.conf +ExecStart=/usr/sbin/named-sdb -u named -t /var/named/chroot $OPTIONS + +ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID' + +ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID' +ExecStopPost=/usr/libexec/setup-named-chroot.sh /var/named/chroot off + +PrivateTmp=true +TimeoutSec=25 + +[Install] +WantedBy=multi-user.target diff --git a/named-sdb.service b/named-sdb.service new file mode 100644 index 0000000..dd9cc0e --- /dev/null +++ b/named-sdb.service @@ -0,0 +1,24 @@ +[Unit] +Description=Berkeley Internet Name Domain (DNS) +Wants=nss-lookup.target +Before=nss-lookup.target +After=network.target + +[Service] +Type=forking +EnvironmentFile=-/etc/sysconfig/named +Environment=KRB5_KTNAME=/etc/named.keytab +PIDFile=/var/run/named/named.pid + +ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf +ExecStart=/usr/sbin/named-sdb -u named $OPTIONS + +ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID' + +ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID' + +PrivateTmp=true +TimeoutSec=25 + +[Install] +WantedBy=multi-user.target diff --git a/named.NetworkManager b/named.NetworkManager index bd9a588..d0be54c 100644 --- a/named.NetworkManager +++ b/named.NetworkManager @@ -1,6 +1,8 @@ #!/bin/bash -# Check if named is running -/sbin/service named status > /dev/null 2>&1 || exit 0 - -[ "$2" = 'up' -o "$2" = 'down' ] && /sbin/service named reload +if [ "$2" = 'up' -o "$2" = 'down' ]; then + /sbin/systemctl reload named.service > /dev/null 2>&1 || true + /sbin/systemctl reload named-chroot.service > /dev/null 2>&1 || true + /sbin/systemctl reload named-sdb.service > /dev/null 2>&1 || true + /sbin/systemctl reload named-sdb-chroot.service > /dev/null 2>&1 || true +fi diff --git a/named.init b/named.init deleted file mode 100755 index cd0504d..0000000 --- a/named.init +++ /dev/null @@ -1,291 +0,0 @@ -#!/bin/bash -# -# named This shell script takes care of starting and stopping -# named (BIND DNS server). -# -# chkconfig: - 13 87 -# description: named (BIND) is a Domain Name Server (DNS) \ -# that is used to resolve host names to IP addresses. -# probe: true - -### BEGIN INIT INFO -# Provides: $named -# Required-Start: $local_fs $network $syslog -# Required-Stop: $local_fs $network $syslog -# Default-Start: -# Default-Stop: 0 1 2 3 4 5 6 -# Short-Description: start|stop|status|restart|try-restart|reload|force-reload DNS server -# Description: control ISC BIND implementation of DNS server -### END INIT INFO - -# Source function library. -. /etc/rc.d/init.d/functions - -[ -r /etc/sysconfig/named ] && . /etc/sysconfig/named - -RETVAL=0 -export KRB5_KTNAME=${KEYTAB_FILE:-/etc/named.keytab} - -named='named' -if [ -x /usr/sbin/named-sdb ]; then - named='named-sdb' -fi - -# Don't kill named during clean-up -NAMED_SHUTDOWN_TIMEOUT=${NAMED_SHUTDOWN_TIMEOUT:-25} - -if [ -n "$ROOTDIR" ]; then - ROOTDIR=`echo $ROOTDIR | sed 's#//*#/#g;s#/$##'`; - rdl=`/usr/bin/readlink $ROOTDIR`; - if [ -n "$rdl" ]; then - ROOTDIR="$rdl"; - fi; -fi - -PIDFILE="/var/run/named/named.pid" - -ROOTDIR_MOUNT='/etc/named /etc/pki/dnssec-keys /var/named /etc/named.conf -/etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key -/usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /etc/named.root.key' - -mount_chroot_conf() -{ - if [ -n "$ROOTDIR" ]; then - for all in $ROOTDIR_MOUNT; do - # Skip nonexistant files - [ -e "$all" ] || continue - - # If mount source is a file - if ! [ -d "$all" ]; then - # mount it only if it is not present in chroot or it is empty - if ! [ -e "$ROOTDIR$all" ] || [ `stat -c'%s' "$ROOTDIR$all"` -eq 0 ]; then - touch "$ROOTDIR$all" - mount --bind "$all" "$ROOTDIR$all" - fi - else - # Mount source is a directory. Mount it only if directory in chroot is - # empty. - if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then - mount --bind "$all" "$ROOTDIR$all" - fi - fi - done - fi -} - -umount_chroot_conf() -{ - for all in $ROOTDIR_MOUNT; do - # Check if file is mount target. Do not use /proc/mounts because detecting - # of modified mounted files can fail. - if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then - umount "$ROOTDIR$all" - # Remove temporary created files - [ -f "$all" ] && rm -f "$ROOTDIR$all" - fi - done -} - -pidofnamed() { - pidofproc -p "$ROOTDIR/$PIDFILE" "$named"; -} - -# Check if all what named needs running -start() -{ - [ "$EUID" != "0" ] && exit 4 - - # Source networking configuration. - [ -r /etc/sysconfig/network ] && . /etc/sysconfig/network - - # Check that networking is up - [ "${NETWORKING}" = "no" ] && exit 1 - - - [ -x /usr/sbin/"$named" ] || exit 5 - - # Handle -c option - previous_option='unspecified'; - for a in $OPTIONS; do - if [ $previous_option = '-c' ]; then - named_conf=$a; - fi; - previous_option=$a; - done; - - named_conf=${named_conf:-/etc/named.conf}; - - mount_chroot_conf - - if [ ! -r $ROOTDIR$named_conf ]; then - echo 'Cannot find configuration file. You could create it by system-config-bind' - exit 6; - fi; - - # all pre-start is done, lets start named - echo -n $"Starting named: " - if [ -n "`pidofnamed`" ]; then - echo -n $"named: already running" - success - echo - exit 0; - fi; - - if ! [ "$DISABLE_ZONE_CHECKING" = yes ]; then - ckcf_options='-z'; # enable named-checkzone for each zone (9.3.1+) ! - fi; - - if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then - OPTIONS="${OPTIONS} -t ${ROOTDIR}" - ckcf_options="$ckcf_options -t ${ROOTDIR}"; - [ -s /etc/localtime ] && cp -fp /etc/localtime ${ROOTDIR}/etc/localtime; - fi - - RETVAL=0 - # check if configuration is correct - if [ -x /usr/sbin/named-checkconf ] && [ -x /usr/sbin/named-checkzone ] && /usr/sbin/named-checkconf $ckcf_options ${named_conf} >/dev/null 2>&1; then - - daemon --pidfile "$ROOTDIR/$PIDFILE" /usr/sbin/"$named" -u named ${OPTIONS}; - RETVAL=$? - if [ $RETVAL -eq 0 ]; then - rm -f /var/run/{named,named-sdb}.pid; - ln -s $ROOTDIR/"$PIDFILE" /var/run/"$named".pid; - fi; - - else - named_err="`/usr/sbin/named-checkconf $ckcf_options $named_conf 2>&1`"; - echo - echo "Error in named configuration:"; - echo "$named_err"; - failure - echo - [ -x /usr/bin/logger ] && echo "$named_err" | /usr/bin/logger -pdaemon.error -tnamed; - umount_chroot_conf - exit 2; - fi; - echo - if [ $RETVAL -eq 0 ]; then - touch /var/lock/subsys/named; - else - umount_chroot_conf - exit 7; - fi - return 0; -} - -stop() { - [ "$EUID" != "0" ] && exit 4 - - # Stop daemons. - echo -n $"Stopping named: " - [ -x /usr/sbin/rndc ] && /usr/sbin/rndc stop >/dev/null 2>&1; - RETVAL=$? - # was rndc successful? - [ "$RETVAL" -eq 0 ] || \ - killproc -p "$ROOTDIR/$PIDFILE" "$named" -TERM >/dev/null 2>&1 - - timeout=0 - RETVAL=0 - while pidofnamed >/dev/null; do - if [ $timeout -ge $NAMED_SHUTDOWN_TIMEOUT ]; then - RETVAL=1 - break - else - sleep 2 && echo -n "." - timeout=$((timeout+2)) - fi; - done - - umount_chroot_conf - - # remove pid files - if [ $RETVAL -eq 0 ]; then - rm -f /var/lock/subsys/named - rm -f /var/run/{named,named-sdb}.pid - fi; - - if [ $RETVAL -eq 0 ]; then - success - else - failure - RETVAL=1 - fi; - echo - return $RETVAL -} - - -rhstatus() { - [ -x /usr/sbin/rndc ] && /usr/sbin/rndc status; - status -p "$ROOTDIR/$PIDFILE" -l named /usr/sbin/"$named"; - return $? -} -restart() { - stop - start -} -reload() { - [ "$EUID" != "0" ] && exit - - echo -n $"Reloading "$named": " - p=`pidofnamed` - RETVAL=$? - if [ "$RETVAL" -eq 0 ]; then - /usr/sbin/rndc reload >/dev/null 2>&1 || /bin/kill -HUP $p; - RETVAL=$? - fi - [ "$RETVAL" -eq 0 ] && success $"$named reload" || failure $"$named reload" - echo - return $RETVAL -} - -checkconfig() { - ckcf_options='-z'; - if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then - ckcf_options="$ckcf_options -t ${ROOTDIR}"; - mount_chroot_conf - fi; - if [ -x /usr/sbin/named-checkconf ] && [ -x /usr/sbin/named-checkzone ] && /usr/sbin/named-checkconf $ckcf_options ${named_conf} ; then - umount_chroot_conf - return 0; - else - umount_chroot_conf - return 1; - fi -} - -# See how we were called. -case "$1" in - start) - start - ;; - stop) - stop - ;; - status) - rhstatus; - RETVAL=$? - ;; - restart) - restart - ;; - condrestart|try-restart) - if [ -e /var/lock/subsys/named ]; then restart; fi - ;; - reload) - reload - ;; - force-reload) - if ! reload; then restart; fi - ;; - checkconfig|configtest|check|test) - checkconfig - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload}" - [ "x$1" = "x" ] && exit 0 - exit 2 -esac - -exit $RETVAL - diff --git a/named.logrotate b/named.logrotate index 4ed78cc..78cacc2 100644 --- a/named.logrotate +++ b/named.logrotate @@ -3,6 +3,9 @@ su named named create 0644 named named postrotate - /sbin/service named reload 2> /dev/null > /dev/null || true + /sbin/systemctl reload named.service > /dev/null 2>&1 || true + /sbin/systemctl reload named-chroot.service > /dev/null 2>&1 || true + /sbin/systemctl reload named-sdb.service > /dev/null 2>&1 || true + /sbin/systemctl reload named-sdb-chroot.service > /dev/null 2>&1 || true endscript } diff --git a/named.service b/named.service new file mode 100644 index 0000000..388fc89 --- /dev/null +++ b/named.service @@ -0,0 +1,24 @@ +[Unit] +Description=Berkeley Internet Name Domain (DNS) +Wants=nss-lookup.target +Before=nss-lookup.target +After=network.target + +[Service] +Type=forking +EnvironmentFile=-/etc/sysconfig/named +Environment=KRB5_KTNAME=/etc/named.keytab +PIDFile=/run/named/named.pid + +ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf +ExecStart=/usr/sbin/named -u named $OPTIONS + +ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID' + +ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID' + +PrivateTmp=true +TimeoutSec=25 + +[Install] +WantedBy=multi-user.target diff --git a/named.sysconfig b/named.sysconfig index 8ba7d56..9a6c556 100644 --- a/named.sysconfig +++ b/named.sysconfig @@ -1,40 +1,6 @@ # BIND named process options # ~~~~~~~~~~~~~~~~~~~~~~~~~~ -# Currently, you can use the following options: -# -# ROOTDIR="/var/named/chroot" -- will run named in a chroot environment. -# you must set up the chroot environment -# (install the bind-chroot package) before -# doing this. -# NOTE: -# Those directories are automatically mounted to chroot if they are -# empty in the ROOTDIR directory. It will simplify maintenance of your -# chroot environment. -# - /var/named -# - /etc/pki/dnssec-keys -# - /etc/named -# - /usr/lib64/bind or /usr/lib/bind (architecture dependent) -# -# Those files are mounted as well if target file doesn't exist in -# chroot. -# - /etc/named.conf -# - /etc/rndc.conf -# - /etc/rndc.key -# - /etc/named.rfc1912.zones -# - /etc/named.dnssec.keys -# - /etc/named.iscdlv.key -# -# Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log" -# line to your /etc/rsyslog.conf file. Otherwise your logging becomes -# broken when rsyslogd daemon is restarted (due update, for example). # # OPTIONS="whatever" -- These additional options will be passed to named -# at startup. Don't add -t here, use ROOTDIR instead. -# -# KEYTAB_FILE="/dir/file" -- Specify named service keytab file (for GSS-TSIG) -# -# DISABLE_ZONE_CHECKING -- By default, initscript calls named-checkzone -# utility for every zone to ensure all zones are -# valid before named starts. If you set this option -# to 'yes' then initscript doesn't perform those -# checks. +# at startup. Don't add -t here, enable proper +# -chroot.service unit file. diff --git a/setup-named-chroot.sh b/setup-named-chroot.sh new file mode 100755 index 0000000..38cb1ce --- /dev/null +++ b/setup-named-chroot.sh @@ -0,0 +1,80 @@ +#!/bin/bash + +ROOTDIR_MOUNT='/etc/named /etc/pki/dnssec-keys /var/named /etc/named.conf +/etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key +/usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /etc/named.root.key' + +usage() +{ + echo + echo 'This script setups chroot environment for BIND' + echo 'Usage: setup-named-chroot.sh ROOTDIR [on|off]' +} + +if ! [ "$#" -eq 2 ]; then + echo 'Wrong number of arguments' + usage + exit 1 +fi + +ROOTDIR="$1" + +# Exit if ROOTDIR doesn't exist +if ! [ -d "$ROOTDIR" ]; then + echo "Root directory $ROOTDIR doesn't exist" + usage + exit 1 +fi + +mount_chroot_conf() +{ + if [ -n "$ROOTDIR" ]; then + for all in $ROOTDIR_MOUNT; do + # Skip nonexistant files + [ -e "$all" ] || continue + + # If mount source is a file + if ! [ -d "$all" ]; then + # mount it only if it is not present in chroot or it is empty + if ! [ -e "$ROOTDIR$all" ] || [ `stat -c'%s' "$ROOTDIR$all"` -eq 0 ]; then + touch "$ROOTDIR$all" + mount --bind "$all" "$ROOTDIR$all" + fi + else + # Mount source is a directory. Mount it only if directory in chroot is + # empty. + if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then + mount --bind "$all" "$ROOTDIR$all" + fi + fi + done + fi +} + +umount_chroot_conf() +{ + for all in $ROOTDIR_MOUNT; do + # Check if file is mount target. Do not use /proc/mounts because detecting + # of modified mounted files can fail. + if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then + umount "$ROOTDIR$all" + # Remove temporary created files + [ -f "$all" ] && rm -f "$ROOTDIR$all" + fi + done +} + +case "$2" in + on) + mount_chroot_conf + ;; + off) + umount_chroot_conf + ;; + *) + echo 'Second argument has to be "on" or "off"' + usage + exit 1 +esac + +exit 0