unbound: fix hotplug iface and ntp restarts

Unbound is configured to restart on hotplug/iface but this can result
in numerous restarts at boot. Unbound also has a restart for NTP.
This was observed to generate trouble and even with procd robustness
too many crashes might occur (rare). Unbound would not be running.

Give more care to /var/lib/unbound/root.key during restarts. Use procd
for iface restarts. Check pidof() to wait one more second for Unbound.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>

diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index fc783ebfb92df37fca36444fbc9fd52a1f672b4d..d6ded2cf4d2eefec61cba87044ca613cfc496464 100644 (file)
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=unbound
 PKG_VERSION:=1.6.1
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
@@ -148,8 +148,6 @@ define Package/unbound/install
        $(INSTALL_DATA) ./files/unbound_srv.conf $(1)/etc/unbound/unbound_srv.conf
        $(INSTALL_DIR) $(1)/etc/config
        $(INSTALL_DATA) ./files/unbound.uci $(1)/etc/config/unbound
-       $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
-       $(INSTALL_BIN)  ./files/unbound.iface $(1)/etc/hotplug.d/iface/25-unbound
        $(INSTALL_DIR) $(1)/etc/hotplug.d/ntp
        $(INSTALL_BIN)  ./files/unbound.ntpd $(1)/etc/hotplug.d/ntp/25-unbound
        $(INSTALL_DIR) $(1)/etc/init.d

diff --git a/net/unbound/files/unbound.iface b/net/unbound/files/unbound.iface
deleted file mode 100755 (executable)
index 172bcae..0000000
--- a/net/unbound/files/unbound.iface
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/sh
-##############################################################################
-#
-# Copyright (C) 2016 Eric Luehrsen
-#
-##############################################################################
-#
-# "Restart" Unbound on hotplug interface up:
-# - Clean rebind of unbound to new interfaces
-# - Some of Unbound conf options to not reload run time
-# - Unbound can grow a bit so this will shrink it back
-#
-##############################################################################
-
-if [ "$ACTION" = ifup ] && /etc/init.d/unbound enabled ; then
-  /etc/init.d/unbound restart
-fi
-
-##############################################################################
-

diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init
index d3aa8389ba8616c0b843e688b313878238573939..e4b7ec85fae176b8645373237e7493097e2178e8 100755 (executable)
--- a/net/unbound/files/unbound.init
+++ b/net/unbound/files/unbound.init
@@ -20,6 +20,9 @@ PROG=/usr/sbin/unbound
 ##############################################################################
 
 start_service() {
+  # WAIT! Unbound often takes its time writing closure stats to syslog
+  pidof $PROG && sleep 1
+
   # complex UCI work
   unbound_start
 
@@ -39,7 +42,8 @@ stop_service() {
 ##############################################################################
 
 service_triggers() {
-  procd_add_reload_trigger "dhcp" "network" "unbound"
+  procd_add_reload_trigger "unbound"
+  procd_add_raw_trigger "interface.*" 2000 /etc/init.d/unbound restart
 }
 
 ##############################################################################

diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh
index 68d01a47b5b02c2f6346133ffd32d7d4b0734fbc..5f733fbcb143aadd903b11e6ef3390e9a39abbb0 100644 (file)
--- a/net/unbound/files/unbound.sh
+++ b/net/unbound/files/unbound.sh
@@ -236,6 +236,7 @@ unbound_mkdir() {
   local resolvsym=0
   local dhcp_origin=$( uci get dhcp.@odhcpd[0].leasefile )
   local dhcp_dir=$( dirname "$dhcp_origin" )
+  local filestuff
 
 
   if [ ! -x /usr/sbin/dnsmasq -o ! -x /etc/init.d/dnsmasq ] ; then
@@ -265,8 +266,15 @@ unbound_mkdir() {
 
 
   if [ -f $UNBOUND_KEYFILE ] ; then
-    # Lets not lose RFC 5011 tracking if we don't have to
-    cp -p $UNBOUND_KEYFILE $UNBOUND_KEYFILE.keep
+    filestuff=$( cat $UNBOUND_KEYFILE )
+
+
+    case "$filestuff" in
+      *"state=2 [  VALID  ]"*)
+        # Lets not lose RFC 5011 tracking if we don't have to
+        cp -p $UNBOUND_KEYFILE $UNBOUND_KEYFILE.keep
+        ;;
+    esac
   fi
 
 
@@ -891,10 +899,6 @@ unbound_stop() {
     rm -f /tmp/resolv.conf
     ln -s /tmp/resolv.conf.auto /tmp/resolv.conf
   fi
-
-
-  # Unbound has a log dump which takes time; don't overlap a "restart"
-  sleep 1
 }
 
 ##############################################################################