diff options
Diffstat (limited to 'network/unbound/rc.unbound')
-rw-r--r-- | network/unbound/rc.unbound | 203 |
1 files changed, 116 insertions, 87 deletions
diff --git a/network/unbound/rc.unbound b/network/unbound/rc.unbound index 49a6c991e8..3c31faf4ef 100644 --- a/network/unbound/rc.unbound +++ b/network/unbound/rc.unbound @@ -1,118 +1,147 @@ -#!/bin/sh +#!/bin/bash # -# unbound This shell script takes care of starting and stopping -# unbound (DNS server). -# -# chkconfig: - 14 86 -# description: unbound is a Domain Name Server (DNS) \ -# that is used to resolve host names to IP addresses. - -### BEGIN INIT INFO -# Provides: unbound -# Required-Start: $network $local_fs -# Required-Stop: $network $local_fs -# Default-Start: -# Default-Stop: 0 1 2 3 4 5 6 -# Should-Start: $syslog -# Should-Stop: $syslog -# Short-Description: unbound recursive Domain Name Server. -# Description: unbound is a Domain Name Server (DNS) -# that is used to resolve host names to IP addresses. -### END INIT INFO +# Slackware initialization script for Unbound. -# Source function library. -. /etc/rc.d/init.d/functions -exec="/usr/sbin/unbound" -config="/etc/unbound/unbound.conf" -pidfile="/var/run/unbound/unbound.pid" -piddir=`dirname $pidfile` +UNBOUND=/usr/sbin/unbound +CONFIG=/etc/unbound/unbound.conf +PIDFILE=/run/unbound/unbound.pid +LOGDIR=/var/log/unbound +KEYFILE=/var/lib/unbound/root.key -[ -x /usr/sbin/dnssec-configure ] && [ -r "$config" ] && - [ /etc/sysconfig/dnssec -nt "$config" ] && \ - /usr/sbin/dnssec-configure -u --norestart --dnssec="$DNSSEC" --dlv="$DLV" +# Unbound-control is useful but I'm not going to cram it +# down your throat. Set this to "yes" to disable unbound-control +# initial setup. Note that you'll need to disable control port +# in unbound.conf so Unbound will actually start. +DISABLE_UNBOUND_CONTROL="no" -start() { - [ -x $exec ] || exit 5 - [ -f $config ] || exit 6 - # /var/run could (and should) be tmpfs - [ -d $piddir ] || mkdir $piddir +# As part of the initial checks, the script makes sure that +# $LOGDIR exists. It's mostly for cases where admin accidentally +# deletes the entire log folder rather than individual logs. +# If you don't use logging at all, have a custom setup or +# just want to skip these checks, set this to "yes". +DISABLE_LOGDIR_CHECKS="no" - if [ -f /var/lib/unbound/root.anchor -a -f /usr/sbin/unbound-anchor ] - then - /sbin/runuser --command="/usr/sbin/unbound-anchor -a /var/lib/unbound/root.anchor -c /etc/unbound/icannbundle.pem" --shell /bin/sh unbound +initchecks() { + # If auto-trust-anchor-file is enabled and the keyfile doesn't exists in + # /var/lib/unbound, we won't start the daemon. Most(?) errors can be caught + # by /usr/sbin/unbound executable but this one actually allows Unbound to start - + # - only for it to crash a moment later. Running unbound-checkconf on every start up + # would be useful, but it would make noise every time the daemon starts up. + if [ ! -z "$(unbound-checkconf -o auto-trust-anchor-file)" ] && [ ! -e "$KEYFILE" ]; then + echo "ERROR: $KEYFILE not found, yet auto-trust-anchor-file is enabled in $CONFIG" + echo "ERROR: Refusing to start because Unbound would crash." + echo "ERROR: Please generate Unbound Anchor file with the following command:" + echo " # sh /etc/rc.d/rc.unbound generate-key" + echo + echo "...or comment out auto-trust-anchor-file in $CONFIG." + exit 1 + fi + # Look out for a stale pidfile. If there's one, remove it. + # This shouldn't be necessary unless the system was shutdown uncleanly + # or if Unbound crashes. + if [ -e $PIDFILE ] && [ ! $(pidof unbound) ]; then + echo "Looks like Unbound isn't running but there's a stale pid file." + echo "Removing $PIDFILE" + rm -vf $PIDFILE + fi + # Check that /run/unbound exists. If not, create and chown it. + if [ ! -e $(dirname $PIDFILE) ]; then + mkdir -p $(dirname $PIDFILE) + chown unbound:unbound $(dirname $PIDFILE) fi - - if [ ! -f /etc/unbound/unbound_control.key ] + # Run the initial setup for unbound-control unless it's disabled. + # Mostly relevant for the first time run. + if [ ! -e $(dirname $CONFIG)/unbound_server.pem ] && [ "$DISABLE_UNBOUND_CONTROL" == "no" ]; then + echo "Unbound-control: unbound_server.pem not found." + echo "This is normal for the first run." + echo "Running initial setup to generate certificates: /usr/sbin/unbound-control-setup" + /usr/sbin/unbound-control-setup || exit 1 + echo "Actually... no need to do anything. It's enabled by default on Slackware :-)" + fi + # Deleted the entire log directory by accident? Oh well, bound to happen. + # Let's fix that right away. + if [ "$DISABLE_LOGDIR_CHECKS" == "no" ] then - echo -n $"Generating unbound control key and certificate: " - /usr/sbin/unbound-control-setup -d /etc/unbound/ > /dev/null 2> /dev/null - chgrp unbound /etc/unbound/unbound_*key /etc/unbound/unbound_*pem - [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && \ - [ -x /sbin/restorecon ] && /sbin/restorecon /etc/unbound/* - echo - else - # old init script created these as root instead of unbound. - if [ -G /etc/unbound/unbound_control.key ] - then - chgrp unbound /etc/unbound/unbound_*key /etc/unbound/unbound_*pem - [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && \ - [ -x /sbin/restorecon ] && /sbin/restorecon /etc/unbound/* - echo + if [ ! -d "$LOGDIR" ]; then + echo -n "Unbound log directory not found. Attempting to recreate it... " + mkdir $LOGDIR && echo "Success!" + fi + if [ $(stat -c "%U:%G" "$LOGDIR") != "unbound:unbound" ]; then + echo -n "Fixing permissions on the log folder $LOGDIR... " + chown -R unbound:unbound $LOGDIR && echo "Success!" fi fi +} +anchorkeygen() { + echo "Generating Unbound Anchor keyfile..." + sudo -u unbound unbound-anchor -f /etc/resolv.conf -R -a /var/lib/unbound/root.key + echo "Done" +} - unbound-checkconf $config > /dev/null - RETVAL=$? - if [ $RETVAL != 0 ] - then - echo "Error in /etc/unbound/unbound.conf, aborted" - exit 6 - fi - - echo -n $"Starting unbound: " +checkconfig() { + echo "Checking Unbound configuration file: $CONFIG" + echo "This will run the command: /usr/sbin/unbound-checkconf" + echo "-----START unbound-checkconf output-----" + /usr/sbin/unbound-checkconf + echo "-----END unbound-checkconf output-----" - # if not running, start it up here - daemon --pidfile=$pidfile $exec -c $config - echo } -stop() { - echo -n $"Stopping unbound: " - # stop it here, often "killproc unbound" - killproc -p $pidfile unbound - echo +start() { + initchecks + if [ -r $PIDFILE ]; then + echo 'Unbound is already running!' + return + else + echo "Starting Unbound..." + $UNBOUND -c $CONFIG || echo "Failed to start! The error messages above might help." + fi } -restart() { - unbound-checkconf $config > /dev/null - RETVAL=$? - if [ $RETVAL != 0 ] - then - echo "Error in /etc/unbound/unbound.conf, aborted" - exit 6 +stop() { + if [ ! -r $PIDFILE ]; then + echo 'Unbound is not running.' + return fi - stop - start + echo "Stopping Unbound..." + kill `cat $PIDFILE` + rm -f $PIDFILE } reload() { - restart + if [ ! -r $PIDFILE ]; then + echo 'Unbound is not running.' + return + fi + echo "Sending SIGHUP to Unbound..." + kill -HUP `cat $PIDFILE` } case "$1" in - start) + 'start') start ;; - stop) + 'stop') stop ;; - restart) - restart + 'restart') + stop + sleep 1 + start + ;; + 'generate-key') + anchorkeygen + ;; + 'check-config') + checkconfig + ;; + 'reload') + reload ;; *) - echo $"Usage: $0 {start|stop|restart}" - exit 2 + echo "Usage: $0 {start|stop|reload|restart|generate-key|check-config}" + exit 1 + ;; esac -exit $? |