network/unbound/rc.unbound


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

#!/bin/bash
#
# Slackware initialization script for Unbound.


UNBOUND=/usr/sbin/unbound
CONFIG=/etc/unbound/unbound.conf
PIDFILE=/run/unbound/unbound.pid
LOGDIR=/var/log/unbound
KEYFILE=/var/lib/unbound/root.key

# Unbound-control is useful but I'm not going to cram it
# down your throat. Set this to "yes" to disable unbound-control
# initial setup. Note that you'll need to disable control port
# in unbound.conf so Unbound will actually start.
DISABLE_UNBOUND_CONTROL="no"

# As part of the initial checks, the script makes sure that
# $LOGDIR exists. It's mostly for cases where admin accidentally
# deletes the entire log folder rather than individual logs.
# If you don't use logging at all, have a custom setup or
# just want to skip these checks, set this to "yes".
DISABLE_LOGDIR_CHECKS="no"

initchecks() {
   # If auto-trust-anchor-file is enabled and the keyfile doesn't exists in
   # /var/lib/unbound, we won't start the daemon. Most(?) errors can be caught
   # by /usr/sbin/unbound executable but this one actually allows Unbound to start -
   # - only for it to crash a moment later. Running unbound-checkconf on every start up
   # would be useful, but it would make noise every time the daemon starts up.
   if [ ! -z "$(unbound-checkconf -o auto-trust-anchor-file)" ] && [ ! -e "$KEYFILE" ]; then
     echo "ERROR: $KEYFILE not found, yet auto-trust-anchor-file is enabled in $CONFIG"
     echo "ERROR: Refusing to start because Unbound would crash."
     echo "ERROR: Please generate Unbound Anchor file with the following command:"
     echo "       # sh /etc/rc.d/rc.unbound generate-key"
     echo
     echo "...or comment out auto-trust-anchor-file in $CONFIG."
     exit 1
   fi
   # Look out for a stale pidfile. If there's one, remove it.
   # This shouldn't be necessary unless the system was shutdown uncleanly
   # or if Unbound crashes.
   if [ -e $PIDFILE ] && [ ! $(pidof unbound) ]; then
      echo "Looks like Unbound isn't running but there's a stale pid file."
      echo "Removing $PIDFILE"
      rm -vf $PIDFILE
   fi
   # Check that /run/unbound exists. If not, create and chown it.
    if [ ! -e $(dirname $PIDFILE) ]; then
        mkdir -p $(dirname $PIDFILE)
        chown unbound:unbound $(dirname $PIDFILE)
    fi
    # Run the initial setup for unbound-control unless it's disabled.
    # Mostly relevant for the first time run.
    if [ ! -e $(dirname $CONFIG)/unbound_server.pem ] && [ "$DISABLE_UNBOUND_CONTROL" == "no" ]; then
        echo "Unbound-control: unbound_server.pem not found."
        echo "This is normal for the first run."
        echo "Running initial setup to generate certificates: /usr/sbin/unbound-control-setup"
        /usr/sbin/unbound-control-setup || exit 1
        echo "Actually... no need to do anything. It's enabled by default on Slackware :-)"
    fi
    # Deleted the entire log directory by accident? Oh well, bound to happen.
    # Let's fix that right away.
    if [ "$DISABLE_LOGDIR_CHECKS" == "no" ]
    then
        if [ ! -d "$LOGDIR" ]; then
        echo -n "Unbound log directory not found. Attempting to recreate it... "
        mkdir $LOGDIR && echo "Success!"
        fi
        if [ $(stat -c "%U:%G" "$LOGDIR") != "unbound:unbound" ]; then
        echo -n "Fixing permissions on the log folder $LOGDIR... "
        chown -R unbound:unbound $LOGDIR && echo "Success!"
        fi
    fi
}

anchorkeygen() {
     echo "Generating Unbound Anchor keyfile..."
     sudo -u unbound unbound-anchor -f /etc/resolv.conf -R -a /var/lib/unbound/root.key
     echo "Done"
}

checkconfig() {
    echo "Checking Unbound configuration file: $CONFIG"
    echo "This will run the command: /usr/sbin/unbound-checkconf"
    echo "-----START unbound-checkconf output-----"
    /usr/sbin/unbound-checkconf
    echo "-----END unbound-checkconf output-----"

}

start() {
    initchecks
    if [ -r $PIDFILE ]; then
        echo 'Unbound is already running!'
        return
    else
	echo "Starting Unbound..."
        $UNBOUND -c $CONFIG || echo "Failed to start! The error messages above might help."
    fi
}

stop() {
    if [ ! -r $PIDFILE ]; then
        echo 'Unbound is not running.'
        return
    fi
    echo "Stopping Unbound..."
    kill `cat $PIDFILE`
    rm -f $PIDFILE
}

reload() {
    if [ ! -r $PIDFILE ]; then
        echo 'Unbound is not running.'
        return
    fi
    echo "Sending SIGHUP to Unbound..."
    kill -HUP `cat $PIDFILE`
}

case "$1" in
    'start')
        start
        ;;
    'stop')
        stop
        ;;
    'restart')
        stop
	sleep 1
        start
        ;;
    'generate-key')
        anchorkeygen
        ;;
    'check-config')
        checkconfig
        ;;
    'reload')
        reload
        ;;
    *)
        echo "Usage: $0 {start|stop|reload|restart|generate-key|check-config}"
        exit 1
        ;;
esac