rpms/bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

retire initscript in favour of systemd unit files (#719419)

Browse Source 
Signed-off-by: Adam Tkac <atkac@redhat.com>
This commit is contained in:
Adam Tkac 2012-01-30 16:59:01 +01:00
parent c7d6bc15c0
commit d218af54a5
10 changed files with 277 additions and 397 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

142
bind.spec
View File

@ -22,7 +22,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind Name: bind
License: ISC License: ISC
Version: 9.9.0 Version: 9.9.0
Release: 0.5.%{PREVER}%{?dist} Release: 0.6.%{PREVER}%{?dist}
Epoch: 32 Epoch: 32
Url: http://www.isc.org/products/BIND/ Url: http://www.isc.org/products/BIND/
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -30,7 +30,6 @@ Group: System Environment/Daemons
# #
Source: ftp://ftp.isc.org/isc/bind9/%{VERSION}/bind-%{VERSION}.tar.gz Source: ftp://ftp.isc.org/isc/bind9/%{VERSION}/bind-%{VERSION}.tar.gz
Source1: named.sysconfig Source1: named.sysconfig
Source2: named.init
Source3: named.logrotate Source3: named.logrotate
Source4: named.NetworkManager Source4: named.NetworkManager
Source7: bind-9.3.1rc1-sdb_tools-Makefile.in Source7: bind-9.3.1rc1-sdb_tools-Makefile.in
@ -45,6 +44,11 @@ Source33: zonetodb.1
Source34: zone2sqlite.1 Source34: zone2sqlite.1
Source35: bind.tmpfiles.d Source35: bind.tmpfiles.d
Source36: trusted-key.key Source36: trusted-key.key
Source37: named.service
Source38: named-chroot.service
Source39: named-sdb.service
Source40: named-sdb-chroot.service
Source41: setup-named-chroot.sh
# Common patches # Common patches
Patch5: bind-nonexec.patch Patch5: bind-nonexec.patch
@ -90,9 +94,8 @@ Patch94: bind95-rh461409.patch
# #
Requires: coreutils Requires: coreutils
Requires: systemd-units Requires: systemd-units
Requires(post): grep, chkconfig Requires(post): grep
Requires(pre): shadow-utils Requires(pre): shadow-utils
Requires(preun):chkconfig
Requires: bind-libs = %{epoch}:%{version}-%{release} Requires: bind-libs = %{epoch}:%{version}-%{release}
Obsoletes: bind-config < 30:9.3.2-34.fc6 Obsoletes: bind-config < 30:9.3.2-34.fc6
Provides: bind-config = 30:9.3.2-34.fc6 Provides: bind-config = 30:9.3.2-34.fc6
@ -102,6 +105,7 @@ Obsoletes: dnssec-conf < 1.27-2
Provides: dnssec-conf = 1.27-1 Provides: dnssec-conf = 1.27-1
BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel
BuildRequires: libidn-devel, libxml2-devel BuildRequires: libidn-devel, libxml2-devel
BuildRequires: systemd-units
%if %{SDB} %if %{SDB}
BuildRequires: openldap-devel, postgresql-devel, sqlite-devel, mysql-devel BuildRequires: openldap-devel, postgresql-devel, sqlite-devel, mysql-devel
%endif %endif
@ -112,6 +116,7 @@ BuildRequires: net-tools
BuildRequires: krb5-devel BuildRequires: krb5-devel
%endif %endif
%description %description
BIND (Berkeley Internet Name Domain) is an implementation of the DNS BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named), (Domain Name System) protocols. BIND includes a DNS server (named),
@ -137,6 +142,7 @@ will have a label of "zone,zsk|ksk,xxx" and an id of the keytag in hex.
Summary: BIND server with database backends and DLZ support Summary: BIND server with database backends and DLZ support
Group: System Environment/Daemons Group: System Environment/Daemons
Requires: bind Requires: bind
Requires: systemd-units
%description sdb %description sdb
BIND (Berkeley Internet Name Domain) is an implementation of the DNS BIND (Berkeley Internet Name Domain) is an implementation of the DNS
@ -220,6 +226,7 @@ Prefix: %{chroot_prefix}
Requires(post): grep Requires(post): grep
Requires(preun):grep Requires(preun):grep
Requires: bind = %{epoch}:%{version}-%{release} Requires: bind = %{epoch}:%{version}-%{release}
Requires: systemd-units
%description chroot %description chroot
This package contains a tree of files which can be used as a This package contains a tree of files which can be used as a
@ -375,7 +382,7 @@ rm -rf ${RPM_BUILD_ROOT}
gzip -9 doc/rfc/* gzip -9 doc/rfc/*
# Build directory hierarchy # Build directory hierarchy
mkdir -p ${RPM_BUILD_ROOT}/etc/{rc.d/init.d,logrotate.d,NetworkManager/dispatcher.d} mkdir -p ${RPM_BUILD_ROOT}/etc/{logrotate.d,NetworkManager/dispatcher.d}
mkdir -p ${RPM_BUILD_ROOT}%{_libdir}/bind mkdir -p ${RPM_BUILD_ROOT}%{_libdir}/bind
mkdir -p ${RPM_BUILD_ROOT}/var/named/{slaves,data,dynamic} mkdir -p ${RPM_BUILD_ROOT}/var/named/{slaves,data,dynamic}
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/{man1,man5,man8} mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/{man1,man5,man8}
@ -402,7 +409,16 @@ make DESTDIR=${RPM_BUILD_ROOT} install
# Remove unwanted files # Remove unwanted files
rm -f ${RPM_BUILD_ROOT}/etc/bind.keys rm -f ${RPM_BUILD_ROOT}/etc/bind.keys
install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}/etc/rc.d/init.d/named # Systemd unit files
mkdir -p ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE37} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE38} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE39} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE40} ${RPM_BUILD_ROOT}%{_unitdir}
mkdir -p ${RPM_BUILD_ROOT}%{_libexecdir}
install -m 755 %{SOURCE41} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh
install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/etc/logrotate.d/named install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/etc/logrotate.d/named
install -m 755 %SOURCE4 ${RPM_BUILD_ROOT}/etc/NetworkManager/dispatcher.d/13-named install -m 755 %SOURCE4 ${RPM_BUILD_ROOT}/etc/NetworkManager/dispatcher.d/13-named
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
@ -474,8 +490,9 @@ fi;
%post %post
/sbin/ldconfig /sbin/ldconfig
/sbin/chkconfig --add named
if [ "$1" -eq 1 ]; then if [ "$1" -eq 1 ]; then
# Initial installation
/bin/systemctl daemon-reload > /dev/null 2>&1 || :
if [ ! -e /etc/rndc.key ]; then if [ ! -e /etc/rndc.key ]; then
/usr/sbin/rndc-confgen -a > /dev/null 2>&1 /usr/sbin/rndc-confgen -a > /dev/null 2>&1
fi fi
@ -487,25 +504,42 @@ fi
:; :;
%preun %preun
if [ "$1" -eq 0 ]; then if [ "$1" -eq 0 ] ; then
/sbin/service named stop >/dev/null 2>&1 || :; # Package removal, not upgrade
/sbin/chkconfig --del named || :; /bin/systemctl --no-reload disable named.service > /dev/null 2>&1 || :
fi; /bin/systemctl stop named.service > /dev/null 2>&1 || :
fi
:; :;
%postun %postun
/sbin/ldconfig /sbin/ldconfig
if [ "$1" -ge 1 ]; then /bin/systemctl daemon-reload >/dev/null 2>&1 || :
/sbin/service named try-restart >/dev/null 2>&1 || :; if [ "$1" -ge 1 ] ; then
fi; # Package upgrade, not uninstall
/bin/systemctl try-restart named.service >/dev/null 2>&1 || :
fi
:; :;
%if %{SDB} %if %{SDB}
%post sdb %post sdb
/sbin/service named try-restart > /dev/null 2>&1 || :; if [ "$1" -eq 1 ] ; then
# Initial installation
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
fi
%preun sdb
if [ $1 -eq 0 ] ; then
# Package removal, not upgrade
/bin/systemctl --no-reload disable named-sdb.service > /dev/null 2>&1 || :
/bin/systemctl stop named-sdb.service > /dev/null 2>&1 || :
fi
%postun sdb %postun sdb
/sbin/service named try-restart > /dev/null 2>&1 || :; /bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ $1 -ge 1 ] ; then
# Package upgrade, not uninstall
/bin/systemctl try-restart named-sdb.service >/dev/null 2>&1 || :
fi
%endif %endif
%triggerpostun -n bind -- bind <= 32:9.5.0-20.b1 %triggerpostun -n bind -- bind <= 32:9.5.0-20.b1
@ -515,6 +549,10 @@ if [ "$1" -gt 0 ]; then
fi fi
:; :;
%triggerun -- bind < bind-9.9.0-0.6.rc1
/sbin/chkconfig --del named >/dev/null 2>&1 || :
/bin/systemctl try-restart named.service >/dev/null 2>&1 || :
%post libs -p /sbin/ldconfig %post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
@ -524,39 +562,6 @@ fi
%postun libs-lite %postun libs-lite
/sbin/ldconfig /sbin/ldconfig
# Automatically update configuration from "dnssec-conf-based" to "BIND-based"
%triggerpostun -n bind -- dnssec-conf
if [ -r '/etc/named.conf' ]; then
cp -fp /etc/named.conf /etc/named.conf.rpmsave
if grep -Eq '/etc/(named.dnssec.keys|pki/dnssec-keys)' /etc/named.conf; then
if grep -q 'dlv.isc.org.conf' /etc/named.conf; then
# DLV is configured, reconfigure it to new configuration
sed -i -e 's/.*dnssec-lookaside.*dlv\.isc\.org\..*/dnssec-lookaside auto;\
bindkeys-file "\/etc\/named.iscdlv.key";\
managed-keys-directory "\/var\/named\/dynamic";/' /etc/named.conf
fi
sed -i -e '/.*named\.dnssec\.keys.*/d' -e '/.*pki\/dnssec-keys.*/d' \
/etc/named.conf
/sbin/service named try-restart > /dev/null 2>&1 || :;
fi
fi
# Ditto for chroot
if [ -r '/var/named/chroot/etc/named.conf' ]; then
cp -fp /var/named/chroot/etc/named.conf /var/named/chroot/etc/named.conf.rpmsave
if grep -Eq '/etc/(named.dnssec.keys|pki/dnssec-keys)' /var/named/chroot/etc/named.conf; then
if grep -q 'dlv.isc.org.conf' /var/named/chroot/etc/named.conf; then
# DLV is configured, reconfigure it to new configuration
sed -i -e 's/.*dnssec-lookaside.*dlv\.isc\.org\..*/dnssec-lookaside auto;\
bindkeys-file "\/etc\/named.iscdlv.key";\
managed-keys-directory "\/var\/named\/dynamic";/' /var/named/chroot/etc/named.conf
fi
sed -i -e '/.*named\.dnssec\.keys.*/d' -e '/.*pki\/dnssec-keys.*/d' \
/var/named/chroot/etc/named.conf
/sbin/service named try-restart > /dev/null 2>&1 || :;
fi
fi
%post chroot %post chroot
if [ "$1" -gt 0 ]; then if [ "$1" -gt 0 ]; then
[ -e %{chroot_prefix}/dev/random ] || \ [ -e %{chroot_prefix}/dev/random ] || \
@ -567,10 +572,7 @@ if [ "$1" -gt 0 ]; then
/bin/mknod %{chroot_prefix}/dev/null c 1 3 /bin/mknod %{chroot_prefix}/dev/null c 1 3
rm -f %{chroot_prefix}/etc/localtime rm -f %{chroot_prefix}/etc/localtime
cp /etc/localtime %{chroot_prefix}/etc/localtime cp /etc/localtime %{chroot_prefix}/etc/localtime
if ! grep -q '^ROOTDIR=' /etc/sysconfig/named; then /bin/systemctl daemon-reload >/dev/null 2>&1 || :
echo 'ROOTDIR=/var/named/chroot' >> /etc/sysconfig/named
/sbin/service named try-restart > /dev/null 2>&1 || :;
fi
fi; fi;
:; :;
@ -582,22 +584,25 @@ fi;
%preun chroot %preun chroot
if [ "$1" -eq 0 ]; then if [ "$1" -eq 0 ]; then
# Package removal, not upgrade
/bin/systemctl --no-reload disable named-chroot.service > /dev/null 2>&1 || :
/bin/systemctl --no-reload disable named-sdb-chroot.service > /dev/null 2>&1 || :
/bin/systemctl stop named-chroot.service > /dev/null 2>&1 || :
/bin/systemctl stop named-sdb-chroot.service > /dev/null 2>&1 || :
rm -f %{chroot_prefix}/dev/{random,zero,null} rm -f %{chroot_prefix}/dev/{random,zero,null}
rm -f %{chroot_prefix}/etc/localtime rm -f %{chroot_prefix}/etc/localtime
if grep -q '^ROOTDIR=' /etc/sysconfig/named; then
# NOTE: Do NOT call `service named try-restart` because chroot
# files will remain mounted.
START=no
[ -e /var/lock/subsys/named ] && START=yes
/sbin/service named stop > /dev/null 2>&1 || :;
sed -i -e '/^ROOTDIR=.*/d' /etc/sysconfig/named
if [ "x$START" = xyes ]; then
/sbin/service named start > /dev/null 2>&1 || :;
fi
fi
fi fi
:; :;
%postun chroot
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ $1 -ge 1 ] ; then
# Package upgrade, not uninstall
/bin/systemctl try-restart named-chroot.service >/dev/null 2>&1 || :
/bin/systemctl try-restart named-sdb-chroot.service >/dev/null 2>&1 || :
fi
;;
%clean %clean
rm -rf ${RPM_BUILD_ROOT} rm -rf ${RPM_BUILD_ROOT}
:; :;
@ -609,7 +614,7 @@ rm -rf ${RPM_BUILD_ROOT}
%config(noreplace) %attr(0644,root,named) %{_sysconfdir}/named.iscdlv.key %config(noreplace) %attr(0644,root,named) %{_sysconfdir}/named.iscdlv.key
%config(noreplace) %attr(0644,root,named) %{_sysconfdir}/named.root.key %config(noreplace) %attr(0644,root,named) %{_sysconfdir}/named.root.key
%{_sysconfdir}/tmpfiles.d/named.conf %{_sysconfdir}/tmpfiles.d/named.conf
%{_sysconfdir}/rc.d/init.d/named %{_unitdir}/named.service
%{_sysconfdir}/NetworkManager/dispatcher.d/13-named %{_sysconfdir}/NetworkManager/dispatcher.d/13-named
%{_sbindir}/arpaname %{_sbindir}/arpaname
%{_sbindir}/ddns-confgen %{_sbindir}/ddns-confgen
@ -674,6 +679,7 @@ rm -rf ${RPM_BUILD_ROOT}
%if %{SDB} %if %{SDB}
%files sdb %files sdb
%defattr(-,root,root,-) %defattr(-,root,root,-)
%{_unitdir}/named-sdb.service
%{_mandir}/man1/zone2ldap.1* %{_mandir}/man1/zone2ldap.1*
%{_mandir}/man1/ldap2zone.1* %{_mandir}/man1/ldap2zone.1*
%{_mandir}/man1/zonetodb.1* %{_mandir}/man1/zonetodb.1*
@ -736,6 +742,9 @@ rm -rf ${RPM_BUILD_ROOT}
%files chroot %files chroot
%defattr(-,root,root,-) %defattr(-,root,root,-)
%{_unitdir}/named-chroot.service
%{_unitdir}/named-sdb-chroot.service
%{_libexecdir}/setup-named-chroot.sh
%ghost %{chroot_prefix}/dev/null %ghost %{chroot_prefix}/dev/null
%ghost %{chroot_prefix}/dev/random %ghost %{chroot_prefix}/dev/random
%ghost %{chroot_prefix}/dev/zero %ghost %{chroot_prefix}/dev/zero
@ -767,6 +776,9 @@ rm -rf ${RPM_BUILD_ROOT}
%endif %endif
%changelog %changelog
* Mon Jan 30 2012 Adam Tkac <atkac redhat com> 32:9.9.0-0.6.rc1
- retire initscript in favour of systemd unit files (#719419)
* Thu Jan 12 2012 Adam Tkac <atkac redhat com> 32:9.9.0-0.5.rc1 * Thu Jan 12 2012 Adam Tkac <atkac redhat com> 32:9.9.0-0.5.rc1
- update to 9.9.0rc1 - update to 9.9.0rc1

30
named-chroot.service Normal file
View File

@ -0,0 +1,30 @@
# Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log"
# line to your /etc/rsyslog.conf file. Otherwise your logging becomes
# broken when rsyslogd daemon is restarted (due update, for example).
[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Before=nss-lookup.target
After=network.target
[Service]
Type=forking
EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/var/named/chroot/var/run/named/named.pid
ExecStartPre=/usr/libexec/setup-named-chroot.sh /var/named/chroot on
ExecStartPre=/usr/sbin/named-checkconf -t /var/named/chroot -z /etc/named.conf
ExecStart=/usr/sbin/named -u named -t /var/named/chroot $OPTIONS
ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID'
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
ExecStopPost=/usr/libexec/setup-named-chroot.sh /var/named/chroot off
PrivateTmp=true
TimeoutSec=25
[Install]
WantedBy=multi-user.target

30
named-sdb-chroot.service Normal file
View File

@ -0,0 +1,30 @@
# Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log"
# line to your /etc/rsyslog.conf file. Otherwise your logging becomes
# broken when rsyslogd daemon is restarted (due update, for example).
[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Before=nss-lookup.target
After=network.target
[Service]
Type=forking
EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/var/named/chroot/var/run/named/named.pid
ExecStartPre=/usr/libexec/setup-named-chroot.sh /var/named/chroot on
ExecStartPre=/usr/sbin/named-checkconf -t /var/named/chroot -z /etc/named.conf
ExecStart=/usr/sbin/named-sdb -u named -t /var/named/chroot $OPTIONS
ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID'
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
ExecStopPost=/usr/libexec/setup-named-chroot.sh /var/named/chroot off
PrivateTmp=true
TimeoutSec=25
[Install]
WantedBy=multi-user.target

24
named-sdb.service Normal file
View File

@ -0,0 +1,24 @@
[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Before=nss-lookup.target
After=network.target
[Service]
Type=forking
EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/var/run/named/named.pid
ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf
ExecStart=/usr/sbin/named-sdb -u named $OPTIONS
ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID'
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
PrivateTmp=true
TimeoutSec=25
[Install]
WantedBy=multi-user.target

10
named.NetworkManager
View File

@ -1,6 +1,8 @@
#!/bin/bash #!/bin/bash
# Check if named is running if [ "$2" = 'up' -o "$2" = 'down' ]; then
/sbin/service named status > /dev/null 2>&1 || exit 0 /sbin/systemctl reload named.service > /dev/null 2>&1 || true
/sbin/systemctl reload named-chroot.service > /dev/null 2>&1 || true
[ "$2" = 'up' -o "$2" = 'down' ] && /sbin/service named reload /sbin/systemctl reload named-sdb.service > /dev/null 2>&1 || true
/sbin/systemctl reload named-sdb-chroot.service > /dev/null 2>&1 || true
fi

291
named.init
View File

@ -1,291 +0,0 @@
#!/bin/bash
#
# named This shell script takes care of starting and stopping
# named (BIND DNS server).
#
# chkconfig: - 13 87
# description: named (BIND) is a Domain Name Server (DNS) \
# that is used to resolve host names to IP addresses.
# probe: true
### BEGIN INIT INFO
# Provides: $named
# Required-Start: $local_fs $network $syslog
# Required-Stop: $local_fs $network $syslog
# Default-Start:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: start|stop|status|restart|try-restart|reload|force-reload DNS server
# Description: control ISC BIND implementation of DNS server
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
[ -r /etc/sysconfig/named ] && . /etc/sysconfig/named
RETVAL=0
export KRB5_KTNAME=${KEYTAB_FILE:-/etc/named.keytab}
named='named'
if [ -x /usr/sbin/named-sdb ]; then
named='named-sdb'
fi
# Don't kill named during clean-up
NAMED_SHUTDOWN_TIMEOUT=${NAMED_SHUTDOWN_TIMEOUT:-25}
if [ -n "$ROOTDIR" ]; then
ROOTDIR=`echo $ROOTDIR | sed 's#//*#/#g;s#/$##'`;
rdl=`/usr/bin/readlink $ROOTDIR`;
if [ -n "$rdl" ]; then
ROOTDIR="$rdl";
fi;
fi
PIDFILE="/var/run/named/named.pid"
ROOTDIR_MOUNT='/etc/named /etc/pki/dnssec-keys /var/named /etc/named.conf
/etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key
/usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /etc/named.root.key'
mount_chroot_conf()
{
if [ -n "$ROOTDIR" ]; then
for all in $ROOTDIR_MOUNT; do
# Skip nonexistant files
[ -e "$all" ] || continue
# If mount source is a file
if ! [ -d "$all" ]; then
# mount it only if it is not present in chroot or it is empty
if ! [ -e "$ROOTDIR$all" ] || [ `stat -c'%s' "$ROOTDIR$all"` -eq 0 ]; then
touch "$ROOTDIR$all"
mount --bind "$all" "$ROOTDIR$all"
fi
else
# Mount source is a directory. Mount it only if directory in chroot is
# empty.
if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then
mount --bind "$all" "$ROOTDIR$all"
fi
fi
done
fi
}
umount_chroot_conf()
{
for all in $ROOTDIR_MOUNT; do
# Check if file is mount target. Do not use /proc/mounts because detecting
# of modified mounted files can fail.
if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then
umount "$ROOTDIR$all"
# Remove temporary created files
[ -f "$all" ] && rm -f "$ROOTDIR$all"
fi
done
}
pidofnamed() {
pidofproc -p "$ROOTDIR/$PIDFILE" "$named";
}
# Check if all what named needs running
start()
{
[ "$EUID" != "0" ] && exit 4
# Source networking configuration.
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network
# Check that networking is up
[ "${NETWORKING}" = "no" ] && exit 1
[ -x /usr/sbin/"$named" ] || exit 5
# Handle -c option
previous_option='unspecified';
for a in $OPTIONS; do
if [ $previous_option = '-c' ]; then
named_conf=$a;
fi;
previous_option=$a;
done;
named_conf=${named_conf:-/etc/named.conf};
mount_chroot_conf
if [ ! -r $ROOTDIR$named_conf ]; then
echo 'Cannot find configuration file. You could create it by system-config-bind'
exit 6;
fi;
# all pre-start is done, lets start named
echo -n $"Starting named: "
if [ -n "`pidofnamed`" ]; then
echo -n $"named: already running"
success
echo
exit 0;
fi;
if ! [ "$DISABLE_ZONE_CHECKING" = yes ]; then
ckcf_options='-z'; # enable named-checkzone for each zone (9.3.1+) !
fi;
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
OPTIONS="${OPTIONS} -t ${ROOTDIR}"
ckcf_options="$ckcf_options -t ${ROOTDIR}";
[ -s /etc/localtime ] && cp -fp /etc/localtime ${ROOTDIR}/etc/localtime;
fi
RETVAL=0
# check if configuration is correct
if [ -x /usr/sbin/named-checkconf ] && [ -x /usr/sbin/named-checkzone ] && /usr/sbin/named-checkconf $ckcf_options ${named_conf} >/dev/null 2>&1; then
daemon --pidfile "$ROOTDIR/$PIDFILE" /usr/sbin/"$named" -u named ${OPTIONS};
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
rm -f /var/run/{named,named-sdb}.pid;
ln -s $ROOTDIR/"$PIDFILE" /var/run/"$named".pid;
fi;
else
named_err="`/usr/sbin/named-checkconf $ckcf_options $named_conf 2>&1`";
echo
echo "Error in named configuration:";
echo "$named_err";
failure
echo
[ -x /usr/bin/logger ] && echo "$named_err" | /usr/bin/logger -pdaemon.error -tnamed;
umount_chroot_conf
exit 2;
fi;
echo
if [ $RETVAL -eq 0 ]; then
touch /var/lock/subsys/named;
else
umount_chroot_conf
exit 7;
fi
return 0;
}
stop() {
[ "$EUID" != "0" ] && exit 4
# Stop daemons.
echo -n $"Stopping named: "
[ -x /usr/sbin/rndc ] && /usr/sbin/rndc stop >/dev/null 2>&1;
RETVAL=$?
# was rndc successful?
[ "$RETVAL" -eq 0 ] || \
killproc -p "$ROOTDIR/$PIDFILE" "$named" -TERM >/dev/null 2>&1
timeout=0
RETVAL=0
while pidofnamed >/dev/null; do
if [ $timeout -ge $NAMED_SHUTDOWN_TIMEOUT ]; then
RETVAL=1
break
else
sleep 2 && echo -n "."
timeout=$((timeout+2))
fi;
done
umount_chroot_conf
# remove pid files
if [ $RETVAL -eq 0 ]; then
rm -f /var/lock/subsys/named
rm -f /var/run/{named,named-sdb}.pid
fi;
if [ $RETVAL -eq 0 ]; then
success
else
failure
RETVAL=1
fi;
echo
return $RETVAL
}
rhstatus() {
[ -x /usr/sbin/rndc ] && /usr/sbin/rndc status;
status -p "$ROOTDIR/$PIDFILE" -l named /usr/sbin/"$named";
return $?
}
restart() {
stop
start
}
reload() {
[ "$EUID" != "0" ] && exit
echo -n $"Reloading "$named": "
p=`pidofnamed`
RETVAL=$?
if [ "$RETVAL" -eq 0 ]; then
/usr/sbin/rndc reload >/dev/null 2>&1 || /bin/kill -HUP $p;
RETVAL=$?
fi
[ "$RETVAL" -eq 0 ] && success $"$named reload" || failure $"$named reload"
echo
return $RETVAL
}
checkconfig() {
ckcf_options='-z';
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
ckcf_options="$ckcf_options -t ${ROOTDIR}";
mount_chroot_conf
fi;
if [ -x /usr/sbin/named-checkconf ] && [ -x /usr/sbin/named-checkzone ] && /usr/sbin/named-checkconf $ckcf_options ${named_conf} ; then
umount_chroot_conf
return 0;
else
umount_chroot_conf
return 1;
fi
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
rhstatus;
RETVAL=$?
;;
restart)
restart
;;
condrestart|try-restart)
if [ -e /var/lock/subsys/named ]; then restart; fi
;;
reload)
reload
;;
force-reload)
if ! reload; then restart; fi
;;
checkconfig|configtest|check|test)
checkconfig
;;
*)
echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload}"
[ "x$1" = "x" ] && exit 0
exit 2
esac
exit $RETVAL

5
named.logrotate
View File

@ -3,6 +3,9 @@
su named named su named named
create 0644 named named create 0644 named named
postrotate postrotate
/sbin/service named reload 2> /dev/null > /dev/null || true /sbin/systemctl reload named.service > /dev/null 2>&1 || true
/sbin/systemctl reload named-chroot.service > /dev/null 2>&1 || true
/sbin/systemctl reload named-sdb.service > /dev/null 2>&1 || true
/sbin/systemctl reload named-sdb-chroot.service > /dev/null 2>&1 || true
endscript endscript
} }

24
named.service Normal file
View File

@ -0,0 +1,24 @@
[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Before=nss-lookup.target
After=network.target
[Service]
Type=forking
EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/run/named/named.pid
ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf
ExecStart=/usr/sbin/named -u named $OPTIONS
ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID'
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
PrivateTmp=true
TimeoutSec=25
[Install]
WantedBy=multi-user.target

38
named.sysconfig
View File

@ -1,40 +1,6 @@
# BIND named process options # BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~ # ~~~~~~~~~~~~~~~~~~~~~~~~~~
# Currently, you can use the following options:
#
# ROOTDIR="/var/named/chroot" -- will run named in a chroot environment.
# you must set up the chroot environment
# (install the bind-chroot package) before
# doing this.
# NOTE:
# Those directories are automatically mounted to chroot if they are
# empty in the ROOTDIR directory. It will simplify maintenance of your
# chroot environment.
# - /var/named
# - /etc/pki/dnssec-keys
# - /etc/named
# - /usr/lib64/bind or /usr/lib/bind (architecture dependent)
#
# Those files are mounted as well if target file doesn't exist in
# chroot.
# - /etc/named.conf
# - /etc/rndc.conf
# - /etc/rndc.key
# - /etc/named.rfc1912.zones
# - /etc/named.dnssec.keys
# - /etc/named.iscdlv.key
#
# Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log"
# line to your /etc/rsyslog.conf file. Otherwise your logging becomes
# broken when rsyslogd daemon is restarted (due update, for example).
# #
# OPTIONS="whatever" -- These additional options will be passed to named # OPTIONS="whatever" -- These additional options will be passed to named
# at startup. Don't add -t here, use ROOTDIR instead. # at startup. Don't add -t here, enable proper
# # -chroot.service unit file.
# KEYTAB_FILE="/dir/file" -- Specify named service keytab file (for GSS-TSIG)
#
# DISABLE_ZONE_CHECKING -- By default, initscript calls named-checkzone
# utility for every zone to ensure all zones are
# valid before named starts. If you set this option
# to 'yes' then initscript doesn't perform those
# checks.

80
setup-named-chroot.sh Executable file
View File

@ -0,0 +1,80 @@
#!/bin/bash
ROOTDIR_MOUNT='/etc/named /etc/pki/dnssec-keys /var/named /etc/named.conf
/etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key
/usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /etc/named.root.key'
usage()
{
echo
echo 'This script setups chroot environment for BIND'
echo 'Usage: setup-named-chroot.sh ROOTDIR [on|off]'
}
if ! [ "$#" -eq 2 ]; then
echo 'Wrong number of arguments'
usage
exit 1
fi
ROOTDIR="$1"
# Exit if ROOTDIR doesn't exist
if ! [ -d "$ROOTDIR" ]; then
echo "Root directory $ROOTDIR doesn't exist"
usage
exit 1
fi
mount_chroot_conf()
{
if [ -n "$ROOTDIR" ]; then
for all in $ROOTDIR_MOUNT; do
# Skip nonexistant files
[ -e "$all" ] || continue
# If mount source is a file
if ! [ -d "$all" ]; then
# mount it only if it is not present in chroot or it is empty
if ! [ -e "$ROOTDIR$all" ] || [ `stat -c'%s' "$ROOTDIR$all"` -eq 0 ]; then
touch "$ROOTDIR$all"
mount --bind "$all" "$ROOTDIR$all"
fi
else
# Mount source is a directory. Mount it only if directory in chroot is
# empty.
if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then
mount --bind "$all" "$ROOTDIR$all"
fi
fi
done
fi
}
umount_chroot_conf()
{
for all in $ROOTDIR_MOUNT; do
# Check if file is mount target. Do not use /proc/mounts because detecting
# of modified mounted files can fail.
if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then
umount "$ROOTDIR$all"
# Remove temporary created files
[ -f "$all" ] && rm -f "$ROOTDIR$all"
fi
done
}
case "$2" in
on)
mount_chroot_conf
;;
off)
umount_chroot_conf
;;
*)
echo 'Second argument has to be "on" or "off"'
usage
exit 1
esac
exit 0