It has the service and requires unbound user created. Make it separate,
because some users of unbound-libs might not want or need anchor
maintenance. Make it also easier to add custom options to unbound-anchor
running from the service.
Do not start timer from unbound.service, start instead unbound-anchor
service before starting unbound. It would ensure root anchor is in the
place. Run it from single place from both timer and unbound service.
Once ntpdate.service is fixed to order itself After nss-lookup.target,
there will be an ordering loop. To reproduce this do:
[root@notas ~]# yum -y install unbound ntpdate chrony
[root@notas ~]# systemctl enable ntpdate.service chronyd.service unbound-anchor.timer unbound.service unbound-anchor.service
[root@notas ~]# systemd-analyze verify /usr/lib/systemd/system/*
And then in the output you can find:
Found ordering cycle on ntpdate.service/stop
Found dependency on nss-lookup.target/start
Found dependency on unbound.service/start
Found dependency on unbound-anchor.service/start
Found dependency on unbound-anchor.timer/start
Found dependency on time-sync.target/start
Found dependency on chrony-wait.service/stop
Found dependency on chronyd.service/stop
Found dependency on ntpdate.service/stop
Signed-off-by: Tomas Hozza <thozza@redhat.com>
- change the period for unbound-anchor from monthly to daily (#1180267)
- Thanks to Tomasz Torcz <ttorcz@fedoraproject.org> for the initial patch
Signed-off-by: Tomas Hozza <thozza@redhat.com>
