[Pkg-dns-devel] Bug#807132: unbound-control breaks systemctl stop/start

Rudy Broersma tozz at kijkt.tv
Sat Dec 5 20:28:18 UTC 2015 

Package: unbound
Version: 1.5.6-1
Severity: important

Dear Maintainer,

On our machine with Debian Stretch with all updates (as of 2015/12/05) we noticed
that sometimes unbound failed to start. I believe this has something to do
with unbound-control and systemctl.

eg.:

# Normal situation:

root at nscache1:~# systemctl status unbound.service
● unbound.service
   Loaded: loaded (/etc/init.d/unbound; bad; vendor preset: enabled)
  Drop-In: /run/systemd/generator/unbound.service.d
           └─50-insserv.conf-$named.conf, 50-unbound-$named.conf
   Active: active (running) since Fri 2015-12-04 17:10:37 CET; 1 day 4h ago
     Docs: man:systemd-sysv-generator(8)
  Process: 8864 ExecStop=/etc/init.d/unbound stop (code=exited, status=0/SUCCESS)
  Process: 8901 ExecStart=/etc/init.d/unbound start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/unbound.service
           └─8911 /usr/sbin/unbound

# Now we stop unbound using unbound-control:

root at nscache1:~# unbound-control stop
ok

# We check its status. Notice the "active (exited)":

root at nscache1:~# systemctl status unbound.service
● unbound.service
   Loaded: loaded (/etc/init.d/unbound; bad; vendor preset: enabled)
  Drop-In: /run/systemd/generator/unbound.service.d
           └─50-insserv.conf-$named.conf, 50-unbound-$named.conf
   Active: active (exited) since Fri 2015-12-04 17:10:37 CET; 1 day 4h ago
     Docs: man:systemd-sysv-generator(8)
  Process: 8864 ExecStop=/etc/init.d/unbound stop (code=exited, status=0/SUCCESS)
  Process: 8901 ExecStart=/etc/init.d/unbound start (code=exited, status=0/SUCCESS)

# We now start it again using systemctl (in our case, this is done by Puppet)
# but the issue also occurs when doing manual start using systemctl:

root at nscache1:~# systemctl start unbound.service

# And we check its status. As can be shown, the service is still "active (exited)"
# and is indeed _NOT_ running. This is where I believe there is a bug. The service
# should have started by now.

root at nscache1:~# systemctl status unbound.service
● unbound.service
   Loaded: loaded (/etc/init.d/unbound; bad; vendor preset: enabled)
  Drop-In: /run/systemd/generator/unbound.service.d
           └─50-insserv.conf-$named.conf, 50-unbound-$named.conf
   Active: active (exited) since Fri 2015-12-04 17:10:37 CET; 1 day 4h ago
     Docs: man:systemd-sysv-generator(8)
  Process: 8864 ExecStop=/etc/init.d/unbound stop (code=exited, status=0/SUCCESS)
  Process: 8901 ExecStart=/etc/init.d/unbound start (code=exited, status=0/SUCCESS)

# To resolve the issue, we stop the service:

root at nscache1:~# systemctl stop unbound.service

# And check its status: (which is now the correct status: inactive dead)

root at nscache1:~# systemctl status unbound.service 
● unbound.service
   Loaded: loaded (/etc/init.d/unbound; bad; vendor preset: enabled)
  Drop-In: /run/systemd/generator/unbound.service.d
           └─50-insserv.conf-$named.conf, 50-unbound-$named.conf
   Active: inactive (dead) since Sat 2015-12-05 21:20:56 CET; 3s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 29497 ExecStop=/etc/init.d/unbound stop (code=exited, status=0/SUCCESS)
  Process: 8901 ExecStart=/etc/init.d/unbound start (code=exited, status=0/SUCCESS)

# We can now start the service again using systemctl (again, in our case this is done
# by puppet

root at nscache1:~# systemctl start unbound.service   

# And check its status:

root at nscache1:~# ps -aux | grep unbound
unbound  29521 26.8  3.3 140640 34352 ?        Ssl  21:21   0:01 /usr/sbin/unbound

root at nscache1:~# systemctl status unbound.service
● unbound.service
   Loaded: loaded (/etc/init.d/unbound; bad; vendor preset: enabled)
  Drop-In: /run/systemd/generator/unbound.service.d
           └─50-insserv.conf-$named.conf, 50-unbound-$named.conf
   Active: active (running) since Sat 2015-12-05 21:21:04 CET; 3min 12s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 29497 ExecStop=/etc/init.d/unbound stop (code=exited, status=0/SUCCESS)
  Process: 29511 ExecStart=/etc/init.d/unbound start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/unbound.service
           └─29521 /usr/sbin/unbound

 * Outcome in our test case:
   - Systemctl is unable to start unbound when it wasn't stopped by systemctl
     but by unbound-control.
   
 * Expected outcome:
   
   - Systemctl to start unbound, regardless of how it was stopped.


-- System Information:
Debian Release: 9
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.2.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages unbound depends on:
ii  adduser         3.113+nmu3
ii  libc6           2.19-22
ii  libevent-2.0-5  2.0.21-stable-2+b1
ii  libfstrm0       0.2.0-1
ii  libprotobuf-c1  1.1.1-1
ii  libpython2.7    2.7.10-5+b1
ii  libssl1.0.2     1.0.2d-3
ii  openssl         1.0.2d-3
ii  unbound-anchor  1.5.6-1

unbound recommends no packages.

unbound suggests no packages.

-- Configuration Files:
/etc/unbound/unbound.conf changed:
server:
  verbosity: 1
  trusted-keys-file: /etc/unbound/keys.d/*.key
  auto-trust-anchor-file: /var/lib/unbound/root.key
  do-not-query-localhost: no
  use-syslog: yes
  extended-statistics: no
  statistics-interval: 0
  root-hints: /etc/unbound/root.hints
  num-threads: 2
  outgoing-port-permit: 32768-65535
  outgoing-port-avoid: 0-32767
  harden-glue: yes
  harden-dnssec-stripped: yes
  harden-below-nxdomain: yes
  harden-referral-path: yes
  unwanted-reply-threshold: 10000000
  edns-buffer-size: 1280
  port: 53
  interface: ::0
  interface: 0.0.0.0
  access-control: ::1/0 allow
  msg-cache-slabs: 2
  rrset-cache-slabs: 2
  infra-cache-slabs: 2
  key-cache-slabs: 2
  rrset-cache-size: 100m
  msg-cache-size: 50m
  num-queries-per-thread: 4096
  outgoing-range: 8192
  chroot: ""
  username: "unbound"
  directory: "/etc/unbound"
  val-clean-additional: yes
  val-log-level: 1
  hide-identity: no
  hide-version: no
  include: "/etc/unbound/unbound.conf.d/*.conf"
remote-control:
  control-enable: yes
  control-interface: ::1
  control-interface: 127.0.0.1
  control-port: 8953
  server-key-file: /etc/unbound/unbound_server.key
  server-cert-file: /etc/unbound/unbound_server.pem
  control-key-file: /etc/unbound/unbound_control.key
  control-cert-file: /etc/unbound/unbound_control.pem

/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf [Errno 2] No such file or directory: u'/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf'

-- no debconf information

More information about the pkg-dns-devel mailing list