Comments (6)
Maybe the permissions for the pid dir could only get set if the directory name ends with unbound
? Just a thought.
from puppet-unbound.
fixes for this got merged
also worth pointing out that the fixes to stdlib basedir have also been merged. can you cut a new release.
Cheers
from puppet-unbound.
Yep, can do.
from puppet-unbound.
I'm not sure #179 is the right fix for this. Regardless of the changes in it, the module by default (on Debian) is still changing the owner of /run
to unbound
which is definitely undesirable.
I'm not sure the suggestion in the comments earlier is great. It makes a lot of assumptions.
Is the only distro that actually requires something like this (at least out of the box -- where the run directory isn't an OS provided one), FreeBSD? That's all I can spot from the data files.
from puppet-unbound.
I think freebsd creates the directory as part of the port. I can check later. OpenBSD ships with unbound by default, as does FreeBSD, so I'd assume the directories needed for the base unbound would not be an issue. We could do something like not manage the permissions, but then we're not able to guarantee that the daemon can read the files necessary.
@chrisboulton Is there another action you're suggesting we take here?
from puppet-unbound.
@chrisboulton first please send code if you have it.
Now I am unsure as to what assumptions you think i made. however let me try to address your comments
Regardless of the changes in it, the module by default (on Debian) is still changing the owner of /run to unbound
That's right i did not change the default behavior. As i stated in the issues i was unsure if the default behavior was desired or not. I simply provided a method to allow people to override this parameter locally and set it to an empty value so the error did not manifest
Is the only distro that actually requires something like
the list of supported os's is in the metadata and you can easily see where each os stores its pidfile
$ grep -r pidfile puppet-unbound/data
puppet-unbound/data/common.yaml:unbound::pidfile: '/var/run/unbound/unbound.pid'
puppet-unbound/data/os/Debian/7.yaml:unbound::pidfile: '/var/run/unbound.pid'
puppet-unbound/data/os/Solaris/SmartOS.yaml:unbound::pidfile: '/usr/local/etc/unbound/unbound.pid'
puppet-unbound/data/os/OpenBSD.yaml:unbound::pidfile: '/var/run/unbound.pid'
puppet-unbound/data/os/FreeBSD.yaml:unbound::pidfile: '/usr/local/etc/unbound/unbound.pid'
puppet-unbound/data/os/Debian.yaml:unbound::pidfile: '/run/unbound.pid'
as you can see from here the only pid file in a none unbound specific folder is Debian != version 7 and OpenBSD. so by default the following supported systems would be affected
- Debian 6
- Ubuntu 14.04
- Ubuntu 16.04
- OpenBSD 5
- OpenBSD 6
As to the way forward TBH im not sure why i ever questioned if this was desirable, it obviously is not but i think any way forward is a hack. As @xaque208 mentioned we do need to manage this folder in many situations as such i have created a PR with a possible way forward #190
EDIT: the other option is to just remove trying to work out and set permissions on basedire($pidfile) if its different from rundir with the assumption that in that case something elses will take care of it???
from puppet-unbound.
Related Issues (20)
- Wrong quoting for local-data TXT records HOT 5
- version 2.4.3 breaks the configfile for tls-upstream on CentOS 7
- `unbound_version` fact needs a test HOT 1
- Debian: module change ownership of directory /run to unbound HOT 13
- add ability to define/generate local-data + override local-zone template HOT 3
- commit 5868593634371290ad013e4a3005f25cb8d7e1fe broke the module for me HOT 6
- Fix installation on Debian distribution - e.g. unbound option auto-trust-anchor-file is provided two times HOT 8
- Handle TXT records containing double quotes and white space
- Resource default statements in module HOT 17
- Drop EOL Debian 8
- Please support 'respip' in module_config HOT 1
- add deprecation message on the forge HOT 4
- unbound_version not set on first run causing unexpected config file setting HOT 1
- No support Static record mapping to multiple IP
- Documentation is misleading when using unbound::stub
- Outgoing port permit/avoid order wrong when outgoing_port_permit_first = false
- Option trust_anchor_file is not usable
- Allow to restart instead of reload on config changes
- $conf_d and $unbound_conf_d are not documented and unclear how they differ beyond their location HOT 2
- Newer versions of Unbound require the "include:" line in its own stanza HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-unbound.