Page MenuHomeVyOS Platform

vyos-hostsd improvements (partial rewrite)
In progress, NormalPublic

Description

To fix several DNS bugs, a lot of changes were necessary in vyos-hostsd and functionality moved in from other places.
Additionally, there were some new features added and some reimplemented.

Full list of changes from commits (already implemented on my side but not yet submitted):

  • update copyright date
  • validate incoming JSON data against a schema with voluptuous
  • add usage help describing internal messages syntax at top of vyos-hostsd
  • move socket and state file to directory /run/vyos-hostsd
  • set mode of socket to 770 to secure it against processes not in hostsd group
  • replace jinja2 rendering with vyos.template
  • move all templates out of the executable into dedicated data/templates dirs
  • move recursor.conf forward-zones-recurse to forward-zones-file
  • generate lua-config-file for pdns-recursor with addNTA
  • support adding custom forward zones for pdns-recursor with optional added NTA and/or recursion-desired
  • move search_domains from set_host_name to separate add/delete/get commands
  • unify functions to support abstracting them in the future
  • track number of internal changes in "changes" variable saved in state file (informational in apply function)
  • do not apply changes immediately, add apply function that applies all changes (to not reload pdns-recursor excessively for a large set of changes, users must call the apply function once at the end)
  • add pdns_rec_control function that supports sending arbitrary commands to rec_control (fix pdns-recursor process name that caused the old function to think pdns-recursor was never running)
  • create /run/powerdns if it doesn't exist (on boot vyos-hostsd starts before pdns-recursor but we need to put our generated conf files there)
  • abstract specific command functions (add_*/del_*) into general functions to manipulate various types of data in the state variable
  • add command types:
    • forward_zones (generate custom forward zones for pdns-recursor)
    • search_domains (move from set_host_name as dhcp client needs to change them too)
    • name_server_tags_recursor (to set tags whose nameservers are added to pdns-recursor)
    • name_server_tags_system (to set tags whose nameservers and search domains are added to /etc/resolv.conf)
  • change hosts data format to make more sense (move tag from within each host dict to the key for a list of host dicts)
  • do not remove state file when shut down cleanly, to not lose state when restarting vyos-hostsd service that's then impossible to restore without restarting the whole router - a reboot will remove the state file as it lives in a tmpfs (/run)
  • remove too verbose info log on every received message

update systemd service:

  • set RuntimeDirectory to vyos-hostsd
  • set RuntimeDirectoryPreserve in order to not delete the state file between service restarts (/run will be deleted across reboots as it's on a tmpfs but the state doesn't need to be saved across reboots anyway)
  • set WorkingDirectory to /run/vyos-hostsd

add hostsd group:
To better control access from other daemons that may not be running as root, create a new group 'hostsd' to which the other daemons running users can be added (for example dhcp-server). Run vyos-hostsd as root:hostsd to create the socket file with correct user and group.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change

Event Timeline

jjakob changed the task status from Open to In progress.Jun 11 2020, 5:11 AM
jjakob triaged this task as Normal priority.
jjakob created this task.
jjakob created this object in space S1 VyOS Public.
jjakob updated the task description. (Show Details)