[Opendnssec-user] kaspConnect() causes ods-enforcer brittleness
Petr Spacek
pspacek at redhat.com
Wed Dec 9 10:30:27 UTC 2015
On 8.12.2015 09:22, Havard Eidnes wrote:
> Hi,
>
> the ods-enforcer daemon loops, periodically looking for things
> which need to be done / scheduled. Inside its service loop it
> has this piece of code:
>
> log_msg(config, LOG_INFO, "Connecting to Database...");
> kaspConnect(config, &dbhandle);
>
> followed by misleadingly-indented code (that's a minor issue).
>
> However... What happens if an administrator just happens to run
> "ods-ksmutil key list ..." at exactly that time when the enforcer
> wants to connect to the database? This is what the log can tell:
>
> Dec 8 08:32:43 hugin ods-enforcerd: Connecting to Database...
> Dec 8 08:32:43 hugin ods-enforcerd: ERROR: error executing SQL - database is locked
>
> and this time it looks like ods-enforcerd really means that this
> is an error, because kaspConnect() doesn't return an error but
> does an exit() if connecting to the database fails:
>
> /*
> * Connect to the DB
> */
> void
> kaspConnect(DAEMONCONFIG* config, DB_HANDLE *handle)
> {
> /* Note that all these XML derived strings are unsigned chars */
> if (DbConnect(handle, (char *)config->schema, (char *)config->host, (char *)config->password, (char *)config->user, (char *)config->port) != 0) {
> unlink(config->pidfile);
> exit(-1);
> }
>
> }
>
> That's not a good way to design a library function interface!
>
> This makes ods-enforcer brittle, provides no automatic error
> recovery, and requires operator intervention to restart the
> now-dead enforcer.
>
> Again, this is with OpenDNSSEC 1.4.7, using sqlite3.
I confirm that I have seen the very same issue.
BTW what is the purpose of home-grown lock around SQL database? I did not dig
into it but I would somehow expect that SQL database can deal with access from
multiple processes...
--
Petr Spacek @ Red Hat
More information about the Opendnssec-user
mailing list