[Opendnssec-user] *****SPAM***** ODS 2.0.1 did not start after reboot.

Berry A.W. van Halderen berry at nlnetlabs.nl
Tue Aug 30 07:59:50 UTC 2016 

On 08/30/2016 09:46 AM, Fred.Zwarts wrote:
>  ODS 2.0.1 has now been running satisfactory on our test system
>    for several weeks. However, recently we noticed that each time we reboot
>   the system, ods does not startup properly. It turns out that after each reboot,
>    the directory /var/run/opendnssec has disappeared, so opendnssec can not
>   start, because it wants to create sock and pid files in this directory. I
>   have worked around this problem, by modifying /usr/local/sbin/ods-control,
>    where I added a mkdir for this directory just before the startup of the enforcer.
>    [...] 

Thanks for your feedback, good to see 2.0.1 in the real world!

Unfortunately, this is specific to how some Linux distributions work,
and it is not easy to create a consistent fix for it.
The best way is for package providers for the distributions should
create a fix in their system.

The problem lies in the fact that some distributions regard /var/run to
be completely volatile.  Any content in this directory is removed on a
reboot.

Now OpenDNSSEC uses multiple files that should go into /var/run.
Multiple files containing PIDs and sockets.  It is not uncommon to
want to bundle them into a directory below /var/run.

Now you could say just create the directory if it does not exist.
However here the trouble starts.  The directory is not always writable
for any other user.  And if you do not start the daemon as root,
the directory cannot be created.  Giving a bad user experience to
others.  More over, since this directory can also be located elsewhere
we cannot assume at all to have write permissions to create the
directory.

What normally happens, is that package providers for such distributions
either make an exception for /var/run/opendnssec to not be removed, or
add the sequence to create the directory after a reboot.
We however cannot make such a patch to the system ourselved, afaik.

It is also possible for you to locate the /var/run/opendnssec directory
elsewhere.  It is part of the standard options of the autoconf when
compiling.

With kind regards,
Berry van Halderen

PS: a better warning concerning this problem during reboot should be
outputted by OpenDNSSEC.  That is very much true.

More information about the Opendnssec-user mailing list