Re: How to make 'named' rc script invokded earlier at boot time
Circular dependency is still not fixed... https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218720 Yasuhiro Kimura wrote on 2021/04/30 19:28: > From: b56...@oldach.net (Helge Oldach) > Subject: Re: How to make 'named' rc script invokded earlier at boot time > Date: Fri, 30 Apr 2021 11:25:03 +0200 (CEST) > >> Looks like this is caused by security/trousers which has "BEFORE: named >> hastd". This port had been touched 3 weeks ago. > > You provide me very good hint! > > On my home server security/trousers and emulators/tpm-emulator are > installed as dependencies of security/gnutls. They install > /usr/local/etc/rc.d/tcsd and /usr/local/etc/rc.d/tpmd respectivley. > And there is circular dependency between these 2 rc srcipts and > /usr/local/etc/rc.d/named. > ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: How to make 'named' rc script invokded earlier at boot time
On 2021-04-30 00:30, Yasuhiro Kimura wrote: I installed dns/bind916 on my home server and configured it so it worked as both authoritative and recursor. Then I added 'nameserver 127.0.0.1' to /etc/resolv.conf and everything worked fine. But after updating OS from 12.2-RELEASE to 13.0-RELEASE I noticed execution of some rc scripts fails at boot time because of DNS lookup error. And I also found these scripts are executed earlier than 'named'. I've been plagued with this for years (well, a couple anyways) on several of my servers. As I never saw anyone else mention it. I assumed it was just "me". ;-) rc(8) has a mountlate. Seems to me there ought to be a "startlate" key as well. While this won't fix the cause introduced. It might at least solve the problem. create an /etc/rc.conf.local and move your host/nic related things into it followed by your "named" entry. Leaving everything else in /etc/rc.conf This (should) source all the rc.conf.local entries ahead of the rc.conf entries. Thereby providing name resolution before ntpdate(8)/time sync service(s) HTH --Chris Now let me use 'ntpdate' as an example. If I run `rcorder /etc/rc.d/* /usr/local/etc/rc.d/*` on 12.2-RELEASE, then I get following result. -- root@rolling-vm-freebsd3[474]# uname -a FreeBSD rolling-vm-freebsd3.home.utahime.org 12.2-RELEASE-p6 FreeBSD 12.2-RELEASE-p6 GENERIC amd64 root@rolling-vm-freebsd3[475]# rcorder /etc/rc.d/* /usr/local/etc/rc.d/* /etc/rc.d/growfs /etc/rc.d/sysctl /etc/rc.d/hostid /etc/rc.d/zvol /etc/rc.d/dumpon (snip) /etc/rc.d/static_arp /etc/rc.d/bridge /etc/rc.d/route6d /etc/rc.d/NETWORKING /etc/rc.d/mountcritremote /etc/rc.d/devfs /etc/rc.d/ipmon /etc/rc.d/kdc /etc/rc.d/mdconfig2 /etc/rc.d/newsyslog /etc/rc.d/syslogd /usr/local/etc/rc.d/tcsd /usr/local/etc/rc.d/named /etc/rc.d/watchdogd /etc/rc.d/savecore /etc/rc.d/archdep /etc/rc.d/linux /etc/rc.d/sysvipc /etc/rc.d/SERVERS /usr/local/etc/rc.d/tpmd /usr/local/etc/rc.d/stunnel /etc/rc.d/accounting /etc/rc.d/ntpdate /etc/rc.d/rpcbind /etc/rc.d/nfsclient /etc/rc.d/nisdomain (snip) -- As you can see, while 'named' is executed before SERVERS, 'ntpdate' is done after it. On the other hand I get following result on 13.0-RELEASE. -- root@rolling-vm-freebsd2[332]# uname -a FreeBSD rolling-vm-freebsd2.home.utahime.org 13.0-RELEASE FreeBSD 13.0-RELEASE #0 releng/13.0-n244733-ea31abc261f: Fri Apr 9 04:24:09 UTC 2021 r...@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 root@rolling-vm-freebsd2[333]# rcorder /etc/rc.d/* /usr/local/etc/rc.d/* /etc/rc.d/dhclient /etc/rc.d/dumpon /etc/rc.d/growfs /etc/rc.d/natd (snip) /etc/rc.d/netwait /etc/rc.d/blacklistd /etc/rc.d/local_unbound /etc/rc.d/NETWORKING /etc/rc.d/pppoed /etc/rc.d/kdc /etc/rc.d/kfd /etc/rc.d/nfsuserd /etc/rc.d/iscsid /etc/rc.d/ipropd_slave /etc/rc.d/nfscbd /etc/rc.d/iscsictl /etc/rc.d/ipropd_master /etc/rc.d/kadmind /etc/rc.d/kpasswdd /etc/rc.d/mountcritremote /etc/rc.d/wpa_supplicant /etc/rc.d/motd /etc/rc.d/accounting /etc/rc.d/cleartmp /etc/rc.d/dmesg /etc/rc.d/archdep /etc/rc.d/gptboot /etc/rc.d/hostapd /etc/rc.d/virecover /etc/rc.d/mdconfig2 /etc/rc.d/devfs /etc/rc.d/os-release /etc/rc.d/newsyslog /etc/rc.d/linux /etc/rc.d/syslogd /etc/rc.d/sysvipc /etc/rc.d/watchdogd /etc/rc.d/savecore /etc/rc.d/ntpdate /etc/rc.d/localpkg /etc/rc.d/auditd /etc/rc.d/bsnmpd /etc/rc.d/pwcheck /etc/rc.d/power_profile /etc/rc.d/rpcbind /etc/rc.d/auditdistd /usr/local/etc/rc.d/named /etc/rc.d/nfsclient /etc/rc.d/hastd /etc/rc.d/SERVERS /etc/rc.d/nisdomain /usr/local/etc/rc.d/stunnel /usr/local/etc/rc.d/tpmd /usr/local/etc/rc.d/tcsd (snip) -- Now both 'named' and 'ntpdate' are executed before SERVERS. And unfortunately the latter is earlier than the former. So it is natural that execution of 'ntpdate' fails with DNS lookup failure. I compared ntpdate rc script between releng/12.2 and releng/13.0 but there is no difference. -- yasu@rolling-vm-freebsd2[1035]% pwd /usr/src yasu@rolling-vm-freebsd2[1036]% git diff origin/releng/12.2 origin/releng/13.0 -- libexec/rc/rc.d/ntpdate yasu@rolling-vm-freebsd2[1037]% -- And of cource there is no difference with /usr/local/etc/rc.d/named either. So it seems evaluation of rcorder(8) is changed between 12.2-RELASE and 13.0-RELEASE. Then is there any way to make 'named' rc script invoked earlier at boot time on 13.0-RELEASE? Best Regards. --- Yasuhiro Kimura ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to
Re: How to make 'named' rc script invokded earlier at boot time
30.04.2021 14:30, Yasuhiro Kimura wrote: > I installed dns/bind916 on my home server and configured it so it > worked as both authoritative and recursor. Then I added > 'nameserver 127.0.0.1' to /etc/resolv.conf and everything worked fine. > > But after updating OS from 12.2-RELEASE to 13.0-RELEASE I noticed > execution of some rc scripts fails at boot time because of DNS lookup > error. And I also found these scripts are executed earlier than > 'named'. > > Now let me use 'ntpdate' as an example. named sometimes *requires* correct time to be set before it is started, so you should either use some IP addressess for NTP bootstrapping at boot time, or put NTP server hostname to /etc/hosts with its IP, so it resolves before named fires. ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: How to make 'named' rc script invokded earlier at boot time
From: b56...@oldach.net (Helge Oldach) Subject: Re: How to make 'named' rc script invokded earlier at boot time Date: Fri, 30 Apr 2021 11:25:03 +0200 (CEST) > Looks like this is caused by security/trousers which has "BEFORE: named > hastd". This port had been touched 3 weeks ago. You provide me very good hint! On my home server security/trousers and emulators/tpm-emulator are installed as dependencies of security/gnutls. They install /usr/local/etc/rc.d/tcsd and /usr/local/etc/rc.d/tpmd respectivley. And there is circular dependency between these 2 rc srcipts and /usr/local/etc/rc.d/named. -- root@eastasia[1067]# rcorder /etc/rc.d/* /usr/local/etc/rc.d/* > /dev/null rcorder: file `/usr/local/etc/rc.d/tcsd' is before unknown provision `kerberos' rcorder: Circular dependency on file `/usr/local/etc/rc.d/named'. rcorder: Circular dependency on provision `fake_prov_0004': /usr/local/etc/rc.d/tcsd -> /usr/local/etc/rc.d/tpmd -> /etc/rc.d/SERVERS -> /usr/local/etc/rc.d/named -> /usr/local/etc/rc.d/tcsd. rcorder: `/usr/local/etc/rc.d/named' was seen in circular dependencies for 1 times. rcorder: `/etc/rc.d/SERVERS' was seen in circular dependencies for 1 times. rcorder: `/usr/local/etc/rc.d/tpmd' was seen in circular dependencies for 1 times. rcorder: `/usr/local/etc/rc.d/tcsd' was seen in circular dependencies for 1 times. rcorder: `/usr/local/etc/rc.d/named' was seen in circular dependencies for 1 times. root@eastasia[1068]# -- If I temporally move /usr/local/etc/rc.d/tcsd to somewhere else and add 'ntpdate' to 'BEFORE' line of /usr/local/etc/rc.d/named, then 'named' comes before 'ntpupdate' in the result of rcorder. --- Yasuhiro Kimura ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: How to make 'named' rc script invokded earlier at boot time
From: Yasuhiro Kimura Subject: Re: How to make 'named' rc script invokded earlier at boot time Date: Fri, 30 Apr 2021 17:18:26 +0900 (JST) >> The only way I can see is modify the named rc script and add the >> services that needs named to be started on the BEFORE line at the >> beginning of the script. Mind you, it really needs to start after >> syslog (unless you log directly to files and do not use syslog.) > > Thanks for advice. I'll try it. I tried it but am confused by the result. I modified /usr/local/etc/rc.d/named on my home server as following. -- root@eastasia[1051]# head /usr/local/etc/rc.d/named #!/bin/sh # PROVIDE: named # REQUIRE: NETWORKING ldconfig syslogd # BEFORE: SERVERS ntpdate # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf to enable BIND: # named_enable (bool): Run named, the DNS server (or NO). root@eastasia[1052]# -- And I executed `rcorder /etc/rc.d/* /usr/local/etc/rc.d/*`. Then I got just same result as before the modification. So I modifed /etc/rc.d/ntpdate as following. -- root@eastasia[1053]# head /etc/rc.d/ntpdate ~ #!/bin/sh # # $FreeBSD$ # # PROVIDE: ntpdate # REQUIRE: NETWORKING syslogd named # KEYWORD: nojail . /etc/rc.subr root@eastasia[1054]# -- But the result still didn't changed. As I wrote another mail my result of `rcorder -p` is different from that of Helge Oldach. These oddities may be related. I'll investigate further but it may take for a while. --- Yasuhiro Kimura ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: How to make 'named' rc script invokded earlier at boot time
From: Mathieu Arnold Subject: Re: How to make 'named' rc script invokded earlier at boot time Date: Fri, 30 Apr 2021 10:02:31 +0200 > There is an option in the port to have named start later, but up to now, > it was starting early enough. > > The only way I can see is modify the named rc script and add the > services that needs named to be started on the BEFORE line at the > beginning of the script. Mind you, it really needs to start after > syslog (unless you log directly to files and do not use syslog.) Thanks for advice. I'll try it. --- Yasuhiro Kimura ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: How to make 'named' rc script invokded earlier at boot time
From: b56...@oldach.net (Helge Oldach) Subject: Re: How to make 'named' rc script invokded earlier at boot time Date: Fri, 30 Apr 2021 10:01:47 +0200 (CEST) > Can you try rcorder -p? That will group equally ranked scripts on the same > line. > > On 13, I'm seeing: > > (snip) > /etc/rc.d/pwcheck /etc/rc.d/watchdogd /usr/local/etc/rc.d/named > /etc/rc.d/auditd /etc/rc.d/ntpdate /etc/rc.d/bsnmpd /etc/rc.d/savecore > /etc/rc.d/power_profile /etc/rc.d/localpkg /etc/rc.d/hastd > /etc/rc.d/rpcbind /etc/rc.d/SERVERS /etc/rc.d/auditdistd > (snip) > > which implies that the ordering of named and ntpdate is random however both > are before SERVERS. > > Kind regards > Helge I get following result. (snip) /etc/rc.d/NETWORKING /etc/rc.d/kdc /etc/rc.d/kfd /etc/rc.d/pppoed /etc/rc.d/nfsuserd /etc/rc.d/iscsid /etc/rc.d/iscsictl /etc/rc.d/nfscbd /etc/rc.d/kpasswdd /etc/rc.d/kadmind /etc/rc.d/ipropd_slave /etc/rc.d/ipropd_master/etc/rc.d/mountcritremote /etc/rc.d/devfs /etc/rc.d/virecover /etc/rc.d/os-release /etc/rc.d/motd /etc/rc.d/archdep /etc/rc.d/mdconfig2 /etc/rc.d/gptboot /etc/rc.d/wpa_supplicant /etc/rc.d/accounting /etc/rc.d/dmesg /etc/rc.d/cleartmp /etc/rc.d/hostapd /etc/rc.d/newsyslog /etc/rc.d/syslogd /etc/rc.d/sysvipc /etc/rc.d/linux /etc/rc.d/pwcheck /etc/rc.d/localpkg /etc/rc.d/power_profile /etc/rc.d/auditd /etc/rc.d/bsnmpd /etc/rc.d/ntpdate /etc/rc.d/savecore /etc/rc.d/watchdogd /etc/rc.d/rpcbind /etc/rc.d/auditdistd /etc/rc.d/nfsclient /usr/local/etc/rc.d/tpmd /usr/local/etc/rc.d/tcsd /etc/rc.d/hastd /usr/local/etc/rc.d/named /etc/rc.d/SERVERS (snip) 'named' is still later than 'ntpdate' on my home server. --- Yasuhiro Kimura ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: How to make 'named' rc script invokded earlier at boot time
On Fri, Apr 30, 2021 at 04:30:54PM +0900, Yasuhiro Kimura wrote: > Then is there any way to make 'named' rc script invoked earlier at > boot time on 13.0-RELEASE? There is an option in the port to have named start later, but up to now, it was starting early enough. The only way I can see is modify the named rc script and add the services that needs named to be started on the BEFORE line at the beginning of the script. Mind you, it really needs to start after syslog (unless you log directly to files and do not use syslog.) -- Mathieu Arnold signature.asc Description: PGP signature
