Discussion:
[Opendnssec-user] Dropping exec perms -- running daemons as == ods USER/GROUP, !root ?
PGNet Dev
2016-12-22 14:22:01 UTC
Permalink
Though did you find out what made the
difference for the mailer script?
no, unfortunately no specific resolution :-/

it was a 'holiday surprise'; when I put all that^^ in place, it simply started mailing.

Given that I was switching to non-root operation, it 'smells like' perms, but I never did get any error messages ...
Also, if you are willing I'd be happy
to include the systemd files in contrib/ dir in our release.
sure. with the caveats that they're trivial, work in my ENV with systemd 228, & are as yet untested in a production setup,

cat /etc/systemd/system/ods-signer.service
[Unit]
Description=OpenDNSSEC v2 Signer daemon
After=syslog.target network-online.target

[Service]
Type=forking
PIDFile=/var/run/opendnssec/signerd.pid
ExecStart=/bin/sh -c '/usr/local/opendnssec/sbin/ods-signerd -d &'

[Install]
WantedBy=multi-user.target

cat /etc/systemd/system/ods-enforcer.service
[Unit]
Description=OpenDNSSEC v2 Enforcer daemon
After=syslog.target network-online.target
Wants=ods-signer.service
After=ods-signer.service

[Service]
Type=forking
PIDFile=/var/run/opendnssec/enforcerd.pid
ExecStart=/bin/sh -c '/usr/local/opendnssec/sbin/ods-enforcerd -d &'

[Install]
WantedBy=multi-user.target
Yuri Schaeffer
2016-12-22 14:45:15 UTC
Permalink
Post by PGNet Dev
sure. with the caveats that they're trivial, work in my ENV with systemd 228, & are as yet untested in a production setup,
Tx.
Post by PGNet Dev
[Unit]
Description=OpenDNSSEC v2 Signer daemon
After=syslog.target network-online.target
[Service]
Type=forking
PIDFile=/var/run/opendnssec/signerd.pid
ExecStart=/bin/sh -c '/usr/local/opendnssec/sbin/ods-signerd -d &'
[Install]
WantedBy=multi-user.target
I suggest this change though. (entire Service section)
Post by PGNet Dev
[Unit]
Description=OpenDNSSEC v2 Signer daemon
After=syslog.target network-online.target
[Service]
Type=simple
ExecStart=/usr/local/opendnssec/sbin/ods-signerd -d
[Install]
WantedBy=multi-user.target
PGNet Dev
2016-12-22 14:55:45 UTC
Permalink
Post by Yuri Schaeffer
I suggest this change though. (entire Service section)
Post by PGNet Dev
[Unit]
Description=OpenDNSSEC v2 Signer daemon
After=syslog.target network-online.target
[Service]
Type=simple
ExecStart=/usr/local/opendnssec/sbin/ods-signerd -d
[Install]
WantedBy=multi-user.target
Nope, the .service will not 'release'.

I.e., exec'ing

systemctl start ods-signer

hangs, and does NOT return back to prompt. (here, at least)

Systemd doesn't support shell command lines. They need to be explicitly
passed to a shell implementation, e.g. /bin/sh using

ExecStart=/bin/sh -c "..."

cref: https://www.freedesktop.org/software/systemd

Loading...