Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Catalog zones #304

Merged
merged 57 commits into from Feb 16, 2024
Merged

Catalog zones #304

merged 57 commits into from Feb 16, 2024

Conversation

wtoorop
Copy link
Member

@wtoorop wtoorop commented Nov 26, 2023

This version does the task from within the tranfer daemon (xfrd) which makes everything easier and more straight forward.

@wtoorop
Configure options for catalog zones
a3891c9
@wtoorop
Set ident (and proctitle) earlier for debugging
a950507 
Also change ident to "load" when reloading and the backup main process
to "old-main". When reload succeeds, "load" will become "main" and
"old-main" will quit. Otherwise "load" will be exited (because of
failure) and "old_main" will continue as "main".
@wtoorop
dname_to_string_buf()
fd6c315 
A version of dname_to_string() that writes to a buffer instead of
returning a static buffer. This is useful when you need to print two
dnames in a log message.
@wtoorop
Basic catalog consumer zone processing
ac54bfb 
TODO: Group property
@wtoorop
The group property
1f67c47
@wtoorop
Be explicit about the catalog role, also in the config
0b413fd 
+ marshalling of the catalog zone pattern options
@wtoorop
Fix for copy/paste bug found by clang
8737d68
k0ekk0ek
k0ekk0ek reviewed Nov 27, 2023
View reviewed changes
nsd.conf.5.in Outdated Show resolved Hide resolved
wtoorop
wtoorop commented Nov 27, 2023
View reviewed changes
nsd.conf.5.in Outdated Show resolved Hide resolved
@pettai
Copy link

pettai commented Nov 27, 2023

Current version works fine for us 👍 (just replaced one of our test-installations of a previous catz-branch build)

@pettai
Copy link

pettai commented Nov 27, 2023

First issue encountered:
Nov 27 20:10:01 sunic nsd[2498035]: invalid catalog consumer zone 'test.catalog': 'version.test.catalog TXT RRset not found

zone:	test.catalog
	catalog: consumer
	catalog-invalid: 'version.test.catalog TXT RRset not found
	state: ok
	served-serial: "1698045664 since 2023-11-27T19:31:01"
	commit-serial: none
	wait: "84395 sec between attempts"

A manual nsd-control transfer test.catalog fixed the issue.

@pettai
Copy link

pettai commented Nov 27, 2023
edited

Next issue I see then I restart nsd with systemctl restart nsd. There are some defunct nsd processes around, but nothing insightful in the logs. (nsd with the catzones seems to work fine...)

 22:08 root@sunic: /etc/nsd/nsd.conf.d # ps -ef | grep nsd
nsd      2850692       1  0 22:07 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2850694 2850692 98 22:07 ?        00:01:12 /usr/sbin/nsd -d -P
nsd      2853485 2850694  3 22:08 ?        00:00:00 [nsd: server 2] <defunct>
nsd      2853486 2850694  3 22:08 ?        00:00:00 [nsd: server 3] <defunct>
nsd      2853487 2850694  3 22:08 ?        00:00:00 [nsd: server 4] <defunct>
nsd      2853488 2850694  3 22:08 ?        00:00:00 [nsd: server 5] <defunct>
nsd      2853490 2850694  3 22:08 ?        00:00:00 [nsd: server 7] <defunct>
nsd      2853491 2850694  3 22:08 ?        00:00:00 [nsd: server 8] <defunct>
nsd      2853492 2850694  3 22:08 ?        00:00:00 [nsd: server 9] <defunct>
nsd      2853498 2850694  3 22:08 ?        00:00:00 [nsd: server 15] <defunct>
nsd      2853507 2850694  4 22:08 ?        00:00:00 [nsd: server 24] <defunct>
nsd      2853508 2850694  4 22:08 ?        00:00:00 [nsd: server 25] <defunct>
nsd      2853510 2850694  4 22:08 ?        00:00:00 [nsd: server 27] <defunct>
nsd      2853511 2850694  4 22:08 ?        00:00:00 [nsd: server 28] <defunct>
nsd      2853512 2850694  4 22:08 ?        00:00:00 [nsd: server 29] <defunct>
nsd      2853513 2850694  4 22:08 ?        00:00:00 [nsd: server 30] <defunct>
nsd      2853516 2850694  4 22:08 ?        00:00:00 [nsd: old-main] <defunct>
nsd      2853519 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853520 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853521 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853522 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853523 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853524 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853525 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853526 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853527 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853528 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853529 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853530 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853531 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853532 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853533 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853534 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853535 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853536 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853537 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853538 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853539 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853540 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853541 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853542 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853543 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853544 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853545 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853546 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853547 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853548 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853549 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853550 2850694  0 22:08 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853551 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853552 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853553 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853554 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853555 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853556 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853557 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853558 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853559 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853560 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853561 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853562 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853563 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853564 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853565 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853566 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853567 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853568 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853569 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853570 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
nsd      2853571 2850694  0 22:09 ?        00:00:00 /usr/sbin/nsd -d -P
root     2853573 2837108  0 22:09 pts/0    00:00:00 grep --color=auto nsd

@pettai
Copy link

pettai commented Nov 28, 2023
edited

Next issue I see then I restart nsd with systemctl restart nsd. There are some defunct nsd processes around, but nothing insightful in the logs. (nsd with the catzones seems to work fine...)

This seems to be related to configuration processing (like the previous catz work)

pattern:
	name: "test.catalog"
	zonefile: "/var/lib/nsd/catzones/%s"

zone:
	name: "test.catalog."   <--- by adding a tailing dot (.) the <defunct> processes goes away
	catalog: consumer
	catalog-member-pattern: "test.catalog"

@wtoorop
struct dname for member_id
f1d3f32 
instead of struct domain
@wtoorop
Some code consistency
7837162
@wtoorop
Merge branch 'master' into features/xfrd-catz
98388f7
@wtoorop
One forgotten code consistency
33df439
@wtoorop
Basic catalog zone producer
5d4e301 
TODO:
- Check all cases where zones are added, deleted or changed for status
  change of: producer zones and producer member zones.
- A zone could be a consumer member zone, *and* a producer zone or a
  producer member.
@wtoorop
Merge branch 'master' into features/xfrd-catz-producer
55e42f4
@wtoorop
Merge branch 'features/xfrd-catz-producer' into features/xfrd-catz
1b2f8f1
@wtoorop
Show serial and # members for catalog zones in nsd-control zonestatus,
89adb8c 
and process more than one transfer file.
TODO change processing after successful SOAINFO
	... before xfrd_unlink_xfrfile().
@wtoorop
Apply xfr to catalog consumer when confirmed with SOAINFO, and...
cb5b5ae 
... check zonefile when asked to check.
@wtoorop
Only exit apply_ixfr_for_zone() when called from server process
68aded3 
The function can still exit via apply_ixfr() -> addRR() or deleteRR()
when out of memory, but in that case all bets are off anyway, right?
@wtoorop
Mitigate older clang analyzer false positive
38c8bae
@wtoorop
Mitigate older clang false positive with assert
bde6676
@wtoorop
Move catalog zone processing to xfrd-catalog-zones.[ch]
bf63941
@wtoorop
updated dependencies for catalog zone processing
14e8968
wcawijngaards
wcawijngaards approved these changes Jan 26, 2024
View reviewed changes
Copy link
Member

@wcawijngaards wcawijngaards left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change looks okay to me, there are some issues in the list of suggestions. The consumer and producer parts look nice to have for catalog zones.

nsd-checkconf.c Outdated Show resolved Hide resolved
nsd.conf.5.in Outdated Show resolved Hide resolved
nsd.conf.5.in Outdated Show resolved Hide resolved
nsd.conf.5.in Outdated Show resolved Hide resolved
options.c Outdated Show resolved Hide resolved
xfrd-catalog-zones.c Outdated Show resolved Hide resolved
xfrd-catalog-zones.c Outdated Show resolved Hide resolved
xfrd-catalog-zones.c Outdated Show resolved Hide resolved
xfrd-catalog-zones.c Outdated Show resolved Hide resolved
xfrd-catalog-zones.c Outdated Show resolved Hide resolved
wtoorop
wtoorop commented Jan 29, 2024
View reviewed changes
nsd.conf.5.in Outdated Show resolved Hide resolved
wtoorop and others added 3 commits January 29, 2024 08:50
@wtoorop @wcawijngaards
Apply suggestions from code review
c02b544 
Thanks Wouter! I'll resolve the remaining reduce/reduce conflicts from command line.

Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
@wtoorop
Resolve reduce/reduce conflict in configparser
7f6377f
@wtoorop
Recommend to use query-acl with catalog zones
4c8c435
@k0ekk0ek k0ekk0ek mentioned this pull request Jan 29, 2024
Closed
k0ekk0ek
k0ekk0ek requested changes Jan 29, 2024
View reviewed changes
Copy link
Contributor

@k0ekk0ek k0ekk0ek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still looking into this, but thought I'd post one initial remark.

dname.c Outdated Show resolved Hide resolved
k0ekk0ek
k0ekk0ek reviewed Jan 29, 2024
View reviewed changes
util.c Outdated Show resolved Hide resolved
k0ekk0ek
k0ekk0ek reviewed Jan 29, 2024
View reviewed changes
difffile.h Outdated Show resolved Hide resolved
k0ekk0ek
k0ekk0ek reviewed Jan 29, 2024
View reviewed changes
options.h
Comment on lines +315 to +318
uint8_t catalog_role;
uint8_t catalog_role_is_default;
const char* catalog_member_pattern;
const char* catalog_producer_zone;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Back when the first PR got made, we kind-of decided catalog properties must be set on a zone. A reason for that being so that you cannot all of a sudden break things simply by re-applying patterns. Why should this be part of a pattern?

Copy link
Member Author

@wtoorop wtoorop Jan 30, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I evaluated this extensively. Have a look at the catzones.tdir and the text in the man page to see how this all works. The re-applying patterns issues are also covered in catzones.tdir.
Short summary: A catalog producer (catalog_role == CATALOG_ROLE_PRODUCER) is only functional when in a zone clause which is checked by evaluating the value for "catalog_producer_zone" (which only makes sense in a pattern and not in a zone; i.e. catalog member zones are always instantiated through patterns).
Currently only a single catalog consumer is allowed, but this may change in the future. In that future extension there is no reason why you would not have a catalog member zone which is a catalog consumer itself. But that's the future; we do it step by step. Currently it at least allows the user to configure a consumer zone in all the for nsd conventional manner.

k0ekk0ek
k0ekk0ek reviewed Jan 29, 2024
View reviewed changes
xfrd-catalog-zones.c Outdated Show resolved Hide resolved
k0ekk0ek
k0ekk0ek reviewed Jan 29, 2024
View reviewed changes
xfrd-catalog-zones.c Outdated Show resolved Hide resolved
wtoorop
wtoorop commented Jan 30, 2024
View reviewed changes
xfrd-catalog-zones.c Outdated Show resolved Hide resolved
wtoorop
wtoorop commented Jan 30, 2024
View reviewed changes
dname.c Outdated Show resolved Hide resolved
wtoorop
wtoorop commented Jan 30, 2024
View reviewed changes
util.c Outdated Show resolved Hide resolved
wtoorop
wtoorop commented Jan 30, 2024
View reviewed changes
util.c Outdated Show resolved Hide resolved
wtoorop
wtoorop commented Jan 30, 2024
View reviewed changes
dname.h Outdated Show resolved Hide resolved
wtoorop and others added 6 commits January 30, 2024 11:02
@wtoorop @wcawijngaards
Apply suggestions from code review
5a4b474 
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
@wtoorop @wcawijngaards
Update options.c
74c33e3 
Recover line to report an error

Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
@wtoorop
Fix missing MAXDOMAINLEN symbol ...
8c09718 
... now used in a function prototype in dname.h
+ Some clarifying comments in the label_plus_dname() function
@wtoorop
Merge branch 'features/xfrd-catz' of github.com:NLnetLabs/nsd into fe…
6593f90 
…atures/xfrd-catz
@wtoorop
xfrd_process_catalog_consumer_zone() argument may not be NULL
ac96774
@wtoorop
Remove passing on process role to apply_ixfr_for_zone function
8b93cc9
@wtoorop wtoorop requested a review from k0ekk0ek January 30, 2024 14:58
@k0ekk0ek k0ekk0ek removed their request for review February 2, 2024 15:54
@wtoorop wtoorop merged commit e3d63f9 into master Feb 16, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@k0ekk0ek k0ekk0ek k0ekk0ek requested changes

@wcawijngaards wcawijngaards wcawijngaards approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@wtoorop @pettai @k0ekk0ek @wcawijngaards