From f952a5de24ba7c40310bbf63fa83d772a9cbaec9 Mon Sep 17 00:00:00 2001

From: Samuel Cabrero <scabrero@suse.de>

Date: Mon, 2 Sep 2019 15:31:09 +0200

Subject: [PATCH 20/21] MONITOR: Add a new option to control resolv.conf

 monitoring

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

For those use-cases where resolv.conf will never exist the new

'monitor_resolv_conf' option can be set to false to skip the retry loop

which tries to set the inotify watcher.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>

(cherry picked from commit 9b6323d8e99c3edb16b64ef60a769efbc3a292aa)

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

---

 src/confdb/confdb.h          |  1 +

 src/config/SSSDConfigTest.py |  1 +

 src/config/cfg_rules.ini     |  1 +

 src/config/etc/sssd.api.conf |  1 +

 src/man/sssd.conf.5.xml      | 23 ++++++++++++-----

 src/monitor/monitor.c        | 49 ++++++++++++++++++++++++++++--------

 6 files changed, 59 insertions(+), 17 deletions(-)

diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h

index 0251ab606..d3e71be86 100644

--- a/src/confdb/confdb.h

+++ b/src/confdb/confdb.h

@@ -66,6 +66,7 @@

 #define CONFDB_MONITOR_SBUS_TIMEOUT "sbus_timeout"

 #define CONFDB_MONITOR_ACTIVE_SERVICES "services"

 #define CONFDB_MONITOR_ACTIVE_DOMAINS "domains"

+#define CONFDB_MONITOR_RESOLV_CONF "monitor_resolv_conf"

 #define CONFDB_MONITOR_TRY_INOTIFY "try_inotify"

 #define CONFDB_MONITOR_KRB5_RCACHEDIR "krb5_rcache_dir"

 #define CONFDB_MONITOR_DEFAULT_DOMAIN "default_domain_suffix"

diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py

index 863304424..979b1806f 100755

--- a/src/config/SSSDConfigTest.py

+++ b/src/config/SSSDConfigTest.py

@@ -391,6 +391,7 @@ class SSSDConfigTestSSSDService(unittest.TestCase):

             'enable_files_domain',

             'domain_resolution_order',

             'try_inotify',

+            'monitor_resolv_conf',

         ]

         self.assertTrue(type(options) == dict,

diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini

index 228c8841e..997ba5aec 100644

--- a/src/config/cfg_rules.ini

+++ b/src/config/cfg_rules.ini

@@ -51,6 +51,7 @@ option = disable_netlink

 option = enable_files_domain

 option = domain_resolution_order

 option = try_inotify

+option = monitor_resolv_conf

 [rule/allowed_nss_options]

 validator = ini_allowed_options

diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf

index a10e74889..355c1fc9b 100644

--- a/src/config/etc/sssd.api.conf

+++ b/src/config/etc/sssd.api.conf

@@ -34,6 +34,7 @@ disable_netlink = bool, None, false

 enable_files_domain = str, None, false

 domain_resolution_order = list, str, false

 try_inotify = bool, None, false

+monitor_resolv_conf = bool, None, false

 [nss]

 # Name service

diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml

index 277a3c0cb..0e1a97a31 100644

--- a/src/man/sssd.conf.5.xml

+++ b/src/man/sssd.conf.5.xml

@@ -318,16 +318,27 @@

                             </para>

                         </listitem>

                     </varlistentry>

+                    <varlistentry>

+                        <term>monitor_resolv_conf (boolean)</term>

+                        <listitem>

+                            <para>

+                                Controls if SSSD should monitor the state of

+                                resolv.conf to identify when it needs to

+                                update its internal DNS resolver.

+                            </para>

+                            <para>

+                                Default: true

+                            </para>

+                        </listitem>

+                    </varlistentry>

                     <varlistentry>

                         <term>try_inotify (boolean)</term>

                         <listitem>

                             <para>

-                                SSSD monitors the state of resolv.conf to

-                                identify when it needs to update its internal

-                                DNS resolver. By default, we will attempt to

-                                use inotify for this, and will fall back to

-                                polling resolv.conf every five seconds if

-                                inotify cannot be used.

+                                By default, SSSD will attempt to use inotify

+                                to monitor configuration files changes and

+                                will fall back to polling every five seconds

+                                if inotify cannot be used.

                             </para>

                             <para>

                                 There are some limited situations where it is

diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c

index 04e0017a2..5dfc4423c 100644

--- a/src/monitor/monitor.c

+++ b/src/monitor/monitor.c

@@ -1971,13 +1971,46 @@ static void missing_resolv_conf(struct tevent_context *ev,

     }

 }

+static int monitor_config_files(struct mt_ctx *ctx)

+{

+    int ret;

+    bool monitor_resolv_conf;

+    struct timeval tv;

+    struct tevent_timer *te;

+

+    /* Watch for changes to the DNS resolv.conf */

+    ret = confdb_get_bool(ctx->cdb,

+                          CONFDB_MONITOR_CONF_ENTRY,

+                          CONFDB_MONITOR_RESOLV_CONF,

+                          true, &monitor_resolv_conf);

+    if (ret != EOK) {

+        return ret;

+    }

+

+    if (monitor_resolv_conf) {

+        ret = monitor_config_file(ctx, ctx, monitor_update_resolv,

+                                  RESOLV_CONF_PATH);

+        if (ret == ENOENT) {

+            tv = tevent_timeval_current_ofs(MISSING_RESOLV_CONF_POLL_TIME, 0);

+            te = tevent_add_timer(ctx->ev, ctx, tv, missing_resolv_conf, ctx);

+            if (te == NULL) {

+                DEBUG(SSSDBG_FATAL_FAILURE, "resolv.conf will be ignored\n");

+            }

+        } else if (ret != EOK) {

+            return ret;

+        }

+    } else {

+        DEBUG(SSS_LOG_NOTICE, "%s monitoring is disabled\n", RESOLV_CONF_PATH);

+    }

+

+    return EOK;

+}

+

 static int monitor_process_init(struct mt_ctx *ctx,

                                 const char *config_file)

 {

     TALLOC_CTX *tmp_ctx;

     struct tevent_signal *tes;

-    struct timeval tv;

-    struct tevent_timer *te;

     struct sss_domain_info *dom;

     char *rcachedir;

     int num_providers;

@@ -2052,15 +2085,9 @@ static int monitor_process_init(struct mt_ctx *ctx,

     ret = sss_sigchld_init(ctx, ctx->ev, &ctx->sigchld_ctx);

     if (ret != EOK) return ret;

-    /* Watch for changes to the DNS resolv.conf */

-    ret = monitor_config_file(ctx, ctx, monitor_update_resolv, RESOLV_CONF_PATH);

-    if (ret == ENOENT) {

-        tv = tevent_timeval_current_ofs(MISSING_RESOLV_CONF_POLL_TIME, 0);

-        te = tevent_add_timer(ctx->ev, ctx, tv, missing_resolv_conf, ctx);

-        if (te == NULL) {

-            DEBUG(SSSDBG_FATAL_FAILURE, "resolv.conf will be ignored\n");

-        }

-    } else if (ret != EOK) {

+    /* Set up watchers for system config files */

+    ret = monitor_config_files(ctx);

+    if (ret != EOK) {

         return ret;

     }

-- 

2.21.1