https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1664.patch From a009365df3f0429edfd181d0109372aca1892298 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ale=C5=A1=20Mr=C3=A1zek?= Date: Fri, 28 Feb 2025 10:07:08 +0100 Subject: [PATCH 1/5] Revert "python: constants: added API_SOCKET_NAME" This reverts commit cee2250c5a52a4d67ea2a37cc97761ba530f856b. --- python/knot_resolver/constants.py | 9 +++------ python/knot_resolver/constants.py.in | 9 +++------ 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/python/knot_resolver/constants.py b/python/knot_resolver/constants.py index 525e8629c..d65c24acb 100644 --- a/python/knot_resolver/constants.py +++ b/python/knot_resolver/constants.py @@ -5,18 +5,15 @@ VERSION = "6.0.11" USER = "knot-resolver" GROUP = "knot-resolver" -# default files names -API_SOCK_NAME = "kres-api.sock" - -# default dirs paths +# dirs paths RUN_DIR = Path("/run/knot-resolver") ETC_DIR = Path("/etc/knot-resolver") SBIN_DIR = Path("/usr/sbin") CACHE_DIR = Path("/var/cache/knot-resolver") -# default files paths +# files paths CONFIG_FILE = ETC_DIR / "config.yaml" -API_SOCK_FILE = RUN_DIR / API_SOCK_NAME +API_SOCK_FILE = RUN_DIR / "kres-api.sock" # executables paths KRESD_EXECUTABLE = SBIN_DIR / "kresd" diff --git a/python/knot_resolver/constants.py.in b/python/knot_resolver/constants.py.in index 8c2974a58..35c25ac64 100644 --- a/python/knot_resolver/constants.py.in +++ b/python/knot_resolver/constants.py.in @@ -5,18 +5,15 @@ VERSION = "@version@" USER = "@user@" GROUP = "@group@" -# default files names -API_SOCK_NAME = "kres-api.sock" - -# default dirs paths +# dirs paths RUN_DIR = Path("@run_dir@") ETC_DIR = Path("@etc_dir@") SBIN_DIR = Path("@sbin_dir@") CACHE_DIR = Path("@cache_dir@") -# default files paths +# files paths CONFIG_FILE = ETC_DIR / "config.yaml" -API_SOCK_FILE = RUN_DIR / API_SOCK_NAME +API_SOCK_FILE = RUN_DIR / "kres-api.sock" # executables paths KRESD_EXECUTABLE = SBIN_DIR / "kresd" -- GitLab From 2b312097f4ed0c0240b70fb365ac5d1f515812bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ale=C5=A1=20Mr=C3=A1zek?= Date: Fri, 28 Feb 2025 10:07:35 +0100 Subject: [PATCH 2/5] Revert "datamodel: management socket default based on rundir" This reverts commit 10fb87547af05cd78e76dfb94951c34f4554d090. --- doc/_static/config.schema.json | 4 +-- python/knot_resolver/client/command.py | 35 +++++-------------- .../knot_resolver/datamodel/config_schema.py | 17 +++------ tests/manager/datamodel/test_config_schema.py | 23 ------------ 4 files changed, 15 insertions(+), 64 deletions(-) diff --git a/doc/_static/config.schema.json b/doc/_static/config.schema.json index a429b15dd..0bedbbc4e 100644 --- a/doc/_static/config.schema.json +++ b/doc/_static/config.schema.json @@ -54,7 +54,7 @@ "default": 256 }, "management": { - "description": "Configuration of management HTTP API. By default, unix-socket is located in 'rundir'.", + "description": "Configuration of management HTTP API.", "type": "object", "properties": { "unix-socket": { @@ -75,7 +75,7 @@ } }, "default": { - "unix_socket": "kres-api.sock", + "unix_socket": "/run/knot-resolver/kres-api.sock", "interface": null } }, diff --git a/python/knot_resolver/client/command.py b/python/knot_resolver/client/command.py index 464eb16e6..3966f8ca9 100644 --- a/python/knot_resolver/client/command.py +++ b/python/knot_resolver/client/command.py @@ -4,7 +4,7 @@ from pathlib import Path from typing import Dict, List, Optional, Set, Tuple, Type, TypeVar from urllib.parse import quote -from knot_resolver.constants import API_SOCK_FILE, API_SOCK_NAME, CONFIG_FILE, RUN_DIR +from knot_resolver.constants import API_SOCK_FILE, CONFIG_FILE from knot_resolver.datamodel.types import IPAddressPort from knot_resolver.utils.modeling import parsing from knot_resolver.utils.modeling.exceptions import DataValidationError @@ -154,38 +154,21 @@ def get_socket_from_config(config: Path, optional_file: bool) -> Optional[Socket try: with open(config, "r", encoding="utf8") as f: data = parsing.try_to_parse(f.read()) - - rkey = "rundir" - rundir = Path(data[rkey]) if rkey in data else RUN_DIR - mkey = "management" if mkey in data: management = data[mkey] - - ikey = "interface" - if ikey in data[mkey]: - ip = IPAddressPort(data[mkey][ikey], object_path=f"/{mkey}/{ikey}") + if "unix-socket" in management: return SocketDesc( - f"http://{ip.addr}:{ip.port}", - f'Key "/management/interface" in "{config}" file', + f'http+unix://{quote(management["unix-socket"], safe="")}/', + f'Key "/management/unix-socket" in "{config}" file', ) - - skey = "unix-socket" - if skey in management: - socket = Path(management[skey]) - if not socket.is_absolute(): - socket = rundir / socket + if "interface" in management: + ip = IPAddressPort(management["interface"], object_path=f"/{mkey}/interface") return SocketDesc( - f'http+unix://{quote(str(socket), safe="")}/', - f'Key "/management/unix-socket" in "{config}" file', + f"http://{ip.addr}:{ip.port}", + f'Key "/management/interface" in "{config}" file', ) - - socket = rundir / API_SOCK_NAME - return SocketDesc( - f'http+unix://{quote(str(socket), safe="")}/', - f'Key "/rundir" in "{config}" file', - ) - + return None except ValueError as e: raise DataValidationError(*e.args) from e # pylint: disable=no-value-for-parameter except OSError as e: diff --git a/python/knot_resolver/datamodel/config_schema.py b/python/knot_resolver/datamodel/config_schema.py index f8733cb11..410e94d7c 100644 --- a/python/knot_resolver/datamodel/config_schema.py +++ b/python/knot_resolver/datamodel/config_schema.py @@ -1,10 +1,9 @@ import logging import os import socket -from pathlib import Path from typing import Any, Dict, List, Literal, Optional, Tuple, Union -from knot_resolver.constants import API_SOCK_NAME, RUN_DIR, VERSION +from knot_resolver.constants import API_SOCK_FILE, RUN_DIR, VERSION from knot_resolver.datamodel.cache_schema import CacheSchema from knot_resolver.datamodel.defer_schema import DeferSchema from knot_resolver.datamodel.dns64_schema import Dns64Schema @@ -96,7 +95,7 @@ class KresConfig(ConfigSchema): rundir: Directory where the resolver can create files and which will be it's cwd. workers: The number of running kresd (Knot Resolver daemon) workers. If set to 'auto', it is equal to number of CPUs available. max_workers: The maximum number of workers allowed. Cannot be changed in runtime. - management: Configuration of management HTTP API. By default, unix-socket is located in 'rundir'. + management: Configuration of management HTTP API. webmgmt: Configuration of legacy web management endpoint. options: Fine-tuning global parameters of DNS resolver operation. network: Network connections and protocols configuration. @@ -119,7 +118,7 @@ class KresConfig(ConfigSchema): rundir: WritableDir = lazy_default(WritableDir, str(RUN_DIR)) workers: Union[Literal["auto"], IntPositive] = IntPositive(1) max_workers: IntPositive = IntPositive(WORKERS_MAX) - management: ManagementSchema = lazy_default(ManagementSchema, {"unix-socket": str(API_SOCK_NAME)}) + management: ManagementSchema = lazy_default(ManagementSchema, {"unix-socket": str(API_SOCK_FILE)}) webmgmt: Optional[WebmgmtSchema] = None options: OptionsSchema = OptionsSchema() network: NetworkSchema = NetworkSchema() @@ -174,14 +173,6 @@ class KresConfig(ConfigSchema): ) return obj.workers - def _management(self, obj: Raw) -> Any: - if obj.management.unix_socket: - soc = Path(obj.management.unix_socket.serialize()) - if soc.is_absolute(): - return obj.management - return ManagementSchema({"unix-socket": str(obj.rundir.to_path() / soc)}) - return obj.management - def _dnssec(self, obj: Raw) -> Any: if obj.dnssec is True: return DnssecSchema() @@ -268,7 +259,7 @@ def kres_config_json_schema() -> Dict[str, Any]: """ context = get_global_validation_context() - set_global_validation_context(Context(RUN_DIR, False)) + set_global_validation_context(Context(None, False)) schema = KresConfig.json_schema( schema_id=f"https://www.knot-resolver.cz/documentation/v{VERSION}/_static/config.schema.json", diff --git a/tests/manager/datamodel/test_config_schema.py b/tests/manager/datamodel/test_config_schema.py index 437cade8d..9ec2b31b2 100644 --- a/tests/manager/datamodel/test_config_schema.py +++ b/tests/manager/datamodel/test_config_schema.py @@ -1,9 +1,7 @@ import inspect import json -import os from typing import Any, Dict, Type, cast -from knot_resolver.constants import API_SOCK_FILE, API_SOCK_NAME, RUN_DIR from knot_resolver.datamodel import KresConfig from knot_resolver.datamodel.lua_schema import LuaSchema from knot_resolver.utils.modeling import BaseSchema @@ -51,31 +49,10 @@ def test_config_check_str_type(): def test_config_defaults(): config = KresConfig() - # Management API default - assert config.management.unix_socket.to_path() == API_SOCK_FILE - # DNS64 default assert config.dns64 == False -def test_management_unix_socket(): - cwd = os.getcwd() - config = KresConfig({"rundir": cwd}) - assert str(config.management.unix_socket) == f"{cwd}/{API_SOCK_NAME}" - - my_soc = "my-new.soc" - config = KresConfig({"management": {"unix-socket": my_soc}}) - assert str(config.management.unix_socket) == f"{RUN_DIR}/{my_soc}" - - -def test_management_interface(): - cwd = os.getcwd() - config = KresConfig({"rundir": cwd, "management": {"interface": "127.0.0.1@5000"}}) - - assert config.management.unix_socket == None - assert str(config.management.interface) == "127.0.0.1@5000" - - def test_dnssec_false(): config = KresConfig({"dnssec": False}) -- GitLab From c1f8f7bc043ca31b9aac96c13411769fad17f6b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ale=C5=A1=20Mr=C3=A1zek?= Date: Fri, 28 Feb 2025 10:14:22 +0100 Subject: [PATCH 3/5] datamodel: management: warning that the unix-socket is not located in rundir --- python/knot_resolver/datamodel/config_schema.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/python/knot_resolver/datamodel/config_schema.py b/python/knot_resolver/datamodel/config_schema.py index 410e94d7c..713c4a3e2 100644 --- a/python/knot_resolver/datamodel/config_schema.py +++ b/python/knot_resolver/datamodel/config_schema.py @@ -184,6 +184,14 @@ class KresConfig(ConfigSchema): return obj.dns64 def _validate(self) -> None: + # warn about '/management/unix-socket' not located in '/rundir' + if self.management.unix_socket and self.management.unix_socket.to_path().parent != self.rundir.to_path(): + logger.warning( + f"The management API unix-socket '{self.management.unix_socket}'" + f" is not located in the resolver's rundir '{self.rundir}'." + " This can lead to permissions issues." + ) + # enforce max-workers config workers_max = _workers_max_count() if int(self.workers) > workers_max: -- GitLab From 2c467aceded3cfa6eb077439d63b8637d17155c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ale=C5=A1=20Mr=C3=A1zek?= Date: Fri, 28 Feb 2025 10:17:17 +0100 Subject: [PATCH 4/5] client: command: get_socket_from_config improved --- python/knot_resolver/client/command.py | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/python/knot_resolver/client/command.py b/python/knot_resolver/client/command.py index 3966f8ca9..7a679885a 100644 --- a/python/knot_resolver/client/command.py +++ b/python/knot_resolver/client/command.py @@ -5,7 +5,7 @@ from typing import Dict, List, Optional, Set, Tuple, Type, TypeVar from urllib.parse import quote from knot_resolver.constants import API_SOCK_FILE, CONFIG_FILE -from knot_resolver.datamodel.types import IPAddressPort +from knot_resolver.datamodel.types import IPAddressPort, WritableFilePath from knot_resolver.utils.modeling import parsing from knot_resolver.utils.modeling.exceptions import DataValidationError from knot_resolver.utils.requests import SocketDesc @@ -154,16 +154,21 @@ def get_socket_from_config(config: Path, optional_file: bool) -> Optional[Socket try: with open(config, "r", encoding="utf8") as f: data = parsing.try_to_parse(f.read()) + mkey = "management" if mkey in data: management = data[mkey] - if "unix-socket" in management: + + skey = "unix-socket" + if skey in management: + sock = WritableFilePath(management[skey], object_path=f"/{mkey}/{skey}") return SocketDesc( - f'http+unix://{quote(management["unix-socket"], safe="")}/', + f'http+unix://{quote(str(sock), safe="")}/', f'Key "/management/unix-socket" in "{config}" file', ) - if "interface" in management: - ip = IPAddressPort(management["interface"], object_path=f"/{mkey}/interface") + ikey = "interface" + if ikey in data[mkey]: + ip = IPAddressPort(management[ikey], object_path=f"/{mkey}/{ikey}") return SocketDesc( f"http://{ip.addr}:{ip.port}", f'Key "/management/interface" in "{config}" file', -- GitLab From f9a75b65cc3664294188de8a5cb93909ea58cadd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ale=C5=A1=20Mr=C3=A1zek?= Date: Fri, 28 Feb 2025 10:18:04 +0100 Subject: [PATCH 5/5] NEWS: update about revert --- NEWS | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/NEWS b/NEWS index 70f5db2f0..614177308 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,11 @@ +Knot Resolver 6.0.12 (2025-0m-dd) +================================= + +Bugfixes +-------- +- /management/unix-socket: revert to absolute path (#926, !1664) + + Knot Resolver 6.0.11 (2025-02-26) ================================= -- GitLab