unbound: fix hotplug iface and ntp restarts

Unbound is configured to restart on hotplug/iface but this can result
in numerous restarts at boot. Unbound also has a restart for NTP.
This was observed to generate trouble and even with procd robustness
too many crashes might occur (rare). Unbound would not be running.

Give more care to /var/lib/unbound/root.key during restarts. Use procd
for iface restarts. Check pidof() to wait one more second for Unbound.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>

3 files changed, 15 insertions, 27 deletions

diff --git a/net/unbound/files/unbound.iface b/net/unbound/files/unbound.iface
deleted file mode 100755
index 172bcae51..000000000
--- a/net/unbound/files/unbound.iface
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/sh
-##############################################################################
-#
-# Copyright (C) 2016 Eric Luehrsen
-#
-##############################################################################
-#
-# "Restart" Unbound on hotplug interface up:
-# - Clean rebind of unbound to new interfaces
-# - Some of Unbound conf options to not reload run time
-# - Unbound can grow a bit so this will shrink it back
-#
-##############################################################################
-
-if [ "$ACTION" = ifup ] && /etc/init.d/unbound enabled ; then
-  /etc/init.d/unbound restart
-fi
-
-##############################################################################
-
diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init
index d3aa8389b..e4b7ec85f 100755
--- a/net/unbound/files/unbound.init
+++ b/net/unbound/files/unbound.init
@@ -20,6 +20,9 @@ PROG=/usr/sbin/unbound
 ##############################################################################
 
 start_service() {
+  # WAIT! Unbound often takes its time writing closure stats to syslog
+  pidof $PROG && sleep 1
+
   # complex UCI work
   unbound_start
 
@@ -39,7 +42,8 @@ stop_service() {
 ##############################################################################
 
 service_triggers() {
-  procd_add_reload_trigger "dhcp" "network" "unbound"
+  procd_add_reload_trigger "unbound"
+  procd_add_raw_trigger "interface.*" 2000 /etc/init.d/unbound restart
 }
 
 ##############################################################################
diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh
index 68d01a47b..5f733fbcb 100644
--- a/net/unbound/files/unbound.sh
+++ b/net/unbound/files/unbound.sh
@@ -236,6 +236,7 @@ unbound_mkdir() {
   local resolvsym=0
   local dhcp_origin=$( uci get dhcp.@odhcpd[0].leasefile )
   local dhcp_dir=$( dirname "$dhcp_origin" )
+  local filestuff
 
 
   if [ ! -x /usr/sbin/dnsmasq -o ! -x /etc/init.d/dnsmasq ] ; then
@@ -265,8 +266,15 @@ unbound_mkdir() {
 
 
   if [ -f $UNBOUND_KEYFILE ] ; then
-    # Lets not lose RFC 5011 tracking if we don't have to
-    cp -p $UNBOUND_KEYFILE $UNBOUND_KEYFILE.keep
+    filestuff=$( cat $UNBOUND_KEYFILE )
+
+
+    case "$filestuff" in
+      *"state=2 [  VALID  ]"*)
+        # Lets not lose RFC 5011 tracking if we don't have to
+        cp -p $UNBOUND_KEYFILE $UNBOUND_KEYFILE.keep
+        ;;
+    esac
   fi
 
 
@@ -891,10 +899,6 @@ unbound_stop() {
     rm -f /tmp/resolv.conf
     ln -s /tmp/resolv.conf.auto /tmp/resolv.conf
   fi
-
-
-  # Unbound has a log dump which takes time; don't overlap a "restart"
-  sleep 1
 }
 
 ##############################################################################