From b9a23521082973da599005d14643c07562329a3b Mon Sep 17 00:00:00 2001
Message-Id: <b9a23521082973da599005d14643c07562329a3b.1592234653.git.hahn@univention.de>
From: Philipp Hahn <hahn@univention.de>
Date: Mon, 15 Jun 2020 17:20:15 +0200
Subject: [PATCH] Bug #51421 bind9: Fix bind9 dependencies
Organization: Univention GmbH, Bremen, Germany

Do not start univention-bind-ldap.service when dns/backend=samba is
configured - due to the Conflics bind9.service would be stopped.
Introduce a flag file /var/lib/univention-bind/ldap to signal the
systemd.service if starting the unit is allowed.

As bind9-proxy proxies the data from bind9-ldap, the later should be
started before the former.

Drop unused ${python:Depends} from debian/control

Remove clean cruft from debian/rules.

Use dh_systemd for installing the univention-bind-ldap.service file.
Move it below debian/ and enable it in debian/rules.
---
 .../system/bind9.service.d/10-configure-backend.conf |  4 +---
 .../conffiles/systemctl_daemon-reload.py             |  8 ++++++++
 services/univention-bind/debian/control              |  1 -
 services/univention-bind/debian/rules                | 12 ++++--------
 .../system => debian}/univention-bind-ldap.service   |  5 ++++-
 services/univention-bind/debian/univention-bind.dirs |  1 +
 6 files changed, 18 insertions(+), 13 deletions(-)
 rename services/univention-bind/{lib/systemd/system => debian}/univention-bind-ldap.service (74%)

diff --git a/services/univention-bind/conffiles/etc/systemd/system/bind9.service.d/10-configure-backend.conf b/services/univention-bind/conffiles/etc/systemd/system/bind9.service.d/10-configure-backend.conf
index 9884d79391..8e8c807b16 100644
--- a/services/univention-bind/conffiles/etc/systemd/system/bind9.service.d/10-configure-backend.conf
+++ b/services/univention-bind/conffiles/etc/systemd/system/bind9.service.d/10-configure-backend.conf
@@ -11,7 +11,6 @@ Wants=samba-ad-dc.service
 Conflicts=univention-bind-ldap.service
 
 [Service]
-# Stop univention-bind-ldap.service if needed
 Type=simple
 ExecStart=
 ExecStart=/usr/lib/univention-bind/samba4 start
@@ -25,8 +24,7 @@ elif dns_backend == 'ldap':
 	print('''
 [Unit]
 Description=BIND Domain Name Server proxy for LDAP backend
-After=network.target
-Before=univention-bind-ldap.service
+After=network.target univention-bind-ldap.service
 Wants=univention-bind-ldap.service
 PropagatesReloadTo=univention-bind-ldap.service
 
diff --git a/services/univention-bind/conffiles/systemctl_daemon-reload.py b/services/univention-bind/conffiles/systemctl_daemon-reload.py
index 15af19c284..b3b20a97b9 100644
--- a/services/univention-bind/conffiles/systemctl_daemon-reload.py
+++ b/services/univention-bind/conffiles/systemctl_daemon-reload.py
@@ -27,8 +27,16 @@
 # /usr/share/common-licenses/AGPL-3; if not, see
 # <https://www.gnu.org/licenses/>.
 
+from os import unlink
 from subprocess import call
 
+COND = '/var/lib/univention-bind/ldap'
+
 
 def postinst(ucr, changes):
+	dns_backend = ucr.get('dns/backend', 'ldap').lower()
+	with open(COND, 'w') as fd:
+		if dns_backend == 'ldap':
+			fd.write('1')
+
 	call(['systemctl', 'daemon-reload'])
diff --git a/services/univention-bind/debian/control b/services/univention-bind/debian/control
index 282ace06d9..12c91ac3dc 100644
--- a/services/univention-bind/debian/control
+++ b/services/univention-bind/debian/control
@@ -19,7 +19,6 @@ Depends:
  univention-join (>= 9.0.3-11),
  univention-role-server-common (>= 12.0.0-8) | univention-container-role-server-common,
  ${misc:Depends},
- ${python:Depends},
 Description: UCS - DNS server
  This package installs a DNS server that receives its zone
  information from LDAP or from Samba 4.
diff --git a/services/univention-bind/debian/rules b/services/univention-bind/debian/rules
index 54ff98e308..1fae866f7b 100755
--- a/services/univention-bind/debian/rules
+++ b/services/univention-bind/debian/rules
@@ -30,16 +30,12 @@
 # /usr/share/common-licenses/AGPL-3; if not, see
 # <https://www.gnu.org/licenses/>.
 
-#clean:
-#	rm -f *~ univention-name-to-unicode
-
-override_dh_auto_clean:
-	dh_auto_clean
-	rm -f debian/univention-bind.conffiles
-
 override_dh_auto_install:
 	dh_auto_install
 	univention-install-config-registry
 
+override_dh_systemd_enable:
+	dh_systemd_enable --name=univention-bind-ldap
+
 %:
-	dh $@
+	dh $@ --with systemd
diff --git a/services/univention-bind/lib/systemd/system/univention-bind-ldap.service b/services/univention-bind/debian/univention-bind-ldap.service
similarity index 74%
rename from services/univention-bind/lib/systemd/system/univention-bind-ldap.service
rename to services/univention-bind/debian/univention-bind-ldap.service
index ffc82c0d0b..3fa5d724d8 100644
--- a/services/univention-bind/lib/systemd/system/univention-bind-ldap.service
+++ b/services/univention-bind/debian/univention-bind-ldap.service
@@ -1,7 +1,10 @@
 [Unit]
 Description=BIND Domain Name Server with LDAP backend
 Documentation=man:named(8)
-After=network.target slapd.service bind9.service
+ConditionFileNotEmpty=/var/lib/univention-bind/ldap
+After=network.target slapd.service
+Requires=slapd.service
+Before=bind9.service
 PartOf=bind9.service
 
 [Service]
diff --git a/services/univention-bind/debian/univention-bind.dirs b/services/univention-bind/debian/univention-bind.dirs
index dab4cd97d7..9310fb02bc 100644
--- a/services/univention-bind/debian/univention-bind.dirs
+++ b/services/univention-bind/debian/univention-bind.dirs
@@ -1 +1,2 @@
 var/cache/univention-bind-proxy
+var/lib/univention-bind
-- 
2.20.1