<div dir="ltr">Hi Tobias:<div><br></div><div>Thank you for your quick and thoughtful response!<br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, May 6, 2016 at 6:03 AM, Tobias Brunner <span dir="ltr"><<a href="mailto:tobias@strongswan.org" target="_blank">tobias@strongswan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">Hi Corey,<br>
<span class=""><br>
> 1. Call "resolvconf --disable-updates"<br>
> 2. Call resolvconf the way it is currently in<br>
> invoke_resolveconf(). This has the effect of installing or<br>
> deleting the interface without running the update script, and<br>
> the exit code returned by "pclose()" will tell you whether the<br>
> resolvconf install succeeded.<br>
> 3. Call "resolvconf --enable-updates" which will cause the<br>
> postponed update scripts to be run, and the errors here can be<br>
> ignored or logged with "DBG1()".<br>
> 4. Return the pclose() return value from ste<br>
<br>
</span>Not sure if that's such a good idea. Don't failed update scripts<br>
indicate a serious problem? Actually, resolvconf does not seem to do</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
much besides some basic checks and writing the passed data to an<br>
interface file before running the update scripts, of which update.d/libc<br>
seems to do the main work of actually "installing" the DNS server by<br>
writing resolv.conf.</blockquote><div><br></div><div>Good point. It's not wise to continue as if nothing has gone wrong, </div><div>when, as far as we know, it could be the "installing" done within</div><div>update.d/libc itself that went wrong, even though, in my case, that</div><div>part succeeded, while it was one of the sub-scripts under update-libc.d</div><div>which failed. So, it's better and simpler to always return failure.</div><div><br></div><div>Also, in order to enhance the debuggability for the case where update</div><div>scripts failed, I'd recommend trying to capture stderr of the resolvconf </div><div>calls, and sending it to the ike debug log. From my testing, I can see that</div><div>the 'run-parts' program (which is called by /sbin/resolvconf in order to run</div><div>the update scripts) does a good job of telling you which scripts exited</div><div>non-zero, and this would be useful to see in the log alongside the</div><div>"[IKE] adding DNS server failed" message, if possible. </div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">So perhaps we could just recursively call<br>
invoke_resolvconf(FALSE) if pclose() indicates the command failed. That<br>
way the interface file is at least removed again.<br>
<br></blockquote><div><br></div><div>This seems to be a very good solution. This would definitely fix my case,</div><div>where the "install" part in update.d/libc actually succeeded (and the part</div><div>that failed was one of the sub-scripts under update-libc.d), since the </div><div>follow-up, recursive invoke_resolvconf(FALSE) call would not only delete</div><div>the interface file, but also trigger a successful "uninstall" operation performed</div><div>by update.d/libc (even though my failing sub-script in update-libc.d would</div><div>still, thereafter, fail, but, if, as mentioned above, stderr is captured, that would </div><div>be easily debugged).</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
Regards<br>
Tobias<br></blockquote></div></div><div class="gmail_extra"><br></div><div class="gmail_extra">Let me know if you need help with anything...</div><div class="gmail_extra"><br></div><div class="gmail_extra">Thanks!</div><div class="gmail_extra">Corey</div></div><div class="gmail_extra"><br></div></div>