From: Aleš Mrázek <ales.mrazek@nic.cz>
Date: Wed, 26 Nov 2025 17:21:42 +0000 (+0100)
Subject: manager: use WORKERS_SUPPORT constant
X-Git-Tag: v6.0.17~4^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=acbf1bc68a312f227842a0cc177e147f8196621d;p=thirdparty%2Fknot-resolver.git

manager: use WORKERS_SUPPORT constant
---

diff --git a/python/knot_resolver/datamodel/config_schema.py b/python/knot_resolver/datamodel/config_schema.py
index c4871def4..add8aba83 100644
--- a/python/knot_resolver/datamodel/config_schema.py
+++ b/python/knot_resolver/datamodel/config_schema.py
@@ -3,7 +3,7 @@ import os
 import socket
 from typing import Any, Dict, List, Literal, Optional, Tuple, Union
 
-from knot_resolver.constants import API_SOCK_FILE, FREEBSD_SYS, LINUX_SYS, RUN_DIR, VERSION
+from knot_resolver.constants import API_SOCK_FILE, RUN_DIR, VERSION, WORKERS_SUPPORT
 from knot_resolver.datamodel.cache_schema import CacheSchema
 from knot_resolver.datamodel.defer_schema import DeferSchema
 from knot_resolver.datamodel.dns64_schema import Dns64Schema
@@ -161,17 +161,18 @@ class KresConfig(ConfigSchema):
         return obj.hostname
 
     def _workers(self, obj: Raw) -> Any:
-        no_support_msg = "On this system, you cannot run more than one worker because SO_REUSEPORT/SO_REUSEPORT_LB socket option is not supported."
-
-        workers_support = LINUX_SYS or FREEBSD_SYS
-        if not workers_support and (int(obj.workers) > 1):
-            raise ValueError(no_support_msg)
+        no_workers_support_msg = (
+            "On this system, you cannot run more than one worker because "
+            "SO_REUSEPORT (Linux) or SO_REUSEPORT_LB (FreeBSD) socket option is not supported."
+        )
+        if not WORKERS_SUPPORT and (int(obj.workers) > 1):
+            raise ValueError(no_workers_support_msg)
 
         if obj.workers == "auto":
-            if not workers_support:
+            if not WORKERS_SUPPORT:
                 logger.info(
                     "Running on system without support for multiple workers,"
-                    f"' workers' configuration automatically set to 1. {no_support_msg}"
+                    f"' workers' configuration automatically set to 1. {no_workers_support_msg}"
                 )
                 return IntPositive(1)
 
diff --git a/python/knot_resolver/manager/manager.py b/python/knot_resolver/manager/manager.py
index f8c6607f2..da9721c38 100644
--- a/python/knot_resolver/manager/manager.py
+++ b/python/knot_resolver/manager/manager.py
@@ -7,7 +7,6 @@ from secrets import token_hex
 from subprocess import SubprocessError
 from typing import Any, Callable, List, Optional
 
-from knot_resolver.constants import FREEBSD_SYS, LINUX_SYS
 from knot_resolver.controller.exceptions import SubprocessControllerError
 from knot_resolver.controller.interface import Subprocess, SubprocessController, SubprocessStatus, SubprocessType
 from knot_resolver.controller.registered_workers import command_registered_workers, get_registered_workers_kresids
@@ -143,13 +142,10 @@ class KresManager:  # pylint: disable=too-many-instance-attributes
         # register callback to reset policy rules for each 'kresd' worker
         await config_store.register_on_change_callback(self.reset_workers_policy_rules)
 
-        # Only necessary on systems that allow multiple kresd workers
-        # TLS session secret synchronization across all workers
-        if LINUX_SYS or FREEBSD_SYS:
-            # register and immediately call a callback to set new TLS session ticket secret for 'kresd' workers
-            await config_store.register_on_change_callback(
-                only_on_real_changes_update(config_nodes)(self.set_new_tls_sticket_secret)
-            )
+        # register and immediately call a callback to set new TLS session ticket secret for 'kresd' workers
+        await config_store.register_on_change_callback(
+            only_on_real_changes_update(config_nodes)(self.set_new_tls_sticket_secret)
+        )
 
         # register callback that reloads files (TLS cert files) if selected configuration has not been changed
         await config_store.register_on_change_callback(only_on_no_changes_update(config_nodes)(files_reload))
@@ -276,8 +272,15 @@ class KresManager:  # pylint: disable=too-many-instance-attributes
             )
 
     async def set_new_tls_sticket_secret(self, config: KresConfig, force: bool = False) -> None:
+        if int(config.workers) == 1:
+            logger.info(
+                "There is no need to synchronize the TLS session secret across all workers"
+                " because only one kresd worker is configured - skipping auto-generation"
+            )
+            return
+
         if config.network.tls.sticket_secret or config.network.tls.sticket_secret_file:
-            logger.debug("User-configured TLS resumption secret found - skipping auto-generation.")
+            logger.debug("User-configured TLS resumption secret found - skipping auto-generation")
             return
 
         logger.debug("Creating TLS session ticket secret")