services: fail2ban: Start server in the foreground.

Previously, we were passing '-b', thereby starting the server in the background. Consequently the 'start' method could complete before the server was ready to accept connections on its socket, leading to non-deterministic test failures. Reported by Mathieu Othacehe <othacehe@gnu.org>. * gnu/services/security.scm (fail2ban-shepherd-service): Change FAIL2BAN-ACTION to invoke 'fail2ban-client'. Change 'start' method to use 'make-forkexec-constructor'; start the server in the foreground with '-f' and pass '-x' to force execution of the server, as done upstream in 'fail2ban.service.in'.
2025-01-11 21:59:08 -05:00 · 2022-12-06 17:46:45 +01:00 · 2022-12-06 17:46:45 +01:00 · a420b4f34e
commit a420b4f34e
parent a508b5c778
1 changed files with 9 additions and 9 deletions
--- a/gnu/services/security.scm
+++ b/gnu/services/security.scm
@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2022 muradm <mail@muradm.net>
+;;; Copyright © 2022 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -351,25 +352,24 @@ (define (fail2ban-shepherd-service config)
  (match-record config <fail2ban-configuration>
    (fail2ban run-directory)
    (let* ((fail2ban-server (file-append fail2ban "/bin/fail2ban-server"))
+           (fail2ban-client (file-append fail2ban "/bin/fail2ban-client"))
           (pid-file (in-vicinity run-directory "fail2ban.pid"))
           (socket-file (in-vicinity run-directory "fail2ban.sock"))
           (config-dir (file-append (config->fail2ban-etc-directory config)
                                    "/etc/fail2ban"))
           (fail2ban-action (lambda args
-                              #~(invoke #$fail2ban-server
-                                        "-c" #$config-dir
-                                        "-p" #$pid-file
-                                        "-s" #$socket-file
-                                        "-b"
-                                        #$@args))))
+                              #~(invoke #$fail2ban-client #$@args))))

-      ;; TODO: Add 'reload' action.
+      ;; TODO: Add 'reload' action (see 'fail2ban.service.in' in the source).
      (list (shepherd-service
             (provision '(fail2ban))
             (documentation "Run the fail2ban daemon.")
             (requirement '(user-processes))
-             (start #~(lambda ()
-                        #$(fail2ban-action "start")))
+             (start #~(make-forkexec-constructor
+                       (list #$fail2ban-server
+                             "-c" #$config-dir "-s" #$socket-file
+                             "-p" #$pid-file "-xf" "start")
+                       #:pid-file #$pid-file))
             (stop #~(lambda (_)
                       #$(fail2ban-action "stop")
                       #f)))))))                  ;successfully stopped