mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-26 04:29:25 -05:00
services: fail2ban: Start server in the foreground.
Previously, we were passing '-b', thereby starting the server in the background. Consequently the 'start' method could complete before the server was ready to accept connections on its socket, leading to non-deterministic test failures. Reported by Mathieu Othacehe <othacehe@gnu.org>. * gnu/services/security.scm (fail2ban-shepherd-service): Change FAIL2BAN-ACTION to invoke 'fail2ban-client'. Change 'start' method to use 'make-forkexec-constructor'; start the server in the foreground with '-f' and pass '-x' to force execution of the server, as done upstream in 'fail2ban.service.in'.
This commit is contained in:
parent
a508b5c778
commit
a420b4f34e
1 changed files with 9 additions and 9 deletions
|
@ -1,5 +1,6 @@
|
|||
;;; GNU Guix --- Functional package management for GNU
|
||||
;;; Copyright © 2022 muradm <mail@muradm.net>
|
||||
;;; Copyright © 2022 Ludovic Courtès <ludo@gnu.org>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
|
@ -351,25 +352,24 @@ (define (fail2ban-shepherd-service config)
|
|||
(match-record config <fail2ban-configuration>
|
||||
(fail2ban run-directory)
|
||||
(let* ((fail2ban-server (file-append fail2ban "/bin/fail2ban-server"))
|
||||
(fail2ban-client (file-append fail2ban "/bin/fail2ban-client"))
|
||||
(pid-file (in-vicinity run-directory "fail2ban.pid"))
|
||||
(socket-file (in-vicinity run-directory "fail2ban.sock"))
|
||||
(config-dir (file-append (config->fail2ban-etc-directory config)
|
||||
"/etc/fail2ban"))
|
||||
(fail2ban-action (lambda args
|
||||
#~(invoke #$fail2ban-server
|
||||
"-c" #$config-dir
|
||||
"-p" #$pid-file
|
||||
"-s" #$socket-file
|
||||
"-b"
|
||||
#$@args))))
|
||||
#~(invoke #$fail2ban-client #$@args))))
|
||||
|
||||
;; TODO: Add 'reload' action.
|
||||
;; TODO: Add 'reload' action (see 'fail2ban.service.in' in the source).
|
||||
(list (shepherd-service
|
||||
(provision '(fail2ban))
|
||||
(documentation "Run the fail2ban daemon.")
|
||||
(requirement '(user-processes))
|
||||
(start #~(lambda ()
|
||||
#$(fail2ban-action "start")))
|
||||
(start #~(make-forkexec-constructor
|
||||
(list #$fail2ban-server
|
||||
"-c" #$config-dir "-s" #$socket-file
|
||||
"-p" #$pid-file "-xf" "start")
|
||||
#:pid-file #$pid-file))
|
||||
(stop #~(lambda (_)
|
||||
#$(fail2ban-action "stop")
|
||||
#f))))))) ;successfully stopped
|
||||
|
|
Loading…
Reference in a new issue