mirror of https://github.com/fail2ban/fail2ban
files/fail2ban-openrc.init.in: don't restart() with a broken config.
This commit adds a new function checkconfig() to the OpenRC service script. All it does is run the server with the "--test" flag in addition to the usual command-line arguments. The new command is not user-facing, but lets us avoid restarting the daemon with a broken config. That helps when the user changes his configuration while the daemon is running, and then tries to restart() not knowing that the new config is broken. A priori, we would stop the daemon and then the error would only become visible when the subsequent start() command failed. Refusing to stop() with a broken configuration is a nicer thing to do.pull/2182/head
parent
87e9cff065
commit
4d2841832c
|
@ -43,14 +43,39 @@ depend() {
|
|||
after iptables
|
||||
}
|
||||
|
||||
checkconfig() {
|
||||
"${command}" ${command_args} --test
|
||||
}
|
||||
|
||||
start_pre() {
|
||||
# If this isn't a restart, make sure that the user's config isn't
|
||||
# busted before we try to start the daemon (this will produce
|
||||
# better error messages than if we just try to start it blindly).
|
||||
#
|
||||
# If, on the other hand, this *is* a restart, then the stop_pre
|
||||
# action will have ensured that the config is usable and we don't
|
||||
# need to do that again.
|
||||
if [ "${RC_CMD}" != "restart" ] ; then
|
||||
checkconfig || return $?
|
||||
fi
|
||||
checkpath -d "${FAIL2BAN_RUNDIR}"
|
||||
}
|
||||
|
||||
stop_pre() {
|
||||
# If this is a restart, check to make sure the user's config
|
||||
# isn't busted before we stop the running daemon.
|
||||
if [ "${RC_CMD}" = "restart" ] ; then
|
||||
checkconfig || return $?
|
||||
fi
|
||||
}
|
||||
|
||||
reload() {
|
||||
# The fail2ban-client uses an undocumented protocol to tell
|
||||
# the server to reload(), so we have to use it here rather
|
||||
# than e.g. sending a signal to the server daemon.
|
||||
# than e.g. sending a signal to the server daemon. Note that
|
||||
# the reload will fail (on the server side) if the new config
|
||||
# is invalid; we therefore don't need to test it ourselves
|
||||
# with checkconfig() before initiating the reload.
|
||||
ebegin "Reloading ${RC_SVCNAME}"
|
||||
"@BINDIR@/fail2ban-client" ${command_args} reload
|
||||
eend $? "Failed to reload ${RC_SVCNAME}"
|
||||
|
|
Loading…
Reference in New Issue