files/fail2ban-openrc.init.in: don't restart() with a broken config.

This commit adds a new function checkconfig() to the OpenRC service
script. All it does is run the server with the "--test" flag in
addition to the usual command-line arguments.

The new command is not user-facing, but lets us avoid restarting the
daemon with a broken config. That helps when the user changes his
configuration while the daemon is running, and then tries to restart()
not knowing that the new config is broken. A priori, we would stop the
daemon and then the error would only become visible when the subsequent
start() command failed. Refusing to stop() with a broken configuration
is a nicer thing to do.
pull/2182/head
Michael Orlitzky 2018-07-15 17:02:25 -04:00
parent 87e9cff065
commit 4d2841832c
1 changed files with 26 additions and 1 deletions

View File

@ -43,14 +43,39 @@ depend() {
after iptables
}
checkconfig() {
"${command}" ${command_args} --test
}
start_pre() {
# If this isn't a restart, make sure that the user's config isn't
# busted before we try to start the daemon (this will produce
# better error messages than if we just try to start it blindly).
#
# If, on the other hand, this *is* a restart, then the stop_pre
# action will have ensured that the config is usable and we don't
# need to do that again.
if [ "${RC_CMD}" != "restart" ] ; then
checkconfig || return $?
fi
checkpath -d "${FAIL2BAN_RUNDIR}"
}
stop_pre() {
# If this is a restart, check to make sure the user's config
# isn't busted before we stop the running daemon.
if [ "${RC_CMD}" = "restart" ] ; then
checkconfig || return $?
fi
}
reload() {
# The fail2ban-client uses an undocumented protocol to tell
# the server to reload(), so we have to use it here rather
# than e.g. sending a signal to the server daemon.
# than e.g. sending a signal to the server daemon. Note that
# the reload will fail (on the server side) if the new config
# is invalid; we therefore don't need to test it ourselves
# with checkconfig() before initiating the reload.
ebegin "Reloading ${RC_SVCNAME}"
"@BINDIR@/fail2ban-client" ${command_args} reload
eend $? "Failed to reload ${RC_SVCNAME}"