guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

03/03: services: fail2ban: Start server in the foreground.

From: guix-commits
Subject: 03/03: services: fail2ban: Start server in the foreground.
Date: Tue, 6 Dec 2022 11:50:53 -0500 (EST) 
civodul pushed a commit to branch version-1.4.0
in repository guix.

commit a420b4f34e7449319f6ec73301ffb932845b66d6
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Tue Dec 6 17:46:45 2022 +0100

    services: fail2ban: Start server in the foreground.
    
    Previously, we were passing '-b', thereby starting the server in the
    background.  Consequently the 'start' method could complete before the
    server was ready to accept connections on its socket, leading to
    non-deterministic test failures.
    
    Reported by Mathieu Othacehe <othacehe@gnu.org>.
    
    * gnu/services/security.scm (fail2ban-shepherd-service): Change
    FAIL2BAN-ACTION to invoke 'fail2ban-client'.
    Change 'start' method to use 'make-forkexec-constructor'; start the
    server in the foreground with '-f' and pass '-x' to force execution of
    the server, as done upstream in 'fail2ban.service.in'.
---
 gnu/services/security.scm | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/gnu/services/security.scm b/gnu/services/security.scm
index 2010f9143a..50111455fb 100644
--- a/gnu/services/security.scm
+++ b/gnu/services/security.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2022 muradm <mail@muradm.net>
+;;; Copyright © 2022 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -351,25 +352,24 @@ provided as a list of file-like objects."))
   (match-record config <fail2ban-configuration>
     (fail2ban run-directory)
     (let* ((fail2ban-server (file-append fail2ban "/bin/fail2ban-server"))
+           (fail2ban-client (file-append fail2ban "/bin/fail2ban-client"))
            (pid-file (in-vicinity run-directory "fail2ban.pid"))
            (socket-file (in-vicinity run-directory "fail2ban.sock"))
            (config-dir (file-append (config->fail2ban-etc-directory config)
                                     "/etc/fail2ban"))
            (fail2ban-action (lambda args
-                              #~(invoke #$fail2ban-server
-                                        "-c" #$config-dir
-                                        "-p" #$pid-file
-                                        "-s" #$socket-file
-                                        "-b"
-                                        #$@args))))
-
-      ;; TODO: Add 'reload' action.
+                              #~(invoke #$fail2ban-client #$@args))))
+
+      ;; TODO: Add 'reload' action (see 'fail2ban.service.in' in the source).
       (list (shepherd-service
              (provision '(fail2ban))
              (documentation "Run the fail2ban daemon.")
              (requirement '(user-processes))
-             (start #~(lambda ()
-                        #$(fail2ban-action "start")))
+             (start #~(make-forkexec-constructor
+                       (list #$fail2ban-server
+                             "-c" #$config-dir "-s" #$socket-file
+                             "-p" #$pid-file "-xf" "start")
+                       #:pid-file #$pid-file))
              (stop #~(lambda (_)
                        #$(fail2ban-action "stop")
                        #f)))))))                  ;successfully stopped
reply via email to
[Prev in Thread] Current Thread [Next in Thread]