mirror of
https://github.com/crowdsecurity/cs-firewall-bouncer.git
synced 2024-08-19 01:18:49 +03:00
deprecate "daemonize" and "pid_dir" options (#296)
This commit is contained in:
mmetc
20
cmd/root.go
20
cmd/root.go
@@ -12,7 +12,6 @@ import (
|
||||
"strings"
|
||||
"syscall"
|
||||
|
||||
"github.com/coreos/go-systemd/v22/daemon"
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/prometheus/client_golang/prometheus/promhttp"
|
||||
log "github.com/sirupsen/logrus"
|
||||
@@ -21,6 +20,7 @@ import (
|
||||
|
||||
"github.com/crowdsecurity/crowdsec/pkg/models"
|
||||
csbouncer "github.com/crowdsecurity/go-cs-bouncer"
|
||||
"github.com/crowdsecurity/go-cs-lib/pkg/csdaemon"
|
||||
"github.com/crowdsecurity/go-cs-lib/pkg/version"
|
||||
|
||||
"github.com/crowdsecurity/cs-firewall-bouncer/pkg/backend"
|
||||
@@ -229,16 +229,20 @@ func Execute() error {
|
||||
}
|
||||
})
|
||||
|
||||
if config.Daemon {
|
||||
sent, err := daemon.SdNotify(false, "READY=1")
|
||||
if !sent && err != nil {
|
||||
log.Errorf("Failed to notify: %v", err)
|
||||
if config.Daemon != nil {
|
||||
if *config.Daemon {
|
||||
log.Debug("Ignoring deprecated 'daemonize' option")
|
||||
} else {
|
||||
log.Warn("The 'daemonize' config option is deprecated and treated as always true")
|
||||
}
|
||||
g.Go(func() error {
|
||||
return HandleSignals(ctx)
|
||||
})
|
||||
}
|
||||
|
||||
_ = csdaemon.NotifySystemd(log.StandardLogger())
|
||||
|
||||
g.Go(func() error {
|
||||
return HandleSignals(ctx)
|
||||
})
|
||||
|
||||
if err := g.Wait(); err != nil {
|
||||
return fmt.Errorf("process terminated with error: %w", err)
|
||||
}
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
mode: ${BACKEND}
|
||||
pid_dir: /var/run/
|
||||
update_frequency: 10s
|
||||
daemonize: true
|
||||
log_mode: file
|
||||
log_dir: /var/log/
|
||||
log_level: info
|
||||
|
||||
4
go.mod
4
go.mod
@@ -3,10 +3,9 @@ module github.com/crowdsecurity/cs-firewall-bouncer
|
||||
go 1.20
|
||||
|
||||
require (
|
||||
github.com/coreos/go-systemd/v22 v22.5.0
|
||||
github.com/crowdsecurity/crowdsec v1.5.2
|
||||
github.com/crowdsecurity/go-cs-bouncer v0.0.5
|
||||
github.com/crowdsecurity/go-cs-lib v0.0.0-20230522124854-671e895fa788
|
||||
github.com/crowdsecurity/go-cs-lib v0.0.2
|
||||
github.com/google/nftables v0.0.0-20220808154552-2eca00135732
|
||||
github.com/prometheus/client_golang v1.15.1
|
||||
github.com/sirupsen/logrus v1.9.2
|
||||
@@ -22,6 +21,7 @@ require (
|
||||
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
|
||||
github.com/beorn7/perks v1.0.1 // indirect
|
||||
github.com/cespare/xxhash/v2 v2.2.0 // indirect
|
||||
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
|
||||
github.com/crowdsecurity/grokky v0.2.1 // indirect
|
||||
github.com/fatih/color v1.15.0 // indirect
|
||||
github.com/go-openapi/analysis v0.21.4 // indirect
|
||||
|
||||
4
go.sum
4
go.sum
@@ -17,8 +17,8 @@ github.com/crowdsecurity/crowdsec v1.5.2 h1:2wl5ULsZlD8Du9PGe415x1fYRcOfVx95KI2S
|
||||
github.com/crowdsecurity/crowdsec v1.5.2/go.mod h1:R1wnz8wqV4r1teYt9Yc5PVTaBb37ug2yqCffIvXEuRw=
|
||||
github.com/crowdsecurity/go-cs-bouncer v0.0.5 h1:vZ989qKUDTavycjGLjqm2M6UzXJpmLaq35UoaiF9474=
|
||||
github.com/crowdsecurity/go-cs-bouncer v0.0.5/go.mod h1:ShrcSSYmzBTKnpqON9/UFvorDMhhn5mbeQC2HXCv7kE=
|
||||
github.com/crowdsecurity/go-cs-lib v0.0.0-20230522124854-671e895fa788 h1:1tjqkYUmbkbYqa21kZsgSWaPIwGyUW0xE/sbb1zpJHg=
|
||||
github.com/crowdsecurity/go-cs-lib v0.0.0-20230522124854-671e895fa788/go.mod h1:9JJLSpGj1ZXnROV3xAcJvS/HTaUvuA8K3gGOpO4tfVc=
|
||||
github.com/crowdsecurity/go-cs-lib v0.0.2 h1:+Tjmf/IclOXNzU9sxKVQvUl9CkMfbM60xQ0zA05NWps=
|
||||
github.com/crowdsecurity/go-cs-lib v0.0.2/go.mod h1:iznTJ19qLTYdZBcRb5RVDlcUdSlayBCivBkWsXlOY3g=
|
||||
github.com/crowdsecurity/grokky v0.2.1 h1:t4VYnDlAd0RjDM2SlILalbwfCrQxtJSMGdQOR0zwkE4=
|
||||
github.com/crowdsecurity/grokky v0.2.1/go.mod h1:33usDIYzGDsgX1kHAThCbseso6JuWNJXOzRQDGXHtWM=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
|
||||
@@ -35,10 +35,10 @@ const (
|
||||
)
|
||||
|
||||
type BouncerConfig struct {
|
||||
Mode string `yaml:"mode"` // ipset,iptables,tc
|
||||
PidDir string `yaml:"pid_dir"`
|
||||
Mode string `yaml:"mode"` // ipset,iptables,tc
|
||||
PidDir string `yaml:"pid_dir"` // unused
|
||||
UpdateFrequency string `yaml:"update_frequency"`
|
||||
Daemon bool `yaml:"daemonize"`
|
||||
Daemon *bool `yaml:"daemonize"` // unused
|
||||
Logging LoggingConfig `yaml:",inline"`
|
||||
DisableIPV6 bool `yaml:"disable_ipv6"`
|
||||
DenyAction string `yaml:"deny_action"`
|
||||
@@ -102,10 +102,8 @@ func NewConfig(reader io.Reader) (*BouncerConfig, error) {
|
||||
config.SupportedDecisionsTypes = []string{"ban"}
|
||||
}
|
||||
|
||||
if config.PidDir == "" {
|
||||
log.Warningf("missing 'pid_dir' directive, using default: '/var/run/'")
|
||||
|
||||
config.PidDir = "/var/run/"
|
||||
if config.PidDir != "" {
|
||||
log.Debug("Ignoring deprecated 'pid_dir' option")
|
||||
}
|
||||
|
||||
if config.DenyLog && config.DenyLogPrefix == "" {
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
mode: iptables
|
||||
pid_dir: /var/run/
|
||||
update_frequency: 0.1s
|
||||
daemonize: false
|
||||
log_mode: stdout
|
||||
log_dir: ./
|
||||
log_level: info
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
mode: nftables
|
||||
pid_dir: /var/run/
|
||||
update_frequency: 0.01s
|
||||
daemonize: false
|
||||
log_mode: stdout
|
||||
log_dir: ./
|
||||
log_level: info
|
||||
|
||||
Reference in New Issue
Block a user