mirror of
https://github.com/crowdsecurity/cs-firewall-bouncer.git
synced 2024-08-19 01:18:49 +03:00
deprecate "daemonize" and "pid_dir" options (#296)
This commit is contained in:
mmetc
20
cmd/root.go
20
cmd/root.go
@@ -12,7 +12,6 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
"syscall"
|
"syscall"
|
||||||
|
|
||||||
"github.com/coreos/go-systemd/v22/daemon"
|
|
||||||
"github.com/prometheus/client_golang/prometheus"
|
"github.com/prometheus/client_golang/prometheus"
|
||||||
"github.com/prometheus/client_golang/prometheus/promhttp"
|
"github.com/prometheus/client_golang/prometheus/promhttp"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
@@ -21,6 +20,7 @@ import (
|
|||||||
|
|
||||||
"github.com/crowdsecurity/crowdsec/pkg/models"
|
"github.com/crowdsecurity/crowdsec/pkg/models"
|
||||||
csbouncer "github.com/crowdsecurity/go-cs-bouncer"
|
csbouncer "github.com/crowdsecurity/go-cs-bouncer"
|
||||||
|
"github.com/crowdsecurity/go-cs-lib/pkg/csdaemon"
|
||||||
"github.com/crowdsecurity/go-cs-lib/pkg/version"
|
"github.com/crowdsecurity/go-cs-lib/pkg/version"
|
||||||
|
|
||||||
"github.com/crowdsecurity/cs-firewall-bouncer/pkg/backend"
|
"github.com/crowdsecurity/cs-firewall-bouncer/pkg/backend"
|
||||||
@@ -229,16 +229,20 @@ func Execute() error {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
if config.Daemon {
|
if config.Daemon != nil {
|
||||||
sent, err := daemon.SdNotify(false, "READY=1")
|
if *config.Daemon {
|
||||||
if !sent && err != nil {
|
log.Debug("Ignoring deprecated 'daemonize' option")
|
||||||
log.Errorf("Failed to notify: %v", err)
|
} else {
|
||||||
|
log.Warn("The 'daemonize' config option is deprecated and treated as always true")
|
||||||
}
|
}
|
||||||
g.Go(func() error {
|
|
||||||
return HandleSignals(ctx)
|
|
||||||
})
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
_ = csdaemon.NotifySystemd(log.StandardLogger())
|
||||||
|
|
||||||
|
g.Go(func() error {
|
||||||
|
return HandleSignals(ctx)
|
||||||
|
})
|
||||||
|
|
||||||
if err := g.Wait(); err != nil {
|
if err := g.Wait(); err != nil {
|
||||||
return fmt.Errorf("process terminated with error: %w", err)
|
return fmt.Errorf("process terminated with error: %w", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,7 +1,5 @@
|
|||||||
mode: ${BACKEND}
|
mode: ${BACKEND}
|
||||||
pid_dir: /var/run/
|
|
||||||
update_frequency: 10s
|
update_frequency: 10s
|
||||||
daemonize: true
|
|
||||||
log_mode: file
|
log_mode: file
|
||||||
log_dir: /var/log/
|
log_dir: /var/log/
|
||||||
log_level: info
|
log_level: info
|
||||||
|
|||||||
4
go.mod
4
go.mod
@@ -3,10 +3,9 @@ module github.com/crowdsecurity/cs-firewall-bouncer
|
|||||||
go 1.20
|
go 1.20
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/coreos/go-systemd/v22 v22.5.0
|
|
||||||
github.com/crowdsecurity/crowdsec v1.5.2
|
github.com/crowdsecurity/crowdsec v1.5.2
|
||||||
github.com/crowdsecurity/go-cs-bouncer v0.0.5
|
github.com/crowdsecurity/go-cs-bouncer v0.0.5
|
||||||
github.com/crowdsecurity/go-cs-lib v0.0.0-20230522124854-671e895fa788
|
github.com/crowdsecurity/go-cs-lib v0.0.2
|
||||||
github.com/google/nftables v0.0.0-20220808154552-2eca00135732
|
github.com/google/nftables v0.0.0-20220808154552-2eca00135732
|
||||||
github.com/prometheus/client_golang v1.15.1
|
github.com/prometheus/client_golang v1.15.1
|
||||||
github.com/sirupsen/logrus v1.9.2
|
github.com/sirupsen/logrus v1.9.2
|
||||||
@@ -22,6 +21,7 @@ require (
|
|||||||
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
|
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
|
||||||
github.com/beorn7/perks v1.0.1 // indirect
|
github.com/beorn7/perks v1.0.1 // indirect
|
||||||
github.com/cespare/xxhash/v2 v2.2.0 // indirect
|
github.com/cespare/xxhash/v2 v2.2.0 // indirect
|
||||||
|
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
|
||||||
github.com/crowdsecurity/grokky v0.2.1 // indirect
|
github.com/crowdsecurity/grokky v0.2.1 // indirect
|
||||||
github.com/fatih/color v1.15.0 // indirect
|
github.com/fatih/color v1.15.0 // indirect
|
||||||
github.com/go-openapi/analysis v0.21.4 // indirect
|
github.com/go-openapi/analysis v0.21.4 // indirect
|
||||||
|
|||||||
4
go.sum
4
go.sum
@@ -17,8 +17,8 @@ github.com/crowdsecurity/crowdsec v1.5.2 h1:2wl5ULsZlD8Du9PGe415x1fYRcOfVx95KI2S
|
|||||||
github.com/crowdsecurity/crowdsec v1.5.2/go.mod h1:R1wnz8wqV4r1teYt9Yc5PVTaBb37ug2yqCffIvXEuRw=
|
github.com/crowdsecurity/crowdsec v1.5.2/go.mod h1:R1wnz8wqV4r1teYt9Yc5PVTaBb37ug2yqCffIvXEuRw=
|
||||||
github.com/crowdsecurity/go-cs-bouncer v0.0.5 h1:vZ989qKUDTavycjGLjqm2M6UzXJpmLaq35UoaiF9474=
|
github.com/crowdsecurity/go-cs-bouncer v0.0.5 h1:vZ989qKUDTavycjGLjqm2M6UzXJpmLaq35UoaiF9474=
|
||||||
github.com/crowdsecurity/go-cs-bouncer v0.0.5/go.mod h1:ShrcSSYmzBTKnpqON9/UFvorDMhhn5mbeQC2HXCv7kE=
|
github.com/crowdsecurity/go-cs-bouncer v0.0.5/go.mod h1:ShrcSSYmzBTKnpqON9/UFvorDMhhn5mbeQC2HXCv7kE=
|
||||||
github.com/crowdsecurity/go-cs-lib v0.0.0-20230522124854-671e895fa788 h1:1tjqkYUmbkbYqa21kZsgSWaPIwGyUW0xE/sbb1zpJHg=
|
github.com/crowdsecurity/go-cs-lib v0.0.2 h1:+Tjmf/IclOXNzU9sxKVQvUl9CkMfbM60xQ0zA05NWps=
|
||||||
github.com/crowdsecurity/go-cs-lib v0.0.0-20230522124854-671e895fa788/go.mod h1:9JJLSpGj1ZXnROV3xAcJvS/HTaUvuA8K3gGOpO4tfVc=
|
github.com/crowdsecurity/go-cs-lib v0.0.2/go.mod h1:iznTJ19qLTYdZBcRb5RVDlcUdSlayBCivBkWsXlOY3g=
|
||||||
github.com/crowdsecurity/grokky v0.2.1 h1:t4VYnDlAd0RjDM2SlILalbwfCrQxtJSMGdQOR0zwkE4=
|
github.com/crowdsecurity/grokky v0.2.1 h1:t4VYnDlAd0RjDM2SlILalbwfCrQxtJSMGdQOR0zwkE4=
|
||||||
github.com/crowdsecurity/grokky v0.2.1/go.mod h1:33usDIYzGDsgX1kHAThCbseso6JuWNJXOzRQDGXHtWM=
|
github.com/crowdsecurity/grokky v0.2.1/go.mod h1:33usDIYzGDsgX1kHAThCbseso6JuWNJXOzRQDGXHtWM=
|
||||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
|
|||||||
@@ -35,10 +35,10 @@ const (
|
|||||||
)
|
)
|
||||||
|
|
||||||
type BouncerConfig struct {
|
type BouncerConfig struct {
|
||||||
Mode string `yaml:"mode"` // ipset,iptables,tc
|
Mode string `yaml:"mode"` // ipset,iptables,tc
|
||||||
PidDir string `yaml:"pid_dir"`
|
PidDir string `yaml:"pid_dir"` // unused
|
||||||
UpdateFrequency string `yaml:"update_frequency"`
|
UpdateFrequency string `yaml:"update_frequency"`
|
||||||
Daemon bool `yaml:"daemonize"`
|
Daemon *bool `yaml:"daemonize"` // unused
|
||||||
Logging LoggingConfig `yaml:",inline"`
|
Logging LoggingConfig `yaml:",inline"`
|
||||||
DisableIPV6 bool `yaml:"disable_ipv6"`
|
DisableIPV6 bool `yaml:"disable_ipv6"`
|
||||||
DenyAction string `yaml:"deny_action"`
|
DenyAction string `yaml:"deny_action"`
|
||||||
@@ -102,10 +102,8 @@ func NewConfig(reader io.Reader) (*BouncerConfig, error) {
|
|||||||
config.SupportedDecisionsTypes = []string{"ban"}
|
config.SupportedDecisionsTypes = []string{"ban"}
|
||||||
}
|
}
|
||||||
|
|
||||||
if config.PidDir == "" {
|
if config.PidDir != "" {
|
||||||
log.Warningf("missing 'pid_dir' directive, using default: '/var/run/'")
|
log.Debug("Ignoring deprecated 'pid_dir' option")
|
||||||
|
|
||||||
config.PidDir = "/var/run/"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if config.DenyLog && config.DenyLogPrefix == "" {
|
if config.DenyLog && config.DenyLogPrefix == "" {
|
||||||
|
|||||||
@@ -1,7 +1,5 @@
|
|||||||
mode: iptables
|
mode: iptables
|
||||||
pid_dir: /var/run/
|
|
||||||
update_frequency: 0.1s
|
update_frequency: 0.1s
|
||||||
daemonize: false
|
|
||||||
log_mode: stdout
|
log_mode: stdout
|
||||||
log_dir: ./
|
log_dir: ./
|
||||||
log_level: info
|
log_level: info
|
||||||
|
|||||||
@@ -1,7 +1,5 @@
|
|||||||
mode: nftables
|
mode: nftables
|
||||||
pid_dir: /var/run/
|
|
||||||
update_frequency: 0.01s
|
update_frequency: 0.01s
|
||||||
daemonize: false
|
|
||||||
log_mode: stdout
|
log_mode: stdout
|
||||||
log_dir: ./
|
log_dir: ./
|
||||||
log_level: info
|
log_level: info
|
||||||
|
|||||||
Reference in New Issue
Block a user