Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate configuration before reloading crowdsec in the cron #2831

Closed
blotus opened this issue Feb 10, 2024 · 4 comments · Fixed by #2861
Closed

Validate configuration before reloading crowdsec in the cron #2831

blotus opened this issue Feb 10, 2024 · 4 comments · Fixed by #2861
Assignees
@mmetc
Labels
needs/kind needs/triage
Milestone
1.6.1

Comments

@blotus
Copy link
Member

blotus commented Feb 10, 2024

The cron installed by default will reload crowdsec automatically if the hub was updated, but it won't check if the configuration is valid first.
This can lead to an outage if any part of the configuration is invalid.
@blotus blotus added this to the 1.6.1 milestone Feb 10, 2024
@github-actions GitHub Actions
Copy link

@blotus: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

@github-actions GitHub Actions
Copy link

@blotus: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

  • /kind feature
  • /kind enhancement
  • /kind bug
  • /kind packaging
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

@mmetc
Copy link
Contributor

mmetc commented Feb 11, 2024

This should be done in systemd (ExecReload) so we're sure there is a trace in the logs, no? cron output often goes to /dev/null

@mmetc mmetc self-assigned this Feb 12, 2024
@mmetc
Copy link
Contributor

mmetc commented Feb 23, 2024
edited
Loading

The problem is discussed in systemd/systemd#2175

I see the solution would be

ExecReload=sh -c '/usr/local/bin/crowdsec -t /etc/crowdsec/config.yaml && /bin/kill -HUP $MAINPID'

or (untested) simply provide multiple ExecReload directives which are executed sequentially until one of them fails.

but from what I read in the above issue, shouldn't we also notify systemd of reload, stop etcetera? Currently we only notify it of a successful start.

https://github.com/coreos/go-systemd/blob/main/daemon/sdnotify.go

Edit: and a watchdog?

@mmetc mmetc mentioned this issue Feb 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmetc mmetc

Labels
needs/kind needs/triage
Projects
None yet
Milestone
1.6.1
Development

Successfully merging a pull request may close this issue.

systemd: check configuration before attempting reload crowdsecurity/crowdsec
2 participants
@blotus @mmetc