Changeset View
Standalone View
security/crowdsec/files/crowdsec.in
#!/bin/sh | #!/bin/sh | ||||
# | |||||
# $FreeBSD$ | # $FreeBSD$ | ||||
# | # | ||||
# PROVIDE: crowdsec | # PROVIDE: crowdsec | ||||
# REQUIRE: LOGIN DAEMON NETWORKING | # REQUIRE: LOGIN | ||||
# KEYWORD: shutdown | # KEYWORD: shutdown | ||||
# | # | ||||
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf | # Add the following lines to /etc/rc.conf.local or /etc/rc.conf | ||||
# to enable this service: | # to enable this service: | ||||
# | # | ||||
# crowdsec_enable (bool): Set it to YES to enable crowdsec agent. | # crowdsec_enable (bool): Set it to YES to enable crowdsec agent. | ||||
# Default is "NO". | # Default is "NO" | ||||
# crowdsec_config (str): Set the agent config path. | # crowdsec_config (str): Set the agent config path. | ||||
# Default is "%%PREFIX%%/etc/crowdsec/config.yaml". | # Default is "%%PREFIX%%/etc/crowdsec/config.yaml" | ||||
# crowdsec_flags (str): Set the extra flags to run agent. | # crowdsec_flags (str): Set the extra flags to run agent. | ||||
# Default is "" | |||||
. /etc/rc.subr | . /etc/rc.subr | ||||
name=crowdsec | name=crowdsec | ||||
desc="Crowdsec Agent" | desc="Crowdsec Agent" | ||||
rcvar=crowdsec_enable | rcvar=crowdsec_enable | ||||
load_rc_config $name | load_rc_config $name | ||||
: ${crowdsec_enable:="NO"} | : ${crowdsec_enable:=NO} | ||||
: ${crowdsec_config:="%%PREFIX%%/etc/crowdsec/config.yaml"} | : ${crowdsec_config:=%%PREFIX%%/etc/crowdsec/config.yaml} | ||||
sbz: Could you explain the difference here? of removing the quote to add them again in… | |||||
matUnsubmitted Not Done Inline ActionsThe quotes are not needed here, sh will parse everything up to the last } as being part of the default value, even if it has spaces: ❯ cat test.sh : ${crowdsec_config:=%%PREFIX%%/e tc/crowdsec/config.yaml} echo $crowdsec_config ❯ sh -x test.sh + : %%PREFIX%%/e tc/crowdsec/config.yaml + echo %%PREFIX%%/e tc/crowdsec/config.yaml %%PREFIX%%/e tc/crowdsec/config.yaml But if it has spaces, it needs to be quoted in command_args in order for it to not be splitted into multiple arguments. mat: The quotes are not needed here, sh will parse everything up to the last } as being part of the… | |||||
: ${crowdsec_flags:=""} | |||||
pidfile=/var/run/${name}.pid | pidfile=/var/run/$name.pid | ||||
command="%%PREFIX%%/bin/${name}" | required_files="$crowdsec_config" | ||||
start_cmd="${name}_start" | procname="%%PREFIX%%/bin/crowdsec" | ||||
configtest_cmd="${name}_configtest" | command=/usr/sbin/daemon | ||||
command_args="-fp $pidfile -t '$desc' -- '$procname' -c '$crowdsec_config' $crowdsec_flags" | |||||
driesmUnsubmitted Not Done Inline ActionsNo need to explicitly append crowdsec_flags to command args. This is actually something that is undocumented. Every rc script respects the $name_flags from rc.conf even if not defined in the rc script. It will auto append to the ran command. driesm: No need to explicitly append crowdsec_flags to command args.
Now this will result in the flags… | |||||
sbzUnsubmitted Not Done Inline ActionsThanks @crees for the suggestions. I was not sure if to put the ${x_flags} is valid. The value I'm using currently in rc.conf is the following: crowdsec_flags='-info` As documented in the article about rc-scripting, it could create an issue "Never include dashed options, like -X or --foo, in command_args." In that case -info will be passed to the daemon command arguments which is not correct and lead to the following when trying to sudo service crowdsec start: I have tested it and indeed it's does not act as expected Performing sanity check on crowdsec configuration. Starting crowdsec. daemon: illegal option -- i usage: daemon [-cfrS] [-p child_pidfile] [-P supervisor_pidfile] [-u user] [-o output_file] [-t title] [-l syslog_facility] [-s syslog_priority] [-T syslog_tag] [-m output_mask] [-R restart_delay_secs] command arguments ... /usr/local/etc/rc.d/crowdsec: WARNING: failed to start crowdsec sbz: Thanks @crees for the suggestions. I was not sure if to put the ${x_flags} is valid.
The… | |||||
start_precmd=crowdsec_configtest | |||||
restart_precmd=crowdsec_configtest | |||||
sbzUnsubmitted Not Done Inline ActionsThanks for that, it totally make sense to test the config with the *_precmd before starting sbz: Thanks for that, it totally make sense to test the config with the `*_precmd` before starting | |||||
configtest_cmd=crowdsec_configtest | |||||
extra_commands="configtest reload" | extra_commands="configtest reload" | ||||
crowdsec_start() | |||||
{ | |||||
/usr/sbin/daemon -f -p ${pidfile} -t "${desc}" \ | |||||
${command} -c ${crowdsec_config} ${crowdsec_flags} | |||||
} | |||||
crowdsec_configtest() | crowdsec_configtest() | ||||
{ | { | ||||
echo "Performing sanity check on ${name} configuration." | echo "Performing sanity check on ${name} configuration." | ||||
eval ${command} -c ${crowdsec_config} -t | $procname -c "$crowdsec_config" -t | ||||
} | } | ||||
run_rc_command "$1" | run_rc_command $1 |
Could you explain the difference here? of removing the quote to add them again in command_args?