Changeset View
Standalone View
security/crowdsec/files/crowdsec.in
| #!/bin/sh | #!/bin/sh | ||||
| # | |||||
| # $FreeBSD$ | # $FreeBSD$ | ||||
| # | # | ||||
| # PROVIDE: crowdsec | # PROVIDE: crowdsec | ||||
| # REQUIRE: LOGIN DAEMON NETWORKING | # REQUIRE: LOGIN | ||||
| # KEYWORD: shutdown | # KEYWORD: shutdown | ||||
| # | # | ||||
| # Add the following lines to /etc/rc.conf.local or /etc/rc.conf | # Add the following lines to /etc/rc.conf.local or /etc/rc.conf | ||||
| # to enable this service: | # to enable this service: | ||||
| # | # | ||||
| # crowdsec_enable (bool): Set it to YES to enable crowdsec agent. | # crowdsec_enable (bool): Set it to YES to enable crowdsec agent. | ||||
| # Default is "NO". | # Default is "NO" | ||||
| # crowdsec_config (str): Set the agent config path. | # crowdsec_config (str): Set the agent config path. | ||||
| # Default is "%%PREFIX%%/etc/crowdsec/config.yaml". | # Default is "%%PREFIX%%/etc/crowdsec/config.yaml" | ||||
| # crowdsec_flags (str): Set the extra flags to run agent. | # crowdsec_flags (str): Set the extra flags to run agent. | ||||
| # Default is "" | |||||
| . /etc/rc.subr | . /etc/rc.subr | ||||
| name=crowdsec | name=crowdsec | ||||
| desc="Crowdsec Agent" | desc="Crowdsec Agent" | ||||
| rcvar=crowdsec_enable | rcvar=crowdsec_enable | ||||
| load_rc_config $name | load_rc_config $name | ||||
| : ${crowdsec_enable:="NO"} | : ${crowdsec_enable:=NO} | ||||
| : ${crowdsec_config:="%%PREFIX%%/etc/crowdsec/config.yaml"} | : ${crowdsec_config:=%%PREFIX%%/etc/crowdsec/config.yaml} | ||||
sbz: Could you explain the difference here? of removing the quote to add them again in… | |||||
matUnsubmitted Not Done Inline ActionsThe quotes are not needed here, sh will parse everything up to the last } as being part of the default value, even if it has spaces: ❯ cat test.sh
: ${crowdsec_config:=%%PREFIX%%/e tc/crowdsec/config.yaml}
echo $crowdsec_config
❯ sh -x test.sh
+ : %%PREFIX%%/e tc/crowdsec/config.yaml
+ echo %%PREFIX%%/e tc/crowdsec/config.yaml
%%PREFIX%%/e tc/crowdsec/config.yamlBut if it has spaces, it needs to be quoted in command_args in order for it to not be splitted into multiple arguments. mat: The quotes are not needed here, sh will parse everything up to the last } as being part of the… | |||||
| : ${crowdsec_flags:=""} | |||||
| pidfile=/var/run/${name}.pid | pidfile=/var/run/$name.pid | ||||
| command="%%PREFIX%%/bin/${name}" | required_files="$crowdsec_config" | ||||
| start_cmd="${name}_start" | procname="%%PREFIX%%/bin/crowdsec" | ||||
| configtest_cmd="${name}_configtest" | command=/usr/sbin/daemon | ||||
| command_args="-fp $pidfile -t '$desc' -- '$procname' -c '$crowdsec_config' $crowdsec_flags" | |||||
driesmUnsubmitted Not Done Inline ActionsNo need to explicitly append crowdsec_flags to command args. This is actually something that is undocumented. Every rc script respects the $name_flags from rc.conf even if not defined in the rc script. It will auto append to the ran command. driesm: No need to explicitly append crowdsec_flags to command args.
Now this will result in the flags… | |||||
sbzUnsubmitted Not Done Inline ActionsThanks @crees for the suggestions. I was not sure if to put the ${x_flags} is valid. The value I'm using currently in rc.conf is the following: crowdsec_flags='-info` As documented in the article about rc-scripting, it could create an issue "Never include dashed options, like -X or --foo, in command_args." In that case -info will be passed to the daemon command arguments which is not correct and lead to the following when trying to sudo service crowdsec start: I have tested it and indeed it's does not act as expected Performing sanity check on crowdsec configuration.
Starting crowdsec.
daemon: illegal option -- i
usage: daemon [-cfrS] [-p child_pidfile] [-P supervisor_pidfile]
[-u user] [-o output_file] [-t title]
[-l syslog_facility] [-s syslog_priority]
[-T syslog_tag] [-m output_mask] [-R restart_delay_secs]
command arguments ...
/usr/local/etc/rc.d/crowdsec: WARNING: failed to start crowdsecsbz: Thanks @crees for the suggestions. I was not sure if to put the ${x_flags} is valid.
The… | |||||
| start_precmd=crowdsec_configtest | |||||
| restart_precmd=crowdsec_configtest | |||||
sbzUnsubmitted Not Done Inline ActionsThanks for that, it totally make sense to test the config with the *_precmd before starting sbz: Thanks for that, it totally make sense to test the config with the `*_precmd` before starting | |||||
| configtest_cmd=crowdsec_configtest | |||||
| extra_commands="configtest reload" | extra_commands="configtest reload" | ||||
| crowdsec_start() | |||||
| { | |||||
| /usr/sbin/daemon -f -p ${pidfile} -t "${desc}" \ | |||||
| ${command} -c ${crowdsec_config} ${crowdsec_flags} | |||||
| } | |||||
| crowdsec_configtest() | crowdsec_configtest() | ||||
| { | { | ||||
| echo "Performing sanity check on ${name} configuration." | echo "Performing sanity check on ${name} configuration." | ||||
| eval ${command} -c ${crowdsec_config} -t | $procname -c "$crowdsec_config" -t | ||||
| } | } | ||||
| run_rc_command "$1" | run_rc_command $1 | ||||
Could you explain the difference here? of removing the quote to add them again in command_args?