Comments (5)
djessich
commented on May 31, 2024
For me fail2ban service does not reload on Chef 17. See the following output:
Recipe: fail2ban::default
* service[fail2ban] action restart
- restart service service[fail2ban]
* service[fail2ban] action reload
================================================================================
Error executing action `reload` on resource 'service[fail2ban]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '1'
---- Begin output of ["/bin/systemctl", "--system", "reload", "fail2ban"] ----
STDOUT:
STDERR: Job for fail2ban.service failed.
See "systemctl status fail2ban.service" and "journalctl -xe" for details.
---- End output of ["/bin/systemctl", "--system", "reload", "fail2ban"] ----
Ran ["/bin/systemctl", "--system", "reload", "fail2ban"] returned 1
Resource Declaration:
---------------------
# In /opt/kitchen/cache/cookbooks/fail2ban/recipes/default.rb
93: service 'fail2ban' do
94: supports [status: true, restart: true]
95: action [:enable, :start] if platform_family?('rhel', 'amazon', 'fedora')
96: action [:enable] if platform_family?('debian', 'suse')
97: end
Compiled Resource:
------------------
# Declared in /opt/kitchen/cache/cookbooks/fail2ban/recipes/default.rb:93:in `from_file'
service("fail2ban") do
action [:enable]
updated true
default_guard_interpreter :default
declared_type :service
cookbook_name "fail2ban"
recipe_name "default"
supports {{:status=>true, :restart=>true}=>true}
service_name "fail2ban"
running true
enabled true
masked false
end
System Info:
------------
chef_version=17.10.0
platform=debian
platform_version=10
ruby=ruby 3.0.3p157 (2021-11-24 revision 3fb7d2cadc) [x86_64-linux]
program_name=/opt/cinc/bin/cinc-client
executable=/opt/cinc/bin/cinc-client
from fail2ban.
djessich
commented on May 31, 2024
After digging around with the issue, it seems the problem is as follows:
Service resource for fail2ban is notified with action restart (delayed timing), so the service is restarted at the end of the Chef Client run. Unfortunately reload action is notified for fail2ban service resource, directly after restart action was notified by using fail2ban_jail resource. This introduces a something like a race condition, as the service may not be ready to accept connections after the restart.
I think it would be good to change the notified action to from within fail2ban_jail resource to :restart or to allow the cookbook user to specify the action via custom resource properties (as symbol type).
BTW: When using :reload action from within this cookbook, the service resource should explicitly declare it to be supported using supports property.
from fail2ban.
PowerKiKi
commented on May 31, 2024
@djessich have you found a workaround for this issue ?
from fail2ban.
djessich
commented on May 31, 2024
@PowerKiKi No, I haven't found a workaround or solution yet.
from fail2ban.
PowerKiKi
commented on May 31, 2024
My workaround for now is to specify :restart, even though :reload would be the more efficient option. So something like that:
notifies :restart, 'service[fail2ban]'from fail2ban.
Related Issues (20)
- Dependency Dashboard
- Investigate using .d folders for a LWRP HOT 2
- Expand specs to all supported OS releases HOT 1
- Fail2ban 2.3.0 fails with Service Enable HOT 2
- Build failing on Ubuntu 16.04 HOT 4
- Changing the log level not possible anymore HOT 2
- Service enable and start doesn't work on Fedora HOT 1
- Creating fail2ban.conf fails with NoMethodError HOT 2
- No directory /var/run/fail2ban created during installation HOT 3
- New Tagged Version HOT 2
- Can't use defaults for pre-defined jails HOT 2
- fail2ban_jail resource not working (for SSH service) HOT 4
- Priority field to fail2ban_jail Resource HOT 3
- Dangerfile should use failure instead of fail
- Remove .rubocop.yml with Dangerfile HOT 1
- Update Changelog HOT 2
- Run latest cookstyle HOT 1
- Update builds to be parallel
- Fix all checks so they pass
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fail2ban.