Ubuntu
fwknop package

Reviewer	Date Requested	Status
Dimitri John Ledkov		Approve on 2012-11-27
James Page		Needs Fixing on 2012-10-05
Oliver Grawert		Needs Information on 2012-10-04
Ubuntu branches	2012-09-17	Pending
Review via email: mp+124683@code.launchpad.net

Description of the Change

The fwknop package can benefit greatly from upstart supervision.
First of it is generally deployed as a single point of failure with the side effect that a failing fwknopd will probably leave the machine unmanageable by eg. ssh. Second, the current 2.x release is fairly new and rewritten in another language (ported from Perl to C) and it's stability is not as proven as the older 1.x line.
Because of that, having upstart supervise the fwknopd process ("respawn") will provide at least ease of mind if not significantly reduce maintenance problems.

lp:~kampka/ubuntu/quantal/fwknop/upstart-support updated on 2012-09-17

14. By Christian Kampka on 2012-09-17: Fixed script syntax error

Oliver Grawert (ogra) wrote on 2012-10-04:

there are several checks for additional configuration files in the sysvinit script (/etc/fwknop/access.conf /etc/fwknop/fwknopd.conf).
are these not used in 2.x anymore, does the daemon do the check itself now or will it just got into a crash/respawn loop if they are missing ?

review: Needs Information

Christian Kampka (kampka) wrote on 2012-10-04:

Am 04.10.2012 16:24, schrieb Oliver Grawert:
> Review: Needs Information
>
> there are several checks for additional configuration files in the sysvinit script (/etc/fwknop/access.conf /etc/fwknop/fwknopd.conf).
> are these not used in 2.x anymore, does the daemon do the check itself now or will it just got into a crash/respawn loop if they are missing ?
>

Both config files are still used in version 2 of fwknop.
I decided not to hardcode the checks into the upstart script because
they would more or less defeat the option of using a different config
file through $DAEMON_ARGS in /etc/defaults.
Currently, when fwknopd encounters problems with config files, it will
simply not start. Respawn will try indeed try to respawn the deamon, but
respawn is limited to 10 times by default so upstart will give up on
that quickly. If this should happen, respective errors are logged to
/var/log/upstart/fwknop-server.log so it is very easy to debug.

All in all I find this is a reasonable compromise.

James Page (james-page) wrote on 2012-10-05:

I think I would prefer to see the behaviour of the init script maintained with regards to verifying that the configuration files for this package are in place before attempting to start the daemon.

Respawning daemons can look odd from a monitoring perspective - I would normally expect this to indicate that something is badly broken....

review: Needs Fixing

James Page (james-page) wrote on 2012-10-05:

Christian

Inline with my feedback on your other upstart support change, I believe this should be deferred until R opens.

lp:~kampka/ubuntu/quantal/fwknop/upstart-support updated on 2012-10-06

15. By Christian Kampka on 2012-10-06: fwknop-server.upstart: check config file existence in pre-start

Christian Kampka (kampka) wrote on 2012-10-06:

> I think I would prefer to see the behaviour of the init script maintained with regards to verifying that the configuration files for this package are in place before attempting to start the daemon.
>
> Respawning daemons can look odd from a monitoring perspective - I would normally expect this to indicate that something is badly broken....

Pushed a fix that mimics the Sysvinit behavior closely.

James Hunt (jamesodhunt) wrote on 2012-11-26:

The debian/changelog file still contains merge conflict markers which need to be removed. Other than that, LGTM.

Dimitri John Ledkov (xnox) wrote on 2012-11-27:

Merge conflict markers are unimportant, as it's not the sponsoree's fault that it takes us that long to upload =)

* debian/changelog: please mention LP: #bugnumber such that bugs automatically close on upload (I added this)
* debian/control: please run update-maintainer to set the correct maingainter (I also did this)

Uploaded into raring.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Christian Kampka

Ubuntu branches

 === modified file 'debian/changelog'
 --- debian/changelog	2012-09-21 22:31:08 +0000
 +++ debian/changelog	2012-10-06 18:02:23 +0000
@@ -1,3 +1,4 @@
++<<<<<<< TREE
  fwknop (2.0.3-1) unstable; urgency=low
    * Imported Upstream version 2.0.3
@@ -7,6 +8,14 @@
   -- Franck Joncourt <franck@debian.org>  Fri, 21 Sep 2012 22:31:08 +0200
++=======
++fwknop (2.0.2-1ubuntu1) quantal; urgency=low
++
++  * Add upstart support.
++
++ -- Christian Kampka <chris@emerge-life.de>  Mon, 17 Sep 2012 15:11:15 +0200
++
++>>>>>>> MERGE-SOURCE
  fwknop (2.0.2-1) unstable; urgency=low
    * Imported Upstream version 2.0.2
 === added file 'debian/fwknop-server.upstart'
 --- debian/fwknop-server.upstart	1970-01-01 00:00:00 +0000
 +++ debian/fwknop-server.upstart	2012-10-06 18:02:23 +0000
@@ -0,0 +1,30 @@
++description "FireWall KNock OPerator"
++author "Christian Kampka <chris@emerge-life.de>"
++
++#start as early as networking is up
++start on (filesystem and started networking)
++stop on runlevel [016]
++
++env DAEMON_ARGS=""
++env CONF_FILES="/etc/fwknop/access.conf /etc/fwknop/fwknopd.conf"
++
++respawn
++
++pre-start script
++
++	[ -r /etc/default/fwknop-server ] || { stop; exit 0; }
++	. /etc/default/fwknop-server
++
++	[ "x$START_DAEMON" = "xyes" ] || { stop; exit 0; }
++
++	for file in $CONF_FILES; do
++		if [ ! -f "$file" ]; then
++			logger -t fwknop-server -s "Configuration file $file is missing."
++			stop
++			exit 0
++		fi
++	done
++
++end script
++
++exec /usr/sbin/fwknopd -f $DAEMON_ARGS

Ubuntufwknop package

Merge lp:~kampka/ubuntu/quantal/fwknop/upstart-support into lp:ubuntu/quantal/fwknop

Commit Message

Description of the Change

Preview Diff

Subscribers

Ubuntu
fwknop package