deprecate "daemonize" and "pid_dir" options (#296)

crowdsecurity · Jun 8, 2023 · c43e65a · c43e65a
1 parent 4afaea2
commit c43e65a
Show file tree

Hide file tree

Showing 7 changed files with 21 additions and 25 deletions.
diff --git a/cmd/root.go b/cmd/root.go
@@ -12,7 +12,6 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/coreos/go-systemd/v22/daemon"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	log "github.com/sirupsen/logrus"
@@ -21,6 +20,7 @@ import (
 
 	"github.com/crowdsecurity/crowdsec/pkg/models"
 	csbouncer "github.com/crowdsecurity/go-cs-bouncer"
+	"github.com/crowdsecurity/go-cs-lib/pkg/csdaemon"
 	"github.com/crowdsecurity/go-cs-lib/pkg/version"
 
 	"github.com/crowdsecurity/cs-firewall-bouncer/pkg/backend"
@@ -229,16 +229,20 @@ func Execute() error {
 		}
 	})
 
-	if config.Daemon {
-		sent, err := daemon.SdNotify(false, "READY=1")
-		if !sent && err != nil {
-			log.Errorf("Failed to notify: %v", err)
+	if config.Daemon != nil {
+		if *config.Daemon {
+			log.Debug("Ignoring deprecated 'daemonize' option")
+		} else {
+			log.Warn("The 'daemonize' config option is deprecated and treated as always true")
 		}
-		g.Go(func() error {
-			return HandleSignals(ctx)
-		})
 	}
 
+	_ = csdaemon.NotifySystemd(log.StandardLogger())
+
+	g.Go(func() error {
+		return HandleSignals(ctx)
+	})
+
 	if err := g.Wait(); err != nil {
 		return fmt.Errorf("process terminated with error: %w", err)
 	}

diff --git a/config/crowdsec-firewall-bouncer.yaml b/config/crowdsec-firewall-bouncer.yaml
@@ -1,7 +1,5 @@
 mode: ${BACKEND}
-pid_dir: /var/run/
 update_frequency: 10s
-daemonize: true
 log_mode: file
 log_dir: /var/log/
 log_level: info

diff --git a/go.mod b/go.mod
@@ -3,10 +3,9 @@ module github.com/crowdsecurity/cs-firewall-bouncer
 go 1.20
 
 require (
-	github.com/coreos/go-systemd/v22 v22.5.0
 	github.com/crowdsecurity/crowdsec v1.5.2
 	github.com/crowdsecurity/go-cs-bouncer v0.0.5
-	github.com/crowdsecurity/go-cs-lib v0.0.0-20230522124854-671e895fa788
+	github.com/crowdsecurity/go-cs-lib v0.0.2
 	github.com/google/nftables v0.0.0-20220808154552-2eca00135732
 	github.com/prometheus/client_golang v1.15.1
 	github.com/sirupsen/logrus v1.9.2
@@ -22,6 +21,7 @@ require (
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/crowdsecurity/grokky v0.2.1 // indirect
 	github.com/fatih/color v1.15.0 // indirect
 	github.com/go-openapi/analysis v0.21.4 // indirect

diff --git a/go.sum b/go.sum
@@ -17,8 +17,8 @@ github.com/crowdsecurity/crowdsec v1.5.2 h1:2wl5ULsZlD8Du9PGe415x1fYRcOfVx95KI2S
 github.com/crowdsecurity/crowdsec v1.5.2/go.mod h1:R1wnz8wqV4r1teYt9Yc5PVTaBb37ug2yqCffIvXEuRw=
 github.com/crowdsecurity/go-cs-bouncer v0.0.5 h1:vZ989qKUDTavycjGLjqm2M6UzXJpmLaq35UoaiF9474=
 github.com/crowdsecurity/go-cs-bouncer v0.0.5/go.mod h1:ShrcSSYmzBTKnpqON9/UFvorDMhhn5mbeQC2HXCv7kE=
-github.com/crowdsecurity/go-cs-lib v0.0.0-20230522124854-671e895fa788 h1:1tjqkYUmbkbYqa21kZsgSWaPIwGyUW0xE/sbb1zpJHg=
-github.com/crowdsecurity/go-cs-lib v0.0.0-20230522124854-671e895fa788/go.mod h1:9JJLSpGj1ZXnROV3xAcJvS/HTaUvuA8K3gGOpO4tfVc=
+github.com/crowdsecurity/go-cs-lib v0.0.2 h1:+Tjmf/IclOXNzU9sxKVQvUl9CkMfbM60xQ0zA05NWps=
+github.com/crowdsecurity/go-cs-lib v0.0.2/go.mod h1:iznTJ19qLTYdZBcRb5RVDlcUdSlayBCivBkWsXlOY3g=
 github.com/crowdsecurity/grokky v0.2.1 h1:t4VYnDlAd0RjDM2SlILalbwfCrQxtJSMGdQOR0zwkE4=
 github.com/crowdsecurity/grokky v0.2.1/go.mod h1:33usDIYzGDsgX1kHAThCbseso6JuWNJXOzRQDGXHtWM=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

diff --git a/pkg/cfg/config.go b/pkg/cfg/config.go
@@ -35,10 +35,10 @@ const (
 )
 
 type BouncerConfig struct {
-	Mode            string        `yaml:"mode"` // ipset,iptables,tc
-	PidDir          string        `yaml:"pid_dir"`
+	Mode            string        `yaml:"mode"`    // ipset,iptables,tc
+	PidDir          string        `yaml:"pid_dir"` // unused
 	UpdateFrequency string        `yaml:"update_frequency"`
-	Daemon          bool          `yaml:"daemonize"`
+	Daemon          *bool         `yaml:"daemonize"` // unused
 	Logging         LoggingConfig `yaml:",inline"`
 	DisableIPV6     bool          `yaml:"disable_ipv6"`
 	DenyAction      string        `yaml:"deny_action"`
@@ -102,10 +102,8 @@ func NewConfig(reader io.Reader) (*BouncerConfig, error) {
 		config.SupportedDecisionsTypes = []string{"ban"}
 	}
 
-	if config.PidDir == "" {
-		log.Warningf("missing 'pid_dir' directive, using default: '/var/run/'")
-
-		config.PidDir = "/var/run/"
+	if config.PidDir != "" {
+		log.Debug("Ignoring deprecated 'pid_dir' option")
 	}
 
 	if config.DenyLog && config.DenyLogPrefix == "" {

diff --git a/test/backends/iptables/crowdsec-firewall-bouncer.yaml b/test/backends/iptables/crowdsec-firewall-bouncer.yaml
@@ -1,7 +1,5 @@
 mode: iptables
-pid_dir: /var/run/
 update_frequency: 0.1s
-daemonize: false
 log_mode: stdout
 log_dir: ./
 log_level: info

diff --git a/test/backends/nftables/crowdsec-firewall-bouncer.yaml b/test/backends/nftables/crowdsec-firewall-bouncer.yaml
@@ -1,7 +1,5 @@
 mode: nftables
-pid_dir: /var/run/
 update_frequency: 0.01s
-daemonize: false
 log_mode: stdout
 log_dir: ./
 log_level: info