[systemd-devel] How to get used to systemd vs init
Chad
ccolumbu at gmail.com
Tue Jun 23 23:53:53 PDT 2015
On 6/23/2015 10:35 PM, killermoehre wrote:
> Am 24.06.2015 um 02:00 schrieb Chad:
>> On 6/23/2015 4:45 PM, Ronny Chevalier wrote:
>>> On Wed, Jun 24, 2015 at 1:37 AM, Chad <ccolumbu at gmail.com> wrote:
>>>> Oh, wait this is the reverse of what I want/need (systemd-sysv-generator
>>>> goes from init.d to systemd, I need from systemd to init.d).
>>>> I have a nagios script that runs something like:
>>>> /etc/init.d/httpd status
>>>> It then reads the output and makes sure httpd is running, if not it
>>>> takes
>>>> action depending on the service.
>>>> I use that method for tons of services.
>>>> I don't want to have to re-write the modules to use:
>>>> systemctl status httpd
>>>> If I did that then I will not be able to rsync the scripts/configs
>>>> around
>>>> and would have to maintain 2 versions of the code.
>>>> I was wondering if there was an easy way to create a /etc/init.d/httpd
>>>> script that called something like this inside:
>>>> #!/bin/bash
>>>> systemctl $1 $0
>>>> I know it is not that simple ($0 for example is the full path
>>>> /etc/init.d/httpd not just the httpd), which is why I am hoping there
>>>> is a
>>>> tool for this.
>>>>
>>> If you just want to know if a service is active you can use:
>>>
>>> systemctl is-active httpd
>>>
>>> If $? equals 0 then the service is active, else it is not :)
>>>
>>> If you make your script use this I don't see why you would have to
>>> maintain multiple versions, if your intention is to use systemd
>>> everywhere.
>> Except that I can not convert all servers I maintain over just like
>> that, it will take time, probably 1-2 years.
>>
>> As to: systemctl is-active httpd, that would work sometimes but not
>> others. For example I check fail2ban by running /etc/init.d/iptables
>> status which outputs all the firewall rules then check that output to
>> make sure the chains for fail2ban are there. If you restart iptables
>> without restarting fail2ban, fail2ban will show as running because the
>> daemon is up, but since the chains are gone it can not ban bad guys.
>>
>> Maybe one of you knows a solution to that (iptables restart without a
>> fail2ban restart), I have not found one for init.d, is this fixed
>> somehow in systemd?
>> That would be another advantage.
>>
>> ^C
>>
>> _______________________________________________
>> systemd-devel mailing list
>> systemd-devel at lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> Hi Chad,
>
> why don't make a dependency between iptables and fail2ban? This is really easy in systemd with Requires and Wants entries in the services. So you can't restart iptables without automatic trigger of a fail2ban restart.
>
> Regards
Killermoehre,
Thank you for your time and reply.
I intend to do exactly that when I start using systemd (I am still using init.d at the moment). In fact I have already
suggested that very thing on the fail2ban mailing list so that can add it to the tree and no custom rule is needed. To
my knowlage there is not a built in/standard way to tie init.d/iptables to init.d/fail2ban.
The test for the chains existence is still needed in case the chain is removed by other means (like a manual delete from
the cli).
I have found that I can trust nothing and that I should check/test everything :) when I think something is impossible or
so unlikely that it will "never happen to me" it inevitably is a problem at the worst possible moment. I bet some of you
know what I mean.
^C
More information about the systemd-devel
mailing list