From 49bc64c74c3c343a1d9eb685946db43c8fa2d18e Mon Sep 17 00:00:00 2001 From: Lukas Garberg Date: Mon, 23 Oct 2023 12:43:47 +0200 Subject: [PATCH 1/3] backend: Set pid file permissions to 644 By default the permissions of nipapd's PID file was set to 666. Change to 644. --- nipap/nipapd | 1 + 1 file changed, 1 insertion(+) diff --git a/nipap/nipapd b/nipap/nipapd index 42f65ca22..0e802df52 100755 --- a/nipap/nipapd +++ b/nipap/nipapd @@ -210,6 +210,7 @@ if __name__ == '__main__': # need a+ to be able to read PID from file try: lf = open(cfg.get('nipapd', 'pid_file'), 'a+') + os.chmod(cfg.get('nipapd', 'pid_file'), 0o644) lf.seek(0) except IOError as exc: logger.error("Unable to open PID file '" + str(exc.filename) + "': " + str(exc.strerror)) From 11390c0ccda4412100e61ddc3d2ac6f8e8e01cf8 Mon Sep 17 00:00:00 2001 From: Lukas Garberg Date: Mon, 23 Oct 2023 12:45:15 +0200 Subject: [PATCH 2/3] backend: Make sure to mach user when stopping proc Pass user to start-stop-daemon when stopping nipapd in init script. --- nipap/debian/nipapd.init | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nipap/debian/nipapd.init b/nipap/debian/nipapd.init index 18e2945af..2b3b2e877 100755 --- a/nipap/debian/nipapd.init +++ b/nipap/debian/nipapd.init @@ -16,6 +16,7 @@ CONFIGFILE=/etc/nipap/nipap.conf NAME=NIPAPd PIDFILE=/var/run/nipap/nipapd.pid PIDDIR=`dirname $PIDFILE` +USER=nipap . /lib/lsb/init-functions @@ -74,7 +75,7 @@ case "$1" in log_daemon_msg "Stopping NIPAPd XML-RPC server" "nipapd" RUNNING=$(running) if [ -n "$RUNNING" ]; then - if start-stop-daemon --stop --pidfile $PIDFILE --retry 30; then + if start-stop-daemon --stop --pidfile $PIDFILE --user $USER --retry 30; then log_end_msg 0 else log_end_msg 1 From b746d220d0e2d285eec8cc7e4b578b836d9390d8 Mon Sep 17 00:00:00 2001 From: Lukas Garberg Date: Tue, 24 Oct 2023 08:23:17 +0200 Subject: [PATCH 3/3] ci: Check nipapd status --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 87c19c43a..a09058999 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -112,6 +112,7 @@ jobs: # create local user for unittest and restart sudo nipap-passwd add -u unittest -p gottatest -f /etc/nipap/local_auth.db -n unittest sudo systemctl restart nipapd.service + sudo systemctl status nipapd.service # add some data to the database that we can verify later nosetests3 tests/upgrade-before.py # bump version so that we know we are upgrading beyond what is installed @@ -144,6 +145,7 @@ jobs: sudo nipap/nipap-passwd add -u readonly -p gottatest -f /etc/nipap/local_auth.db --readonly -n "Read-only user for running unit tests" sudo sed -e "s/^db_host *=.*/db_host = localhost/" -e "s/{{SYSLOG}}/true/" -e "s/^debug.\+/debug = true/" -e "s/^user/#user/" -i /etc/nipap/nipap.conf sudo systemctl restart nipapd.service + sudo systemctl status nipapd.service - name: "Verify pre-upgrade data" if: ${{ matrix.upgrade == true }} @@ -163,6 +165,7 @@ jobs: - name: "Accident analysis" if: failure() run: | + sudo systemctl status nipapd.service sudo cat /etc/nipap/nipap.conf sudo cat /var/log/syslog sudo cat /tmp/nipap.log || true