| rberger | if I have a job that was started with an instance name like "tesla_1" is there a way to be able to say something like "stop on TYPE=tesla"? | 06:25 |
|---|---|---|
| === robbiew1 is now known as robbiew | ||
| SatanClaus | heyho | 15:18 |
| SatanClaus | I want to write an iptables firewall for my laptop and as ubuntu 9.10 uses upstart now, i thought I'd give it a try. | 15:19 |
| SatanClaus | so what I wanted to do was a firewall.conf script which sets up the firewall (basically: allow all out, allow related traffic in)... as it's only a few iptables commands I included it into a script block | 15:20 |
| SatanClaus | then i thought ok, maybe i want to be able to stop the firewall and so i wrote a post-stop script which flushes the iptables and allows everything again | 15:21 |
| SatanClaus | now my problem is that it seems as if the pre-start script, script and post-stop script are executed immediately, so the firewall is setup, but immediately torn down | 15:22 |
| SatanClaus | so, do i have to wait inside the script block? | 15:22 |
| SatanClaus | the task option doesn't change that behaviour, but perhaps there is some other keyword, which tells upstart that the script block is not some daemon, but just some commands that change the system's behaviour | 15:25 |
| SatanClaus | posted it here: http://pastebin.com/f642c88b8 I want to get rid of the "sleep 1d" | 15:28 |
| SatanClaus | oh and yes, i should respawn, but that's as nasty... I never want to restart the firewall if not necessary | 15:29 |
| sadmac2 | SatanClaus: yes, upstart expects to follow a service, so when it detects that your script terminates it figures the service has died and tears it down again | 15:31 |
| sadmac2 | SatanClaus: the solution is to not have a "script" stanza at all. Put your rules in pre-start and your teardown in pre-stop (or post stop. the difference is if its in pre-stop upstart won't say the firewall is off until /after/ it runs the flush. I don't know which behavior is right in this case) | 15:33 |
| SatanClaus | ok, will give it a try... is there any real documentation besides the http://upstart.ubuntu.com stuff? I mean like a proper language specification, etc.? I found Scott's blog entries, but they seem pretty old | 15:35 |
| sadmac2 | SatanClaus: the manpages | 15:36 |
| SatanClaus | read them, but couldn't find respawn documented there | 15:38 |
| SatanClaus | as well as task | 15:38 |
| SatanClaus | cool, works if I move all the setup code into the pre-start script | 15:40 |
| SatanClaus | sadmac: thx | 15:40 |
| SatanClaus | sadmac: another question if you have time: you say that if i move the code into pre-stop it won't say the firewall is off until all flushing is done. Is this because if e.g. it fails during flush, the return command is wrong and upstart assumes that the pre-stop failed, so the "service" is still running? | 15:44 |
| SatanClaus | s/return command/return value/ | 15:44 |
| sadmac2 | SatanClaus: that, and the order of events is: emit starting event, pre-start script, start, emit started event, (running), emit stopping event, pre-stop script, stop, emit stopped event, post-stop script | 15:47 |
| sadmac2 | SatanClaus: so its just a question of where in the lifecycle the flush really goes. | 15:47 |
| SatanClaus | ok, so you're right again, the tear-down should go into the pre-stop script. | 15:51 |
| SatanClaus | if i register some task "foo" to "start on stopping firewall", will that be executed before firewall's pre-stop script or before stop? | 15:53 |
| sadmac2 | before the pre-stop | 15:53 |
| SatanClaus | ok, so analogously my firewall can be "start on starting networking", right? | 15:54 |
| SatanClaus | and does respawn make sense without exec or script stanza? | 15:54 |
| sadmac2 | SatanClaus: respawn specifies behavior when the service crashes. If there's no exec/script that can't happen. | 15:57 |
| SatanClaus | sadmac: thanks a lot again... I just found the ufw.conf, which includes a pretty nice default firewall :-/ | 16:08 |
| sadmac2 | SatanClaus: I don't use ubuntu so I can't help you there :) | 16:08 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!