Bug 163825 - security/barnyard2 won't start after db crash
Summary: security/barnyard2 won't start after db crash
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Michael Scheidell
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-01-05 03:50 UTC by Michael Scheidell
Modified: 2012-01-06 22:00 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Scheidell freebsd_committer 2012-01-05 03:50:10 UTC
	if the machine fails, or the db crashes, mysql will be in recovery mode, and barnyard2 won't start:
       (it seems to be ok if mysql-server is started pretty quickly after rc, but if mysql in recovery mode, barnyard2 won't 
start.  

I want to put mysql-server FIRST, but if you check rcorder:


rcorder /etc/rc.d/* /usr/local/etc/rc.d/*
/usr/local/etc/rc.d/barnyard2
/usr/local/etc/rc.d/snort
/etc/rc.d/LOGIN
/usr/local/etc/rc.d/mysql-server

EVEN IF YOU EDIT barnyard2 rc file and put in 'REQUIRE: DAEMON mysql' then won't help the order.
because barnyard2 has BEFORE: LOGIN, and mysql-server has REQUIRE: LOGIN.
(does barnyard2 REALLY need before login)?

Fix: this patch will remove BEFORE: LOGIN if you have any db option, and add the correct REQUIRE: () lines.
        if you have NO db selected, it leaves BEFORE: LOGIN.



______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com/
______________________________________________________________________--0F9mJjGwLEs1RWjb58DmqoB4A18aKYjLAvyRJiT5mBm8u8As
Content-Type: text/plain; name="file.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="file.diff"

Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/security/barnyard2/Makefile,v
retrieving revision 1.11
diff -u -r1.11 Makefile
--- Makefile	23 Sep 2011 22:25:08 -0000	1.11
+++ Makefile	5 Jan 2012 03:37:42 -0000
@@ -37,11 +37,23 @@
 CONFIGURE_ARGS+=	--with-mysql \
 			--with-mysql-includes=${LOCALBASE}/include/mysql \
 			--with-mysql-libraries=${LOCALBASE}/lib/mysql
+SUB_LIST+=		MYSQL=" mysql"
+.else
+SUB_LIST+=		MYSQL=""
 .endif
 
 .if defined(WITH_POSTGRESQL)
 USE_PGSQL=		yes
 CONFIGURE_ARGS+=	--with-postgresql
+SUB_LIST+=		PGSQL=" postgresql"
+.else
+SUB_LIST+=		PGSQL=""
+.endif
+
+.if defined(WITH_POSTGRESQL) || defined(WITH_MYSQL)
+SUB_LIST+=		LOGIN="\# KEYWORD: shutdown" KEYWORD=""
+.else
+SUB_LIST+=		LOGIN="\# BEFORE: LOGIN" KEYWORD="\# KEYWORD: shutdown"
 .endif
 
 .if defined(WITH_SNORT)
Index: files/barnyard2.sh.in
===================================================================
RCS file: /home/pcvs/ports/security/barnyard2/files/barnyard2.sh.in,v
retrieving revision 1.4
diff -u -r1.4 barnyard2.sh.in
--- files/barnyard2.sh.in	12 Oct 2011 00:48:13 -0000	1.4
+++ files/barnyard2.sh.in	5 Jan 2012 03:37:42 -0000
@@ -2,9 +2,9 @@
 # 
 
 # PROVIDE: barnyard2
-# REQUIRE: DAEMON
-# BEFORE: LOGIN
-# KEYWORD: shutdown
+# REQUIRE: DAEMON%%MYSQL%%%%PGSQL%%
+%%LOGIN%%
+%%KEYWORD%%
 
 # Add the following lines to /etc/rc.conf to enable barnyard2:
 # barnyard2_enable (bool):	Set to YES to enable barnyard2
How-To-Repeat: crash mysql pretty badly.
Comment 1 Edwin Groothuis freebsd_committer 2012-01-05 03:50:25 UTC
Responsible Changed
From-To: freebsd-ports-bugs->scheidell

Submitter has GNATS access (via the GNATS Auto Assign Tool)
Comment 2 Edwin Groothuis freebsd_committer 2012-01-05 03:50:27 UTC
Maintainer of security/barnyard2,

Please note that PR ports/163825 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/163825

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 3 Edwin Groothuis freebsd_committer 2012-01-05 03:50:29 UTC
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 4 pauls 2012-01-05 04:25:08 UTC
--On January 4, 2012 9:50:27 PM -0600 Edwin Groothuis <edwin@FreeBSD.org> 
wrote:

> Maintainer of security/barnyard2,
>
> Please note that PR ports/163825 has just been submitted.
>
> If it contains a patch for an upgrade, an enhancement or a bug fix
> you agree on, reply to this email stating that you approve the patch
> and a committer will take care of it.
>
> The full text of the PR can be found at:
>     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/163825
>
> --
> Edwin Groothuis via the GNATS Auto Assign Tool
> edwin@FreeBSD.org

Since REQUIRE does not guarantee that the service will be running, I'm not 
sure this is the best way to solve this problem.  It may be better to have 
a section in the script that checks for the existence of a running 
instance of the db in question.

I'm going to need to think about this one some more before deciding if 
this is the right approach.

Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
Comment 5 Michael Scheidell freebsd_committer 2012-01-05 12:24:35 UTC
I thought about it for a while.
It was a matter of what is the easiest thing to do, with the most impact.
Real solution might be to make barnyard more resilience (but I am 
waiting for barnyard2, version .. that new one with snortsam in it to 
become stable)

So right now, this is a race condition, or chicken or eff thing.
With barnyard2 starting first, as it is now, and mysql-server starting 
later in the rcorder chain, it waits for (x seconds) for an sql 
connection, retrying for a certain amount of time.  If mysql is fine, 
the time it takes for mysql to start is small enough that barnyard 
doesn't exit.
If mysql crashed, and needs to rebuilt itself from logs, it take longer.

This patch removes optionally the BEFORE: LOGIN, which is what prevented 
the 'REQUIRES: *mysql' from moving this up in the start order, based on 
option knob so that mysql-server starts first.  if mysql starts first in 
rcorder, AND IT FAILS, this changes nothing, barnyard2 still won't 
start, but never would.  However, if mysql-server starts first, before 
barnyard2, then it will clean out its logs and transactions and be ready 
for barnyard2.

Not a perfect solution, but,
1, it can't hurt (tm)
2. it was the 'cheapest' solution.

-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
 >*| *SECNAP Network Security Corporation

    * Best Mobile Solutions Product of 2011
    * Best Intrusion Prevention Product
    * Hot Company Finalist 2011
    * Best Email Security Product
    * Certified SNORT Integrator
Comment 6 pauls 2012-01-06 03:02:02 UTC
Michael, the mysql script has # REQUIRE: LOGIN.  I'm wondering if simply 
removing the # BEFORE: LOGIN line from the barnyard2 script wouldn't solve 
the problem.  Optionally, we could also add # REQUIRE: DAEMON mysql 
postgresql, because even if they're not installed the script will still 
start the barnyard2 daemon (if I'm reading rcorder(8) correctly.)

"The ``REQUIRE'' keyword is misleading: It doesn't describe which daemons
     have to be running before a script will be started.  It describes 
which
     scripts must be placed before it in the dependency ordering.  For 
exam-
     ple, if your script has a ``REQUIRE'' on ``named'', it means the 
script
     must be placed after the ``named'' script in the dependency ordering, 
not
     necessarily that it requires named(8) to be started or enabled."

It doesn't really say what happens if the script doesn't exist, so I'm not 
sure adding the REQUIRE option would work in every case.

Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
Comment 7 Michael Scheidell freebsd_committer 2012-01-06 15:07:35 UTC
On 1/5/12 10:02 PM, Paul Schmehl wrote:
> Michael, the mysql script has # REQUIRE: LOGIN.  I'm wondering if 
> simply removing the # BEFORE: LOGIN line from the barnyard2 script 
> wouldn't solve the problem.  Optionally, we could also add # REQUIRE: 
> DAEMON mysql postgresql, because even if they're not installed the 
> script will still start the barnyard2 daemon (if I'm reading 
> rcorder(8) correctly.)
removing # BEFORE: Login only allows barnyard to be considered in normal 
alpha order in ../rc.d/*.  so, it HELPS, but without the REQUIRE: 
(mysql), it would still be before it,

one more thing, rc.shutdown does it in reverse order, so, either my 
original patch, or as you suggested, just take our BEFORE: LOGIN, and 
make the REQUIRE line include all the possible db's/

either should work (still need to take out BEFORE: LOGIN)

my patch would just keep it from complaining (warning).

your port, your choice.

my patch or just remove BEFORE: LOGIN and add mysql postgresql to rc file.
(but then again, if you have BOTH mysql and postgress installed, and 
enabled in rc.conf, barnard would need to wait for both of them, needlessly)

my real time/robotics background always says 'don't like warnings, and 
don't like starting things we dont' need' :-)

-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
 >*| *SECNAP Network Security Corporation

    * Best Mobile Solutions Product of 2011
    * Best Intrusion Prevention Product
    * Hot Company Finalist 2011
    * Best Email Security Product
    * Certified SNORT Integrator
Comment 8 pauls 2012-01-06 21:41:00 UTC
Let's do this, then.  Retain the code you provided, but remove BEFORE: 
LOGIN entirely.  There's really no need for it.  Then your changes would 
simply add REQUIRE: the appropriate db based on the OPTIONS KNOBS.

Sound reasonable?

-- 
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/infosecurity/
Comment 9 Michael Scheidell freebsd_committer 2012-01-06 21:53:43 UTC
State Changed
From-To: feedback->closed

Thanks Paul!
Comment 10 dfilter service freebsd_committer 2012-01-06 21:53:45 UTC
scheidell    2012-01-06 21:53:32 UTC

  FreeBSD ports repository

  Modified files:
    security/barnyard2   Makefile 
    security/barnyard2/files barnyard2.sh.in 
  Log:
  - Selectivly adds mysql/and/or postgresql to rc script 'REQUIRES:'
  
  PR:             ports/163825
  Submitted by:   scheidell
  Approved by:    pauls@utdallas.edu (maintainer), gabor (mentor, implicit)
  
  Revision  Changes    Path
  1.12      +6 -0      ports/security/barnyard2/Makefile
  1.5       +1 -3      ports/security/barnyard2/files/barnyard2.sh.in
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"