- edited description
Monit starts stopped services although it is not specified to it
Hi
I use Monit version 5.25.1 on Debian 8.10 (jessie)
I created a simple check for fail2ban, the configuration file /etc/monit/conf.d/fail2ban contains these settings:
check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid
group system
group fail2ban
start program = "/etc/init.d/fail2ban start"
stop program = "/etc/init.d/fail2ban stop"
if failed unixsocket /var/run/fail2ban/fail2ban.sock protocol fail2ban then alert
depend fail2ban_rc
check file fail2ban_rc with path /etc/init.d/fail2ban
group fail2ban
include /etc/monit/templates/rootbin
this check can only be an alarm if unixsocket failed, but if I stop fail2ban (/etc/init.d/fail2ban stop), will Monit try to start it? Why? What for?
monit log:
[+05 Feb 16 14:59:05] error : 'fail2ban' process is not running
[+05 Feb 16 14:59:06] info : 'fail2ban' trying to restart
[+05 Feb 16 14:59:06] info : 'fail2ban' start: '/etc/init.d/fail2ban start'
[+05 Feb 16 15:00:07] info : 'fail2ban' process is running with pid 16352
[+05 Feb 16 15:01:07] info : 'fail2ban' connection succeeded to /var/run/fail2ban/fail2ban.sock
But even after the start fail2ban, when I try to see the status of the service, I'm told Active: inactive (dead)
Why?
And in this state, I can no longer stop fail2ban by using init.d with a script or systemctl (/etc/init.d/fail2ban stop or systemctl stop fail2ban)
# systemctl status fail2ban
● fail2ban.service - LSB: Start/stop fail2ban
Loaded: loaded (/etc/init.d/fail2ban)
Active: inactive (dead) since Fri 2018-02-16 15:14:25 +05; 4min 17s ago
Process: 24861 ExecStop=/etc/init.d/fail2ban stop (code=exited, status=0/SUCCESS)
Process: 23635 ExecStart=/etc/init.d/fail2ban start (code=exited, status=0/SUCCESS)
# /etc/init.d/fail2ban status
● fail2ban.service - LSB: Start/stop fail2ban
Loaded: loaded (/etc/init.d/fail2ban)
Active: inactive (dead) since Fri 2018-02-16 15:14:25 +05; 4min 26s ago
Process: 24861 ExecStop=/etc/init.d/fail2ban stop (code=exited, status=0/SUCCESS)
Process: 23635 ExecStart=/etc/init.d/fail2ban start (code=exited, status=0/SUCCESS)
Comments (7)
-
reporter -
reporter - edited description
-
repo owner Monit process check has an implicit "nonexistence" rule and in the case that the monitored process doesn't exist, it will restart it.
If you check the process using monit, you should stop it via monit ("monit stop fail2ban"), otherwise monit doesn't know the stop is intentional and acts as if the process crashed.
Another option is to override the default nonexistence action (restart), for example:
if does not exist then alert
-
repo owner - changed status to closed
-
reporter I run fail2ban using Monit: monit start fail2ban
The service started, but when tested through
# /etc/init.d/fail2ban status ● fail2ban.service - LSB: Start/stop fail2ban Loaded: loaded (/etc/init.d/fail2ban) Active: inactive (dead) since Fri 2018-02-16 15:14:25 +05; 1h 11min ago Process: 24861 ExecStop=/etc/init.d/fail2ban stop (code=exited, status=0/SUCCESS) Process: 23635 ExecStart=/etc/init.d/fail2ban start (code=exited, status=0/SUCCESS)
Displays Active: inactive (dead), it's wrong!
-
repo owner The problem is most probably in the start/stop program ... please try to use systemctl start/stop instead of /etc/init.d/fail2ban
-
reporter Thanks, now everything works as it should, the final config is as follows:
check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid group system group fail2ban start program = "/bin/systemctl start fail2ban" stop program = "/bin/systemctl stop fail2ban" if does not exist then alert if failed unixsocket /var/run/fail2ban/fail2ban.sock protocol fail2ban then alert depend fail2ban_rc check file fail2ban_rc with path /etc/init.d/fail2ban group fail2ban include /etc/monit/templates/rootbin
- Log in to comment