Bernhard Schmidt wrote... > Sure, feel free to push directly into the salsa repository and upload.
Well, although I probably could (salsa and I aren't friends yet), I'd
prefer some review and tests first.
So, patch attached.
Christoph, old-school
diff --git a/debian/changelog b/debian/changelog
index 9a049a5..0c09722 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+nfdump (1.6.17-1.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Add support for multiple instance, also eases support for
+ differing configuration. Closes: #644632, #843602
+
+ -- Christoph Biedl <debian.a...@manchmal.in-ulm.de> Sat, 22 Sep 2018 21:21:43 +0200
+
nfdump (1.6.17-1) unstable; urgency=medium
* [2216e879] New upstream version 1.6.17
diff --git a/debian/default.conf b/debian/default.conf
new file mode 100644
index 0000000..c7c81e5
--- /dev/null
+++ b/debian/default.conf
@@ -0,0 +1,28 @@
+
+# default configuration for nfcapd
+
+# The cache directory
+#
+# In a single-instance setup, there's nothing to configure here.
+# In a multi-instance setup, you must either make sure the cache
+# directory used is created by other means - or configure it here,
+# it will be created upon start then, optionally ownership changed to
+# the given user and group (default: root:root).
+#
+#cache_directory=/var/cache/nfdump
+#user=root
+#group=root
+
+# Options for this nfcapd instance, see nfcapd(1)
+#
+# Caveats:
+# - You must define a base directory (-l or -M), this is *not* checked.
+# - When using -l for the cache directory, you must give each instance
+# a separate directory, else all but the first instance will not
+# start.
+# - Any cache_dir, user and group values defined above needs to be
+# repeated here in an according option (-l/-M, -u, -g).
+# Remember, shell expandsion will not work when using systemd.
+# - Do not use the -D and -P options, they are already set internally.
+#
+options='-l /var/cache/nfdump -p 2055'
diff --git a/debian/nfdump-generator b/debian/nfdump-generator
new file mode 100755
index 0000000..88841a3
--- /dev/null
+++ b/debian/nfdump-generator
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -eu
+
+SERVICEFILE="/lib/systemd/system/nfdump@.service"
+WANTDIR="$1/nfdump.service.wants"
+
+CONFIG_DIR=/etc/nfdump/
+
+if [ -d "$CONFIG_DIR" ] ; then
+ mkdir -p "$WANTDIR"
+ cd "$CONFIG_DIR"
+ for CONFIG in *.conf ; do
+ [ -f "$CONFIG" ] || continue
+ INSTANCE="$(systemd-escape "${CONFIG%%.conf}")"
+ LINK="$WANTDIR/nfdump@$INSTANCE.service"
+
+ sh -n "$CONFIG_DIR$CONFIG" 2>/dev/null || continue
+
+ cache_dir=
+ user=
+ group=
+ options=
+
+ . "$CONFIG_DIR$CONFIG"
+
+ [ "$options" ] || continue
+ if [ "$cache_dir" ] ; then
+ mkdir -p "$cache_dir"
+ if [ "$user" ] && [ "$group" ] ; then
+ chown "$user:$group" "$cache_dir"
+ elif [ "$user" ] ; then
+ chown "$user" "$cache_dir"
+ fi
+ fi
+
+ ln -s "$SERVICEFILE" "$LINK"
+ done
+fi
+
+exit 0
diff --git a/debian/nfdump.init b/debian/nfdump.init
index fb64ad5..82e6006 100644
--- a/debian/nfdump.init
+++ b/debian/nfdump.init
@@ -1,158 +1,176 @@
-#! /bin/sh
+#!/bin/sh
+
### BEGIN INIT INFO
-# Provides: nfcapd
-# Required-Start: $remote_fs $network
-# Required-Stop: $remote_fs
+# Provides: netflow capture daemon
+# Required-Start: $network $remote_fs $syslog
+# Required-Stop: $network $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
-# Short-Description: netflow capture daemon
-# Description: nfcapd is the netflow capture daemon of the nfdump tools.
+# Short-Description: Flow-based network traffic analyser
+# Description: Manage all nfcapd instanaces defined in
+# /etc/nfdump/*.conf
### END INIT INFO
-# Author: Erik Wenzel <e...@debian.org>
-
-# Do NOT "set -e"
-
-# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
-DESC="netflow capture daemon"
NAME=nfcapd
-DAEMON=/usr/bin/$NAME
-DATA_BASE_DIR="/var/cache/nfdump"
-PIDFILE=/var/run/$NAME.pid
-DAEMON_ARGS="-D -l $DATA_BASE_DIR -P $PIDFILE"
-SCRIPTNAME=/etc/init.d/nfdump
+DESC='Netflow capture daemon'
+NFCAPD='/usr/bin/nfcapd'
+PIDDIR="/var/run/$NAME/"
-# Exit if the package is not installed
-[ -x "$DAEMON" ] || exit 0
+[ -x "$NFCAPD" ] || exit 0
-# Read configuration variable file if it is present
-[ -r /etc/default/nfdump ] && . /etc/default/nfdump
+mkdir -p "$PIDDIR"
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
-# Define LSB log_* functions.
-# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+# Define LSB functions
. /lib/lsb/init-functions
+# Start a nfcapd instance
#
-# Function that starts the daemon/service
-#
-do_start()
-{
- # Don't start daemon in this mode. Defined in /etc/default/nfdump
- if [ x"$nfcapd_start" = xno ]
- then
- [ "$VERBOSE" != no ] && log_warning_msg "nfdump daemon not enabled in /etc/default/nfdump, not starting..."
- return 0
- fi
- # Return
- # 0 if daemon has been started
- # 1 if daemon was already running
- # 2 if daemon could not be started
- start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
- || return 1
- start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
- $DAEMON_ARGS \
- || return 2
- # Add code here, if necessary, that waits for the process to be ready
- # to handle requests from services started subsequently which depend
- # on this one. As a last resort, sleep for some time.
+# Return
+# 0 if daemon has been started
+# 1 if daemon was already running
+# 2 if daemon could not be started
+do_start () {
+ local INSTANCE="$1"
+ local CONFIG="$2"
+
+ sh -n "$CONFIG" 2>/dev/null || return 2
+
+ cache_dir=
+ user=
+ group=
+ options=
+
+ . "$CONFIG"
+
+ [ "$options" ] || return 2
+
+ if [ "$cache_dir" ] ; then
+ mkdir -p "$cache_dir"
+ if [ "$user" ] && [ "$group" ] ; then
+ chown "$user:$group" "$cache_dir"
+ elif [ "$user" ] ; then
+ chown "$user" "$cache_dir"
+ fi
+ fi
+
+ local PIDFILE="$PIDDIR$INSTANCE.pid"
+ start-stop-daemon --start --quiet \
+ --pidfile "$PIDFILE" --exec "$NFCAPD" --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet \
+ --pidfile "$PIDFILE" \
+ --exec "$NFCAPD" -- \
+ -D -P "$PIDFILE" \
+ $options \
+ || return 2
+ sleep 1
+ start-stop-daemon --start --quiet \
+ --pidfile "$PIDFILE" --exec "$NFCAPD" --test > /dev/null \
+ && return 2
}
+# Stop a nfcapd instance
#
-# Function that stops the daemon/service
-#
-do_stop()
-{
- # Return
- # 0 if daemon has been stopped
- # 1 if daemon was already stopped
- # 2 if daemon could not be stopped
- # other if a failure occurred
- start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
- RETVAL="$?"
- [ "$RETVAL" = 2 ] && return 2
- # Wait for children to finish too if this is a daemon that forks
- # and if the daemon is only ever run from this initscript.
- # If the above conditions are not satisfied then add some other code
- # that waits for the process to drop all resources that could be
- # needed by services started subsequently. A last resort is to
- # sleep for some time.
- #
- # Disabled second call, because is kills nfsen controlled nfcapd
- #start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
- #[ "$?" = 2 ] && return 2
- # Many daemons don't delete their pidfiles when they exit.
- rm -f $PIDFILE
- return "$RETVAL"
+# Return
+# 0 if daemon has been stopped
+# 1 if daemon was already stopped
+# 2 if daemon could not be stopped
+# other if a failure occurred
+do_stop () {
+ local INSTANCE="$1"
+
+ local PIDFILE="$PIDDIR/$INSTANCE.pid"
+ start-stop-daemon --stop --quiet \
+ --retry=TERM/30/KILL/5 --pidfile "$PIDFILE" --name "$NAME"
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f "$PIDFILE"
+ return "$RETVAL"
}
-#
-# Function that sends a SIGHUP to the daemon/service
-#
-do_reload() {
- #
- # If the daemon can reload its configuration without
- # restarting (for example, when it is sent a SIGHUP),
- # then implement that here.
- #
- start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
- return 0
+EXIT=0
+
+do_action () {
+ local CONFIG="$1"
+
+ INSTANCE="$(basename "${CONFIG%%.conf}")"
+
+ case "$ACTION" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$INSTANCE"
+ do_start "$INSTANCE" "$CONFIG"
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2)
+ [ "$VERBOSE" != no ] && log_end_msg 1
+ EXIT=1
+ ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$INSTANCE"
+ do_stop "$INSTANCE"
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2)
+ [ "$VERBOSE" != no ] && log_end_msg 1
+ EXIT=1
+ ;;
+ esac
+ ;;
+ status)
+ status_of_proc -p "$PIDDIR/$INSTANCE.pid" "$NFCAPD" "nfcapd $INSTANCE instance" || EXIT=$?
+ ;;
+ restart|force-reload)
+ log_daemon_msg "Restarting $DESC" "$INSTANCE"
+ do_stop "$INSTANCE"
+ case "$?" in
+ 0|1)
+ do_start "$INSTANCE" "$CONFIG"
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ *)
+ # Old process is still running or
+ # failed to start
+ log_end_msg 1 ;;
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ echo "Usage: /etc/init.d/nfdump {start|stop|status|restart|force-reload} [<instance> ...]" >&2
+ exit 3
+ ;;
+ esac
}
-case "$1" in
- start)
- [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
- do_start
- case "$?" in
- 0|1) [ q"$VERBOSE" != qno ] && log_end_msg 0 ;;
- 2) [ p"$VERBOSE" != pno ] && log_end_msg 1 ;;
- esac
- ;;
- stop)
- [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
- do_stop
- case "$?" in
- 0|1) [ "r$VERBOSE" != rno ] && log_end_msg 0 ;;
- 2) [ "s$VERBOSE" != sno ] && log_end_msg 1 ;;
- esac
- ;;
- #reload|force-reload)
- #
- # If do_reload() is not implemented then leave this commented out
- # and leave 'force-reload' as an alias for 'restart'.
- #
- #log_daemon_msg "Reloading $DESC" "$NAME"
- #do_reload
- #log_end_msg $?
- #;;
- restart|force-reload)
- #
- # If the "reload" option is implemented then remove the
- # 'force-reload' alias
- #
- log_daemon_msg "Restarting $DESC" "$NAME"
- do_stop
- case "$?" in
- 0|1)
- do_start
- case "$?" in
- 0|1) log_end_msg 0 ;;
- *) log_end_msg 1 ;; # Failed to start
- esac
- ;;
- *)
- # Failed to stop
- log_end_msg 1
- ;;
- esac
- ;;
- *)
- #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
- echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
- exit 3
- ;;
-esac
-exit 0
+
+ACTION="$1"
+shift
+
+if [ "$1" ] ; then
+ while [ "$1" ] ; do
+ CONFIG="/etc/nfdump/$1.conf"
+ if [ -f "$CONFIG" ] ; then
+ do_action "$CONFIG"
+ fi
+ shift
+ done
+else
+ for CONFIG in /etc/nfdump/*.conf ; do
+ if [ -f "$CONFIG" ] ; then
+ do_action "$CONFIG"
+ fi
+ done
+fi
+
+exit $EXIT
diff --git a/debian/nfdump.install b/debian/nfdump.install
index df0bc5d..8348ff7 100644
--- a/debian/nfdump.install
+++ b/debian/nfdump.install
@@ -1,2 +1,4 @@
usr/bin/nf*
usr/share/man/man1/nf*
+debian/default.conf etc/nfdump/
+debian/nfdump-generator lib/systemd/system-generators/
diff --git a/debian/nfdump.maintscript b/debian/nfdump.maintscript
new file mode 100644
index 0000000..9bb37a3
--- /dev/null
+++ b/debian/nfdump.maintscript
@@ -0,0 +1 @@
+rm_conffile /etc/default/nfdump 1.6.17-2~
diff --git a/debian/nfdump.service b/debian/nfdump.service
index 6d7001e..0183ccf 100644
--- a/debian/nfdump.service
+++ b/debian/nfdump.service
@@ -1,14 +1,13 @@
[Unit]
Description=netflow capture daemon
-After=network.target auditd.service
+Documentation=man:nfcapd(1)
+Documentation=man:softflowd(8)
[Service]
-Type=simple
-ExecStart=/usr/bin/nfcapd -D -l /var/cache/nfdump -P /var/run/nfcapd.pid -p 2055
-PIDFile=/var/run/nfcapd.pid
-KillMode=process
-Restart=no
+Type=oneshot
+ExecStart=/bin/true
+ExecReload=/bin/true
+RemainAfterExit=on
[Install]
WantedBy=multi-user.target
-
diff --git a/debian/nfdump@.service b/debian/nfdump@.service
new file mode 100644
index 0000000..9cd9269
--- /dev/null
+++ b/debian/nfdump@.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=netflow capture daemon, %I instance
+Documentation=man:nfcapd(1)
+After=network.target auditd.service
+PartOf=nfdump.service
+
+[Service]
+Type=forking
+EnvironmentFile=/etc/nfdump/%I.conf
+ExecStart=/usr/bin/nfcapd -D -P /run/nfcapd.%I.pid $options
+PIDFile=/run/nfcapd.%I.pid
+KillMode=process
+Restart=no
+
+[Install]
+WantedBy=multi-user.target
signature.asc
Description: PGP signature
