Hi Damien -

    Thanks - the immediate server restart is a bit of a misnomer. The fwknop server runs on a gateway for a small restricted network. Only certain teams are permitted to login during certain times, and I am using fwknop to limit access. I'm running a script to cycle access.conf for different time periods, so I restart the fwknop server periodically to load the new configuration. I'll try to test a bit more. In the interim, I've invoked the fwknop server to run in the foregroud, then use bash to place it into the background as a workaround:

# - - Create script #1
cat > ../script_1.sh << __EOF
    #!/bin/sh
    /sbin/fwknopd -f &
__EOF
chmod 0755../script_1.sh

# - - Create script #2
cat > ../script_2.sh << __EOF
    #!/bin/sh
    /sbin/fwknopd --restart
__EOF
chmod 0755../script_2.sh

# - - Execute above scripts
./script_1.sh
./script_2.sh

Thanks -
Will

On Thu, Sep 16, 2010 at 8:41 PM, Damien S. Stuart - dstuart@dstuart.org <+fwknopmail+miller_2555+3eae1171fb.dstuart#dstuart.org@spamgourmet.com> wrote:
Hi Will,

If you are running these scripts one right after the other, it may be the second script is sending the restart signal to the first one before it has a chance to setup its signal handlers.

The primary reason for the --restart option is to tell a running fwknop server to re-read its configuration and access.conf files, and flush and reset the fwknop firewall rule set.  When started with the --restart option, fwknop simply determines the process ID of the running fwknopd and sends a SIGHUP to it.

When the perl-based fwknopd was called with the --restart option, it will completely kill the currently running fwknopd, then
start a new one.

May I ask why you are starting the daemon, then sending a reconfig signal right away?   I cannot think of any reason this would be necessary.

If you really want to run the two scripts one after the other, you should put a delay (i.e. "sleep 1") in between them.  That should give fwknopd sufficient time to get its signal handlers setup.

Regards,

-Damien


On 09/13/2010 11:25 AM, fwknopmail.20.miller_2555@spamgourmet.com wrote:
Hello -

    Does the fwknop server (v2.0.0rc1) fork off its parent when running such that termination of the parent process does not terminate the child process in which the fwknop server runs?

    I have two `sh` scripts running consecutively in an initrd. The first `sh` script kicks-off the fwknop daemon while the second performs a restart of the daemon. Upon the restart directive, there are no fwknop daemons found running. I had implemented the perl-based fwknop server daemon using the aforementioned setup and the restart directive in the second `sh` script was able to find and restart the fwknop server daemon instantiated in the first `sh` script.

To recreate (simplified):
# - - Create script #1
cat > ../script_1.sh << __EOF
    #!/bin/sh
    /sbin/fwknopd
__EOF
chmod 0755../script_1.sh

# - - Create script #2
cat > ../script_2.sh << __EOF
    #!/bin/sh
    /sbin/fwknopd --restart
__EOF
chmod 0755../script_2.sh

# - - Execute above scripts
./script_1.sh
./script_2.sh

    To test, I amended the second `sh` script by: (i) inserting a debug command to output `ps` into a file, followed by (ii) replacing the restart directive with an invocation of a new fwknop daemon (using the exact same directivesyntax  as given in the first script) and (iii) another debug command to output `ps` into a second file. I also appended the `ps` debug command to the end of the first `sh` script to ensure that it was successfully running. The test did snow successful starts of the fwknop deamon in both instances. However, the fwknop daemon terminates upon termination of the containing `sh`.

Thanks -
WIll
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Fwknop-discuss mailing list Fwknop-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fwknop-discuss