From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <development+bounces-92-archive=lists.ipfire.org@lists.ipfire.org>
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZK27F6BDwz333G
	for <archive@lists.ipfire.org>; Fri, 21 Mar 2025 12:38:49 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature RSA-PSS (4096 bits))
	(Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZK27B1kwlz32mP
	for <development@lists.ipfire.org>; Fri, 21 Mar 2025 12:38:46 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZK2790FpDz5jx;
	Fri, 21 Mar 2025 12:38:44 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1742560725;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=1+GDBn6FfvosYFUZPrHUkyeoaGbaHVjJ83Qou+F+r6o=;
	b=seyartYLVD7RdeNuaeJrrnXKG7XSB05qb3Gqn0a1SRg6GpotaCmZAvoSUDPRo5znaCb8Z1
	yhFqLOm4BasNakAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa;
	t=1742560725;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=1+GDBn6FfvosYFUZPrHUkyeoaGbaHVjJ83Qou+F+r6o=;
	b=DDz1s8ODrZSuODji56XBvsItTA/DeZL3vNKkdRborGJmizq5gwExYqS/mEmamrzUixTH26
	HKqT0k9YIQ8yT0PjSNnow267ZUHi6E8nPQrbD9CEkdqgWezaqiWhwbf/9CoJWA3S6NAz8O
	u87caev8GYprEHPsHrCn+HW8GvEaONH8BkKHVv/Iywv7z8Aynh3uqjl13uRc9lCJfi9k2D
	X+Js7x/E5kvDmTUIzBZoh9JJCQT9Sa7sKifXuIeKZFhIbPAoa/O8XVXE3O32OLvV7XKKhk
	qo0vl9symguPXBtuIvCGdbnoGn/66Bj7NiOjQ4Yu3pEUTPJIIxtSEea5zps8Ig==
Content-Type: text/plain;
	charset=us-ascii
Precedence: list
List-Id: <development.lists.ipfire.org>
List-Subscribe: <https://lists.ipfire.org/>,
 <mailto:development+subscribe@lists.ipfire.org?subject=subscribe>
List-Unsubscribe: <https://lists.ipfire.org/>,
 <mailto:development+unsubscribe@lists.ipfire.org?subject=unsubscribe>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development+help@lists.ipfire.org?subject=help>
Sender: <development@lists.ipfire.org>
Mail-Followup-To: <development@lists.ipfire.org>
Mime-Version: 1.0
Subject: Re: [PATCH 1/3] collectd: Fixes bug13832 - uncomments include openvpn
 plugin only if openvpn is running
From: Michael Tremer <michael.tremer@ipfire.org>
In-Reply-To: <4f4ea978-6d49-4c6e-9870-6bdb61650c73@ipfire.org>
Date: Fri, 21 Mar 2025 12:34:20 +0000
Cc: "IPFire: Development-List" <development@lists.ipfire.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A2DB6E02-0527-4DAE-8949-4C202DBAE62E@ipfire.org>
References: <20250317195123.2092-1-adolf.belka@ipfire.org>
 <E015E62B-B561-4CBC-9C19-588F83D343A5@ipfire.org>
 <4f4ea978-6d49-4c6e-9870-6bdb61650c73@ipfire.org>
To: Adolf Belka <adolf.belka@ipfire.org>

Hello,

> On 19 Mar 2025, at 17:09, Adolf Belka <adolf.belka@ipfire.org> wrote:
>=20
> Hi Michael,
>=20
> On 19/03/2025 16:56, Michael Tremer wrote:
>> Hello Adolf,
>> In this patch you are checking whether OpenVPN is actually running.
>> Should we not check whether it is enabled? That would avoid any kind =
of races that we might see when collectd is being started before =
OpenVPN.
>=20
> I did look at the enabled bit first but for a new OpenVPN =
installation, you could end up with OpenVPN enabled but the Server not =
started for the first time.
>=20
> In that case the /var/run/ovpnserver.log file would still be empty and =
so you would get the error messages that flagged up the problem in the =
first place.

Yes, I assume so, but I thought this was a better and more robust option =
than the other way around?

> The ovpnserver.log gets its contents defined when the server is =
started and not when it is enabled but not started.
>=20
> Once the OpenVPN server has been started once then the ovpnserver.log =
file contents satisfy collectd and those contents stay there even if the =
OpenVPN server is stopped and disabled.
>=20
> So the other option could be to fill the required contents into =
ovpnserver.log, when red, or blue or orange are enabled and before the =
server is started.
> If that change was made then the include openvpn plugin line in =
collectd.conf could be uncommented based on at least one of the enable =
options being selected.
>=20
> Should I look at doing the approach of filling the ovpnserver.log with =
its contents when the openvpn server is enabled on at least one of the =
interfaces specified.

Just write some dummy data into it? Possible, but again seems to be a =
workaround rather than a fix.

Should we not try to upstream the change that at least nothing is being =
logged whenever the file exists but is empty?

> What I don't know is when the openvpn server is running and the =
openvpn plugin is loaded, are there any issues or error messages when =
the user does not yet have any client connections defined.
> I didn't find any when I tested it out on a vm system with the =
root/host certificate set created, the openvpn server enabled on red, =
the openvpn server started and the openvpn plugin uncommented in the =
collectd.conf file but with no client configurations created yet so I =
don't believe there should be any problem.
>=20
> Regards,
> Adolf.
>=20
>> -Michael
>>> On 17 Mar 2025, at 19:51, Adolf Belka <adolf.belka@ipfire.org> =
wrote:
>>>=20
>>> - Added code to check if openvpn.pid exists and only then uncomment =
the include openvpn
>>>   plugin line in collectd.conf
>>> - Tested out on my vm testbed and the include openvpn plugin line in =
collectd.conf is
>>>   only uncommented if the openvpn server is run ning and has a pid.
>>>=20
>>> Fixes: Bug13832
>>> Tested-by: Adolf Belka <adolf.belka@ipfire.org>
>>> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
>>> ---
>>> src/initscripts/system/collectd | 7 +++++++
>>> 1 file changed, 7 insertions(+)
>>>=20
>>> diff --git a/src/initscripts/system/collectd =
b/src/initscripts/system/collectd
>>> index 263511fc7..f86b64e9d 100644
>>> --- a/src/initscripts/system/collectd
>>> +++ b/src/initscripts/system/collectd
>>> @@ -143,6 +143,13 @@ case "$1" in
>>> sed -i -e "s|^#LoadPlugin swap|LoadPlugin swap|g" /etc/collectd.conf
>>> fi
>>>=20
>>> + # Enable openvpn plugin if openvpn.pid found
>>> + if [ ! -e /var/run/openvpn.pid ]; then
>>> + sed -i -e 's|^include "/etc/collectd.vpn"$|#include =
"/etc/collectd.vpn"|g' /etc/collectd.conf
>>> + else
>>> + sed -i -e 's|^#include "/etc/collectd.vpn"$|include =
"/etc/collectd.vpn"|g' /etc/collectd.conf
>>> + fi
>>> +
>>> if [ $(date +%Y) -gt 2011 ]; then
>>> boot_mesg "Starting Collection daemon..."
>>> /usr/sbin/collectd -C /etc/collectd.conf
>>> --=20
>>> 2.49.0
>>>=20
>>>=20
>=20