Debian scripts

[MacLeodMike]

Startup scripts for debian wheezy and jessie.

[mveytsman]

Hey @MacLeodMike, I should finally introduce myself.

Hi!

I will boot up some machines to test these soon, but they look great so far! Thanks.

I saw your email to Phillip in terms of configurable logging. I'll be converting these to github issues (we have some about logging already).

1) The upstart script is very basic. Do we need to do anything specific to get it to the level of the debian scripts you wrote? We need to cover 12.04-15.05. Will we need a systemd script for 15.10?

2) What is next on your plate? Probably should convert it to github issues to keep track of things.

[MacLeodMike]

Hey @mveytsman, nice to meet you!

I pushed a new 'logdir' branch that just changes the logdir const. Configurable is ideal, but for the time being a better default would be good enough.

1) I haven't looked at the upstart script yet really. I'll spin up a ubuntu VM and take a gander at it this evening. The debian scripts look long and complicated, but it's 90% boilerplate. It doesn't do anything more than start and stop the appcanary.

2) I'm looking at CentOS right now. The systemd script appears to work well on CentOS 7, but I'm looking at CentOS 5 and 6, which probably represent the bulk of linux installations in the enterprise.

Bonous! 3) Is there a way to query the status of the appcanary? Something suitable for 'service appcanary status'.

[mveytsman]

Yup,

Check out https://appcanary.com/api/v1/status

FWIW we haven't settled on an error format yet, so the actual response is subject to change...

ᐧ

On Thu, Jul 9, 2015 at 4:42 PM, MacLeodMike notifications@github.com wrote:

Hey @mveytsman https://github.com/mveytsman, nice to meet you!

I pushed a new 'logdir' branch that just changes the logdir const. Configurable is ideal, but for the time being a better default would be good enough.

1) I haven't looked at the upstart script yet really. I'll spin up a ubuntu VM and take a gander at it this evening. The debian scripts look long and complicated, but it's 90% boilerplate. It doesn't do anything more than start and stop the appcanary.

2) I'm looking at CentOS right now. The systemd script appears to work well on CentOS 7, but I'm looking at CentOS 5 and 6, which probably represent the bulk of linux installations in the enterprise.

Bonous! 3) Is there a way to query the status of the appcanary? Something suitable for 'service appcanary status'.

— Reply to this email directly or view it on GitHub https://github.com/appcanary/agent/pull/64#issuecomment-120175435.

[MacLeodMike]

Heh. I actually meant the agent.

[mveytsman]

Ah that makes more sense :)

So there is some debate in the go community about how to daemonize, and as I understand it the general consensus is not to. Instead a management utility should daemonize you. Take a look at http://www.ryanday.net/2012/09/04/the-problem-with-a-golang-daemon/ and the docs of https://github.com/VividCortex/godaemon (this is a daemonization library that tells you to use it only if you Know What You're Doing and need to daemonize).

The upstart script provides status by saving a PID file automatically. We can also drop privs in it (I haven't yet because we need to find a way to be able to get read access to the files the user wants to monitor)

You may be able to the same in the debian scripts and put it in a config directory we control (you can see which ones we set up in the /package/directory).

We can also use daemontools or daemonize to do this stuff for us.

I'm by no means an expert on this stuff and am totally open to changing around the architecture to be a better Unix citizen. What do you think about all this?

[MacLeodMike]

I read the article, and it's not unreasonable, especially on newer platforms with upstart or systemd. On older platforms the toolset becomes much more fragmented. 'nohub /usr/sbin/appcanary > /dev/null 2>&1 &' will work on all platforms, but is kinda dirty.

But at a certain point it's just optics - it'll work just fine, it just looks dirty.

[mveytsman]

That makes sense.

I think it's fair to say that older systems aren't a priority for us right now since we're about timely security updates and stuff like CentOS 5 is on very limited support...