Project

General

Profile

Actions

Bug #2189

closed

PID file removal at shutdown broken on 4.0.0-rc2

Added by Duane Howard over 7 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

I can reproduce this behavior on two test machines, two variables in play seem to be a custom pid-file name, and running in Daemon + socket mode.
This did not appear to occur on 3.2.X
This seems to occur if I kill by SIGTERM directly, but also by sending a 'shutdown' command to the socket.

@# Configuration bits
CONF=/etc/suricata/suricata-socket.yaml
SOCKET=/var/run/suricata/suricata-test-command.socket
SURICATA=/usr/bin/suricata
SURICATASC=/usr/bin/suricatasc

root@suricata-test:# grep suricata-test.pid $CONF
pid-file: /var/run/suricata-test.pid

# Start suricata in unix-socket/daemon mode
root@suricata-test:# "$SURICATA" -c "$CONF" --unix-socket -D
20/7/2017 -- 14:24:05 - <Notice> - This is Suricata version 4.0.0-rc2 RELEASE
20/7/2017 -- 14:24:05 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata-test.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata-test.pid. Aborting!

# send SIGTERM to process in question:
root@suricata-test:# kill 97554

# suricata-test.pid is still on disk.
root@suricata-test:# ls -la /var/run/suricata-test.pid
-rw-r----- 1 root root 6 Jul 20 14:25 /var/run/suricata-test.pid

# remove it and suricata starts fine.
root@suricata-test:# rm /var/run/suricata-test.pid
root@suricata-test:# "$SURICATA" -c "$CONF" --unix-socket -D
20/7/2017 -- 14:27:19 - <Notice> - This is Suricata version 4.0.0-rc2 RELEASE

# try killing via shutdown command on socket
root@suricata-test:# $SURICATASC $SOCKET                                                                                            
Command list: shutdown, command-list, help, version, uptime, running-mode, capture-mode, conf-get, dump-counters, reload-rules, register-tenant-handler, unregister-tenant-handler, register-tenant, reload-tenant, unregister-tenant, add-hostbit, remove-hostbit, list-hostbit, pcap-file, pcap-file-number, pcap-file-list, pcap-current, quit
>>> version
Success:
"4.0.0-rc2 RELEASE" 
>>> shutdown
Success:
"Closing Suricata" 

# suricata-test.pid is still on disk again
root@suricata-test:# ls -la /var/run/suricata-test.pid
-rw-r----- 1 root root 6 Jul 20 14:27 /var/run/suricata-test.pid

# Suricata fails to start with same error. Remove file, and all is well again though.
root@suricata-test:# "$SURICATA" -c "$CONF" --unix-socket -D
20/7/2017 -- 14:31:35 - <Notice> - This is Suricata version 4.0.0-rc2 RELEASE
20/7/2017 -- 14:31:35 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata-test.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata-test.pid. Aborting!
root@suricata-test:# rm /var/run/suricata-test.pid
root@suricata-test:# "$SURICATA" -c "$CONF" --unix-socket -D                                                                        
20/7/2017 -- 14:44:17 - <Notice> - This is Suricata version 4.0.0-rc2 RELEASE@

Files

suricata (4.16 KB) suricata /etc/init.d/suricata Dylan Walter, 11/06/2019 04:37 PM
Actions

Also available in: Atom PDF