Jail: /var/run/

[JoeB]

I have noticed that if openvpn fails to start because of an invalid password or something, it doesn't delete the openvpn.pid file in the /var/run/ folder.

Is this the intended behaviour? Is the /var/run/*.pid files in the folder a reliable way to determine if a process is running?

Some background: Via a cron - sh script, i'm checking the IP address of a jail and if it's the same as my ISP-issued static IP address, i'm stopping and starting the openvpn service.
I'm reading the PID file to determine if i need to stop the service before starting it. Problem is the PID file exists but the service is not running, therefore openvpn reports an error that then gets emailed to me via cron; I work up this morning to 60 emails from cron !

 

[Stux]

Shouldn't you check for the PID with process name in the process list?

 

[JoeB]

Guys, this is an old thread but due to my limited knowledge with scripting, i've learned to live with my issue around the script, but i really need to fix it.

So I have a script that runs every 5 mins via cron. No issue there.

Openvpn disconnects all the time (i think my vpn provider kicks me every so often for some strange reason, so i have this script to detect that, and restart openVPN.

The script checks if openvpn is running by comparing my ISP-assigned IP address with the current IP address in use in the jail, via a call to ipecho.net
If the jail is using my ISP's IP ( the 'banned IP' in the script ), it restarts openvpn, since openvpn isnt working for some reason.



But there is a problem with my script, whereby it cant detect openvpn is already running for some reason, so restarts it, again and again and again, sometimes opening so many instances that the server just saturates and I have to restart it (as the gui cant then be used to restart the jail in question).

So can anyone see why this would happen?, script below..

Code:

Call this script like this:
jexec JAIL_NAME	/bin/sh .//mnt/vpn-common/checkip.sh ISP_ISSUED_IP_ADDRESS "wget -qO - http://ipecho.net/plain"


#!/bin/sh
echo

#
# This script checks that a banned IP is not in use in the jail.
# If it is in use, then it's not a VPN IP so the script stops openvpn
# and restarts it.
#
# Issues: 
# The script fails to stop openvpn and just restarts it every time this script
# is called, which is cron 5 mins, dammit. Result is hundreds of openvpn instances
# and a freenas box that is totally useless as CPU is then 100%.
#

# Params:
#	[ IP ADDRESS ]									 The banned IP
#	[ URL used to get the jail's IP address ]		A URL that returns the jail's IP
#

if [ "$(id -u)" != "0" ]; then
  echo "Error: You're not root"
  echo "Exiting..."
  exit 1
fi

if [ -z "$1" ]; then
	echo "Error: Banned IP address missing"
	echo "Exiting..."
	exit 1
fi

if [ -z "$2" ]; then
	echo "Error: IP wget method missing, note the quotes, e.g."
	echo "e.g. \"wget -qO - http://ipecho.net/plain\""
	echo "Exiting..."
	echo
	exit 1
fi

#enter the ip address that is not allowed.
DONTUSE_IP="$1"

#enter a command that gets your ip address.
FETCH_METHOD="$2"

# -----------------------------------------------------------------

CURRECT_IP=$(`echo ${FETCH_METHOD}`)

echo "FETCH_METHOD: ${FETCH_METHOD}"
echo "DONTUSE_IP:   ${DONTUSE_IP}"
echo "CURRECT_IP:   ${CURRECT_IP}"

openvpnPID=""
if [ -f "/var/run/openvpn.pid" ]; then
	openvpnPID=`cat /var/run/openvpn.pid`
	echo "openvpn.pid = ${openvpnPID}"
fi

if [ "$CURRECT_IP" == "$DONTUSE_IP" ]; then

		#Stop the VPN: 
		/usr/local/etc/rc.d/openvpn stop
	sleep 5

	#Start the VPN: 
	/usr/local/etc/rc.d/openvpn start
	echo "Waiting 10 seconds..."
	sleep 10

	CURRECT_IP=$(`echo ${FETCH_METHOD}`)
   
	if [ "$CURRECT_IP" == "$DONTUSE_IP" ]; then
		echo "Still a problem"
		echo "Exiting..."
	fi
	
else
	echo "All looks good."
	echo "Exiting..."
fi