Open
Description
What happened?
When one stops the crowdsec-firewall-bouncer.service, the Systemd global status is left in "degraded" state because the crowdsec-firewall-bouncer exits with exit code 1 when it receives SIGTERM or SIGINT.
What did you expect to happen?
When stopping the crowdsec-firewall-bouncer, the global Systemd state should not be "degraded" and the crowdsec-firewall-bouncer service should not be left in failed state.
How can we reproduce it (as minimally and precisely as possible)?
- Stop the Systemd
crowdsec-firewall-bouncerservice:
# systemctl stop crowdsec-firewall-bouncer.service- Check the Systemd "global" status and notice that the state is "degraded":
# systemctl status
● srv
State: degraded
Jobs: 0 queued
Failed: 1 units
[...]- Check details of the failed service and notice that it is the
crowdsec-firewall-bouncerthat causes the global state to be "degraded":
# systemctl --failed
UNIT LOAD ACTIVE SUB DESCRIPTION
● crowdsec-firewall-bouncer.service loaded failed failed The firewall bouncer for CrowdSec
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
1 loaded units listed.- Check details of the
crowdsec-firewall-bouncerservice and notice that the service is failed because it exited with exit code 1 when it received SIGTERM:
# systemctl status crowdsec-firewall-bouncer.service
● crowdsec-firewall-bouncer.service - The firewall bouncer for CrowdSec
Loaded: loaded (/etc/systemd/system/crowdsec-firewall-bouncer.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2025-03-06 08:59:29 CET; 6min ago
Process: 724 ExecStart=/usr/bin/crowdsec-firewall-bouncer -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml (code=exited, status=1/FAILURE)
Main PID: 724 (code=exited, status=1/FAILURE)
mars 06 08:56:00 srv systemd[1]: Starting The firewall bouncer for CrowdSec...
mars 06 08:56:00 srv crowdsec-firewall-bouncer[631]: time="2025-03-06T08:56:00+01:00" level=info msg="Loading yaml file: '/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml' with additional values from '/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml.local'"
mars 06 08:56:04 srv crowdsec-firewall-bouncer[724]: time="2025-03-06T08:56:04+01:00" level=info msg="Loading yaml file: '/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml' with additional values from '/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml.local'"
mars 06 08:56:06 srv systemd[1]: Started The firewall bouncer for CrowdSec.
mars 06 08:59:27 srv systemd[1]: Stopping The firewall bouncer for CrowdSec...
mars 06 08:59:29 srv crowdsec-firewall-bouncer[724]: time="2025-03-06T08:59:29+01:00" level=fatal msg="process terminated with error: received SIGTERM"
mars 06 08:59:29 srv systemd[1]: crowdsec-firewall-bouncer.service: Main process exited, code=exited, status=1/FAILURE
mars 06 08:59:29 srv systemd[1]: crowdsec-firewall-bouncer.service: Failed with result 'exit-code'.
mars 06 08:59:29 srv systemd[1]: Stopped The firewall bouncer for CrowdSec.Anything else we need to know?
No response
version
remediation component version:
$ crowdsec-firewall-bouncer --version
version: v0.0.31-debian-pragmatic-amd64-4b99c161b2c1837d76c5fa89e1df83803dfbcc87
BuildDate: 2024-09-26_12:15:22
GoVersion: 1.22.2
Platform: linuxcrowdsec version
crowdsec version:
N/A
OS version
# On Linux:
$ cat /etc/os-release
NAME="Ubuntu"
VERSION="20.04.6 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.6 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
$ uname -a
Linux srv 5.4.0-208-generic #228-Ubuntu SMP Fri Feb 7 19:41:33 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux