source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/share/ndg-gk @ 2369

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/share/ndg-gk@2369
Revision 2369, 5.1 KB checked in by pjkersha, 13 years ago (diff)

ndg.security.*/setup.py: updated to versino 0.7.3 to ensure eggs will be picked on top of an existing installation containing vers. 0.7.2

ndg.security.server/ndg/security/server/share/ndg-aa: (+ other scripts built from makefile) simplified pid file setting - no need to deal with
permission for /var/run dir. twistd enables write of pid file as root.

  • Property svn:executable set to *
Line 
1#!/bin/bash
2#
3# SysV init script for NDG Security Gatekeeper
4#
5# P J Kershaw
6#
7# 13/06/06
8#
9# Copyright (C) 2006 CCLRC & NERC
10#
11# This software may be distributed under the terms of the Q Public License,
12# version 1.0 or later.
13#
14# chkconfig: 2345 99 01
15# description: NERC Data Grid Security Gatekeeper Web Service
16#
17# $Id:$
18
19# Source function library.
20. /etc/rc.d/init.d/functions
21
22# Edit "uid", "prefixDir", "srvSubDir" and "tacFilePath" variables as
23# required
24uid="globus"
25gid="globus"
26
27# Set path to Twisted 'tac' file - use prefixDir + srvSubDir combination or
28# set tacFilePath directly
29prefixDir=$(dirname $(dirname $(type -p python)))
30srvSubDir=lib/site-packages/ndg/security/server/Gatekeeper
31tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac
32
33# Set a specific location for the properties file if required
34#export NDGSEC_AA_PROPFILEPATH=
35
36serviceName=${0##*/}
37
38# Write PID file to /tmp initially as uid of twistd process may not have
39# write permission on /var/run.  Move file from /tmp to /var/run as root -
40# see below ...
41pidFilePath=/var/run/${serviceName}.pid
42
43# Command line args e.g. set alternative port number or configuration file
44# path.  Note security consideration that these args will appear in a ps
45# process listing
46prog=/usr/local/NDG/bin/twistd
47
48# Specify python for status() to search when looking for an existing process
49# running
50statCheckProg=/usr/local/NDG/bin/python
51
52args="-u ${uid} -g ${gid} --syslog --prefix=${serviceName} \
53--pidfile=${pidFilePath} -oy ${tacFilePath}"
54cmd="${prog} ${args}"
55
56RETVAL=0
57
58
59start()
60{
61    echo -n "Starting ${serviceName}: "
62   
63    # See if it's already running. Look *only* at the pid file.
64    local pid=
65    if [ -f ${pidFilePath} ]; then
66        local line p
67        read line < ${pidFilePath}
68        for p in $line ; do
69            [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
70        done
71    fi
72
73    [ -n "${pid:-}" ] && return
74
75    # Make sure it doesn't core dump anywhere; while this could mask
76    # problems with the daemon, it also closes some security problems
77    ulimit -S -c 0 >/dev/null 2>&1
78
79    if [ ! -f ${tacFilePath} ]; then
80        failure $"Path to python .tac file not found:"
81        return
82    fi
83
84    # Echo daemon
85    [ "${BOOTUP:-}" = "verbose" -a -z "$LSB" ] && echo -n " ${serviceName}"
86
87    # And start it up.
88    initlog $INITLOG_ARGS -c "${cmd}"
89    RETVAL=$?
90    if [ $RETVAL = 0 ]; then   
91        # Use root privilege to move pid file to correct location - put wait
92        # in to give twistd some leaway
93        i=0
94        while [ ! -f ${pidFilePath} ] && [ "$i" -lt 10 ]; do
95            sleep 1;
96            let "i++";
97        done
98   
99        touch /var/lock/subsys/${serviceName}       
100        success $"startup"
101    else
102        failure $"startup"
103    fi
104   
105    echo
106}
107
108
109stop()
110{
111    echo -n "Shutting down ${serviceName}: "
112   
113    # Find pid
114    pid=
115    if [ -f ${pidFilePath} ]; then
116       local line p
117       read line < ${pidFilePath}
118       for p in $line ; do
119           [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
120       done
121    fi
122
123    if [ -z "$pid" ]; then
124        failure $"stop - no process found from PID file: "
125        return
126    fi
127
128    # Kill it.
129    if [ -n "${pid:-}" ] ; then
130       [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} "
131         
132        if checkpid $pid 2>&1; then
133            # TERM first, then KILL if not dead
134            kill -TERM $pid
135            usleep 100000
136            if checkpid $pid && sleep 1 &&
137               checkpid $pid && sleep 3 &&
138               checkpid $pid ; then
139                kill -KILL $pid
140                usleep 100000
141            fi
142            checkpid $pid
143            RC=$?
144            [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown"
145            RC=$((! $RC))
146        fi   
147    else
148        failure $"shutdown"
149        RC=1
150    fi
151
152    # Remove pid and lock files if any.
153    rm -f ${pidFilePath}
154    rm -f /var/lock/subsys/${serviceName}
155   
156    echo
157}
158
159
160restart()
161{
162    stop
163    start
164}
165
166
167status()
168{
169    local pid=
170   
171    # Get pid from "/var/run/*.pid" file
172    local pidFound=
173    if [ -f $pidFilePath ] ; then
174        read pid < $pidFilePath
175        if [ -z "$pid" ]; then
176            echo $"Can't get pid from pid file $pidFilePath"
177            return
178        fi
179        pidFound=Yes
180    fi
181
182    # look for pid in listing
183    for i in `pidof -o $$ -o $PPID -o %PPID -x "${statCheckProg}"`; do
184        [[ $i = $pid ]] && pidFound=Yes && break;
185    done
186   
187    if [ -n "$pidFound" ]; then
188        echo $"$prog (pid $pid) is running..."
189
190    elif [ -f /var/lock/subsys/${serviceName} ]; then
191        echo $"$prog is dead but subsys locked"
192
193    elif [ -f ${pidFilePath} ]; then
194        echo $"$prog is dead but pid file $pidFilePath exists"
195    else
196        echo $"$prog is dead"
197    fi
198}
199
200
201case "$1" in
202    start)
203        start
204    ;;
205    stop)
206        stop
207    ;;
208    status)
209        status
210    ;;
211    restart)
212        restart ${serviceName}
213    ;;
214    condrestart)
215    if [ -f ${pidFilePath} ] ; then
216        stop
217        start
218    fi
219    ;;
220    *)
221        echo \
222        "Usage: ${serviceName} {start|stop|restart|condrestart|status}"
223        exit 1
224    ;;
225esac
Note: See TracBrowser for help on using the repository browser.