source: TI12-security/trunk/python/share/ndg-log @ 2181

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/share/ndg-log@2181
Revision 2181, 4.9 KB checked in by pjkersha, 13 years ago (diff)

Updates to SysV init scripts for use with Twisted

python/ndgSetup.sh:

  • Removed NDG_*_PROT_NUM environment variables - port number is now set in the respective

properties files for the services.

  • Added NDGSEC_*_PROPFILEPATH environment variables used to override default

$NDG_DIR/conf location for properties files.

python/share/ndg-aa, python/share/ndg-sm, python/share/ndg-ca, python/share/ndg-log and
python/share/ndg-gk:
SysV init scripts for the respective security services. At this stage, only ndg-aa, the
Attribute Authority script has been tested. The others merely contain a copy of ndg-aa
with the relevant variable settings altered in each case.

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:
Include full path for import of AttAuthorityService?.

python/ndg.security.server/ndg/security/server/AttAuthority/init.py:
Correction to readProperties missingKeys actually refers to invalidKeys.

python/ndg.security.server/ndg/security/server/AttAuthority/start-container.sh:
Altered so that it tries to pick up the installed path under site-packages/ for the
tac file server-config.tac.

python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml:
cosmetic correction to indent.

python/bin/AttAuthorityServer.py, python/bin/LogServer.py, python/bin/SessionMgrServer.py,
python/bin/GatekeeperServer.py and python/bin/SimpleCAServer.py:
NDG Alpha and post-Alpha scripts to start security web services. These are based on use
of python's native HTTP server code and so are redundant for the new Twisted based code.

  • Property svn:executable set to *
Line 
1#!/bin/bash
2#
3# SysV init script for NDG Security Log Service
4#
5# P J Kershaw
6#
7# 13/06/06
8#
9# Copyright (C) 2006 CCLRC & NERC
10#
11# This software may be distributed under the terms of the Q Public License,
12# version 1.0 or later.
13#
14# chkconfig: 2345 99 01
15# description: NERC Data Grid Security Log Web Service
16#
17# $Id:$
18
19# Source function library.
20. /etc/rc.d/init.d/functions
21
22# Edit "user", "prefixDir", "srvSubDir" and "tacFilePath" variables as
23# required
24user="globus"
25
26# Set path to Twisted 'tac' file
27prefixDir=$(dirname $(dirname $(type -p python)))
28if [ ! -d ${prefixDir} ]; then
29        failure $"Path to python root not found"
30        exit 1
31fi
32
33srvSubDir=lib/site-packages/ndg/security/server/Log
34tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac
35if [ ! -f ${tacFilePath} ]; then
36        failure $"Path to tac file not found"
37        exit 1
38fi
39
40serviceName=${0##*/}
41
42# Write PID file to /tmp initially as uid of twistd process may not have
43# write permission on /var/run.  Move file from /tmp to /var/run as root -
44# see below ...
45pidFilePath=/tmp/${serviceName}.pid
46
47# Command line args e.g. set alternative port number or configuration file
48# path.  Note security consideration that these args will appear in a ps
49# process listing
50prog=/usr/local/NDG/bin/twistd
51args="-u ${user} --syslog --prefix=${serviceName} --pidfile=${pidFilePath} \
52-oy ${tacFilePath}"
53cmd="${prog} ${args}"
54
55RETVAL=0
56
57
58start()
59{
60    echo -n "Starting ${serviceName}: "
61   
62    # See if it's already running. Look *only* at the pid file.
63    local pid=
64    if [ -f /var/run/${serviceName}.pid ]; then
65        local line p
66        read line < /var/run/${serviceName}.pid
67        for p in $line ; do
68            [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
69        done
70    fi
71
72    [ -n "${pid:-}" ] && return
73
74    # Make sure it doesn't core dump anywhere; while this could mask
75    # problems with the daemon, it also closes some security problems
76    ulimit -S -c 0 >/dev/null 2>&1
77
78    # Echo daemon
79    [ "${BOOTUP:-}" = "verbose" -a -z "$LSB" ] && echo -n " ${serviceName}"
80
81    # And start it up.
82    initlog $INITLOG_ARGS -c "${cmd}"
83    RETVAL=$?
84    if [ $RETVAL = 0 ]; then   
85            # Use root privilege to move pid file to correct location - put wait
86            # in to give twistd some leaway
87            i=0
88            while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do
89                sleep 1;
90                let "i++";
91                done
92               
93                mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
94       
95        touch /var/lock/subsys/${serviceName}       
96        success $"startup"
97    else
98        failure $"startup"
99    fi
100   
101    echo
102}
103
104
105stop()
106{
107    echo -n "Shutting down ${serviceName}: "
108   
109    # Find pid
110    pid=
111    if [ -f /var/run/${serviceName}.pid ]; then
112       local line p
113       read line < /var/run/${serviceName}.pid
114       for p in $line ; do
115           [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
116       done
117    fi
118
119    if [ -z "$pid" ]; then
120        failure $"stop - no process found from PID file: "
121        return
122    fi
123
124    # Kill it.
125    if [ -n "${pid:-}" ] ; then
126       [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} "
127         
128        if checkpid $pid 2>&1; then
129            # TERM first, then KILL if not dead
130            kill -TERM $pid
131            usleep 100000
132            if checkpid $pid && sleep 1 &&
133               checkpid $pid && sleep 3 &&
134               checkpid $pid ; then
135                kill -KILL $pid
136                usleep 100000
137            fi
138            checkpid $pid
139            RC=$?
140            [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown"
141            RC=$((! $RC))
142        fi   
143    else
144        failure $"shutdown"
145        RC=1
146    fi
147
148    # Remove pid file if any.
149    rm -f /var/run/${serviceName}.pid
150
151    echo
152}
153
154
155restart()
156{
157    stop
158    start
159}
160
161
162status()
163{
164    local pid=
165    local pidFilePath=/var/run/${serviceName}.pid
166   
167    # Get pid from "/var/run/*.pid" file
168    if [ -f $pidFilePath ] ; then
169        read pid < $pidFilePath
170        if [ -z "$pid" ]; then
171            echo $"Can't get pid from pid file $pidFilePath"
172            return
173        fi
174    fi
175
176    # look for pid in listing
177    local pidFound=
178    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do
179        [[ $i = $pid ]] && pidFound=Yes && break;
180    done
181   
182    if [ -n "$pidFound" ]; then
183        echo $"$prog (pid $pid) is running..."
184        return
185       
186    elif [ -f /var/lock/subsys/${serviceName} ]; then
187        echo $"$prog dead but subsys locked and pid file $pidFilePath exists"
188        return
189    else
190        echo $"$prog dead but pid file $pidFilePath exists"   
191    fi
192}
193
194
195case "$1" in
196    start)
197        start
198    ;;
199    stop)
200        stop
201    ;;
202    status)
203        status
204    ;;
205    restart)
206        restart ${serviceName}
207    ;;
208    condrestart)
209    if [ -f /var/run/${serviceName}.pid ] ; then
210        stop
211        start
212    fi
213    ;;
214    *)
215        echo \
216        "Usage: ${serviceName} {start|stop|restart|condrestart|status}"
217        exit 1
218    ;;
219esac
Note: See TracBrowser for help on using the repository browser.