source: TI12-security/trunk/python/share/ndg-log @ 2186

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/share/ndg-log@2186
Revision 2186, 4.9 KB checked in by pjkersha, 13 years ago (diff)

python/share/ndg-sm, python/share/ndg-aa, python/share/ndg-log, python/share/ndg-gk and
python/share/ndg-ca: fixed so that path to tac file is checked within start(). This
means that if the path is broken you can still run the stop and status commands.

  • Property svn:executable set to *
Line 
1#!/bin/bash
2#
3# SysV init script for NDG Security Log Service
4#
5# P J Kershaw
6#
7# 13/06/06
8#
9# Copyright (C) 2006 CCLRC & NERC
10#
11# This software may be distributed under the terms of the Q Public License,
12# version 1.0 or later.
13#
14# chkconfig: 2345 99 01
15# description: NERC Data Grid Security Log Web Service
16#
17# $Id:$
18
19# Source function library.
20. /etc/rc.d/init.d/functions
21
22# Edit "uid", "prefixDir", "srvSubDir" and "tacFilePath" variables as
23# required
24uid="globus"
25gid="globus"
26
27# Set path to Twisted 'tac' file - use prefixDir + srvSubDir combination or
28# set tacFilePath directly
29prefixDir=$(dirname $(dirname $(type -p python)))
30srvSubDir=lib/site-packages/ndg/security/server/Log
31tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac
32
33serviceName=${0##*/}
34
35# Write PID file to /tmp initially as uid of twistd process may not have
36# write permission on /var/run.  Move file from /tmp to /var/run as root -
37# see below ...
38pidFilePath=/tmp/${serviceName}.pid
39
40# Command line args e.g. set alternative port number or configuration file
41# path.  Note security consideration that these args will appear in a ps
42# process listing
43prog=/usr/local/NDG/bin/twistd
44args="-u ${uid} -g ${gid} --syslog --prefix=${serviceName} \
45--pidfile=${pidFilePath} -oy ${tacFilePath}"
46cmd="${prog} ${args}"
47
48RETVAL=0
49
50
51start()
52{
53    echo -n "Starting ${serviceName}: "
54   
55    # See if it's already running. Look *only* at the pid file.
56    local pid=
57    if [ -f /var/run/${serviceName}.pid ]; then
58        local line p
59        read line < /var/run/${serviceName}.pid
60        for p in $line ; do
61            [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
62        done
63    fi
64
65    [ -n "${pid:-}" ] && return
66
67    # Make sure it doesn't core dump anywhere; while this could mask
68    # problems with the daemon, it also closes some security problems
69    ulimit -S -c 0 >/dev/null 2>&1
70
71        if [ ! -f ${tacFilePath} ]; then
72            failure $"Path to python .tac file not found:"
73            return
74        fi
75
76    # Echo daemon
77    [ "${BOOTUP:-}" = "verbose" -a -z "$LSB" ] && echo -n " ${serviceName}"
78
79    # And start it up.
80    initlog $INITLOG_ARGS -c "${cmd}"
81    RETVAL=$?
82    if [ $RETVAL = 0 ]; then   
83        # Use root privilege to move pid file to correct location - put wait
84        # in to give twistd some leaway
85        i=0
86        while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do
87            sleep 1;
88            let "i++";
89        done
90               
91        mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
92       
93        touch /var/lock/subsys/${serviceName}       
94        success $"startup"
95    else
96        failure $"startup"
97    fi
98   
99    echo
100}
101
102
103stop()
104{
105    echo -n "Shutting down ${serviceName}: "
106   
107    # Find pid
108    pid=
109    if [ -f /var/run/${serviceName}.pid ]; then
110       local line p
111       read line < /var/run/${serviceName}.pid
112       for p in $line ; do
113           [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
114       done
115    fi
116
117    if [ -z "$pid" ]; then
118        failure $"stop - no process found from PID file: "
119        return
120    fi
121
122    # Kill it.
123    if [ -n "${pid:-}" ] ; then
124       [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} "
125         
126        if checkpid $pid 2>&1; then
127            # TERM first, then KILL if not dead
128            kill -TERM $pid
129            usleep 100000
130            if checkpid $pid && sleep 1 &&
131               checkpid $pid && sleep 3 &&
132               checkpid $pid ; then
133                kill -KILL $pid
134                usleep 100000
135            fi
136            checkpid $pid
137            RC=$?
138            [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown"
139            RC=$((! $RC))
140        fi   
141    else
142        failure $"shutdown"
143        RC=1
144    fi
145
146    # Remove pid file if any.
147    rm -f /var/run/${serviceName}.pid
148
149    echo
150}
151
152
153restart()
154{
155    stop
156    start
157}
158
159
160status()
161{
162    local pid=
163    local pidFilePath=/var/run/${serviceName}.pid
164   
165    # Get pid from "/var/run/*.pid" file
166    if [ -f $pidFilePath ] ; then
167        read pid < $pidFilePath
168        if [ -z "$pid" ]; then
169            echo $"Can't get pid from pid file $pidFilePath"
170            return
171        fi
172    fi
173
174    # look for pid in listing
175    local pidFound=
176    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do
177        [[ $i = $pid ]] && pidFound=Yes && break;
178    done
179   
180    if [ -n "$pidFound" ]; then
181        echo $"$prog (pid $pid) is running..."
182        return
183       
184    elif [ -f /var/lock/subsys/${serviceName} ]; then
185        echo $"$prog dead but subsys locked and pid file $pidFilePath exists"
186        return
187    else
188        echo $"$prog dead but pid file $pidFilePath exists"   
189    fi
190}
191
192
193case "$1" in
194    start)
195        start
196    ;;
197    stop)
198        stop
199    ;;
200    status)
201        status
202    ;;
203    restart)
204        restart ${serviceName}
205    ;;
206    condrestart)
207    if [ -f /var/run/${serviceName}.pid ] ; then
208        stop
209        start
210    fi
211    ;;
212    *)
213        echo \
214        "Usage: ${serviceName} {start|stop|restart|condrestart|status}"
215        exit 1
216    ;;
217esac
Note: See TracBrowser for help on using the repository browser.