source: TI12-security/trunk/python/share/ndg-sm @ 2214

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/share/ndg-sm@2214
Revision 2214, 5.5 KB checked in by pjkersha, 13 years ago (diff)

python/share/ndg-aa: fixed for tests with DEWS running on glue.

python/share/Makefile: auto-generates ndg-sm, ndg-log, ndg-gk and ndg-ca from ndg-aa.
ndg-aa is now a template file for the others.

python/ndg.security.common/ndg/security/common/AttCert.py: changed namespace to
urn:ndg:security:attributeCertificate

python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg:
tests for DEWS.

  • Property svn:executable set to *
Line 
1#!/bin/bash
2#
3# SysV init script for NDG Security Session Manager
4#
5# P J Kershaw
6#
7# 13/06/06
8#
9# Copyright (C) 2006 CCLRC & NERC
10#
11# This software may be distributed under the terms of the Q Public License,
12# version 1.0 or later.
13#
14# chkconfig: 2345 99 01
15# description: NERC Data Grid Security Session Manager Web Service
16#
17# $Id:$
18
19# Source function library.
20. /etc/rc.d/init.d/functions
21
22# Edit "uid", "prefixDir", "srvSubDir" and "tacFilePath" variables as
23# required
24uid="globus"
25gid="globus"
26
27# Set path to Twisted 'tac' file - use prefixDir + srvSubDir combination or
28# set tacFilePath directly
29prefixDir=$(dirname $(dirname $(type -p python)))
30srvSubDir=lib/site-packages/ndg/security/server/SessionMgr
31tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac
32
33# Set a specific location for the properties file if required
34#export NDGSEC_AA_PROPFILEPATH=
35
36serviceName=${0##*/}
37
38# Write PID file to /tmp initially as uid of twistd process may not have
39# write permission on /var/run.  Move file from /tmp to /var/run as root -
40# see below ...
41pidFilePath=/tmp/${serviceName}.pid
42
43# Command line args e.g. set alternative port number or configuration file
44# path.  Note security consideration that these args will appear in a ps
45# process listing
46prog=/usr/local/NDG/bin/twistd
47
48# Specify python for status() to search when looking for an existing process
49# running
50statCheckProg=/usr/local/NDG/bin/python
51
52args="-u ${uid} -g ${gid} --syslog --prefix=${serviceName} \
53--pidfile=${pidFilePath} -oy ${tacFilePath}"
54cmd="${prog} ${args}"
55
56RETVAL=0
57
58
59start()
60{
61    echo -n "Starting ${serviceName}: "
62   
63    # See if it's already running. Look *only* at the pid file.
64    local pid=
65    if [ -f /var/run/${serviceName}.pid ]; then
66        local line p
67        read line < /var/run/${serviceName}.pid
68        for p in $line ; do
69            [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
70        done
71    fi
72
73    [ -n "${pid:-}" ] && return
74
75    # Make sure it doesn't core dump anywhere; while this could mask
76    # problems with the daemon, it also closes some security problems
77    ulimit -S -c 0 >/dev/null 2>&1
78
79        if [ ! -f ${tacFilePath} ]; then
80            failure $"Path to python .tac file not found:"
81            return
82        fi
83
84    # Echo daemon
85    [ "${BOOTUP:-}" = "verbose" -a -z "$LSB" ] && echo -n " ${serviceName}"
86
87    # And start it up.
88    initlog $INITLOG_ARGS -c "${cmd}"
89    RETVAL=$?
90    if [ $RETVAL = 0 ]; then   
91        # Use root privilege to move pid file to correct location - put wait
92        # in to give twistd some leaway
93        i=0
94        while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do
95            sleep 1;
96            let "i++";
97        done
98   
99        mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
100       
101        # Put in placeholder so as not to upset twistd when it looks for it
102        # on shutdown
103        touch /tmp/${serviceName}.pid
104        chown ${uid}:${gid} /tmp/${serviceName}.pid
105       
106        touch /var/lock/subsys/${serviceName}       
107        success $"startup"
108    else
109        failure $"startup"
110    fi
111   
112    echo
113}
114
115
116stop()
117{
118    echo -n "Shutting down ${serviceName}: "
119   
120    # Find pid
121    pid=
122    if [ -f /var/run/${serviceName}.pid ]; then
123       local line p
124       read line < /var/run/${serviceName}.pid
125       for p in $line ; do
126           [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
127       done
128    fi
129
130    if [ -z "$pid" ]; then
131        failure $"stop - no process found from PID file: "
132        return
133    fi
134
135    # Kill it.
136    if [ -n "${pid:-}" ] ; then
137       [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} "
138         
139        if checkpid $pid 2>&1; then
140            # TERM first, then KILL if not dead
141            kill -TERM $pid
142            usleep 100000
143            if checkpid $pid && sleep 1 &&
144               checkpid $pid && sleep 3 &&
145               checkpid $pid ; then
146                kill -KILL $pid
147                usleep 100000
148            fi
149            checkpid $pid
150            RC=$?
151            [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown"
152            RC=$((! $RC))
153        fi   
154    else
155        failure $"shutdown"
156        RC=1
157    fi
158
159    # Remove pid and lock files if any.
160    rm -f /var/run/${serviceName}.pid
161    rm -f /var/lock/subsys/${serviceName}
162   
163    echo
164}
165
166
167restart()
168{
169    stop
170    start
171}
172
173
174status()
175{
176    local pid=
177    local pidFilePath=/var/run/${serviceName}.pid
178   
179    # Get pid from "/var/run/*.pid" file
180    local pidFound=
181    if [ -f $pidFilePath ] ; then
182        read pid < $pidFilePath
183        if [ -z "$pid" ]; then
184            echo $"Can't get pid from pid file $pidFilePath"
185            return
186        fi
187        pidFound=Yes
188    fi
189
190    # look for pid in listing
191    for i in `pidof -o $$ -o $PPID -o %PPID -x "${statCheckProg}"`; do
192        [[ $i = $pid ]] && pidFound=Yes && break;
193    done
194   
195    if [ -n "$pidFound" ]; then
196        echo $"$prog (pid $pid) is running..."
197
198    elif [ -f /var/lock/subsys/${serviceName} ]; then
199        echo $"$prog is dead but subsys locked"
200
201    elif [ -f /var/run/${serviceName}.pid ]; then
202        echo $"$prog is dead but pid file $pidFilePath exists"
203    else
204        echo $"$prog is dead"
205    fi
206}
207
208
209case "$1" in
210    start)
211        start
212    ;;
213    stop)
214        stop
215    ;;
216    status)
217        status
218    ;;
219    restart)
220        restart ${serviceName}
221    ;;
222    condrestart)
223    if [ -f /var/run/${serviceName}.pid ] ; then
224        stop
225        start
226    fi
227    ;;
228    *)
229        echo \
230        "Usage: ${serviceName} {start|stop|restart|condrestart|status}"
231        exit 1
232    ;;
233esac
Note: See TracBrowser for help on using the repository browser.