Changeset 2181
- Timestamp:
- 19/02/07 14:20:01 (14 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 5 deleted
- 12 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/__init__.py
r2178 r2181 584 584 # Copy properties from file into a dictionary 585 585 self.__prop = {} 586 missingKeys = []586 invalidKeys = [] 587 587 try: 588 588 for elem in aaProp: … … 595 595 self.__prop[elem.tag] = elem.text 596 596 else: 597 missingKeys.append(elem.tag)597 invalidKeys.append(elem.tag) 598 598 599 599 except Exception, e: … … 602 602 (elem.tag, self.__propFilePath, e) 603 603 604 if missingKeys != []:605 raise AttAuthorityError, "The following properties are " + \606 " missing from the properties file: " + \607 ', '.join( missingKeys)604 if invalidKeys != []: 605 raise AttAuthorityError, "The following properties file " + \ 606 "elements are invalid: " + \ 607 ', '.join(invalidKeys) 608 608 609 609 # Ensure Certificate time parameters are converted to numeric type -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac
r2178 r2181 21 21 from twisted.web.resource import Resource 22 22 23 from AttAuthority_services_server import AttAuthorityService 23 from ndg.security.server.AttAuthority.AttAuthority_services_server import \ 24 AttAuthorityService 24 25 25 26 from ndg.security.server.AttAuthority import AttAuthority, \ -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/start-container.sh
r2058 r2181 15 15 EXEC=twistd 16 16 OPTIONS="--pidfile=twistd-$$.pid -noy" 17 CONFIG=server-config.tac 17 18 prefixDir=$(dirname $(dirname $(type -p python))) 19 srvSubDir=lib/site-packages/ndg/security/server/AttAuthority 20 21 if [ ! -d ${prefixDir} ]; then 22 echo "Path to tac file not found" 23 exit 1; 24 fi 25 26 installPath=${HOME}/Development/security/python/ndg.security.server/ndg/security/server/AttAuthority 27 #installPath=${pythonPrefixDir}/${srvSubDir} 28 if [ -d ${installPath} ]; then 29 CONFIG=${installPath}/server-config.tac 30 else 31 CONFIG=./server-config.tac 32 fi 18 33 19 34 set - ${EXEC} ${OPTIONS} ${CONFIG} "$@" -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml
r2136 r2181 28 28 security services. - Use minus sign for time in the past 29 29 --> 30 30 <attCertNotBeforeOff>0</attCertNotBeforeOff> 31 31 <!-- Location of role mapping file --> 32 32 <mapConfigFile></mapConfigFile> -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml
r2170 r2181 17 17 <clntCertFile></clntCertFile> 18 18 <attCertLifetime>28800</attCertLifetime> 19 19 <attCertNotBeforeOff>0</attCertNotBeforeOff> 20 20 <attCertFilePfx>ac-</attCertFilePfx> 21 21 <attCertFileSfx>.xml</attCertFileSfx> -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml
r2170 r2181 17 17 <clntCertFile></clntCertFile> 18 18 <attCertLifetime>28800</attCertLifetime> 19 19 <attCertNotBeforeOff>0</attCertNotBeforeOff> 20 20 <attCertFilePfx>ac-</attCertFilePfx> 21 21 <attCertFileSfx>.xml</attCertFileSfx> -
TI12-security/trunk/python/ndgSetup.sh
r2145 r2181 43 43 44 44 45 # Override default port number settings for web services 46 #export NDG_AA_PORT_NUM=5001 47 #export NDG_SM_PORT_NUM= 48 #export NDG_CA_PORT_NUM= 49 #export NDG_LOG_PORT_NUM= 50 #export NDG_GK_PORT_NUM= 45 # Override default locations for properties files. 46 # 47 # e.g. default Attribute Authority location is 48 # $NDG_DIR/conf/attAuthorityProperties.xml 49 # 50 # Session Manager: 51 # $NDG_DIR/conf/sessionMgrProperties.xml 52 # 53 # Certificate Authority: 54 # $NDG_DIR/conf/simpleCAProperties.xml 55 # 56 #export NDGSEC_AA_PROPFILEPATH= 57 #export NDGSEC_SM_PROPFILEPATH= 58 #export NDGSEC_CA_PROPFILEPATH= 51 59 52 60 -
TI12-security/trunk/python/share/ndg-aa
r1300 r2181 15 15 # description: NERC Data Grid Security Attribute Authority Web Service 16 16 # 17 18 # Edit these variables as required 17 # $Id:$ 18 19 # Source function library. 20 . /etc/rc.d/init.d/functions 21 22 # Edit "user", "prefixDir", "srvSubDir" and "tacFilePath" variables as 23 # required 19 24 user="globus" 20 ndgSetupFilePath="/usr/local/NDG/ndgSetup.sh" 25 26 # Set path to Twisted 'tac' file 27 prefixDir=$(dirname $(dirname $(type -p python))) 28 if [ ! -d ${prefixDir} ]; then 29 failure $"Path to python root not found" 30 exit 1 31 fi 32 33 srvSubDir=lib/site-packages/ndg/security/server/AttAuthority 34 tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac 35 if [ ! -f ${tacFilePath} ]; then 36 failure $"Path to tac file not found" 37 exit 1 38 fi 39 40 serviceName=${0##*/} 41 42 # Write PID file to /tmp initially as uid of twistd process may not have 43 # write permission on /var/run. Move file from /tmp to /var/run as root - 44 # see below ... 45 pidFilePath=/tmp/${serviceName}.pid 21 46 22 47 # Command line args e.g. set alternative port number or configuration file 23 48 # path. Note security consideration that these args will appear in a ps 24 49 # process listing 25 args= 26 27 # Source function library. 28 . /etc/rc.d/init.d/functions 29 30 serviceName=${0##*/} 31 prog=AttAuthorityServer.py 50 prog=/usr/local/NDG/bin/twistd 51 args="-u ${user} --syslog --prefix=${serviceName} --pidfile=${pidFilePath} \ 52 -oy ${tacFilePath}" 53 cmd="${prog} ${args}" 54 32 55 RETVAL=0 33 56 … … 35 58 start() 36 59 { 37 echo -n "Starting ${serviceName}: " 38 39 # Source NDG Environment 40 if [ -f ${ndgSetupFilePath} ]; then 41 . ${ndgSetupFilePath} 42 else 43 failure $"Set-up of NDG environment" 44 return 45 fi 46 47 cmd="${NDG_DIR}/bin/${prog} ${args}" 48 60 echo -n "Starting ${serviceName}: " 61 49 62 # See if it's already running. Look *only* at the pid file. 50 63 local pid= 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 64 if [ -f /var/run/${serviceName}.pid ]; then 65 local line p 66 read line < /var/run/${serviceName}.pid 67 for p in $line ; do 68 [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 69 done 70 fi 71 72 [ -n "${pid:-}" ] && return 73 74 # Make sure it doesn't core dump anywhere; while this could mask 75 # problems with the daemon, it also closes some security problems 76 ulimit -S -c 0 >/dev/null 2>&1 77 78 # Echo daemon 66 79 [ "${BOOTUP:-}" = "verbose" -a -z "$LSB" ] && echo -n " ${serviceName}" 67 80 68 69 initlog $INITLOG_ARGS -c "su - ${user} -c \"${cmd}\""81 # And start it up. 82 initlog $INITLOG_ARGS -c "${cmd}" 70 83 RETVAL=$? 71 72 if [ $RETVAL = 0 ]; then 73 # Get the process ID 74 pid=(`ps --no-headers -u ${user} -o pid,cmd --sort=-pid|grep "$prog"`) 75 echo ${pid} > /var/run/${serviceName}.pid 76 touch /var/lock/subsys/${serviceName} 77 success $"${serviceName} startup" 78 else 79 failure $"${serviceName} startup" 80 fi 81 84 if [ $RETVAL = 0 ]; then 85 # Use root privilege to move pid file to correct location - put wait 86 # in to give twistd some leaway 87 i=0 88 while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 89 sleep 1; 90 let "i++"; 91 done 92 93 mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid 94 95 touch /var/lock/subsys/${serviceName} 96 success $"startup" 97 else 98 failure $"startup" 99 fi 100 82 101 echo 83 102 } … … 86 105 stop() 87 106 { 88 89 107 echo -n "Shutting down ${serviceName}: " 108 90 109 # Find pid 91 92 93 94 95 96 97 98 99 100 101 failure $"${serviceName} stop - no process found from PID file"102 103 110 pid= 111 if [ -f /var/run/${serviceName}.pid ]; then 112 local line p 113 read line < /var/run/${serviceName}.pid 114 for p in $line ; do 115 [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 116 done 117 fi 118 119 if [ -z "$pid" ]; then 120 failure $"stop - no process found from PID file: " 121 return 122 fi 104 123 105 124 # Kill it. 106 125 if [ -n "${pid:-}" ] ; then 107 [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} " 108 109 if checkpid $pid 2>&1; then 110 # TERM first, then KILL if not dead 111 kill -TERM $pid 112 usleep 100000 113 if checkpid $pid && sleep 1 && 114 checkpid $pid && sleep 3 && 115 checkpid $pid ; then 116 kill -KILL $pid 117 usleep 100000 118 fi 119 checkpid $pid 120 RC=$? 121 [ "$RC" -eq 0 ] && failure $"${serviceName} shutdown" || \ 122 success $"${serviceName} shutdown" 123 RC=$((! $RC)) 124 fi 125 else 126 failure $"${serviceName} shutdown" 127 RC=1 128 fi 126 [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} " 127 128 if checkpid $pid 2>&1; then 129 # TERM first, then KILL if not dead 130 kill -TERM $pid 131 usleep 100000 132 if checkpid $pid && sleep 1 && 133 checkpid $pid && sleep 3 && 134 checkpid $pid ; then 135 kill -KILL $pid 136 usleep 100000 137 fi 138 checkpid $pid 139 RC=$? 140 [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown" 141 RC=$((! $RC)) 142 fi 143 else 144 failure $"shutdown" 145 RC=1 146 fi 129 147 130 148 # Remove pid file if any. 131 132 133 149 rm -f /var/run/${serviceName}.pid 150 151 echo 134 152 } 135 153 … … 137 155 restart() 138 156 { 139 140 157 stop 158 start 141 159 } 142 160 … … 144 162 status() 145 163 { 146 147 148 149 150 164 local pid= 165 local pidFilePath=/var/run/${serviceName}.pid 166 167 # Get pid from "/var/run/*.pid" file 168 if [ -f $pidFilePath ] ; then 151 169 read pid < $pidFilePath 152 170 if [ -z "$pid" ]; then … … 154 172 return 155 173 fi 156 else 157 echo $"No pid file $pidFilePath found" 158 return 159 fi 160 161 # look for pid in listing 162 local pidFound= 163 for i in `pidof -o $$ -o $PPID -o %PPID -x "python"`; do 164 [[ $i = $pid ]] && pidFound=Yes && break; 165 done 166 167 if [ -n "$pidFound" ]; then 174 fi 175 176 # look for pid in listing 177 local pidFound= 178 for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do 179 [[ $i = $pid ]] && pidFound=Yes && break; 180 done 181 182 if [ -n "$pidFound" ]; then 168 183 echo $"$prog (pid $pid) is running..." 169 184 return 170 185 171 186 elif [ -f /var/lock/subsys/${serviceName} ]; then 172 173 187 echo $"$prog dead but subsys locked and pid file $pidFilePath exists" 188 return 174 189 else 175 190 echo $"$prog dead but pid file $pidFilePath exists" 176 191 fi 177 192 } 178 193 179 194 180 195 case "$1" in 181 start) 182 start 183 ;; 184 stop) 185 stop 186 ;; 187 status) 188 # Use status defined in functions file 189 status 190 ;; 191 restart) 192 restart ${serviceName} 193 ;; 196 start) 197 start 198 ;; 199 stop) 200 stop 201 ;; 202 status) 203 status 204 ;; 205 restart) 206 restart ${serviceName} 207 ;; 194 208 condrestart) 195 196 197 198 199 200 201 202 203 204 209 if [ -f /var/run/${serviceName}.pid ] ; then 210 stop 211 start 212 fi 213 ;; 214 *) 215 echo \ 216 "Usage: ${serviceName} {start|stop|restart|condrestart|status}" 217 exit 1 218 ;; 205 219 esac -
TI12-security/trunk/python/share/ndg-ca
r1300 r2181 1 1 #!/bin/bash 2 2 # 3 # SysV init script for NDG S imple CA Web Service3 # SysV init script for NDG Security Certificate Authority 4 4 # 5 5 # P J Kershaw … … 13 13 # 14 14 # chkconfig: 2345 99 01 15 # description: NERC Data Grid Simple CA Web Service 16 # 17 18 # Edit these variables as required 15 # description: NERC Data Grid Security Certificate Authority Web Service 16 # 17 # $Id:$ 18 19 # Source function library. 20 . /etc/rc.d/init.d/functions 21 22 # Edit "user", "prefixDir", "srvSubDir" and "tacFilePath" variables as 23 # required 19 24 user="globus" 20 ndgSetupFilePath="/usr/local/NDG/ndgSetup.sh" 21 configFilePath= 22 23 # Command line args e.g. set alternative port number or properties file 25 26 # Set path to Twisted 'tac' file 27 prefixDir=$(dirname $(dirname $(type -p python))) 28 if [ ! -d ${prefixDir} ]; then 29 failure $"Path to python root not found" 30 exit 1 31 fi 32 33 srvSubDir=lib/site-packages/ndg/security/server/ca 34 tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac 35 if [ ! -f ${tacFilePath} ]; then 36 failure $"Path to tac file not found" 37 exit 1 38 fi 39 40 serviceName=${0##*/} 41 42 # Write PID file to /tmp initially as uid of twistd process may not have 43 # write permission on /var/run. Move file from /tmp to /var/run as root - 44 # see below ... 45 pidFilePath=/tmp/${serviceName}.pid 46 47 # Command line args e.g. set alternative port number or configuration file 24 48 # path. Note security consideration that these args will appear in a ps 25 49 # process listing 26 args=-s 27 28 # Source function library. 29 . /etc/rc.d/init.d/functions 30 31 serviceName=${0##*/} 32 prog=SimpleCAServer.py 50 prog=/usr/local/NDG/bin/twistd 51 args="-u ${user} --syslog --prefix=${serviceName} --pidfile=${pidFilePath} \ 52 -oy ${tacFilePath}" 53 cmd="${prog} ${args}" 54 33 55 RETVAL=0 34 56 … … 37 59 { 38 60 echo -n "Starting ${serviceName}: " 39 40 # Source NDG Environment 41 if [ -f ${ndgSetupFilePath} ]; then 42 . ${ndgSetupFilePath} 43 else 44 failure $"Set-up of NDG environment" 45 return 46 fi 47 48 cmd="cat ${configFilePath} | ${NDG_DIR}/bin/${prog} ${args}" 49 50 61 51 62 # See if it's already running. Look *only* at the pid file. 52 63 local pid= … … 69 80 70 81 # And start it up. 71 initlog $INITLOG_ARGS -c " su -s /bin/bash - ${user} -c \"${cmd}\""82 initlog $INITLOG_ARGS -c "${cmd}" 72 83 RETVAL=$? 73 74 if [ $RETVAL = 0 ]; then 75 # Get the process ID 76 pid=(`ps --no-headers -u ${user} -o pid,cmd --sort=-pid|grep "$prog"`) 77 echo ${pid} > /var/run/${serviceName}.pid 84 if [ $RETVAL = 0 ]; then 85 # Use root privilege to move pid file to correct location - put wait 86 # in to give twistd some leaway 87 i=0 88 while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 89 sleep 1; 90 let "i++"; 91 done 92 93 mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid 94 78 95 touch /var/lock/subsys/${serviceName} 79 success $" ${serviceName}startup"96 success $"startup" 80 97 else 81 failure $" ${serviceName}startup"98 failure $"startup" 82 99 fi 83 100 … … 93 110 pid= 94 111 if [ -f /var/run/${serviceName}.pid ]; then 95 96 97 98 99 112 local line p 113 read line < /var/run/${serviceName}.pid 114 for p in $line ; do 115 [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 116 done 100 117 fi 101 118 102 119 if [ -z "$pid" ]; then 103 failure $" ${serviceName} stop - no process found from PID file"120 failure $"stop - no process found from PID file: " 104 121 return 105 122 fi … … 107 124 # Kill it. 108 125 if [ -n "${pid:-}" ] ; then 109 110 126 [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} " 127 111 128 if checkpid $pid 2>&1; then 112 129 # TERM first, then KILL if not dead … … 118 135 kill -KILL $pid 119 136 usleep 100000 120 137 fi 121 138 checkpid $pid 122 139 RC=$? 123 [ "$RC" -eq 0 ] && failure $"${serviceName} shutdown" || \ 124 success $"${serviceName} shutdown" 140 [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown" 125 141 RC=$((! $RC)) 126 142 fi 127 143 else 128 failure $" ${serviceName}shutdown"144 failure $"shutdown" 129 145 RC=1 130 146 fi … … 156 172 return 157 173 fi 158 else159 echo $"No pid file $pidFilePath found"160 return161 174 fi 162 175 163 176 # look for pid in listing 164 177 local pidFound= 165 for i in `pidof -o $$ -o $PPID -o %PPID -x " python"`; do166 178 for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do 179 [[ $i = $pid ]] && pidFound=Yes && break; 167 180 done 168 181 … … 170 183 echo $"$prog (pid $pid) is running..." 171 184 return 172 185 173 186 elif [ -f /var/lock/subsys/${serviceName} ]; then 174 187 echo $"$prog dead but subsys locked and pid file $pidFilePath exists" … … 188 201 ;; 189 202 status) 190 # Use status defined in functions file191 203 status 192 204 ;; -
TI12-security/trunk/python/share/ndg-gk
r1300 r2181 1 1 #!/bin/bash 2 2 # 3 # SysV init script for NDG Security Gate Keeper Web Service3 # SysV init script for NDG Security Gatekeeper 4 4 # 5 5 # P J Kershaw … … 13 13 # 14 14 # chkconfig: 2345 99 01 15 # description: NERC Data Grid Security Gate Keeper Web Service 16 # 17 18 # Edit these variables as required 15 # description: NERC Data Grid Security Gatekeeper Web Service 16 # 17 # $Id:$ 18 19 # Source function library. 20 . /etc/rc.d/init.d/functions 21 22 # Edit "user", "prefixDir", "srvSubDir" and "tacFilePath" variables as 23 # required 19 24 user="globus" 20 ndgSetupFilePath="/usr/local/NDG/ndgSetup.sh" 25 26 # Set path to Twisted 'tac' file 27 prefixDir=$(dirname $(dirname $(type -p python))) 28 if [ ! -d ${prefixDir} ]; then 29 failure $"Path to python root not found" 30 exit 1 31 fi 32 33 srvSubDir=lib/site-packages/ndg/security/server/Gatekeeper 34 tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac 35 if [ ! -f ${tacFilePath} ]; then 36 failure $"Path to tac file not found" 37 exit 1 38 fi 39 40 serviceName=${0##*/} 41 42 # Write PID file to /tmp initially as uid of twistd process may not have 43 # write permission on /var/run. Move file from /tmp to /var/run as root - 44 # see below ... 45 pidFilePath=/tmp/${serviceName}.pid 21 46 22 47 # Command line args e.g. set alternative port number or configuration file 23 48 # path. Note security consideration that these args will appear in a ps 24 49 # process listing 25 args= 26 27 # Source function library. 28 . /etc/rc.d/init.d/functions 29 30 serviceName=${0##*/} 31 prog=GatekeeperServer.py 50 prog=/usr/local/NDG/bin/twistd 51 args="-u ${user} --syslog --prefix=${serviceName} --pidfile=${pidFilePath} \ 52 -oy ${tacFilePath}" 53 cmd="${prog} ${args}" 54 32 55 RETVAL=0 33 56 … … 36 59 { 37 60 echo -n "Starting ${serviceName}: " 38 39 # Source NDG Environment 40 if [ -f ${ndgSetupFilePath} ]; then 41 . ${ndgSetupFilePath} 42 else 43 failure $"Set-up of NDG environment" 44 return 45 fi 46 47 cmd="${NDG_DIR}/bin/${prog} ${args}" 48 61 49 62 # See if it's already running. Look *only* at the pid file. 50 63 local pid= … … 67 80 68 81 # And start it up. 69 initlog $INITLOG_ARGS -c " su - ${user} -c \"${cmd}\""82 initlog $INITLOG_ARGS -c "${cmd}" 70 83 RETVAL=$? 71 72 if [ $RETVAL = 0 ]; then 73 # Get the process ID 74 pid=(`ps --no-headers -u ${user} -o pid,cmd --sort=-pid|grep "$prog"`) 75 echo ${pid} > /var/run/${serviceName}.pid 84 if [ $RETVAL = 0 ]; then 85 # Use root privilege to move pid file to correct location - put wait 86 # in to give twistd some leaway 87 i=0 88 while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 89 sleep 1; 90 let "i++"; 91 done 92 93 mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid 94 76 95 touch /var/lock/subsys/${serviceName} 77 success $" ${serviceName}startup"96 success $"startup" 78 97 else 79 failure $" ${serviceName}startup"98 failure $"startup" 80 99 fi 81 100 … … 91 110 pid= 92 111 if [ -f /var/run/${serviceName}.pid ]; then 93 94 95 96 97 112 local line p 113 read line < /var/run/${serviceName}.pid 114 for p in $line ; do 115 [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 116 done 98 117 fi 99 118 100 119 if [ -z "$pid" ]; then 101 failure $" ${serviceName} stop - no process found from PID file"120 failure $"stop - no process found from PID file: " 102 121 return 103 122 fi … … 105 124 # Kill it. 106 125 if [ -n "${pid:-}" ] ; then 107 108 126 [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} " 127 109 128 if checkpid $pid 2>&1; then 110 129 # TERM first, then KILL if not dead … … 116 135 kill -KILL $pid 117 136 usleep 100000 118 137 fi 119 138 checkpid $pid 120 139 RC=$? 121 [ "$RC" -eq 0 ] && failure $"${serviceName} shutdown" || \ 122 success $"${serviceName} shutdown" 140 [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown" 123 141 RC=$((! $RC)) 124 142 fi 125 143 else 126 failure $" ${serviceName}shutdown"144 failure $"shutdown" 127 145 RC=1 128 146 fi … … 154 172 return 155 173 fi 156 else157 echo $"No pid file $pidFilePath found"158 return159 174 fi 160 175 161 176 # look for pid in listing 162 177 local pidFound= 163 for i in `pidof -o $$ -o $PPID -o %PPID -x " python"`; do164 178 for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do 179 [[ $i = $pid ]] && pidFound=Yes && break; 165 180 done 166 181 … … 168 183 echo $"$prog (pid $pid) is running..." 169 184 return 170 185 171 186 elif [ -f /var/lock/subsys/${serviceName} ]; then 172 187 echo $"$prog dead but subsys locked and pid file $pidFilePath exists" … … 186 201 ;; 187 202 status) 188 # Use status defined in functions file189 203 status 190 204 ;; -
TI12-security/trunk/python/share/ndg-log
r1300 r2181 1 1 #!/bin/bash 2 2 # 3 # SysV init script for NDG Security Log gingService3 # SysV init script for NDG Security Log Service 4 4 # 5 5 # P J Kershaw … … 13 13 # 14 14 # chkconfig: 2345 99 01 15 # description: NERC Data Grid Security Logging Web Service 16 # 17 18 # Edit these variables as required 15 # description: NERC Data Grid Security Log Web Service 16 # 17 # $Id:$ 18 19 # Source function library. 20 . /etc/rc.d/init.d/functions 21 22 # Edit "user", "prefixDir", "srvSubDir" and "tacFilePath" variables as 23 # required 19 24 user="globus" 20 ndgSetupFilePath="/usr/local/NDG/ndgSetup.sh" 21 22 # Command line args e.g. set alternative port number or log file 25 26 # Set path to Twisted 'tac' file 27 prefixDir=$(dirname $(dirname $(type -p python))) 28 if [ ! -d ${prefixDir} ]; then 29 failure $"Path to python root not found" 30 exit 1 31 fi 32 33 srvSubDir=lib/site-packages/ndg/security/server/Log 34 tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac 35 if [ ! -f ${tacFilePath} ]; then 36 failure $"Path to tac file not found" 37 exit 1 38 fi 39 40 serviceName=${0##*/} 41 42 # Write PID file to /tmp initially as uid of twistd process may not have 43 # write permission on /var/run. Move file from /tmp to /var/run as root - 44 # see below ... 45 pidFilePath=/tmp/${serviceName}.pid 46 47 # Command line args e.g. set alternative port number or configuration file 23 48 # path. Note security consideration that these args will appear in a ps 24 49 # process listing 25 args= 26 27 # Source function library. 28 . /etc/rc.d/init.d/functions 29 30 serviceName=${0##*/} 31 prog=LogServer.py 50 prog=/usr/local/NDG/bin/twistd 51 args="-u ${user} --syslog --prefix=${serviceName} --pidfile=${pidFilePath} \ 52 -oy ${tacFilePath}" 53 cmd="${prog} ${args}" 54 32 55 RETVAL=0 33 56 … … 36 59 { 37 60 echo -n "Starting ${serviceName}: " 38 39 # Source NDG Environment 40 if [ -f ${ndgSetupFilePath} ]; then 41 . ${ndgSetupFilePath} 42 else 43 failure $"Set-up of NDG environment" 44 return 45 fi 46 47 cmd="${NDG_DIR}/bin/${prog} ${args}" 48 61 49 62 # See if it's already running. Look *only* at the pid file. 50 63 local pid= … … 67 80 68 81 # And start it up. 69 initlog $INITLOG_ARGS -c " su - ${user} -c \"${cmd}\""82 initlog $INITLOG_ARGS -c "${cmd}" 70 83 RETVAL=$? 71 72 if [ $RETVAL = 0 ]; then 73 # Get the process ID 74 pid=(`ps --no-headers -u ${user} -o pid,cmd --sort=-pid|grep "$prog"`) 75 echo ${pid} > /var/run/${serviceName}.pid 84 if [ $RETVAL = 0 ]; then 85 # Use root privilege to move pid file to correct location - put wait 86 # in to give twistd some leaway 87 i=0 88 while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 89 sleep 1; 90 let "i++"; 91 done 92 93 mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid 94 76 95 touch /var/lock/subsys/${serviceName} 77 success $" ${serviceName}startup"96 success $"startup" 78 97 else 79 failure $" ${serviceName}startup"98 failure $"startup" 80 99 fi 81 100 … … 91 110 pid= 92 111 if [ -f /var/run/${serviceName}.pid ]; then 93 94 95 96 97 112 local line p 113 read line < /var/run/${serviceName}.pid 114 for p in $line ; do 115 [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 116 done 98 117 fi 99 118 100 119 if [ -z "$pid" ]; then 101 failure $" ${serviceName} stop - no process found from PID file"120 failure $"stop - no process found from PID file: " 102 121 return 103 122 fi … … 105 124 # Kill it. 106 125 if [ -n "${pid:-}" ] ; then 107 108 126 [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} " 127 109 128 if checkpid $pid 2>&1; then 110 129 # TERM first, then KILL if not dead … … 116 135 kill -KILL $pid 117 136 usleep 100000 118 137 fi 119 138 checkpid $pid 120 139 RC=$? 121 [ "$RC" -eq 0 ] && failure $"${serviceName} shutdown" || \ 122 success $"${serviceName} shutdown" 140 [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown" 123 141 RC=$((! $RC)) 124 142 fi 125 143 else 126 failure $" ${serviceName}shutdown"144 failure $"shutdown" 127 145 RC=1 128 146 fi … … 154 172 return 155 173 fi 156 else157 echo $"No pid file $pidFilePath found"158 return159 174 fi 160 175 161 176 # look for pid in listing 162 177 local pidFound= 163 for i in `pidof -o $$ -o $PPID -o %PPID -x " python"`; do164 178 for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do 179 [[ $i = $pid ]] && pidFound=Yes && break; 165 180 done 166 181 … … 168 183 echo $"$prog (pid $pid) is running..." 169 184 return 170 185 171 186 elif [ -f /var/lock/subsys/${serviceName} ]; then 172 187 echo $"$prog dead but subsys locked and pid file $pidFilePath exists" … … 186 201 ;; 187 202 status) 188 # Use status defined in functions file189 203 status 190 204 ;; -
TI12-security/trunk/python/share/ndg-sm
r1300 r2181 15 15 # description: NERC Data Grid Security Session Manager Web Service 16 16 # 17 18 # Edit these variables as required 17 # $Id:$ 18 19 # Source function library. 20 . /etc/rc.d/init.d/functions 21 22 # Edit "user", "prefixDir", "srvSubDir" and "tacFilePath" variables as 23 # required 19 24 user="globus" 20 ndgSetupFilePath="/usr/local/NDG/ndgSetup.sh" 25 26 # Set path to Twisted 'tac' file 27 prefixDir=$(dirname $(dirname $(type -p python))) 28 if [ ! -d ${prefixDir} ]; then 29 failure $"Path to python root not found" 30 exit 1 31 fi 32 33 srvSubDir=lib/site-packages/ndg/security/server/SessionMgr 34 tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac 35 if [ ! -f ${tacFilePath} ]; then 36 failure $"Path to tac file not found" 37 exit 1 38 fi 39 40 serviceName=${0##*/} 41 42 # Write PID file to /tmp initially as uid of twistd process may not have 43 # write permission on /var/run. Move file from /tmp to /var/run as root - 44 # see below ... 45 pidFilePath=/tmp/${serviceName}.pid 21 46 22 47 # Command line args e.g. set alternative port number or configuration file 23 48 # path. Note security consideration that these args will appear in a ps 24 49 # process listing 25 args=-wn 26 27 # Source function library. 28 . /etc/rc.d/init.d/functions 29 30 serviceName=${0##*/} 31 prog=SessionMgrServer.py 50 prog=/usr/local/NDG/bin/twistd 51 args="-u ${user} --syslog --prefix=${serviceName} --pidfile=${pidFilePath} \ 52 -oy ${tacFilePath}" 53 cmd="${prog} ${args}" 54 32 55 RETVAL=0 33 56 … … 36 59 { 37 60 echo -n "Starting ${serviceName}: " 38 39 # Source NDG Environment 40 if [ -f ${ndgSetupFilePath} ]; then 41 . ${ndgSetupFilePath} 42 else 43 failure $"Set-up of NDG environment" 44 return 45 fi 46 47 cmd="${NDG_DIR}/bin/${prog} ${args}" 48 61 49 62 # See if it's already running. Look *only* at the pid file. 50 63 local pid= … … 67 80 68 81 # And start it up. 69 initlog $INITLOG_ARGS -c " su - ${user} -c \"${cmd}\""82 initlog $INITLOG_ARGS -c "${cmd}" 70 83 RETVAL=$? 71 72 if [ $RETVAL = 0 ]; then 73 # Get the process ID 74 pid=(`ps --no-headers -u ${user} -o pid,cmd --sort=-pid|grep "$prog"`) 75 echo ${pid} > /var/run/${serviceName}.pid 84 if [ $RETVAL = 0 ]; then 85 # Use root privilege to move pid file to correct location - put wait 86 # in to give twistd some leaway 87 i=0 88 while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 89 sleep 1; 90 let "i++"; 91 done 92 93 mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid 94 76 95 touch /var/lock/subsys/${serviceName} 77 success $" ${serviceName}startup"96 success $"startup" 78 97 else 79 failure $" ${serviceName}startup"98 failure $"startup" 80 99 fi 81 100 … … 91 110 pid= 92 111 if [ -f /var/run/${serviceName}.pid ]; then 93 94 95 96 97 112 local line p 113 read line < /var/run/${serviceName}.pid 114 for p in $line ; do 115 [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 116 done 98 117 fi 99 118 100 119 if [ -z "$pid" ]; then 101 failure $" ${serviceName} stop - no process found from PID file"120 failure $"stop - no process found from PID file: " 102 121 return 103 122 fi … … 105 124 # Kill it. 106 125 if [ -n "${pid:-}" ] ; then 107 108 126 [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} " 127 109 128 if checkpid $pid 2>&1; then 110 129 # TERM first, then KILL if not dead … … 119 138 checkpid $pid 120 139 RC=$? 121 [ "$RC" -eq 0 ] && failure $"${serviceName} shutdown" || \ 122 success $"${serviceName} shutdown" 140 [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown" 123 141 RC=$((! $RC)) 124 142 fi 125 143 else 126 failure $" ${serviceName}shutdown"144 failure $"shutdown" 127 145 RC=1 128 146 fi … … 154 172 return 155 173 fi 156 else157 echo $"No pid file $pidFilePath found"158 return159 174 fi 160 175 161 176 # look for pid in listing 162 177 local pidFound= 163 for i in `pidof -o $$ -o $PPID -o %PPID -x " python"`; do164 178 for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do 179 [[ $i = $pid ]] && pidFound=Yes && break; 165 180 done 166 181 … … 168 183 echo $"$prog (pid $pid) is running..." 169 184 return 170 185 171 186 elif [ -f /var/lock/subsys/${serviceName} ]; then 172 187 echo $"$prog dead but subsys locked and pid file $pidFilePath exists" … … 186 201 ;; 187 202 status) 188 # Use status defined in functions file189 203 status 190 204 ;;
Note: See TracChangeset
for help on using the changeset viewer.