Changeset 2181


Ignore:
Timestamp:
19/02/07 14:20:01 (12 years ago)
Author:
pjkersha
Message:

Updates to SysV init scripts for use with Twisted

python/ndgSetup.sh:

  • Removed NDG_*_PROT_NUM environment variables - port number is now set in the respective

properties files for the services.

  • Added NDGSEC_*_PROPFILEPATH environment variables used to override default

$NDG_DIR/conf location for properties files.

python/share/ndg-aa, python/share/ndg-sm, python/share/ndg-ca, python/share/ndg-log and
python/share/ndg-gk:
SysV init scripts for the respective security services. At this stage, only ndg-aa, the
Attribute Authority script has been tested. The others merely contain a copy of ndg-aa
with the relevant variable settings altered in each case.

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:
Include full path for import of AttAuthorityService?.

python/ndg.security.server/ndg/security/server/AttAuthority/init.py:
Correction to readProperties missingKeys actually refers to invalidKeys.

python/ndg.security.server/ndg/security/server/AttAuthority/start-container.sh:
Altered so that it tries to pick up the installed path under site-packages/ for the
tac file server-config.tac.

python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml:
cosmetic correction to indent.

python/bin/AttAuthorityServer.py, python/bin/LogServer.py, python/bin/SessionMgrServer.py,
python/bin/GatekeeperServer.py and python/bin/SimpleCAServer.py:
NDG Alpha and post-Alpha scripts to start security web services. These are based on use
of python's native HTTP server code and so are redundant for the new Twisted based code.

Location:
TI12-security/trunk/python
Files:
5 deleted
12 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/__init__.py

    r2178 r2181  
    584584        # Copy properties from file into a dictionary 
    585585        self.__prop = {} 
    586         missingKeys = [] 
     586        invalidKeys = [] 
    587587        try: 
    588588            for elem in aaProp: 
     
    595595                        self.__prop[elem.tag] = elem.text 
    596596                else: 
    597                     missingKeys.append(elem.tag) 
     597                    invalidKeys.append(elem.tag) 
    598598                 
    599599        except Exception, e: 
     
    602602                (elem.tag, self.__propFilePath, e) 
    603603  
    604         if missingKeys != []: 
    605             raise AttAuthorityError, "The following properties are " + \ 
    606                                      "missing from the properties file: " + \ 
    607                                      ', '.join(missingKeys) 
     604        if invalidKeys != []: 
     605            raise AttAuthorityError, "The following properties file " + \ 
     606                                     "elements are invalid: " + \ 
     607                                     ', '.join(invalidKeys) 
    608608  
    609609        # Ensure Certificate time parameters are converted to numeric type 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac

    r2178 r2181  
    2121from twisted.web.resource import Resource 
    2222 
    23 from AttAuthority_services_server import AttAuthorityService 
     23from ndg.security.server.AttAuthority.AttAuthority_services_server import \ 
     24        AttAuthorityService 
    2425 
    2526from ndg.security.server.AttAuthority import AttAuthority, \ 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/start-container.sh

    r2058 r2181  
    1515EXEC=twistd  
    1616OPTIONS="--pidfile=twistd-$$.pid -noy" 
    17 CONFIG=server-config.tac 
     17 
     18prefixDir=$(dirname $(dirname $(type -p python))) 
     19srvSubDir=lib/site-packages/ndg/security/server/AttAuthority 
     20 
     21if [ ! -d ${prefixDir} ]; then 
     22        echo "Path to tac file not found" 
     23        exit 1; 
     24fi 
     25 
     26installPath=${HOME}/Development/security/python/ndg.security.server/ndg/security/server/AttAuthority 
     27#installPath=${pythonPrefixDir}/${srvSubDir} 
     28if [ -d ${installPath} ]; then 
     29        CONFIG=${installPath}/server-config.tac 
     30else 
     31        CONFIG=./server-config.tac 
     32fi 
    1833 
    1934set - ${EXEC} ${OPTIONS} ${CONFIG} "$@" 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml

    r2136 r2181  
    2828        security services.  - Use minus sign for time in the past 
    2929        --> 
    30         <attCertNotBeforeOff>0</attCertNotBeforeOff> 
     30    <attCertNotBeforeOff>0</attCertNotBeforeOff> 
    3131    <!-- Location of role mapping file --> 
    3232    <mapConfigFile></mapConfigFile> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml

    r2170 r2181  
    1717    <clntCertFile></clntCertFile>     
    1818    <attCertLifetime>28800</attCertLifetime> 
    19         <attCertNotBeforeOff>0</attCertNotBeforeOff> 
     19    <attCertNotBeforeOff>0</attCertNotBeforeOff> 
    2020    <attCertFilePfx>ac-</attCertFilePfx> 
    2121    <attCertFileSfx>.xml</attCertFileSfx> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml

    r2170 r2181  
    1717    <clntCertFile></clntCertFile>     
    1818    <attCertLifetime>28800</attCertLifetime> 
    19         <attCertNotBeforeOff>0</attCertNotBeforeOff> 
     19    <attCertNotBeforeOff>0</attCertNotBeforeOff> 
    2020    <attCertFilePfx>ac-</attCertFilePfx> 
    2121    <attCertFileSfx>.xml</attCertFileSfx> 
  • TI12-security/trunk/python/ndgSetup.sh

    r2145 r2181  
    4343 
    4444 
    45 # Override default port number settings for web services 
    46 #export NDG_AA_PORT_NUM=5001 
    47 #export NDG_SM_PORT_NUM= 
    48 #export NDG_CA_PORT_NUM= 
    49 #export NDG_LOG_PORT_NUM= 
    50 #export NDG_GK_PORT_NUM= 
     45# Override default locations for properties files. 
     46# 
     47# e.g. default Attribute Authority location is  
     48# $NDG_DIR/conf/attAuthorityProperties.xml 
     49# 
     50# Session Manager: 
     51# $NDG_DIR/conf/sessionMgrProperties.xml 
     52# 
     53# Certificate Authority: 
     54# $NDG_DIR/conf/simpleCAProperties.xml 
     55# 
     56#export NDGSEC_AA_PROPFILEPATH= 
     57#export NDGSEC_SM_PROPFILEPATH= 
     58#export NDGSEC_CA_PROPFILEPATH= 
    5159 
    5260 
  • TI12-security/trunk/python/share/ndg-aa

    r1300 r2181  
    1515# description: NERC Data Grid Security Attribute Authority Web Service 
    1616# 
    17  
    18 # Edit these variables as required 
     17# $Id:$ 
     18 
     19# Source function library. 
     20. /etc/rc.d/init.d/functions 
     21 
     22# Edit "user", "prefixDir", "srvSubDir" and "tacFilePath" variables as  
     23# required 
    1924user="globus" 
    20 ndgSetupFilePath="/usr/local/NDG/ndgSetup.sh" 
     25 
     26# Set path to Twisted 'tac' file 
     27prefixDir=$(dirname $(dirname $(type -p python))) 
     28if [ ! -d ${prefixDir} ]; then 
     29        failure $"Path to python root not found" 
     30        exit 1 
     31fi 
     32 
     33srvSubDir=lib/site-packages/ndg/security/server/AttAuthority 
     34tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac 
     35if [ ! -f ${tacFilePath} ]; then 
     36        failure $"Path to tac file not found" 
     37        exit 1 
     38fi 
     39 
     40serviceName=${0##*/} 
     41 
     42# Write PID file to /tmp initially as uid of twistd process may not have 
     43# write permission on /var/run.  Move file from /tmp to /var/run as root -  
     44# see below ... 
     45pidFilePath=/tmp/${serviceName}.pid 
    2146 
    2247# Command line args e.g. set alternative port number or configuration file 
    2348# path.  Note security consideration that these args will appear in a ps  
    2449# process listing 
    25 args= 
    26  
    27 # Source function library. 
    28 . /etc/rc.d/init.d/functions 
    29  
    30 serviceName=${0##*/} 
    31 prog=AttAuthorityServer.py 
     50prog=/usr/local/NDG/bin/twistd 
     51args="-u ${user} --syslog --prefix=${serviceName} --pidfile=${pidFilePath} \ 
     52-oy ${tacFilePath}" 
     53cmd="${prog} ${args}" 
     54 
    3255RETVAL=0 
    3356 
     
    3558start() 
    3659{ 
    37      echo -n "Starting ${serviceName}: " 
    38  
    39      # Source NDG Environment 
    40      if [ -f ${ndgSetupFilePath} ]; then 
    41            . ${ndgSetupFilePath} 
    42      else 
    43           failure $"Set-up of NDG environment"  
    44           return 
    45      fi 
    46       
    47      cmd="${NDG_DIR}/bin/${prog} ${args}" 
    48       
     60    echo -n "Starting ${serviceName}: " 
     61    
    4962    # See if it's already running. Look *only* at the pid file. 
    5063    local pid= 
    51      if [ -f /var/run/${serviceName}.pid ]; then 
    52           local line p 
    53           read line < /var/run/${serviceName}.pid 
    54           for p in $line ; do 
    55                [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 
    56           done 
    57      fi 
    58  
    59      [ -n "${pid:-}" ] && return 
    60  
    61      # Make sure it doesn't core dump anywhere; while this could mask 
    62      # problems with the daemon, it also closes some security problems 
    63      ulimit -S -c 0 >/dev/null 2>&1 
    64  
    65      # Echo daemon 
     64    if [ -f /var/run/${serviceName}.pid ]; then 
     65        local line p 
     66        read line < /var/run/${serviceName}.pid 
     67        for p in $line ; do 
     68            [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 
     69        done 
     70    fi 
     71 
     72    [ -n "${pid:-}" ] && return 
     73 
     74    # Make sure it doesn't core dump anywhere; while this could mask 
     75    # problems with the daemon, it also closes some security problems 
     76    ulimit -S -c 0 >/dev/null 2>&1 
     77 
     78    # Echo daemon 
    6679    [ "${BOOTUP:-}" = "verbose" -a -z "$LSB" ] && echo -n " ${serviceName}" 
    6780 
    68      # And start it up. 
    69      initlog $INITLOG_ARGS -c "su - ${user} -c \"${cmd}\"" 
     81    # And start it up. 
     82    initlog $INITLOG_ARGS -c "${cmd}"  
    7083    RETVAL=$? 
    71      
    72     if [ $RETVAL = 0 ]; then 
    73           # Get the process ID 
    74           pid=(`ps --no-headers -u ${user} -o pid,cmd --sort=-pid|grep "$prog"`) 
    75           echo ${pid} > /var/run/${serviceName}.pid 
    76          touch /var/lock/subsys/${serviceName}           
    77           success $"${serviceName} startup" 
    78      else 
    79           failure $"${serviceName} startup" 
    80      fi 
    81       
     84    if [ $RETVAL = 0 ]; then     
     85            # Use root privilege to move pid file to correct location - put wait  
     86            # in to give twistd some leaway 
     87            i=0 
     88            while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do  
     89                sleep 1;  
     90                let "i++";  
     91                done 
     92                 
     93                mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid 
     94         
     95        touch /var/lock/subsys/${serviceName}         
     96        success $"startup" 
     97    else 
     98        failure $"startup" 
     99    fi 
     100     
    82101    echo 
    83102} 
     
    86105stop() 
    87106{ 
    88      echo -n "Shutting down ${serviceName}: " 
    89       
     107    echo -n "Shutting down ${serviceName}: " 
     108     
    90109    # Find pid 
    91      pid= 
    92      if [ -f /var/run/${serviceName}.pid ]; then 
    93           local line p 
    94           read line < /var/run/${serviceName}.pid 
    95           for p in $line ; do 
    96                [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 
    97           done 
    98      fi 
    99  
    100      if [ -z "$pid" ]; then 
    101           failure $"${serviceName} stop - no process found from PID file" 
    102           return 
    103      fi 
     110    pid= 
     111    if [ -f /var/run/${serviceName}.pid ]; then 
     112       local line p 
     113       read line < /var/run/${serviceName}.pid 
     114       for p in $line ; do 
     115           [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 
     116       done 
     117    fi 
     118 
     119    if [ -z "$pid" ]; then 
     120        failure $"stop - no process found from PID file: " 
     121        return 
     122    fi 
    104123 
    105124    # Kill it. 
    106125    if [ -n "${pid:-}" ] ; then 
    107         [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} " 
    108              
    109           if checkpid $pid 2>&1; then 
    110                # TERM first, then KILL if not dead 
    111                kill -TERM $pid 
    112                usleep 100000 
    113                if checkpid $pid && sleep 1 && 
    114                   checkpid $pid && sleep 3 && 
    115                   checkpid $pid ; then 
    116                     kill -KILL $pid 
    117                     usleep 100000 
    118                   fi 
    119                checkpid $pid 
    120                RC=$? 
    121                [ "$RC" -eq 0 ] && failure $"${serviceName} shutdown" || \ 
    122                     success $"${serviceName} shutdown" 
    123                RC=$((! $RC)) 
    124           fi      
    125      else 
    126          failure $"${serviceName} shutdown" 
    127          RC=1 
    128      fi 
     126       [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} " 
     127           
     128        if checkpid $pid 2>&1; then 
     129            # TERM first, then KILL if not dead 
     130            kill -TERM $pid 
     131            usleep 100000 
     132            if checkpid $pid && sleep 1 && 
     133               checkpid $pid && sleep 3 && 
     134               checkpid $pid ; then 
     135                kill -KILL $pid 
     136                usleep 100000 
     137            fi 
     138            checkpid $pid 
     139            RC=$? 
     140            [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown" 
     141            RC=$((! $RC)) 
     142        fi     
     143    else 
     144        failure $"shutdown" 
     145        RC=1 
     146    fi 
    129147 
    130148    # Remove pid file if any. 
    131      rm -f /var/run/${serviceName}.pid 
    132  
    133      echo 
     149    rm -f /var/run/${serviceName}.pid 
     150 
     151    echo 
    134152} 
    135153 
     
    137155restart() 
    138156{ 
    139      stop 
    140      start 
     157    stop 
     158    start 
    141159} 
    142160 
     
    144162status() 
    145163{ 
    146      local pid= 
    147      local pidFilePath=/var/run/${serviceName}.pid 
    148       
    149      # Get pid from "/var/run/*.pid" file 
    150      if [ -f $pidFilePath ] ; then 
     164    local pid= 
     165    local pidFilePath=/var/run/${serviceName}.pid 
     166     
     167    # Get pid from "/var/run/*.pid" file 
     168    if [ -f $pidFilePath ] ; then 
    151169        read pid < $pidFilePath 
    152170        if [ -z "$pid" ]; then 
     
    154172            return 
    155173        fi 
    156     else 
    157          echo $"No pid file $pidFilePath found" 
    158          return 
    159      fi 
    160  
    161      # look for pid in listing 
    162      local pidFound= 
    163      for i in `pidof -o $$ -o $PPID -o %PPID -x "python"`; do 
    164            [[ $i = $pid ]] && pidFound=Yes && break; 
    165      done 
    166       
    167      if [ -n "$pidFound" ]; then 
     174    fi 
     175 
     176    # look for pid in listing 
     177    local pidFound= 
     178    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do 
     179        [[ $i = $pid ]] && pidFound=Yes && break; 
     180    done 
     181     
     182    if [ -n "$pidFound" ]; then 
    168183        echo $"$prog (pid $pid) is running..." 
    169184        return 
    170          
     185        
    171186    elif [ -f /var/lock/subsys/${serviceName} ]; then 
    172           echo $"$prog dead but subsys locked and pid file $pidFilePath exists" 
    173           return 
     187        echo $"$prog dead but subsys locked and pid file $pidFilePath exists" 
     188        return 
    174189    else 
    175190        echo $"$prog dead but pid file $pidFilePath exists"    
    176      fi 
     191    fi 
    177192} 
    178193 
    179194 
    180195case "$1" in 
    181      start) 
    182           start 
    183      ;; 
    184      stop) 
    185           stop 
    186      ;; 
    187      status) 
    188           # Use status defined in functions file 
    189           status 
    190      ;; 
    191      restart) 
    192           restart ${serviceName} 
    193      ;; 
     196    start) 
     197        start 
     198    ;; 
     199    stop) 
     200        stop 
     201    ;; 
     202    status) 
     203        status 
     204    ;; 
     205    restart) 
     206        restart ${serviceName} 
     207    ;; 
    194208    condrestart) 
    195      if [ -f /var/run/${serviceName}.pid ] ; then 
    196           stop 
    197           start 
    198      fi 
    199      ;; 
    200      *) 
    201           echo \ 
    202           "Usage: ${serviceName} {start|stop|restart|condrestart|status}" 
    203           exit 1 
    204      ;; 
     209    if [ -f /var/run/${serviceName}.pid ] ; then 
     210        stop 
     211        start 
     212    fi 
     213    ;; 
     214    *) 
     215        echo \ 
     216        "Usage: ${serviceName} {start|stop|restart|condrestart|status}" 
     217        exit 1 
     218    ;; 
    205219esac 
  • TI12-security/trunk/python/share/ndg-ca

    r1300 r2181  
    11#!/bin/bash 
    22# 
    3 # SysV init script for NDG Simple CA Web Service 
     3# SysV init script for NDG Security Certificate Authority 
    44# 
    55# P J Kershaw 
     
    1313# 
    1414# chkconfig: 2345 99 01 
    15 # description: NERC Data Grid Simple CA Web Service 
    16 # 
    17  
    18 # Edit these variables as required 
     15# description: NERC Data Grid Security Certificate Authority Web Service 
     16# 
     17# $Id:$ 
     18 
     19# Source function library. 
     20. /etc/rc.d/init.d/functions 
     21 
     22# Edit "user", "prefixDir", "srvSubDir" and "tacFilePath" variables as  
     23# required 
    1924user="globus" 
    20 ndgSetupFilePath="/usr/local/NDG/ndgSetup.sh" 
    21 configFilePath= 
    22  
    23 # Command line args e.g. set alternative port number or properties file 
     25 
     26# Set path to Twisted 'tac' file 
     27prefixDir=$(dirname $(dirname $(type -p python))) 
     28if [ ! -d ${prefixDir} ]; then 
     29        failure $"Path to python root not found" 
     30        exit 1 
     31fi 
     32 
     33srvSubDir=lib/site-packages/ndg/security/server/ca 
     34tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac 
     35if [ ! -f ${tacFilePath} ]; then 
     36        failure $"Path to tac file not found" 
     37        exit 1 
     38fi 
     39 
     40serviceName=${0##*/} 
     41 
     42# Write PID file to /tmp initially as uid of twistd process may not have 
     43# write permission on /var/run.  Move file from /tmp to /var/run as root -  
     44# see below ... 
     45pidFilePath=/tmp/${serviceName}.pid 
     46 
     47# Command line args e.g. set alternative port number or configuration file 
    2448# path.  Note security consideration that these args will appear in a ps  
    2549# process listing 
    26 args=-s 
    27  
    28 # Source function library. 
    29 . /etc/rc.d/init.d/functions 
    30  
    31 serviceName=${0##*/} 
    32 prog=SimpleCAServer.py 
     50prog=/usr/local/NDG/bin/twistd 
     51args="-u ${user} --syslog --prefix=${serviceName} --pidfile=${pidFilePath} \ 
     52-oy ${tacFilePath}" 
     53cmd="${prog} ${args}" 
     54 
    3355RETVAL=0 
    3456 
     
    3759{ 
    3860    echo -n "Starting ${serviceName}: " 
    39  
    40     # Source NDG Environment 
    41     if [ -f ${ndgSetupFilePath} ]; then 
    42          . ${ndgSetupFilePath} 
    43     else 
    44         failure $"Set-up of NDG environment"  
    45         return 
    46     fi 
    47      
    48     cmd="cat ${configFilePath} | ${NDG_DIR}/bin/${prog} ${args}" 
    49  
    50      
     61    
    5162    # See if it's already running. Look *only* at the pid file. 
    5263    local pid= 
     
    6980 
    7081    # And start it up. 
    71     initlog $INITLOG_ARGS -c "su -s /bin/bash - ${user} -c \"${cmd}\"" 
     82    initlog $INITLOG_ARGS -c "${cmd}"  
    7283    RETVAL=$? 
    73      
    74     if [ $RETVAL = 0 ]; then 
    75         # Get the process ID 
    76         pid=(`ps --no-headers -u ${user} -o pid,cmd --sort=-pid|grep "$prog"`) 
    77         echo ${pid} > /var/run/${serviceName}.pid 
     84    if [ $RETVAL = 0 ]; then     
     85            # Use root privilege to move pid file to correct location - put wait  
     86            # in to give twistd some leaway 
     87            i=0 
     88            while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do  
     89                sleep 1;  
     90                let "i++";  
     91                done 
     92                 
     93                mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid 
     94         
    7895        touch /var/lock/subsys/${serviceName}         
    79         success $"${serviceName} startup" 
     96        success $"startup" 
    8097    else 
    81         failure $"${serviceName} startup" 
     98        failure $"startup" 
    8299    fi 
    83100     
     
    93110    pid= 
    94111    if [ -f /var/run/${serviceName}.pid ]; then 
    95         local line p 
    96         read line < /var/run/${serviceName}.pid 
    97         for p in $line ; do 
    98             [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 
    99         done 
     112       local line p 
     113       read line < /var/run/${serviceName}.pid 
     114       for p in $line ; do 
     115           [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 
     116       done 
    100117    fi 
    101118 
    102119    if [ -z "$pid" ]; then 
    103         failure $"${serviceName} stop - no process found from PID file" 
     120        failure $"stop - no process found from PID file: " 
    104121        return 
    105122    fi 
     
    107124    # Kill it. 
    108125    if [ -n "${pid:-}" ] ; then 
    109         [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} " 
    110              
     126       [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} " 
     127           
    111128        if checkpid $pid 2>&1; then 
    112129            # TERM first, then KILL if not dead 
     
    118135                kill -KILL $pid 
    119136                usleep 100000 
    120                fi 
     137            fi 
    121138            checkpid $pid 
    122139            RC=$? 
    123             [ "$RC" -eq 0 ] && failure $"${serviceName} shutdown" || \ 
    124                 success $"${serviceName} shutdown" 
     140            [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown" 
    125141            RC=$((! $RC)) 
    126142        fi     
    127143    else 
    128         failure $"${serviceName} shutdown" 
     144        failure $"shutdown" 
    129145        RC=1 
    130146    fi 
     
    156172            return 
    157173        fi 
    158     else 
    159         echo $"No pid file $pidFilePath found" 
    160         return 
    161174    fi 
    162175 
    163176    # look for pid in listing 
    164177    local pidFound= 
    165     for i in `pidof -o $$ -o $PPID -o %PPID -x "python"`; do 
    166          [[ $i = $pid ]] && pidFound=Yes && break; 
     178    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do 
     179        [[ $i = $pid ]] && pidFound=Yes && break; 
    167180    done 
    168181     
     
    170183        echo $"$prog (pid $pid) is running..." 
    171184        return 
    172          
     185        
    173186    elif [ -f /var/lock/subsys/${serviceName} ]; then 
    174187        echo $"$prog dead but subsys locked and pid file $pidFilePath exists" 
     
    188201    ;; 
    189202    status) 
    190         # Use status defined in functions file 
    191203        status 
    192204    ;; 
  • TI12-security/trunk/python/share/ndg-gk

    r1300 r2181  
    11#!/bin/bash 
    22# 
    3 # SysV init script for NDG Security Gate Keeper Web Service 
     3# SysV init script for NDG Security Gatekeeper 
    44# 
    55# P J Kershaw 
     
    1313# 
    1414# chkconfig: 2345 99 01 
    15 # description: NERC Data Grid Security Gate Keeper Web Service 
    16 # 
    17  
    18 # Edit these variables as required 
     15# description: NERC Data Grid Security Gatekeeper Web Service 
     16# 
     17# $Id:$ 
     18 
     19# Source function library. 
     20. /etc/rc.d/init.d/functions 
     21 
     22# Edit "user", "prefixDir", "srvSubDir" and "tacFilePath" variables as  
     23# required 
    1924user="globus" 
    20 ndgSetupFilePath="/usr/local/NDG/ndgSetup.sh" 
     25 
     26# Set path to Twisted 'tac' file 
     27prefixDir=$(dirname $(dirname $(type -p python))) 
     28if [ ! -d ${prefixDir} ]; then 
     29        failure $"Path to python root not found" 
     30        exit 1 
     31fi 
     32 
     33srvSubDir=lib/site-packages/ndg/security/server/Gatekeeper 
     34tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac 
     35if [ ! -f ${tacFilePath} ]; then 
     36        failure $"Path to tac file not found" 
     37        exit 1 
     38fi 
     39 
     40serviceName=${0##*/} 
     41 
     42# Write PID file to /tmp initially as uid of twistd process may not have 
     43# write permission on /var/run.  Move file from /tmp to /var/run as root -  
     44# see below ... 
     45pidFilePath=/tmp/${serviceName}.pid 
    2146 
    2247# Command line args e.g. set alternative port number or configuration file 
    2348# path.  Note security consideration that these args will appear in a ps  
    2449# process listing 
    25 args= 
    26  
    27 # Source function library. 
    28 . /etc/rc.d/init.d/functions 
    29  
    30 serviceName=${0##*/} 
    31 prog=GatekeeperServer.py 
     50prog=/usr/local/NDG/bin/twistd 
     51args="-u ${user} --syslog --prefix=${serviceName} --pidfile=${pidFilePath} \ 
     52-oy ${tacFilePath}" 
     53cmd="${prog} ${args}" 
     54 
    3255RETVAL=0 
    3356 
     
    3659{ 
    3760    echo -n "Starting ${serviceName}: " 
    38  
    39     # Source NDG Environment 
    40     if [ -f ${ndgSetupFilePath} ]; then 
    41          . ${ndgSetupFilePath} 
    42     else 
    43         failure $"Set-up of NDG environment"  
    44         return 
    45     fi 
    46      
    47     cmd="${NDG_DIR}/bin/${prog} ${args}" 
    48      
     61    
    4962    # See if it's already running. Look *only* at the pid file. 
    5063    local pid= 
     
    6780 
    6881    # And start it up. 
    69     initlog $INITLOG_ARGS -c "su - ${user} -c \"${cmd}\"" 
     82    initlog $INITLOG_ARGS -c "${cmd}"  
    7083    RETVAL=$? 
    71      
    72     if [ $RETVAL = 0 ]; then 
    73         # Get the process ID 
    74         pid=(`ps --no-headers -u ${user} -o pid,cmd --sort=-pid|grep "$prog"`) 
    75         echo ${pid} > /var/run/${serviceName}.pid 
     84    if [ $RETVAL = 0 ]; then     
     85            # Use root privilege to move pid file to correct location - put wait  
     86            # in to give twistd some leaway 
     87            i=0 
     88            while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do  
     89                sleep 1;  
     90                let "i++";  
     91                done 
     92                 
     93                mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid 
     94         
    7695        touch /var/lock/subsys/${serviceName}         
    77         success $"${serviceName} startup" 
     96        success $"startup" 
    7897    else 
    79         failure $"${serviceName} startup" 
     98        failure $"startup" 
    8099    fi 
    81100     
     
    91110    pid= 
    92111    if [ -f /var/run/${serviceName}.pid ]; then 
    93         local line p 
    94         read line < /var/run/${serviceName}.pid 
    95         for p in $line ; do 
    96             [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 
    97         done 
     112       local line p 
     113       read line < /var/run/${serviceName}.pid 
     114       for p in $line ; do 
     115           [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 
     116       done 
    98117    fi 
    99118 
    100119    if [ -z "$pid" ]; then 
    101         failure $"${serviceName} stop - no process found from PID file" 
     120        failure $"stop - no process found from PID file: " 
    102121        return 
    103122    fi 
     
    105124    # Kill it. 
    106125    if [ -n "${pid:-}" ] ; then 
    107         [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} " 
    108              
     126       [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} " 
     127           
    109128        if checkpid $pid 2>&1; then 
    110129            # TERM first, then KILL if not dead 
     
    116135                kill -KILL $pid 
    117136                usleep 100000 
    118                fi 
     137            fi 
    119138            checkpid $pid 
    120139            RC=$? 
    121             [ "$RC" -eq 0 ] && failure $"${serviceName} shutdown" || \ 
    122                 success $"${serviceName} shutdown" 
     140            [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown" 
    123141            RC=$((! $RC)) 
    124142        fi     
    125143    else 
    126         failure $"${serviceName} shutdown" 
     144        failure $"shutdown" 
    127145        RC=1 
    128146    fi 
     
    154172            return 
    155173        fi 
    156     else 
    157         echo $"No pid file $pidFilePath found" 
    158         return 
    159174    fi 
    160175 
    161176    # look for pid in listing 
    162177    local pidFound= 
    163     for i in `pidof -o $$ -o $PPID -o %PPID -x "python"`; do 
    164          [[ $i = $pid ]] && pidFound=Yes && break; 
     178    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do 
     179        [[ $i = $pid ]] && pidFound=Yes && break; 
    165180    done 
    166181     
     
    168183        echo $"$prog (pid $pid) is running..." 
    169184        return 
    170          
     185        
    171186    elif [ -f /var/lock/subsys/${serviceName} ]; then 
    172187        echo $"$prog dead but subsys locked and pid file $pidFilePath exists" 
     
    186201    ;; 
    187202    status) 
    188         # Use status defined in functions file 
    189203        status 
    190204    ;; 
  • TI12-security/trunk/python/share/ndg-log

    r1300 r2181  
    11#!/bin/bash 
    22# 
    3 # SysV init script for NDG Security Logging Service 
     3# SysV init script for NDG Security Log Service 
    44# 
    55# P J Kershaw 
     
    1313# 
    1414# chkconfig: 2345 99 01 
    15 # description: NERC Data Grid Security Logging Web Service 
    16 # 
    17  
    18 # Edit these variables as required 
     15# description: NERC Data Grid Security Log Web Service 
     16# 
     17# $Id:$ 
     18 
     19# Source function library. 
     20. /etc/rc.d/init.d/functions 
     21 
     22# Edit "user", "prefixDir", "srvSubDir" and "tacFilePath" variables as  
     23# required 
    1924user="globus" 
    20 ndgSetupFilePath="/usr/local/NDG/ndgSetup.sh" 
    21  
    22 # Command line args e.g. set alternative port number or log file 
     25 
     26# Set path to Twisted 'tac' file 
     27prefixDir=$(dirname $(dirname $(type -p python))) 
     28if [ ! -d ${prefixDir} ]; then 
     29        failure $"Path to python root not found" 
     30        exit 1 
     31fi 
     32 
     33srvSubDir=lib/site-packages/ndg/security/server/Log 
     34tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac 
     35if [ ! -f ${tacFilePath} ]; then 
     36        failure $"Path to tac file not found" 
     37        exit 1 
     38fi 
     39 
     40serviceName=${0##*/} 
     41 
     42# Write PID file to /tmp initially as uid of twistd process may not have 
     43# write permission on /var/run.  Move file from /tmp to /var/run as root -  
     44# see below ... 
     45pidFilePath=/tmp/${serviceName}.pid 
     46 
     47# Command line args e.g. set alternative port number or configuration file 
    2348# path.  Note security consideration that these args will appear in a ps  
    2449# process listing 
    25 args= 
    26  
    27 # Source function library. 
    28 . /etc/rc.d/init.d/functions 
    29  
    30 serviceName=${0##*/} 
    31 prog=LogServer.py 
     50prog=/usr/local/NDG/bin/twistd 
     51args="-u ${user} --syslog --prefix=${serviceName} --pidfile=${pidFilePath} \ 
     52-oy ${tacFilePath}" 
     53cmd="${prog} ${args}" 
     54 
    3255RETVAL=0 
    3356 
     
    3659{ 
    3760    echo -n "Starting ${serviceName}: " 
    38  
    39     # Source NDG Environment 
    40     if [ -f ${ndgSetupFilePath} ]; then 
    41          . ${ndgSetupFilePath} 
    42     else 
    43         failure $"Set-up of NDG environment"  
    44         return 
    45     fi 
    46      
    47     cmd="${NDG_DIR}/bin/${prog} ${args}" 
    48      
     61    
    4962    # See if it's already running. Look *only* at the pid file. 
    5063    local pid= 
     
    6780 
    6881    # And start it up. 
    69     initlog $INITLOG_ARGS -c "su - ${user} -c \"${cmd}\"" 
     82    initlog $INITLOG_ARGS -c "${cmd}"  
    7083    RETVAL=$? 
    71      
    72     if [ $RETVAL = 0 ]; then 
    73         # Get the process ID 
    74         pid=(`ps --no-headers -u ${user} -o pid,cmd --sort=-pid|grep "$prog"`) 
    75         echo ${pid} > /var/run/${serviceName}.pid 
     84    if [ $RETVAL = 0 ]; then     
     85            # Use root privilege to move pid file to correct location - put wait  
     86            # in to give twistd some leaway 
     87            i=0 
     88            while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do  
     89                sleep 1;  
     90                let "i++";  
     91                done 
     92                 
     93                mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid 
     94         
    7695        touch /var/lock/subsys/${serviceName}         
    77         success $"${serviceName} startup" 
     96        success $"startup" 
    7897    else 
    79         failure $"${serviceName} startup" 
     98        failure $"startup" 
    8099    fi 
    81100     
     
    91110    pid= 
    92111    if [ -f /var/run/${serviceName}.pid ]; then 
    93         local line p 
    94         read line < /var/run/${serviceName}.pid 
    95         for p in $line ; do 
    96             [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 
    97         done 
     112       local line p 
     113       read line < /var/run/${serviceName}.pid 
     114       for p in $line ; do 
     115           [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 
     116       done 
    98117    fi 
    99118 
    100119    if [ -z "$pid" ]; then 
    101         failure $"${serviceName} stop - no process found from PID file" 
     120        failure $"stop - no process found from PID file: " 
    102121        return 
    103122    fi 
     
    105124    # Kill it. 
    106125    if [ -n "${pid:-}" ] ; then 
    107         [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} " 
    108              
     126       [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} " 
     127           
    109128        if checkpid $pid 2>&1; then 
    110129            # TERM first, then KILL if not dead 
     
    116135                kill -KILL $pid 
    117136                usleep 100000 
    118                fi 
     137            fi 
    119138            checkpid $pid 
    120139            RC=$? 
    121             [ "$RC" -eq 0 ] && failure $"${serviceName} shutdown" || \ 
    122                 success $"${serviceName} shutdown" 
     140            [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown" 
    123141            RC=$((! $RC)) 
    124142        fi     
    125143    else 
    126         failure $"${serviceName} shutdown" 
     144        failure $"shutdown" 
    127145        RC=1 
    128146    fi 
     
    154172            return 
    155173        fi 
    156     else 
    157         echo $"No pid file $pidFilePath found" 
    158         return 
    159174    fi 
    160175 
    161176    # look for pid in listing 
    162177    local pidFound= 
    163     for i in `pidof -o $$ -o $PPID -o %PPID -x "python"`; do 
    164          [[ $i = $pid ]] && pidFound=Yes && break; 
     178    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do 
     179        [[ $i = $pid ]] && pidFound=Yes && break; 
    165180    done 
    166181     
     
    168183        echo $"$prog (pid $pid) is running..." 
    169184        return 
    170          
     185        
    171186    elif [ -f /var/lock/subsys/${serviceName} ]; then 
    172187        echo $"$prog dead but subsys locked and pid file $pidFilePath exists" 
     
    186201    ;; 
    187202    status) 
    188         # Use status defined in functions file 
    189203        status 
    190204    ;; 
  • TI12-security/trunk/python/share/ndg-sm

    r1300 r2181  
    1515# description: NERC Data Grid Security Session Manager Web Service 
    1616# 
    17  
    18 # Edit these variables as required 
     17# $Id:$ 
     18 
     19# Source function library. 
     20. /etc/rc.d/init.d/functions 
     21 
     22# Edit "user", "prefixDir", "srvSubDir" and "tacFilePath" variables as  
     23# required 
    1924user="globus" 
    20 ndgSetupFilePath="/usr/local/NDG/ndgSetup.sh" 
     25 
     26# Set path to Twisted 'tac' file 
     27prefixDir=$(dirname $(dirname $(type -p python))) 
     28if [ ! -d ${prefixDir} ]; then 
     29        failure $"Path to python root not found" 
     30        exit 1 
     31fi 
     32 
     33srvSubDir=lib/site-packages/ndg/security/server/SessionMgr 
     34tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac 
     35if [ ! -f ${tacFilePath} ]; then 
     36        failure $"Path to tac file not found" 
     37        exit 1 
     38fi 
     39 
     40serviceName=${0##*/} 
     41 
     42# Write PID file to /tmp initially as uid of twistd process may not have 
     43# write permission on /var/run.  Move file from /tmp to /var/run as root -  
     44# see below ... 
     45pidFilePath=/tmp/${serviceName}.pid 
    2146 
    2247# Command line args e.g. set alternative port number or configuration file 
    2348# path.  Note security consideration that these args will appear in a ps  
    2449# process listing 
    25 args=-wn 
    26  
    27 # Source function library. 
    28 . /etc/rc.d/init.d/functions 
    29  
    30 serviceName=${0##*/} 
    31 prog=SessionMgrServer.py 
     50prog=/usr/local/NDG/bin/twistd 
     51args="-u ${user} --syslog --prefix=${serviceName} --pidfile=${pidFilePath} \ 
     52-oy ${tacFilePath}" 
     53cmd="${prog} ${args}" 
     54 
    3255RETVAL=0 
    3356 
     
    3659{ 
    3760    echo -n "Starting ${serviceName}: " 
    38  
    39     # Source NDG Environment 
    40     if [ -f ${ndgSetupFilePath} ]; then 
    41          . ${ndgSetupFilePath} 
    42     else 
    43         failure $"Set-up of NDG environment"  
    44         return 
    45     fi 
    46      
    47     cmd="${NDG_DIR}/bin/${prog} ${args}" 
    48      
     61    
    4962    # See if it's already running. Look *only* at the pid file. 
    5063    local pid= 
     
    6780 
    6881    # And start it up. 
    69     initlog $INITLOG_ARGS -c "su - ${user} -c \"${cmd}\"" 
     82    initlog $INITLOG_ARGS -c "${cmd}"  
    7083    RETVAL=$? 
    71      
    72     if [ $RETVAL = 0 ]; then 
    73         # Get the process ID 
    74         pid=(`ps --no-headers -u ${user} -o pid,cmd --sort=-pid|grep "$prog"`) 
    75         echo ${pid} > /var/run/${serviceName}.pid 
     84    if [ $RETVAL = 0 ]; then     
     85            # Use root privilege to move pid file to correct location - put wait  
     86            # in to give twistd some leaway 
     87            i=0 
     88            while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do  
     89                sleep 1;  
     90                let "i++";  
     91                done 
     92                 
     93                mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid 
     94         
    7695        touch /var/lock/subsys/${serviceName}         
    77         success $"${serviceName} startup" 
     96        success $"startup" 
    7897    else 
    79         failure $"${serviceName} startup" 
     98        failure $"startup" 
    8099    fi 
    81100     
     
    91110    pid= 
    92111    if [ -f /var/run/${serviceName}.pid ]; then 
    93         local line p 
    94         read line < /var/run/${serviceName}.pid 
    95         for p in $line ; do 
    96             [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 
    97         done 
     112       local line p 
     113       read line < /var/run/${serviceName}.pid 
     114       for p in $line ; do 
     115           [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p" 
     116       done 
    98117    fi 
    99118 
    100119    if [ -z "$pid" ]; then 
    101         failure $"${serviceName} stop - no process found from PID file" 
     120        failure $"stop - no process found from PID file: " 
    102121        return 
    103122    fi 
     
    105124    # Kill it. 
    106125    if [ -n "${pid:-}" ] ; then 
    107         [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} " 
    108              
     126       [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} " 
     127           
    109128        if checkpid $pid 2>&1; then 
    110129            # TERM first, then KILL if not dead 
     
    119138            checkpid $pid 
    120139            RC=$? 
    121             [ "$RC" -eq 0 ] && failure $"${serviceName} shutdown" || \ 
    122                 success $"${serviceName} shutdown" 
     140            [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown" 
    123141            RC=$((! $RC)) 
    124142        fi     
    125143    else 
    126         failure $"${serviceName} shutdown" 
     144        failure $"shutdown" 
    127145        RC=1 
    128146    fi 
     
    154172            return 
    155173        fi 
    156     else 
    157         echo $"No pid file $pidFilePath found" 
    158         return 
    159174    fi 
    160175 
    161176    # look for pid in listing 
    162177    local pidFound= 
    163     for i in `pidof -o $$ -o $PPID -o %PPID -x "python"`; do 
    164          [[ $i = $pid ]] && pidFound=Yes && break; 
     178    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do 
     179        [[ $i = $pid ]] && pidFound=Yes && break; 
    165180    done 
    166181     
     
    168183        echo $"$prog (pid $pid) is running..." 
    169184        return 
    170          
     185        
    171186    elif [ -f /var/lock/subsys/${serviceName} ]; then 
    172187        echo $"$prog dead but subsys locked and pid file $pidFilePath exists" 
     
    186201    ;; 
    187202    status) 
    188         # Use status defined in functions file 
    189203        status 
    190204    ;; 
Note: See TracChangeset for help on using the changeset viewer.