Changeset 2181

Timestamp:

19/02/07 14:20:01 (15 years ago)

Author:

pjkersha

Message:

Updates to SysV init scripts for use with Twisted

python/ndgSetup.sh:

• Removed NDG_*_PROT_NUM environment variables - port number is now set in the respective

properties files for the services.

• Added NDGSEC_*_PROPFILEPATH environment variables used to override default

$NDG_DIR/conf location for properties files.

python/share/ndg-aa, python/share/ndg-sm, python/share/ndg-ca, python/share/ndg-log and
python/share/ndg-gk:
SysV init scripts for the respective security services. At this stage, only ndg-aa, the
Attribute Authority script has been tested. The others merely contain a copy of ndg-aa
with the relevant variable settings altered in each case.

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:
Include full path for import of AttAuthorityService?.

python/ndg.security.server/ndg/security/server/AttAuthority/init.py:
Correction to readProperties missingKeys actually refers to invalidKeys.

python/ndg.security.server/ndg/security/server/AttAuthority/start-container.sh:
Altered so that it tries to pick up the installed path under site-packages/ for the
tac file server-config.tac.

python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml:
cosmetic correction to indent.

python/bin/AttAuthorityServer.py, python/bin/LogServer.py, python/bin/SessionMgrServer.py,
python/bin/GatekeeperServer.py and python/bin/SimpleCAServer.py:
NDG Alpha and post-Alpha scripts to start security web services. These are based on use
of python's native HTTP server code and so are redundant for the new Twisted based code.

Location:

TI12-security/trunk/python

Files:

• bin/AttAuthorityServer.py (deleted)
• bin/GatekeeperServer.py (deleted)
• bin/LogServer.py (deleted)
• bin/SessionMgrServer.py (deleted)
• bin/SimpleCAServer.py (deleted)
• ndg.security.server/ndg/security/server/AttAuthority/__init__.py (modified) (3 diffs)
• ndg.security.server/ndg/security/server/AttAuthority/server-config.tac (modified) (1 diff)
• ndg.security.server/ndg/security/server/AttAuthority/start-container.sh (modified) (1 diff)
• ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml (modified) (1 diff)
• ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml (modified) (1 diff)
• ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml (modified) (1 diff)
• ndgSetup.sh (modified) (1 diff)
• share/ndg-aa (modified) (6 diffs)
• share/ndg-ca (modified) (10 diffs)
• share/ndg-gk (modified) (10 diffs)
• share/ndg-log (modified) (10 diffs)
• share/ndg-sm (modified) (9 diffs)

TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/__init__.py

@@ -584 +584 @@
         # Copy properties from file into a dictionary
         self.__prop = {}
-        missingKeys = []
+        invalidKeys = []
         try:
             for elem in aaProp:
@@ -595 +595 @@
                         self.__prop[elem.tag] = elem.text
                 else:
-                    missingKeys.append(elem.tag)
+                    invalidKeys.append(elem.tag)
                 
         except Exception, e:
@@ -602 +602 @@
                 (elem.tag, self.__propFilePath, e)
  
-        if missingKeys != []:
-            raise AttAuthorityError, "The following properties are " + \
-                                     "missing from the properties file: " + \
-                                     ', '.join(missingKeys)
+        if invalidKeys != []:
+            raise AttAuthorityError, "The following properties file " + \
+                                     "elements are invalid: " + \
+                                     ', '.join(invalidKeys)
  
         # Ensure Certificate time parameters are converted to numeric type

TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac

@@ -21 +21 @@
 from twisted.web.resource import Resource
 
-from AttAuthority_services_server import AttAuthorityService
+from ndg.security.server.AttAuthority.AttAuthority_services_server import \
+        AttAuthorityService
 
 from ndg.security.server.AttAuthority import AttAuthority, \

TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/start-container.sh

@@ -15 +15 @@
 EXEC=twistd 
 OPTIONS="--pidfile=twistd-$$.pid -noy"
-CONFIG=server-config.tac
+
+prefixDir=$(dirname $(dirname $(type -p python)))
+srvSubDir=lib/site-packages/ndg/security/server/AttAuthority
+
+if [ ! -d ${prefixDir} ]; then
+        echo "Path to tac file not found"
+        exit 1;
+fi
+
+installPath=${HOME}/Development/security/python/ndg.security.server/ndg/security/server/AttAuthority
+#installPath=${pythonPrefixDir}/${srvSubDir}
+if [ -d ${installPath} ]; then
+        CONFIG=${installPath}/server-config.tac
+else
+        CONFIG=./server-config.tac
+fi
 
 set - ${EXEC} ${OPTIONS} ${CONFIG} "$@"

TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml

@@ -28 +28 @@
         security services.  - Use minus sign for time in the past
         -->
-        <attCertNotBeforeOff>0</attCertNotBeforeOff>
+    <attCertNotBeforeOff>0</attCertNotBeforeOff>
     <!-- Location of role mapping file -->
     <mapConfigFile></mapConfigFile>

TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml

@@ -17 +17 @@
     <clntCertFile></clntCertFile>    
     <attCertLifetime>28800</attCertLifetime>
-        <attCertNotBeforeOff>0</attCertNotBeforeOff>
+    <attCertNotBeforeOff>0</attCertNotBeforeOff>
     <attCertFilePfx>ac-</attCertFilePfx>
     <attCertFileSfx>.xml</attCertFileSfx>

TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml

@@ -17 +17 @@
     <clntCertFile></clntCertFile>    
     <attCertLifetime>28800</attCertLifetime>
-        <attCertNotBeforeOff>0</attCertNotBeforeOff>
+    <attCertNotBeforeOff>0</attCertNotBeforeOff>
     <attCertFilePfx>ac-</attCertFilePfx>
     <attCertFileSfx>.xml</attCertFileSfx>

TI12-security/trunk/python/ndgSetup.sh

@@ -43 +43 @@
 
 
-# Override default port number settings for web services
-#export NDG_AA_PORT_NUM=5001
-#export NDG_SM_PORT_NUM=
-#export NDG_CA_PORT_NUM=
-#export NDG_LOG_PORT_NUM=
-#export NDG_GK_PORT_NUM=
+# Override default locations for properties files.
+#
+# e.g. default Attribute Authority location is 
+# $NDG_DIR/conf/attAuthorityProperties.xml
+#
+# Session Manager:
+# $NDG_DIR/conf/sessionMgrProperties.xml
+#
+# Certificate Authority:
+# $NDG_DIR/conf/simpleCAProperties.xml
+#
+#export NDGSEC_AA_PROPFILEPATH=
+#export NDGSEC_SM_PROPFILEPATH=
+#export NDGSEC_CA_PROPFILEPATH=
 
 

TI12-security/trunk/python/share/ndg-aa

@@ -15 +15 @@
 # description: NERC Data Grid Security Attribute Authority Web Service
 #
-
-# Edit these variables as required
+# $Id:$
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Edit "user", "prefixDir", "srvSubDir" and "tacFilePath" variables as 
+# required
 user="globus"
-ndgSetupFilePath="/usr/local/NDG/ndgSetup.sh"
+
+# Set path to Twisted 'tac' file
+prefixDir=$(dirname $(dirname $(type -p python)))
+if [ ! -d ${prefixDir} ]; then
+        failure $"Path to python root not found"
+        exit 1
+fi
+
+srvSubDir=lib/site-packages/ndg/security/server/AttAuthority
+tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac
+if [ ! -f ${tacFilePath} ]; then
+        failure $"Path to tac file not found"
+        exit 1
+fi
+
+serviceName=${0##*/}
+
+# Write PID file to /tmp initially as uid of twistd process may not have
+# write permission on /var/run.  Move file from /tmp to /var/run as root - 
+# see below ...
+pidFilePath=/tmp/${serviceName}.pid
 
 # Command line args e.g. set alternative port number or configuration file
 # path.  Note security consideration that these args will appear in a ps 
 # process listing
-args=
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-serviceName=${0##*/}
-prog=AttAuthorityServer.py
+prog=/usr/local/NDG/bin/twistd
+args="-u ${user} --syslog --prefix=${serviceName} --pidfile=${pidFilePath} \
+-oy ${tacFilePath}"
+cmd="${prog} ${args}"
+
 RETVAL=0
 
@@ -35 +58 @@
 start()
 {
-     echo -n "Starting ${serviceName}: "
-
-     # Source NDG Environment
-     if [ -f ${ndgSetupFilePath} ]; then
-           . ${ndgSetupFilePath}
-     else
-          failure $"Set-up of NDG environment" 
-          return
-     fi
-     
-     cmd="${NDG_DIR}/bin/${prog} ${args}"
-     
+    echo -n "Starting ${serviceName}: "
+   
     # See if it's already running. Look *only* at the pid file.
     local pid=
-     if [ -f /var/run/${serviceName}.pid ]; then
-          local line p
-          read line < /var/run/${serviceName}.pid
-          for p in $line ; do
-               [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
-          done
-     fi
-
-     [ -n "${pid:-}" ] && return
-
-     # Make sure it doesn't core dump anywhere; while this could mask
-     # problems with the daemon, it also closes some security problems
-     ulimit -S -c 0 >/dev/null 2>&1
-
-     # Echo daemon
+    if [ -f /var/run/${serviceName}.pid ]; then
+        local line p
+        read line < /var/run/${serviceName}.pid
+        for p in $line ; do
+            [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
+        done
+    fi
+
+    [ -n "${pid:-}" ] && return
+
+    # Make sure it doesn't core dump anywhere; while this could mask
+    # problems with the daemon, it also closes some security problems
+    ulimit -S -c 0 >/dev/null 2>&1
+
+    # Echo daemon
     [ "${BOOTUP:-}" = "verbose" -a -z "$LSB" ] && echo -n " ${serviceName}"
 
-     # And start it up.
-     initlog $INITLOG_ARGS -c "su - ${user} -c \"${cmd}\""
+    # And start it up.
+    initlog $INITLOG_ARGS -c "${cmd}" 
     RETVAL=$?
-    
-    if [ $RETVAL = 0 ]; then
-          # Get the process ID
-          pid=(`ps --no-headers -u ${user} -o pid,cmd --sort=-pid|grep "$prog"`)
-          echo ${pid} > /var/run/${serviceName}.pid
-         touch /var/lock/subsys/${serviceName}          
-          success $"${serviceName} startup"
-     else
-          failure $"${serviceName} startup"
-     fi
-     
+    if [ $RETVAL = 0 ]; then    
+            # Use root privilege to move pid file to correct location - put wait 
+            # in to give twistd some leaway
+            i=0
+            while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 
+                sleep 1; 
+                let "i++"; 
+                done
+                
+                mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
+        
+        touch /var/lock/subsys/${serviceName}        
+        success $"startup"
+    else
+        failure $"startup"
+    fi
+    
     echo
 }
@@ -86 +105 @@
 stop()
 {
-     echo -n "Shutting down ${serviceName}: "
-     
+    echo -n "Shutting down ${serviceName}: "
+    
     # Find pid
-     pid=
-     if [ -f /var/run/${serviceName}.pid ]; then
-          local line p
-          read line < /var/run/${serviceName}.pid
-          for p in $line ; do
-               [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
-          done
-     fi
-
-     if [ -z "$pid" ]; then
-          failure $"${serviceName} stop - no process found from PID file"
-          return
-     fi
+    pid=
+    if [ -f /var/run/${serviceName}.pid ]; then
+       local line p
+       read line < /var/run/${serviceName}.pid
+       for p in $line ; do
+           [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
+       done
+    fi
+
+    if [ -z "$pid" ]; then
+        failure $"stop - no process found from PID file: "
+        return
+    fi
 
     # Kill it.
     if [ -n "${pid:-}" ] ; then
-        [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} "
-            
-          if checkpid $pid 2>&1; then
-               # TERM first, then KILL if not dead
-               kill -TERM $pid
-               usleep 100000
-               if checkpid $pid && sleep 1 &&
-                  checkpid $pid && sleep 3 &&
-                  checkpid $pid ; then
-                    kill -KILL $pid
-                    usleep 100000
-                  fi
-               checkpid $pid
-               RC=$?
-               [ "$RC" -eq 0 ] && failure $"${serviceName} shutdown" || \
-                    success $"${serviceName} shutdown"
-               RC=$((! $RC))
-          fi     
-     else
-         failure $"${serviceName} shutdown"
-         RC=1
-     fi
+       [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} "
+          
+        if checkpid $pid 2>&1; then
+            # TERM first, then KILL if not dead
+            kill -TERM $pid
+            usleep 100000
+            if checkpid $pid && sleep 1 &&
+               checkpid $pid && sleep 3 &&
+               checkpid $pid ; then
+                kill -KILL $pid
+                usleep 100000
+            fi
+            checkpid $pid
+            RC=$?
+            [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown"
+            RC=$((! $RC))
+        fi    
+    else
+        failure $"shutdown"
+        RC=1
+    fi
 
     # Remove pid file if any.
-     rm -f /var/run/${serviceName}.pid
-
-     echo
+    rm -f /var/run/${serviceName}.pid
+
+    echo
 }
 
@@ -137 +155 @@
 restart()
 {
-     stop
-     start
+    stop
+    start
 }
 
@@ -144 +162 @@
 status()
 {
-     local pid=
-     local pidFilePath=/var/run/${serviceName}.pid
-     
-     # Get pid from "/var/run/*.pid" file
-     if [ -f $pidFilePath ] ; then
+    local pid=
+    local pidFilePath=/var/run/${serviceName}.pid
+    
+    # Get pid from "/var/run/*.pid" file
+    if [ -f $pidFilePath ] ; then
         read pid < $pidFilePath
         if [ -z "$pid" ]; then
@@ -154 +172 @@
             return
         fi
-    else
-         echo $"No pid file $pidFilePath found"
-         return
-     fi
-
-     # look for pid in listing
-     local pidFound=
-     for i in `pidof -o $$ -o $PPID -o %PPID -x "python"`; do
-           [[ $i = $pid ]] && pidFound=Yes && break;
-     done
-     
-     if [ -n "$pidFound" ]; then
+    fi
+
+    # look for pid in listing
+    local pidFound=
+    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do
+        [[ $i = $pid ]] && pidFound=Yes && break;
+    done
+    
+    if [ -n "$pidFound" ]; then
         echo $"$prog (pid $pid) is running..."
         return
-        
+       
     elif [ -f /var/lock/subsys/${serviceName} ]; then
-          echo $"$prog dead but subsys locked and pid file $pidFilePath exists"
-          return
+        echo $"$prog dead but subsys locked and pid file $pidFilePath exists"
+        return
     else
         echo $"$prog dead but pid file $pidFilePath exists"   
-     fi
+    fi
 }
 
 
 case "$1" in
-     start)
-          start
-     ;;
-     stop)
-          stop
-     ;;
-     status)
-          # Use status defined in functions file
-          status
-     ;;
-     restart)
-          restart ${serviceName}
-     ;;
+    start)
+        start
+    ;;
+    stop)
+        stop
+    ;;
+    status)
+        status
+    ;;
+    restart)
+        restart ${serviceName}
+    ;;
     condrestart)
-     if [ -f /var/run/${serviceName}.pid ] ; then
-          stop
-          start
-     fi
-     ;;
-     *)
-          echo \
-          "Usage: ${serviceName} {start|stop|restart|condrestart|status}"
-          exit 1
-     ;;
+    if [ -f /var/run/${serviceName}.pid ] ; then
+        stop
+        start
+    fi
+    ;;
+    *)
+        echo \
+        "Usage: ${serviceName} {start|stop|restart|condrestart|status}"
+        exit 1
+    ;;
 esac

TI12-security/trunk/python/share/ndg-ca

@@ -1 +1 @@
 #!/bin/bash
 #
-# SysV init script for NDG Simple CA Web Service
+# SysV init script for NDG Security Certificate Authority
 #
 # P J Kershaw
@@ -13 +13 @@
 #
 # chkconfig: 2345 99 01
-# description: NERC Data Grid Simple CA Web Service
-#
-
-# Edit these variables as required
+# description: NERC Data Grid Security Certificate Authority Web Service
+#
+# $Id:$
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Edit "user", "prefixDir", "srvSubDir" and "tacFilePath" variables as 
+# required
 user="globus"
-ndgSetupFilePath="/usr/local/NDG/ndgSetup.sh"
-configFilePath=
-
-# Command line args e.g. set alternative port number or properties file
+
+# Set path to Twisted 'tac' file
+prefixDir=$(dirname $(dirname $(type -p python)))
+if [ ! -d ${prefixDir} ]; then
+        failure $"Path to python root not found"
+        exit 1
+fi
+
+srvSubDir=lib/site-packages/ndg/security/server/ca
+tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac
+if [ ! -f ${tacFilePath} ]; then
+        failure $"Path to tac file not found"
+        exit 1
+fi
+
+serviceName=${0##*/}
+
+# Write PID file to /tmp initially as uid of twistd process may not have
+# write permission on /var/run.  Move file from /tmp to /var/run as root - 
+# see below ...
+pidFilePath=/tmp/${serviceName}.pid
+
+# Command line args e.g. set alternative port number or configuration file
 # path.  Note security consideration that these args will appear in a ps 
 # process listing
-args=-s
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-serviceName=${0##*/}
-prog=SimpleCAServer.py
+prog=/usr/local/NDG/bin/twistd
+args="-u ${user} --syslog --prefix=${serviceName} --pidfile=${pidFilePath} \
+-oy ${tacFilePath}"
+cmd="${prog} ${args}"
+
 RETVAL=0
 
@@ -37 +59 @@
 {
     echo -n "Starting ${serviceName}: "
-
-    # Source NDG Environment
-    if [ -f ${ndgSetupFilePath} ]; then
-         . ${ndgSetupFilePath}
-    else
-        failure $"Set-up of NDG environment" 
-        return
-    fi
-    
-    cmd="cat ${configFilePath} | ${NDG_DIR}/bin/${prog} ${args}"
-
-    
+   
     # See if it's already running. Look *only* at the pid file.
     local pid=
@@ -69 +80 @@
 
     # And start it up.
-    initlog $INITLOG_ARGS -c "su -s /bin/bash - ${user} -c \"${cmd}\""
+    initlog $INITLOG_ARGS -c "${cmd}" 
     RETVAL=$?
-    
-    if [ $RETVAL = 0 ]; then
-        # Get the process ID
-        pid=(`ps --no-headers -u ${user} -o pid,cmd --sort=-pid|grep "$prog"`)
-        echo ${pid} > /var/run/${serviceName}.pid
+    if [ $RETVAL = 0 ]; then    
+            # Use root privilege to move pid file to correct location - put wait 
+            # in to give twistd some leaway
+            i=0
+            while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 
+                sleep 1; 
+                let "i++"; 
+                done
+                
+                mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
+        
         touch /var/lock/subsys/${serviceName}        
-        success $"${serviceName} startup"
+        success $"startup"
     else
-        failure $"${serviceName} startup"
+        failure $"startup"
     fi
     
@@ -93 +110 @@
     pid=
     if [ -f /var/run/${serviceName}.pid ]; then
-        local line p
-        read line < /var/run/${serviceName}.pid
-        for p in $line ; do
-            [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
-        done
+       local line p
+       read line < /var/run/${serviceName}.pid
+       for p in $line ; do
+           [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
+       done
     fi
 
     if [ -z "$pid" ]; then
-        failure $"${serviceName} stop - no process found from PID file"
+        failure $"stop - no process found from PID file: "
         return
     fi
@@ -107 +124 @@
     # Kill it.
     if [ -n "${pid:-}" ] ; then
-        [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} "
-            
+       [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} "
+          
         if checkpid $pid 2>&1; then
             # TERM first, then KILL if not dead
@@ -118 +135 @@
                 kill -KILL $pid
                 usleep 100000
-               fi
+            fi
             checkpid $pid
             RC=$?
-            [ "$RC" -eq 0 ] && failure $"${serviceName} shutdown" || \
-                success $"${serviceName} shutdown"
+            [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown"
             RC=$((! $RC))
         fi    
     else
-        failure $"${serviceName} shutdown"
+        failure $"shutdown"
         RC=1
     fi
@@ -156 +172 @@
             return
         fi
-    else
-        echo $"No pid file $pidFilePath found"
-        return
     fi
 
     # look for pid in listing
     local pidFound=
-    for i in `pidof -o $$ -o $PPID -o %PPID -x "python"`; do
-         [[ $i = $pid ]] && pidFound=Yes && break;
+    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do
+        [[ $i = $pid ]] && pidFound=Yes && break;
     done
     
@@ -170 +183 @@
         echo $"$prog (pid $pid) is running..."
         return
-        
+       
     elif [ -f /var/lock/subsys/${serviceName} ]; then
         echo $"$prog dead but subsys locked and pid file $pidFilePath exists"
@@ -188 +201 @@
     ;;
     status)
-        # Use status defined in functions file
         status
     ;;

TI12-security/trunk/python/share/ndg-gk

@@ -1 +1 @@
 #!/bin/bash
 #
-# SysV init script for NDG Security Gate Keeper Web Service
+# SysV init script for NDG Security Gatekeeper
 #
 # P J Kershaw
@@ -13 +13 @@
 #
 # chkconfig: 2345 99 01
-# description: NERC Data Grid Security Gate Keeper Web Service
-#
-
-# Edit these variables as required
+# description: NERC Data Grid Security Gatekeeper Web Service
+#
+# $Id:$
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Edit "user", "prefixDir", "srvSubDir" and "tacFilePath" variables as 
+# required
 user="globus"
-ndgSetupFilePath="/usr/local/NDG/ndgSetup.sh"
+
+# Set path to Twisted 'tac' file
+prefixDir=$(dirname $(dirname $(type -p python)))
+if [ ! -d ${prefixDir} ]; then
+        failure $"Path to python root not found"
+        exit 1
+fi
+
+srvSubDir=lib/site-packages/ndg/security/server/Gatekeeper
+tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac
+if [ ! -f ${tacFilePath} ]; then
+        failure $"Path to tac file not found"
+        exit 1
+fi
+
+serviceName=${0##*/}
+
+# Write PID file to /tmp initially as uid of twistd process may not have
+# write permission on /var/run.  Move file from /tmp to /var/run as root - 
+# see below ...
+pidFilePath=/tmp/${serviceName}.pid
 
 # Command line args e.g. set alternative port number or configuration file
 # path.  Note security consideration that these args will appear in a ps 
 # process listing
-args=
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-serviceName=${0##*/}
-prog=GatekeeperServer.py
+prog=/usr/local/NDG/bin/twistd
+args="-u ${user} --syslog --prefix=${serviceName} --pidfile=${pidFilePath} \
+-oy ${tacFilePath}"
+cmd="${prog} ${args}"
+
 RETVAL=0
 
@@ -36 +59 @@
 {
     echo -n "Starting ${serviceName}: "
-
-    # Source NDG Environment
-    if [ -f ${ndgSetupFilePath} ]; then
-         . ${ndgSetupFilePath}
-    else
-        failure $"Set-up of NDG environment" 
-        return
-    fi
-    
-    cmd="${NDG_DIR}/bin/${prog} ${args}"
-    
+   
     # See if it's already running. Look *only* at the pid file.
     local pid=
@@ -67 +80 @@
 
     # And start it up.
-    initlog $INITLOG_ARGS -c "su - ${user} -c \"${cmd}\""
+    initlog $INITLOG_ARGS -c "${cmd}" 
     RETVAL=$?
-    
-    if [ $RETVAL = 0 ]; then
-        # Get the process ID
-        pid=(`ps --no-headers -u ${user} -o pid,cmd --sort=-pid|grep "$prog"`)
-        echo ${pid} > /var/run/${serviceName}.pid
+    if [ $RETVAL = 0 ]; then    
+            # Use root privilege to move pid file to correct location - put wait 
+            # in to give twistd some leaway
+            i=0
+            while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 
+                sleep 1; 
+                let "i++"; 
+                done
+                
+                mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
+        
         touch /var/lock/subsys/${serviceName}        
-        success $"${serviceName} startup"
+        success $"startup"
     else
-        failure $"${serviceName} startup"
+        failure $"startup"
     fi
     
@@ -91 +110 @@
     pid=
     if [ -f /var/run/${serviceName}.pid ]; then
-        local line p
-        read line < /var/run/${serviceName}.pid
-        for p in $line ; do
-            [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
-        done
+       local line p
+       read line < /var/run/${serviceName}.pid
+       for p in $line ; do
+           [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
+       done
     fi
 
     if [ -z "$pid" ]; then
-        failure $"${serviceName} stop - no process found from PID file"
+        failure $"stop - no process found from PID file: "
         return
     fi
@@ -105 +124 @@
     # Kill it.
     if [ -n "${pid:-}" ] ; then
-        [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} "
-            
+       [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} "
+          
         if checkpid $pid 2>&1; then
             # TERM first, then KILL if not dead
@@ -116 +135 @@
                 kill -KILL $pid
                 usleep 100000
-               fi
+            fi
             checkpid $pid
             RC=$?
-            [ "$RC" -eq 0 ] && failure $"${serviceName} shutdown" || \
-                success $"${serviceName} shutdown"
+            [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown"
             RC=$((! $RC))
         fi    
     else
-        failure $"${serviceName} shutdown"
+        failure $"shutdown"
         RC=1
     fi
@@ -154 +172 @@
             return
         fi
-    else
-        echo $"No pid file $pidFilePath found"
-        return
     fi
 
     # look for pid in listing
     local pidFound=
-    for i in `pidof -o $$ -o $PPID -o %PPID -x "python"`; do
-         [[ $i = $pid ]] && pidFound=Yes && break;
+    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do
+        [[ $i = $pid ]] && pidFound=Yes && break;
     done
     
@@ -168 +183 @@
         echo $"$prog (pid $pid) is running..."
         return
-        
+       
     elif [ -f /var/lock/subsys/${serviceName} ]; then
         echo $"$prog dead but subsys locked and pid file $pidFilePath exists"
@@ -186 +201 @@
     ;;
     status)
-        # Use status defined in functions file
         status
     ;;

TI12-security/trunk/python/share/ndg-log

@@ -1 +1 @@
 #!/bin/bash
 #
-# SysV init script for NDG Security Logging Service
+# SysV init script for NDG Security Log Service
 #
 # P J Kershaw
@@ -13 +13 @@
 #
 # chkconfig: 2345 99 01
-# description: NERC Data Grid Security Logging Web Service
-#
-
-# Edit these variables as required
+# description: NERC Data Grid Security Log Web Service
+#
+# $Id:$
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Edit "user", "prefixDir", "srvSubDir" and "tacFilePath" variables as 
+# required
 user="globus"
-ndgSetupFilePath="/usr/local/NDG/ndgSetup.sh"
-
-# Command line args e.g. set alternative port number or log file
+
+# Set path to Twisted 'tac' file
+prefixDir=$(dirname $(dirname $(type -p python)))
+if [ ! -d ${prefixDir} ]; then
+        failure $"Path to python root not found"
+        exit 1
+fi
+
+srvSubDir=lib/site-packages/ndg/security/server/Log
+tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac
+if [ ! -f ${tacFilePath} ]; then
+        failure $"Path to tac file not found"
+        exit 1
+fi
+
+serviceName=${0##*/}
+
+# Write PID file to /tmp initially as uid of twistd process may not have
+# write permission on /var/run.  Move file from /tmp to /var/run as root - 
+# see below ...
+pidFilePath=/tmp/${serviceName}.pid
+
+# Command line args e.g. set alternative port number or configuration file
 # path.  Note security consideration that these args will appear in a ps 
 # process listing
-args=
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-serviceName=${0##*/}
-prog=LogServer.py
+prog=/usr/local/NDG/bin/twistd
+args="-u ${user} --syslog --prefix=${serviceName} --pidfile=${pidFilePath} \
+-oy ${tacFilePath}"
+cmd="${prog} ${args}"
+
 RETVAL=0
 
@@ -36 +59 @@
 {
     echo -n "Starting ${serviceName}: "
-
-    # Source NDG Environment
-    if [ -f ${ndgSetupFilePath} ]; then
-         . ${ndgSetupFilePath}
-    else
-        failure $"Set-up of NDG environment" 
-        return
-    fi
-    
-    cmd="${NDG_DIR}/bin/${prog} ${args}"
-    
+   
     # See if it's already running. Look *only* at the pid file.
     local pid=
@@ -67 +80 @@
 
     # And start it up.
-    initlog $INITLOG_ARGS -c "su - ${user} -c \"${cmd}\""
+    initlog $INITLOG_ARGS -c "${cmd}" 
     RETVAL=$?
-    
-    if [ $RETVAL = 0 ]; then
-        # Get the process ID
-        pid=(`ps --no-headers -u ${user} -o pid,cmd --sort=-pid|grep "$prog"`)
-        echo ${pid} > /var/run/${serviceName}.pid
+    if [ $RETVAL = 0 ]; then    
+            # Use root privilege to move pid file to correct location - put wait 
+            # in to give twistd some leaway
+            i=0
+            while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 
+                sleep 1; 
+                let "i++"; 
+                done
+                
+                mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
+        
         touch /var/lock/subsys/${serviceName}        
-        success $"${serviceName} startup"
+        success $"startup"
     else
-        failure $"${serviceName} startup"
+        failure $"startup"
     fi
     
@@ -91 +110 @@
     pid=
     if [ -f /var/run/${serviceName}.pid ]; then
-        local line p
-        read line < /var/run/${serviceName}.pid
-        for p in $line ; do
-            [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
-        done
+       local line p
+       read line < /var/run/${serviceName}.pid
+       for p in $line ; do
+           [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
+       done
     fi
 
     if [ -z "$pid" ]; then
-        failure $"${serviceName} stop - no process found from PID file"
+        failure $"stop - no process found from PID file: "
         return
     fi
@@ -105 +124 @@
     # Kill it.
     if [ -n "${pid:-}" ] ; then
-        [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} "
-            
+       [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} "
+          
         if checkpid $pid 2>&1; then
             # TERM first, then KILL if not dead
@@ -116 +135 @@
                 kill -KILL $pid
                 usleep 100000
-               fi
+            fi
             checkpid $pid
             RC=$?
-            [ "$RC" -eq 0 ] && failure $"${serviceName} shutdown" || \
-                success $"${serviceName} shutdown"
+            [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown"
             RC=$((! $RC))
         fi    
     else
-        failure $"${serviceName} shutdown"
+        failure $"shutdown"
         RC=1
     fi
@@ -154 +172 @@
             return
         fi
-    else
-        echo $"No pid file $pidFilePath found"
-        return
     fi
 
     # look for pid in listing
     local pidFound=
-    for i in `pidof -o $$ -o $PPID -o %PPID -x "python"`; do
-         [[ $i = $pid ]] && pidFound=Yes && break;
+    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do
+        [[ $i = $pid ]] && pidFound=Yes && break;
     done
     
@@ -168 +183 @@
         echo $"$prog (pid $pid) is running..."
         return
-        
+       
     elif [ -f /var/lock/subsys/${serviceName} ]; then
         echo $"$prog dead but subsys locked and pid file $pidFilePath exists"
@@ -186 +201 @@
     ;;
     status)
-        # Use status defined in functions file
         status
     ;;

TI12-security/trunk/python/share/ndg-sm

@@ -15 +15 @@
 # description: NERC Data Grid Security Session Manager Web Service
 #
-
-# Edit these variables as required
+# $Id:$
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Edit "user", "prefixDir", "srvSubDir" and "tacFilePath" variables as 
+# required
 user="globus"
-ndgSetupFilePath="/usr/local/NDG/ndgSetup.sh"
+
+# Set path to Twisted 'tac' file
+prefixDir=$(dirname $(dirname $(type -p python)))
+if [ ! -d ${prefixDir} ]; then
+        failure $"Path to python root not found"
+        exit 1
+fi
+
+srvSubDir=lib/site-packages/ndg/security/server/SessionMgr
+tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac
+if [ ! -f ${tacFilePath} ]; then
+        failure $"Path to tac file not found"
+        exit 1
+fi
+
+serviceName=${0##*/}
+
+# Write PID file to /tmp initially as uid of twistd process may not have
+# write permission on /var/run.  Move file from /tmp to /var/run as root - 
+# see below ...
+pidFilePath=/tmp/${serviceName}.pid
 
 # Command line args e.g. set alternative port number or configuration file
 # path.  Note security consideration that these args will appear in a ps 
 # process listing
-args=-wn
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-serviceName=${0##*/}
-prog=SessionMgrServer.py
+prog=/usr/local/NDG/bin/twistd
+args="-u ${user} --syslog --prefix=${serviceName} --pidfile=${pidFilePath} \
+-oy ${tacFilePath}"
+cmd="${prog} ${args}"
+
 RETVAL=0
 
@@ -36 +59 @@
 {
     echo -n "Starting ${serviceName}: "
-
-    # Source NDG Environment
-    if [ -f ${ndgSetupFilePath} ]; then
-         . ${ndgSetupFilePath}
-    else
-        failure $"Set-up of NDG environment" 
-        return
-    fi
-    
-    cmd="${NDG_DIR}/bin/${prog} ${args}"
-    
+   
     # See if it's already running. Look *only* at the pid file.
     local pid=
@@ -67 +80 @@
 
     # And start it up.
-    initlog $INITLOG_ARGS -c "su - ${user} -c \"${cmd}\""
+    initlog $INITLOG_ARGS -c "${cmd}" 
     RETVAL=$?
-    
-    if [ $RETVAL = 0 ]; then
-        # Get the process ID
-        pid=(`ps --no-headers -u ${user} -o pid,cmd --sort=-pid|grep "$prog"`)
-        echo ${pid} > /var/run/${serviceName}.pid
+    if [ $RETVAL = 0 ]; then    
+            # Use root privilege to move pid file to correct location - put wait 
+            # in to give twistd some leaway
+            i=0
+            while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 
+                sleep 1; 
+                let "i++"; 
+                done
+                
+                mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
+        
         touch /var/lock/subsys/${serviceName}        
-        success $"${serviceName} startup"
+        success $"startup"
     else
-        failure $"${serviceName} startup"
+        failure $"startup"
     fi
     
@@ -91 +110 @@
     pid=
     if [ -f /var/run/${serviceName}.pid ]; then
-        local line p
-        read line < /var/run/${serviceName}.pid
-        for p in $line ; do
-            [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
-        done
+       local line p
+       read line < /var/run/${serviceName}.pid
+       for p in $line ; do
+           [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && pid="$pid $p"
+       done
     fi
 
     if [ -z "$pid" ]; then
-        failure $"${serviceName} stop - no process found from PID file"
+        failure $"stop - no process found from PID file: "
         return
     fi
@@ -105 +124 @@
     # Kill it.
     if [ -n "${pid:-}" ] ; then
-        [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} "
-            
+       [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "${serviceName} "
+          
         if checkpid $pid 2>&1; then
             # TERM first, then KILL if not dead
@@ -119 +138 @@
             checkpid $pid
             RC=$?
-            [ "$RC" -eq 0 ] && failure $"${serviceName} shutdown" || \
-                success $"${serviceName} shutdown"
+            [ "$RC" -eq 0 ] && failure $"shutdown" || success $"shutdown"
             RC=$((! $RC))
         fi    
     else
-        failure $"${serviceName} shutdown"
+        failure $"shutdown"
         RC=1
     fi
@@ -154 +172 @@
             return
         fi
-    else
-        echo $"No pid file $pidFilePath found"
-        return
     fi
 
     # look for pid in listing
     local pidFound=
-    for i in `pidof -o $$ -o $PPID -o %PPID -x "python"`; do
-         [[ $i = $pid ]] && pidFound=Yes && break;
+    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do
+        [[ $i = $pid ]] && pidFound=Yes && break;
     done
     
@@ -168 +183 @@
         echo $"$prog (pid $pid) is running..."
         return
-        
+       
     elif [ -f /var/lock/subsys/${serviceName} ]; then
         echo $"$prog dead but subsys locked and pid file $pidFilePath exists"
@@ -186 +201 @@
     ;;
     status)
-        # Use status defined in functions file
         status
     ;;