From: kupcevic@sourceware.org <kupcevic@sourceware.org>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] conga luci/init.d/luci ricci/init.d/ricci
Date: 16 Aug 2006 02:57:53 -0000 [thread overview]
Message-ID: <20060816025753.7588.qmail@sourceware.org> (raw)
CVSROOT: /cvs/cluster
Module name: conga
Changes by: kupcevic at sourceware.org 2006-08-16 02:57:53
Modified files:
luci/init.d : luci
ricci/init.d : ricci
Log message:
Generate SSL keys in init scripts
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/init.d/luci.diff?cvsroot=cluster&r1=1.6&r2=1.7
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/init.d/ricci.diff?cvsroot=cluster&r1=1.7&r2=1.8
--- conga/luci/init.d/luci 2006/07/17 20:56:46 1.6
+++ conga/luci/init.d/luci 2006/08/16 02:57:52 1.7
@@ -62,6 +62,7 @@
generate_https_certs()
{
+ rm -f $HTTPS_PRIVKEY $HTTPS_PUBKEY
echo -n "generating https SSL certificates... "
/usr/bin/openssl genrsa -out $HTTPS_PRIVKEY 2048 > /dev/null 2>&1
/usr/bin/openssl req -new -x509 -key $HTTPS_PRIVKEY -out $HTTPS_PUBKEY -days 1095 -config /var/lib/luci/var/certs/cacert.config
@@ -213,7 +214,7 @@
;;
*)
- echo $"Usage: $0 {start|stop|reload|restart|status}"
+ echo "Usage: $0 {start|stop|status|restart|condrestart|reload}"
rtrn=1
;;
--- conga/ricci/init.d/ricci 2006/07/05 19:20:14 1.7
+++ conga/ricci/init.d/ricci 2006/08/16 02:57:52 1.8
@@ -26,6 +26,9 @@
LOCKFILE="/var/lock/subsys/ricci"
RUNASUSER="ricci"
+SSL_PUBKEY="/var/lib/ricci/certs/cacert.pem"
+SSL_PRIVKEY="/var/lib/ricci/certs/privkey.pem"
+
#
# Only root wants to run this...
#
@@ -37,6 +40,33 @@
[ "${NETWORKING}" = "yes" ] || exit 0
+
+
+ssl_certs_ok()
+{
+ if [ ! -e $SSL_PRIVKEY ] ; then
+ return 1
+ fi
+ if [ ! -e $SSL_PUBKEY ] ; then
+ return 2
+ fi
+ return 0
+}
+
+generate_ssl_certs()
+{
+ rm -f $SSL_PUBKEY $SSL_PRIVKEY
+ echo -n "generating SSL certificates... "
+ /usr/bin/openssl genrsa -out $SSL_PRIVKEY 2048 > /dev/null 2>&1
+ /usr/bin/openssl req -new -x509 -key $SSL_PRIVKEY -out $SSL_PUBKEY -days 1095 -config /var/lib/ricci/certs/cacert.config
+ /bin/chown $RUNASUSER:$RUNASUSER $SSL_PRIVKEY $SSL_PUBKEY
+ /bin/chmod 644 $SSL_PUBKEY
+ /bin/chmod 600 $SSL_PRIVKEY
+ echo "done"
+ return $?
+}
+
+
case $1 in
start)
service messagebus status > /dev/null 2>&1
@@ -60,6 +90,11 @@
fi
fi
+ ssl_certs_ok
+ if [ "1$?" != "10" ] ; then
+ generate_ssl_certs
+ fi
+
NewUID=`cat /etc/passwd | grep "^$RUNASUSER:" | sed -e 's/^[^:]*:[^:]*://' -e 's/:.*//'`
echo -n $"Starting $ID: "
daemon $RICCID -u $NewUID
@@ -112,7 +147,7 @@
;;
*)
- echo $"Usage: $0 {start|stop|reload|restart|status}"
+ echo "Usage: $0 {start|stop|status|restart|condrestart|reload}"
rtrn=1
;;
reply other threads:[~2006-08-16 2:57 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060816025753.7588.qmail@sourceware.org \
--to=kupcevic@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).