From: rmccabe@sourceware.org <rmccabe@sourceware.org>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] conga/luci/init.d luci
Date: 22 May 2007 01:39:51 -0000 [thread overview]
Message-ID: <20070522013951.30487.qmail@sourceware.org> (raw)
CVSROOT: /cvs/cluster
Module name: conga
Branch: EXPERIMENTAL
Changes by: rmccabe at sourceware.org 2007-05-22 01:39:51
Modified files:
luci/init.d : luci
Log message:
Make the init script more robust, and make it log errors for any failures.
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/init.d/luci.diff?cvsroot=cluster&only_with_tag=EXPERIMENTAL&r1=1.16&r2=1.16.2.1
--- conga/luci/init.d/luci 2007/03/15 16:52:36 1.16
+++ conga/luci/init.d/luci 2007/05/22 01:39:51 1.16.2.1
@@ -1,10 +1,9 @@
#!/bin/sh
#
-# Copyright (C) 2005 Red Hat, Inc.
+# Copyright (C) 2005-2007 Red Hat, Inc.
#
-# This program is Free Software. You may modify and/or redistribute it under
-# the terms of the GNU General Public License version 2, or (at your option)
-# any later version.
+# This program is Free Software. You may modify and/or redistribute it under
+# the terms of the GNU General Public License version 2.
#
# description: Starts and stops Red Hat Cluster and Storage Remote \
# Configuration Web Interface (luci)
@@ -23,22 +22,26 @@
PATH=/sbin:/bin:/usr/sbin:/usr/bin
export PATH
-ID="luci"
-LUCID="/var/lib/luci/bin/runzope"
-PIDFILE="/var/lib/luci/var/Z2.pid"
-GLOB_PIDFILE="/var/run/luci.pid"
-GLOB_LOCKFILE="/var/lock/subsys/luci"
+ID='luci'
+LUCID='/var/lib/luci/bin/runzope'
+PIDFILE='/var/lib/luci/var/Z2.pid'
+GLOB_PIDFILE='/var/run/luci.pid'
+GLOB_LOCKFILE='/var/lock/subsys/luci'
-LUCI_USER="luci"
-LUCI_GROUP="luci"
+LUCI_USER='luci'
+LUCI_GROUP='luci'
LUCI_URL="https://`/bin/hostname`:$LUCI_HTTPS_PORT"
-HTTPS_PUBKEY="/var/lib/luci/var/certs/https.pem"
-HTTPS_PRIVKEY="/var/lib/luci/var/certs/https.key.pem"
-STUNNEL_D="/usr/sbin/stunnel"
-STUNNEL_PID="/var/lib/luci/var/stunnel/pid"
-STUNNEL_CONF="/var/lib/luci/etc/stunnel.conf"
+HTTPS_PUBKEY='/var/lib/luci/var/certs/https.pem'
+HTTPS_PRIVKEY='/var/lib/luci/var/certs/https.key.pem'
+
+KEY_LIFE_DAYS='1825'
+KEY_BITS='2048'
+
+STUNNEL_D='/usr/sbin/stunnel'
+STUNNEL_PID='/var/lib/luci/var/stunnel/pid'
+STUNNEL_CONF='/var/lib/luci/etc/stunnel.conf'
#
# Only root wants to run this...
@@ -53,186 +56,273 @@
https_certs_ok()
{
- if [ ! -e $HTTPS_PRIVKEY ] ; then
- return 1
- fi
- if [ ! -e $HTTPS_PUBKEY ] ; then
- return 2
- fi
- return 0
-}
+ if [ ! -f "$HTTPS_PRIVKEY" ]; then
+ return 1
+ fi
-generate_https_certs()
-{
- rm -f $HTTPS_PRIVKEY $HTTPS_PUBKEY
- echo -n "generating https SSL certificates... "
- /usr/bin/openssl genrsa -out $HTTPS_PRIVKEY 2048 > /dev/null 2>&1
- /usr/bin/openssl req -new -x509 -key $HTTPS_PRIVKEY -out $HTTPS_PUBKEY -days 1825 -config /var/lib/luci/var/certs/cacert.config
- /bin/chown $LUCI_USER:$LUCI_GROUP $HTTPS_PRIVKEY $HTTPS_PUBKEY
- /bin/chmod 600 $HTTPS_PRIVKEY
- /bin/chmod 644 $HTTPS_PUBKEY
- echo "done"
- return $?
+ if [ ! -f "$HTTPS_PUBKEY" ]; then
+ return 2
+ fi
+
+ return 0
}
-start()
+generate_https_certs()
{
- $LUCID >/dev/null 2>/dev/null &
-
- https_certs_ok
- if [ "1$?" != "10" ] ; then
- generate_https_certs
- fi
- sleep 4
- sed -e s,\\\(^accept.*=\ \\\)\\\(.*\\\),\\\1$LUCI_HTTPS_PORT, $STUNNEL_CONF | $STUNNEL_D -fd 0
- sleep 4
+ echo -n "Generating https SSL certificates... "
+ old_umask=`umask`
+ umask 077
+
+ rm -f "$HTTPS_PRIVKEY" "$HTTPS_PUBKEY"
+ /usr/bin/openssl genrsa -out "$HTTPS_PRIVKEY" "$KEY_BITS" >&/dev/null
+ /usr/bin/openssl req -new -x509 -key "$HTTPS_PRIVKEY" -out "$HTTPS_PUBKEY" -days "$KEY_LIFE_DAYS" -config /var/lib/luci/var/certs/cacert.config
+ /bin/chmod 600 "$HTTPS_PRIVKEY"
+ /bin/chmod 644 "$HTTPS_PUBKEY"
+ /bin/chown $LUCI_USER:$LUCI_GROUP "$HTTPS_PRIVKEY" "$HTTPS_PUBKEY"
+ ret=$?
+
+ umask $old_umask
+ echo "done"
+ return $ret
}
stop_luci()
{
- pid_num=`cat $PIDFILE`
- kill $pid_num
- sleep 2
+ pid_num=`cat $PIDFILE 2>/dev/null`
+ ret=$?
+ if [ $ret -eq 0 ]; then
+ kill $pid_num >& /dev/null
+ ret=$?
+ fi
+
+ if [ $ret -ne 0 ]; then
+ pkill -u "$LUCI_USER" python >&/dev/null
+ ret=$?
+ fi
+ return $ret
}
stop_stunnel()
{
- pid_num=`cat $STUNNEL_PID`
- kill $pid_num
- sleep 2
+ pid_num=`cat $STUNNEL_PID 2>/dev/null`
+ ret=$?
+ if [ $ret -eq 0 ]; then
+ kill $pid_num >& /dev/null
+ ret=$?
+ fi
+
+ if [ $ret -ne 0 ]; then
+ pkill -u "$LUCI_USER" stunnel >&/dev/null
+ ret=$?
+ fi
+ return $ret
}
stop()
{
- stop_luci
- stop_stunnel
+ stop_stunnel
+ if [ $? -ne 0 ]; then
+ errmsg='Failed to stop stunnel'
+ return 1
+ fi
+ stop_luci
+ if [ $? -ne 0 ]; then
+ errmsg='Failed to stop luci'
+ return 1
+ fi
+ return 0
}
-system_running()
+start()
{
- # luci
- LUCI_UP=1
- if [ -e $PIDFILE ] ; then
- pid_num=`cat $PIDFILE`
- res=`ps -Af | grep python | grep $LUCI_USER | grep $pid_num`
- if [ "1$res" != "1" ] ; then
- LUCI_UP=0
- fi
- fi
-
- # stunnel
- ST_UP=2
- if [ -e $STUNNEL_PID ] ; then
- pid_num=`cat $STUNNEL_PID`
- res=`ps -Af | grep stunnel | grep $LUCI_USER | grep $pid_num`
- if [ "1$res" != "1" ] ; then
- ST_UP=0
- fi
- fi
-
- # resolve
- let res=$LUCI_UP+$ST_UP
- if [ "1$res" = "10" ] ; then
+ https_certs_ok
+ if [ $? -ne 0 ]; then
+ generate_https_certs
+ if [ $? -ne 0 ]; then
+ errmsg='An error occurred while generating certificates'
+ return 1
+ fi
+ fi
+
+ $LUCID >&/dev/null &
+ sleep 4
+
+ sed -e s,\\\(^accept.*=\ \\\)\\\(.*\\\),\\\1$LUCI_HTTPS_PORT, $STUNNEL_CONF | $STUNNEL_D -fd 0
+ if [ $? -ne 0 ]; then
+ errmsg='An error occurred while starting stunnel'
+ stop_luci
+ return 1
+ fi
return 0
- fi
- if [ "1$res" = "11" ] ; then
- # only stunnel running -> stop it
- stop_stunnel
- fi
- if [ "1$res" = "12" ] ; then
- # only luci running -> stop it
- stop_luci
- fi
- return 1
}
+luci_running()
+{
+ LUCI_UP=1
+ pgrep -u "$LUCI_USER" python >&/dev/null
+ if [ $? -ne 0 ]; then
+ LUCI_UP=0
+ fi
+
+ if [ -f "$PIDFILE" ] && [ $LUCI_UP -eq 0 ]; then
+ # stale pidfile
+ rm -f "$PIDFILE" >& /dev/null
+ fi
+ return $LUCI_UP
+}
+
+stunnel_running()
+{
+ ST_UP=2
+ pgrep -u "$LUCI_USER" stunnel >&/dev/null
+ if [ $? -ne 0 ]; then
+ ST_UP=0
+ fi
+ if [ -f "$STUNNEL_PID" ] && [ $ST_UP -eq 0 ]; then
+ # stale pidfile
+ rm -f "$STUNNEL_PID"
+ fi
+ return $ST_UP
+}
+
+system_running()
+{
+ luci_running
+ LUCI_UP=$?
+
+ stunnel_running
+ STUNNEL_UP=$?
+
+ res=`echo $LUCI_UP $STUNNEL_UP + p | /usr/bin/dc`
+ if [ $res -eq 0 ]; then
+ # none up
+ return 0
+ elif [ $res -eq 3 ]; then
+ # both up
+ return 1
+ elif [ $res -eq 1 ]; then
+ # only luci up
+ stop_luci
+ if [ $? -ne 0 ]; then
+ errmsg='Only luci was running and it could not be stopped'
+ return 3
+ fi
+ elif [ $res -eq 2 ]; then
+ # only stunnel up
+ stop_stunnel
+ if [ $? -ne 0 ]; then
+ errmsg='Only stunnel was running and it could not be stopped'
+ return 4
+ fi
+ fi
+ return 0
+}
case $1 in
start)
- if ! /bin/grep True /var/lib/luci/.default_password_has_been_reset 2>&1 >/dev/null; then
- echo ""
- echo "luci's 'admin' password has to be changed before server is allowed to start"
- echo "To do so, execute (as root): "
- echo -e "\tluci_admin password"
- echo ""
- /usr/bin/logger -t $ID "startup failed (password not reset): execute 'luci_admin password'"
- exit 1
+ if ! /bin/grep True /var/lib/luci/.default_password_has_been_reset 2>&1 >/dev/null; then
+ echo ""
+ echo "The admin user password must be set before the luci can start"
+ echo "To do so, execute (as root): "
+ echo -e "\tluci_admin password\n"
+ /usr/bin/logger -t "$ID" "Luci startup failed: admin password not set (execute 'luci_admin password')"
+ exit 1
fi
-
+
echo -n "Starting $ID: "
system_running
- rtrn=$?
- if [ "1$rtrn" != "10" ] ; then
- start
+ ret=$?
+ if [ $ret -eq 0 ]; then
+ start
+ elif [ $ret -eq 1 ]; then
+ # already running
+ echo_success
+ echo
+ exit 0
+ elif [ $ret -gt 2 ]; then
+ # one of the two processes was running and couldn't be stopped.
+ /usr/bin/logger -t "$ID" "Luci startup failed: $errmsg"
+ exit 1
fi
+
system_running
- rtrn=$?
- if [ "1$rtrn" = "10" ] ; then
- echo_success
- cat $PIDFILE > $GLOB_PIDFILE
- touch $GLOB_LOCKFILE
- /usr/bin/logger -t $ID "startup succeeded"
- /usr/bin/logger -t $ID "Listening on port $LUCI_HTTPS_PORT; accessible using url $LUCI_URL"
- echo; echo
- echo "Please, point your web browser to $LUCI_URL to access luci"
- echo
+ if [ $? -eq 1 ]; then
+ echo_success
+ cat "$PIDFILE" > "$GLOB_PIDFILE"
+ touch "$GLOB_LOCKFILE"
+ /usr/bin/logger -t "$ID" "Luci startup succeeded"
+ /usr/bin/logger -t "$ID" "Listening on port $LUCI_HTTPS_PORT; accessible via URL $LUCI_URL"
+ echo; echo
+ echo "Point your web browser to $LUCI_URL to access luci"
+ echo
else
- echo_failure
- /usr/bin/logger -t $ID "startup failed"
- echo
+ echo_failure
+ /usr/bin/logger -t "$ID" "Luci startup failed $errmsg"
+ echo
fi
- ;;
+ ;;
- restart)
+ restart)
$0 stop
- $0 start
rtrn=$?
- ;;
-
- condrestart)
- system_running
+ if [ $rtrn -eq 0 ]; then
+ $0 start
+ rtrn=$?
+ fi
+ ;;
+
+ condrestart)
+ system_running
rtrn=$?
- if [ "1$rtrn" = "10" ] ; then
- $0 restart
- rtrn=$?
+ if [ $? -eq 1 ] ; then
+ $0 restart
+ rtrn=$?
fi
- ;;
+ ;;
status)
- system_running
- rtrn=$?
- if [ "1$rtrn" = "10" ] ; then
- echo "$ID is running..."
+ system_running
+ if [ $? -eq 1 ]; then
+ echo "$ID is running..."
+ rtrn=0
else
- echo "$ID is stopped"
+ echo "$ID is stopped"
+ rtrn=1
fi
- ;;
+ ;;
stop)
echo -n "Shutting down $ID: "
system_running
rtrn=$?
- if [ "1$rtrn" = "10" ] ; then
- stop
- /usr/bin/logger -t $ID "shutdown succeeded"
- fi
- echo_success
- rm -f $GLOB_PIDFILE
- rm -f $GLOB_LOCKFILE
- rtrn=0
- echo
- ;;
+ if [ $rtrn -eq 1 ]; then
+ stop
+ if [ $? -eq 0 ]; then
+ rm -f "$GLOB_PIDFILE"
+ rm -f "$GLOB_LOCKFILE"
+ /usr/bin/logger -t "$ID" "Luci shutdown succeeded"
+ rtrn=0
+ else
+ /usr/bin/logger -t "$ID" "Luci shutdown failed"
+ fi
+ fi
+ if [ $rtrn -eq 0 ]; then
+ echo_success
+ else
+ echo_failure
+ fi
+ echo
+ ;;
- reload)
- rtrn=0
- ;;
+ reload)
+ rtrn=0
+ ;;
*)
echo "Usage: $0 {start|stop|status|restart|condrestart|reload}"
rtrn=1
- ;;
-
+ ;;
esac
exit $rtrn
next reply other threads:[~2007-05-22 1:39 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-22 1:39 rmccabe [this message]
-- strict thread matches above, loose matches on Subject: below --
2010-02-04 23:36 [Cluster-devel] conga/luci/init.d luci rmccabe
2008-02-05 18:41 rmccabe
2008-02-05 18:31 rmccabe
2007-06-05 16:03 rmccabe
2007-03-15 16:52 rmccabe
2007-02-20 17:56 rmccabe
2006-11-02 0:23 kupcevic
2006-10-03 18:23 kupcevic
2006-09-26 0:22 kupcevic
2006-07-17 20:56 kupcevic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070522013951.30487.qmail@sourceware.org \
--to=rmccabe@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).