From mboxrd@z Thu Jan 1 00:00:00 1970 From: rmccabe@sourceware.org Date: 22 May 2007 01:39:51 -0000 Subject: [Cluster-devel] conga/luci/init.d luci Message-ID: <20070522013951.30487.qmail@sourceware.org> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit CVSROOT: /cvs/cluster Module name: conga Branch: EXPERIMENTAL Changes by: rmccabe at sourceware.org 2007-05-22 01:39:51 Modified files: luci/init.d : luci Log message: Make the init script more robust, and make it log errors for any failures. Patches: http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/init.d/luci.diff?cvsroot=cluster&only_with_tag=EXPERIMENTAL&r1=1.16&r2=1.16.2.1 --- conga/luci/init.d/luci 2007/03/15 16:52:36 1.16 +++ conga/luci/init.d/luci 2007/05/22 01:39:51 1.16.2.1 @@ -1,10 +1,9 @@ #!/bin/sh # -# Copyright (C) 2005 Red Hat, Inc. +# Copyright (C) 2005-2007 Red Hat, Inc. # -# This program is Free Software. You may modify and/or redistribute it under -# the terms of the GNU General Public License version 2, or (at your option) -# any later version. +# This program is Free Software. You may modify and/or redistribute it under +# the terms of the GNU General Public License version 2. # # description: Starts and stops Red Hat Cluster and Storage Remote \ # Configuration Web Interface (luci) @@ -23,22 +22,26 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin export PATH -ID="luci" -LUCID="/var/lib/luci/bin/runzope" -PIDFILE="/var/lib/luci/var/Z2.pid" -GLOB_PIDFILE="/var/run/luci.pid" -GLOB_LOCKFILE="/var/lock/subsys/luci" +ID='luci' +LUCID='/var/lib/luci/bin/runzope' +PIDFILE='/var/lib/luci/var/Z2.pid' +GLOB_PIDFILE='/var/run/luci.pid' +GLOB_LOCKFILE='/var/lock/subsys/luci' -LUCI_USER="luci" -LUCI_GROUP="luci" +LUCI_USER='luci' +LUCI_GROUP='luci' LUCI_URL="https://`/bin/hostname`:$LUCI_HTTPS_PORT" -HTTPS_PUBKEY="/var/lib/luci/var/certs/https.pem" -HTTPS_PRIVKEY="/var/lib/luci/var/certs/https.key.pem" -STUNNEL_D="/usr/sbin/stunnel" -STUNNEL_PID="/var/lib/luci/var/stunnel/pid" -STUNNEL_CONF="/var/lib/luci/etc/stunnel.conf" +HTTPS_PUBKEY='/var/lib/luci/var/certs/https.pem' +HTTPS_PRIVKEY='/var/lib/luci/var/certs/https.key.pem' + +KEY_LIFE_DAYS='1825' +KEY_BITS='2048' + +STUNNEL_D='/usr/sbin/stunnel' +STUNNEL_PID='/var/lib/luci/var/stunnel/pid' +STUNNEL_CONF='/var/lib/luci/etc/stunnel.conf' # # Only root wants to run this... @@ -53,186 +56,273 @@ https_certs_ok() { - if [ ! -e $HTTPS_PRIVKEY ] ; then - return 1 - fi - if [ ! -e $HTTPS_PUBKEY ] ; then - return 2 - fi - return 0 -} + if [ ! -f "$HTTPS_PRIVKEY" ]; then + return 1 + fi -generate_https_certs() -{ - rm -f $HTTPS_PRIVKEY $HTTPS_PUBKEY - echo -n "generating https SSL certificates... " - /usr/bin/openssl genrsa -out $HTTPS_PRIVKEY 2048 > /dev/null 2>&1 - /usr/bin/openssl req -new -x509 -key $HTTPS_PRIVKEY -out $HTTPS_PUBKEY -days 1825 -config /var/lib/luci/var/certs/cacert.config - /bin/chown $LUCI_USER:$LUCI_GROUP $HTTPS_PRIVKEY $HTTPS_PUBKEY - /bin/chmod 600 $HTTPS_PRIVKEY - /bin/chmod 644 $HTTPS_PUBKEY - echo "done" - return $? + if [ ! -f "$HTTPS_PUBKEY" ]; then + return 2 + fi + + return 0 } -start() +generate_https_certs() { - $LUCID >/dev/null 2>/dev/null & - - https_certs_ok - if [ "1$?" != "10" ] ; then - generate_https_certs - fi - sleep 4 - sed -e s,\\\(^accept.*=\ \\\)\\\(.*\\\),\\\1$LUCI_HTTPS_PORT, $STUNNEL_CONF | $STUNNEL_D -fd 0 - sleep 4 + echo -n "Generating https SSL certificates... " + old_umask=`umask` + umask 077 + + rm -f "$HTTPS_PRIVKEY" "$HTTPS_PUBKEY" + /usr/bin/openssl genrsa -out "$HTTPS_PRIVKEY" "$KEY_BITS" >&/dev/null + /usr/bin/openssl req -new -x509 -key "$HTTPS_PRIVKEY" -out "$HTTPS_PUBKEY" -days "$KEY_LIFE_DAYS" -config /var/lib/luci/var/certs/cacert.config + /bin/chmod 600 "$HTTPS_PRIVKEY" + /bin/chmod 644 "$HTTPS_PUBKEY" + /bin/chown $LUCI_USER:$LUCI_GROUP "$HTTPS_PRIVKEY" "$HTTPS_PUBKEY" + ret=$? + + umask $old_umask + echo "done" + return $ret } stop_luci() { - pid_num=`cat $PIDFILE` - kill $pid_num - sleep 2 + pid_num=`cat $PIDFILE 2>/dev/null` + ret=$? + if [ $ret -eq 0 ]; then + kill $pid_num >& /dev/null + ret=$? + fi + + if [ $ret -ne 0 ]; then + pkill -u "$LUCI_USER" python >&/dev/null + ret=$? + fi + return $ret } stop_stunnel() { - pid_num=`cat $STUNNEL_PID` - kill $pid_num - sleep 2 + pid_num=`cat $STUNNEL_PID 2>/dev/null` + ret=$? + if [ $ret -eq 0 ]; then + kill $pid_num >& /dev/null + ret=$? + fi + + if [ $ret -ne 0 ]; then + pkill -u "$LUCI_USER" stunnel >&/dev/null + ret=$? + fi + return $ret } stop() { - stop_luci - stop_stunnel + stop_stunnel + if [ $? -ne 0 ]; then + errmsg='Failed to stop stunnel' + return 1 + fi + stop_luci + if [ $? -ne 0 ]; then + errmsg='Failed to stop luci' + return 1 + fi + return 0 } -system_running() +start() { - # luci - LUCI_UP=1 - if [ -e $PIDFILE ] ; then - pid_num=`cat $PIDFILE` - res=`ps -Af | grep python | grep $LUCI_USER | grep $pid_num` - if [ "1$res" != "1" ] ; then - LUCI_UP=0 - fi - fi - - # stunnel - ST_UP=2 - if [ -e $STUNNEL_PID ] ; then - pid_num=`cat $STUNNEL_PID` - res=`ps -Af | grep stunnel | grep $LUCI_USER | grep $pid_num` - if [ "1$res" != "1" ] ; then - ST_UP=0 - fi - fi - - # resolve - let res=$LUCI_UP+$ST_UP - if [ "1$res" = "10" ] ; then + https_certs_ok + if [ $? -ne 0 ]; then + generate_https_certs + if [ $? -ne 0 ]; then + errmsg='An error occurred while generating certificates' + return 1 + fi + fi + + $LUCID >&/dev/null & + sleep 4 + + sed -e s,\\\(^accept.*=\ \\\)\\\(.*\\\),\\\1$LUCI_HTTPS_PORT, $STUNNEL_CONF | $STUNNEL_D -fd 0 + if [ $? -ne 0 ]; then + errmsg='An error occurred while starting stunnel' + stop_luci + return 1 + fi return 0 - fi - if [ "1$res" = "11" ] ; then - # only stunnel running -> stop it - stop_stunnel - fi - if [ "1$res" = "12" ] ; then - # only luci running -> stop it - stop_luci - fi - return 1 } +luci_running() +{ + LUCI_UP=1 + pgrep -u "$LUCI_USER" python >&/dev/null + if [ $? -ne 0 ]; then + LUCI_UP=0 + fi + + if [ -f "$PIDFILE" ] && [ $LUCI_UP -eq 0 ]; then + # stale pidfile + rm -f "$PIDFILE" >& /dev/null + fi + return $LUCI_UP +} + +stunnel_running() +{ + ST_UP=2 + pgrep -u "$LUCI_USER" stunnel >&/dev/null + if [ $? -ne 0 ]; then + ST_UP=0 + fi + if [ -f "$STUNNEL_PID" ] && [ $ST_UP -eq 0 ]; then + # stale pidfile + rm -f "$STUNNEL_PID" + fi + return $ST_UP +} + +system_running() +{ + luci_running + LUCI_UP=$? + + stunnel_running + STUNNEL_UP=$? + + res=`echo $LUCI_UP $STUNNEL_UP + p | /usr/bin/dc` + if [ $res -eq 0 ]; then + # none up + return 0 + elif [ $res -eq 3 ]; then + # both up + return 1 + elif [ $res -eq 1 ]; then + # only luci up + stop_luci + if [ $? -ne 0 ]; then + errmsg='Only luci was running and it could not be stopped' + return 3 + fi + elif [ $res -eq 2 ]; then + # only stunnel up + stop_stunnel + if [ $? -ne 0 ]; then + errmsg='Only stunnel was running and it could not be stopped' + return 4 + fi + fi + return 0 +} case $1 in start) - if ! /bin/grep True /var/lib/luci/.default_password_has_been_reset 2>&1 >/dev/null; then - echo "" - echo "luci's 'admin' password has to be changed before server is allowed to start" - echo "To do so, execute (as root): " - echo -e "\tluci_admin password" - echo "" - /usr/bin/logger -t $ID "startup failed (password not reset): execute 'luci_admin password'" - exit 1 + if ! /bin/grep True /var/lib/luci/.default_password_has_been_reset 2>&1 >/dev/null; then + echo "" + echo "The admin user password must be set before the luci can start" + echo "To do so, execute (as root): " + echo -e "\tluci_admin password\n" + /usr/bin/logger -t "$ID" "Luci startup failed: admin password not set (execute 'luci_admin password')" + exit 1 fi - + echo -n "Starting $ID: " system_running - rtrn=$? - if [ "1$rtrn" != "10" ] ; then - start + ret=$? + if [ $ret -eq 0 ]; then + start + elif [ $ret -eq 1 ]; then + # already running + echo_success + echo + exit 0 + elif [ $ret -gt 2 ]; then + # one of the two processes was running and couldn't be stopped. + /usr/bin/logger -t "$ID" "Luci startup failed: $errmsg" + exit 1 fi + system_running - rtrn=$? - if [ "1$rtrn" = "10" ] ; then - echo_success - cat $PIDFILE > $GLOB_PIDFILE - touch $GLOB_LOCKFILE - /usr/bin/logger -t $ID "startup succeeded" - /usr/bin/logger -t $ID "Listening on port $LUCI_HTTPS_PORT; accessible using url $LUCI_URL" - echo; echo - echo "Please, point your web browser to $LUCI_URL to access luci" - echo + if [ $? -eq 1 ]; then + echo_success + cat "$PIDFILE" > "$GLOB_PIDFILE" + touch "$GLOB_LOCKFILE" + /usr/bin/logger -t "$ID" "Luci startup succeeded" + /usr/bin/logger -t "$ID" "Listening on port $LUCI_HTTPS_PORT; accessible via URL $LUCI_URL" + echo; echo + echo "Point your web browser to $LUCI_URL to access luci" + echo else - echo_failure - /usr/bin/logger -t $ID "startup failed" - echo + echo_failure + /usr/bin/logger -t "$ID" "Luci startup failed $errmsg" + echo fi - ;; + ;; - restart) + restart) $0 stop - $0 start rtrn=$? - ;; - - condrestart) - system_running + if [ $rtrn -eq 0 ]; then + $0 start + rtrn=$? + fi + ;; + + condrestart) + system_running rtrn=$? - if [ "1$rtrn" = "10" ] ; then - $0 restart - rtrn=$? + if [ $? -eq 1 ] ; then + $0 restart + rtrn=$? fi - ;; + ;; status) - system_running - rtrn=$? - if [ "1$rtrn" = "10" ] ; then - echo "$ID is running..." + system_running + if [ $? -eq 1 ]; then + echo "$ID is running..." + rtrn=0 else - echo "$ID is stopped" + echo "$ID is stopped" + rtrn=1 fi - ;; + ;; stop) echo -n "Shutting down $ID: " system_running rtrn=$? - if [ "1$rtrn" = "10" ] ; then - stop - /usr/bin/logger -t $ID "shutdown succeeded" - fi - echo_success - rm -f $GLOB_PIDFILE - rm -f $GLOB_LOCKFILE - rtrn=0 - echo - ;; + if [ $rtrn -eq 1 ]; then + stop + if [ $? -eq 0 ]; then + rm -f "$GLOB_PIDFILE" + rm -f "$GLOB_LOCKFILE" + /usr/bin/logger -t "$ID" "Luci shutdown succeeded" + rtrn=0 + else + /usr/bin/logger -t "$ID" "Luci shutdown failed" + fi + fi + if [ $rtrn -eq 0 ]; then + echo_success + else + echo_failure + fi + echo + ;; - reload) - rtrn=0 - ;; + reload) + rtrn=0 + ;; *) echo "Usage: $0 {start|stop|status|restart|condrestart|reload}" rtrn=1 - ;; - + ;; esac exit $rtrn