diff options
author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-03-13 16:51:10 +0000 |
---|---|---|
committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-03-13 16:51:10 +0000 |
commit | f0409d5639385bd0f596d6263dde1dc54180ece0 (patch) | |
tree | 12833742c9b332359d956ece3243ceb8ef1925ba | |
parent | bd46f311ff376236933a00fd6e034c071bd5f86d (diff) | |
download | pki-f0409d5639385bd0f596d6263dde1dc54180ece0.tar.gz pki-f0409d5639385bd0f596d6263dde1dc54180ece0.tar.xz pki-f0409d5639385bd0f596d6263dde1dc54180ece0.zip |
Bugzilla Bug #488338 - start/stop scripts should list all the available port
numbers with their functionality
Bugzilla Bug #440164 - Dogtag subsystems should show up in Fedora8
administrator Services window
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@297 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
-rw-r--r-- | pki/base/ca/shared/conf/server.xml | 11 | ||||
-rwxr-xr-x | pki/base/ca/shared/etc/init.d/httpd | 152 | ||||
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java | 15 | ||||
-rw-r--r-- | pki/base/kra/shared/conf/server.xml | 11 | ||||
-rwxr-xr-x | pki/base/kra/shared/etc/init.d/httpd | 152 | ||||
-rw-r--r-- | pki/base/ocsp/shared/conf/server.xml | 11 | ||||
-rwxr-xr-x | pki/base/ocsp/shared/etc/init.d/httpd | 152 | ||||
-rwxr-xr-x | pki/base/ra/etc/init.d/httpd | 159 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/DonePanel.pm | 7 | ||||
-rwxr-xr-x | pki/base/setup/pkicreate | 20 | ||||
-rw-r--r-- | pki/base/tks/shared/conf/server.xml | 11 | ||||
-rwxr-xr-x | pki/base/tks/shared/etc/init.d/httpd | 152 | ||||
-rwxr-xr-x | pki/base/tps/etc/init.d/httpd | 161 | ||||
-rwxr-xr-x | pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm | 7 |
14 files changed, 903 insertions, 118 deletions
diff --git a/pki/base/ca/shared/conf/server.xml b/pki/base/ca/shared/conf/server.xml index 081ae242a..7e1f40a1a 100644 --- a/pki/base/ca/shared/conf/server.xml +++ b/pki/base/ca/shared/conf/server.xml @@ -10,6 +10,17 @@ define subcomponents such as "Valves" or "Loggers" at this level. --> +<!-- DO NOT REMOVE - Begin PKI Status Definitions --> +<!-- +Unsecure Port = http://[PKI_MACHINE_NAME]:[PKI_UNSECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] +Secure Agent Port = https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/agent/[PKI_SUBSYSTEM_TYPE] +Secure EE Port = https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] +Secure Admin Port = https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/services +Secure Admin Port = pkiconsole https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE] +Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) +--> +<!-- DO NOT REMOVE - End PKI Status Definitions --> + <Server port="[TOMCAT_SERVER_PORT]" shutdown="SHUTDOWN"> <!-- Comment these entries out to disable JMX MBeans support used for the diff --git a/pki/base/ca/shared/etc/init.d/httpd b/pki/base/ca/shared/etc/init.d/httpd index a91594c75..dddcc9374 100755 --- a/pki/base/ca/shared/etc/init.d/httpd +++ b/pki/base/ca/shared/etc/init.d/httpd @@ -21,8 +21,8 @@ # [PKI_INSTANCE_ID] Startup script for Tomcat 5.0, the Apache Servlet Engine # # chkconfig: - 81 19 -# description: Tomcat 5.0 is the Apache Servlet Engine RI -# for Servlet 2.4/JSP 2.0 +# description: Certificate Authority \ +# (Tomcat 5.0) # processname: [PKI_INSTANCE_ID] # pidfile: /var/run/[PKI_INSTANCE_ID].pid # config: /etc/[PKI_INSTANCE_ID]/tomcat5.conf @@ -115,7 +115,7 @@ else # The checkpid() function is provided for platforms that do not # contain the "/etc/init.d/functions" file (e. g. - Solaris) . . . - # Check if $pid (could be plural) are running (keep count) + # Check if ${pid} (could be plural) are running (keep count) checkpid() { rv=0 @@ -206,8 +206,91 @@ fi # Please use the /etc/tomcat.conf file instead ; it will # be read by the $tomcat script +pidfile=${PIDFILE:-/var/run/[PKI_INSTANCE_ID].pid} +lockfile=${LOCKFILE:-/var/lock/subsys/[PKI_INSTANCE_ID]} +RESTART_SERVER=/var/lib/[PKI_INSTANCE_ID]/conf/restart_server_after_configuration RETVAL=0 +check_pki_configuration_status() +{ + rv=0 + + rv=`grep -c ^preop /etc/[PKI_INSTANCE_ID]/CS.cfg` + + rv=`expr ${rv} + 0` + + if [ ${rv} -ne 0 ] ; then + echo " '[PKI_INSTANCE_ID]' must still be CONFIGURED!" + echo " (see /var/log/[PKI_INSTANCE_ID]-install.log)" + elif [ -f ${RESTART_SERVER} ] ; then + echo " Although '[PKI_INSTANCE_ID]' has been CONFIGURED, it must still be RESTARTED!" + rv=255 + fi + + return ${rv} +} + +get_pki_status_definitions() +{ + # establish well-known strings + begin_pki_status_comment="<!-- DO NOT REMOVE - Begin PKI Status Definitions -->" + end_pki_status_comment="<!-- DO NOT REMOVE - End PKI Status Definitions -->" + total_ports=0 + unsecure_port_statement="Unsecure Port = " + secure_agent_port_statement="Secure Agent Port = " + secure_ee_port_statement="Secure EE Port = " + secure_admin_port_statement="Secure Admin Port = " + tomcat_port_statement="Tomcat Port = " + + # initialize looping variables + pki_status_comment_found=0 + + # first check to see that an instance-specific "server.xml" file exists + if [ ! -f [PKI_SERVER_XML_CONF] ] ; then + echo "File '[PKI_SERVER_XML_CONF]' does not exist!" + exit 255 + fi + + # read this instance-specific "server.xml" file line-by-line + # to obtain the current PKI Status Definitions + exec < [PKI_SERVER_XML_CONF] + while read line; do + # first look for the well-known end PKI Status comment + # (to turn off processing) + if [ "$line" == "$end_pki_status_comment" ] ; then + pki_status_comment_found=0 + break; + fi + + # then look for the well-known begin PKI Status comment + # (to turn on processing) + if [ "$line" == "$begin_pki_status_comment" ] ; then + pki_status_comment_found=1 + fi + + # once the well-known begin PKI Status comment has been found, + # begin processing to obtain all of the PKI Status Definitions + if [ $pki_status_comment_found -eq 1 ] ; then + # look for a PKI Status Definition and print it + head=`echo "$line" | cut -b1-20` + if [ "$head" == "$unsecure_port_statement" ] || + [ "$head" == "$secure_agent_port_statement" ] || + [ "$head" == "$secure_ee_port_statement" ] || + [ "$head" == "$secure_admin_port_statement" ] || + [ "$head" == "$tomcat_port_statement" ] ; then + echo " $line" + total_ports=`expr ${total_ports} + 1` + fi + fi + done + + if [ ${total_ports} -eq 6 ] ; then + return 0 + else + return 255 + fi +} + get_pki_secure_port() { # establish well-known strings @@ -259,14 +342,17 @@ get_pki_secure_port() return 255 } -# See how we were called. start() { echo -n "Starting $TOMCAT_PROG: " - if [ -f /var/lock/subsys/[PKI_INSTANCE_ID] ] ; then - if [ -f /var/run/[PKI_INSTANCE_ID].pid ]; then - read kpid < /var/run/[PKI_INSTANCE_ID].pid + if [ -f ${RESTART_SERVER} ] ; then + rm -f ${RESTART_SERVER} + fi + + if [ -f ${lockfile} ] ; then + if [ -f ${pidfile} ]; then + read kpid < ${pidfile} if checkpid $kpid 2>&1; then echo echo "process already running" @@ -281,7 +367,7 @@ start() fi fi - CATALINA_PID=/var/run/[PKI_INSTANCE_ID].pid + CATALINA_PID=${pidfile} export CATALINA_PID touch $CATALINA_PID chown $TOMCAT_USER:$TOMCAT_GROUP $CATALINA_PID @@ -779,13 +865,13 @@ start() fi RETVAL=$? - [ $RETVAL = 0 ] && touch /var/lock/subsys/[PKI_INSTANCE_ID] + [ $RETVAL = 0 ] && touch ${lockfile} if [ $RETVAL = 0 ] ; then count=0; let swait=$STARTUP_WAIT - while [ ! -s /var/run/[PKI_INSTANCE_ID].pid ] && + while [ ! -s ${pidfile} ] && [ $count -lt $swait ] do echo -n "." @@ -833,8 +919,8 @@ stop() { echo -n "Stopping $TOMCAT_PROG: " - if [ -f /var/lock/subsys/[PKI_INSTANCE_ID] ] ; then - CATALINA_PID=/var/run/[PKI_INSTANCE_ID].pid + if [ -f ${lockfile} ] ; then + CATALINA_PID=${pidfile} export CATALINA_PID # daemon --user $TOMCAT_USER $TOMCAT_SCRIPT stop @@ -849,8 +935,8 @@ stop() if [ $RETVAL = 0 ]; then count=0; - if [ -f /var/run/[PKI_INSTANCE_ID].pid ]; then - read kpid < /var/run/[PKI_INSTANCE_ID].pid + if [ -f ${pidfile} ]; then + read kpid < ${pidfile} let kwait=$SHUTDOWN_WAIT until [ `ps -p $kpid | grep -c $kpid` = '0' ] || @@ -866,8 +952,8 @@ stop() fi fi - rm -f /var/lock/subsys/[PKI_INSTANCE_ID] - rm -f /var/run/[PKI_INSTANCE_ID].pid + rm -f ${lockfile} + rm -f ${pidfile} if [ -x /etc/init.d/functions ]; then if [ "$CONSOLETYPE" = "serial" ]; then @@ -895,6 +981,31 @@ stop() fi } +status() +{ + if [ -f ${pidfile} ] ; then + pid=`cat ${pidfile}` + if [ "${pid}" == "" ] ; then + echo "[PKI_INSTANCE_ID] pid file exists but is empty" + elif kill -0 ${pid} > /dev/null 2>&1 ; then + echo "[PKI_INSTANCE_ID] (pid ${pid}) is running ..." + echo + check_pki_configuration_status + if [ $? -eq 0 ] ; then + get_pki_status_definitions + if [ $? -ne 0 ] ; then + echo "[PKI_INSTANCE_ID] Status Definitions not found" + fi + fi + echo + else + echo "[PKI_INSTANCE_ID] is dead but pid file exists" + fi + else + echo "[PKI_INSTANCE_ID] is stopped" + fi +} + # See how we were called. case "$1" in start) @@ -909,18 +1020,21 @@ case "$1" in start ;; condrestart) - if [ -f /var/run/[PKI_INSTANCE_ID].pid ] ; then + if [ -f ${pidfile} ] ; then stop sleep 2 start else echo -n "Unable to restart process since " - echo -n "'/var/run/[PKI_INSTANCE_ID].pid' does not exist!" + echo -n "'${pidfile}' does not exist!" echo fi ;; + status) + status + ;; *) - echo "Usage: $TOMCAT_PROG {start|stop|restart|condrestart}" + echo "Usage: $TOMCAT_PROG {start|stop|restart|condrestart|status}" exit 1 esac diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index 7603c218f..011be5861 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -34,6 +34,7 @@ import com.netscape.certsrv.dbs.crldb.*; import com.netscape.certsrv.ocsp.*; import com.netscape.certsrv.logging.*; import com.netscape.cmsutil.util.Cert; +import com.netscape.cmsutil.util.*; import com.netscape.cmsutil.password.*; import netscape.security.x509.*; import netscape.ldap.*; @@ -50,6 +51,8 @@ public class DonePanel extends WizardPanelBase { public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); + public static final String RESTART_SERVER_AFTER_CONFIGURATION = + "restart_server_after_configuration"; public DonePanel() {} @@ -169,9 +172,11 @@ public class DonePanel extends WizardPanelBase { String type = ""; String instanceId = ""; + String instanceRoot = ""; try { type = cs.getString("cs.type", ""); instanceId = cs.getString("instanceId"); + instanceRoot = cs.getString("instanceRoot"); select = cs.getString("preop.subsystem.select", ""); } catch (Exception e) {} @@ -463,6 +468,16 @@ public class DonePanel extends WizardPanelBase { cs.removeSubStore("preop"); cs.commit(false); + // Create an empty file that designates the fact that although + // this server instance has been configured, it has NOT yet + // been restarted! + String restart_server = instanceRoot + "/conf/" + + RESTART_SERVER_AFTER_CONFIGURATION; + if( !Utils.isNT() ) { + Utils.exec( "touch " + restart_server ); + Utils.exec( "chmod 00660 " + restart_server ); + } + } catch (Exception e) { } diff --git a/pki/base/kra/shared/conf/server.xml b/pki/base/kra/shared/conf/server.xml index 44a1b1265..ed0a8371f 100644 --- a/pki/base/kra/shared/conf/server.xml +++ b/pki/base/kra/shared/conf/server.xml @@ -10,6 +10,17 @@ define subcomponents such as "Valves" or "Loggers" at this level. --> +<!-- DO NOT REMOVE - Begin PKI Status Definitions --> +<!-- +Unsecure Port = http://[PKI_MACHINE_NAME]:[PKI_UNSECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] +Secure Agent Port = https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/agent/[PKI_SUBSYSTEM_TYPE] +Secure EE Port = https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] +Secure Admin Port = https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/services +Secure Admin Port = pkiconsole https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE] +Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) +--> +<!-- DO NOT REMOVE - End PKI Status Definitions --> + <Server port="[TOMCAT_SERVER_PORT]" shutdown="SHUTDOWN"> <!-- Comment these entries out to disable JMX MBeans support used for the diff --git a/pki/base/kra/shared/etc/init.d/httpd b/pki/base/kra/shared/etc/init.d/httpd index 899bd3112..1cda47903 100755 --- a/pki/base/kra/shared/etc/init.d/httpd +++ b/pki/base/kra/shared/etc/init.d/httpd @@ -21,8 +21,8 @@ # [PKI_INSTANCE_ID] Startup script for Tomcat 5.0, the Apache Servlet Engine # # chkconfig: - 82 18 -# description: Tomcat 5.0 is the Apache Servlet Engine RI -# for Servlet 2.4/JSP 2.0 +# description: Data Recovery Manager \ +# (Tomcat 5.0) # processname: [PKI_INSTANCE_ID] # pidfile: /var/run/[PKI_INSTANCE_ID].pid # config: /etc/[PKI_INSTANCE_ID]/tomcat5.conf @@ -115,7 +115,7 @@ else # The checkpid() function is provided for platforms that do not # contain the "/etc/init.d/functions" file (e. g. - Solaris) . . . - # Check if $pid (could be plural) are running (keep count) + # Check if ${pid} (could be plural) are running (keep count) checkpid() { rv=0 @@ -206,8 +206,91 @@ fi # Please use the /etc/tomcat.conf file instead ; it will # be read by the $tomcat script +pidfile=${PIDFILE:-/var/run/[PKI_INSTANCE_ID].pid} +lockfile=${LOCKFILE:-/var/lock/subsys/[PKI_INSTANCE_ID]} +RESTART_SERVER=/var/lib/[PKI_INSTANCE_ID]/conf/restart_server_after_configuration RETVAL=0 +check_pki_configuration_status() +{ + rv=0 + + rv=`grep -c ^preop /etc/[PKI_INSTANCE_ID]/CS.cfg` + + rv=`expr ${rv} + 0` + + if [ ${rv} -ne 0 ] ; then + echo " '[PKI_INSTANCE_ID]' must still be CONFIGURED!" + echo " (see /var/log/[PKI_INSTANCE_ID]-install.log)" + elif [ -f ${RESTART_SERVER} ] ; then + echo " Although '[PKI_INSTANCE_ID]' has been CONFIGURED, it must still be RESTARTED!" + rv=255 + fi + + return ${rv} +} + +get_pki_status_definitions() +{ + # establish well-known strings + begin_pki_status_comment="<!-- DO NOT REMOVE - Begin PKI Status Definitions -->" + end_pki_status_comment="<!-- DO NOT REMOVE - End PKI Status Definitions -->" + total_ports=0 + unsecure_port_statement="Unsecure Port = " + secure_agent_port_statement="Secure Agent Port = " + secure_ee_port_statement="Secure EE Port = " + secure_admin_port_statement="Secure Admin Port = " + tomcat_port_statement="Tomcat Port = " + + # initialize looping variables + pki_status_comment_found=0 + + # first check to see that an instance-specific "server.xml" file exists + if [ ! -f [PKI_SERVER_XML_CONF] ] ; then + echo "File '[PKI_SERVER_XML_CONF]' does not exist!" + exit 255 + fi + + # read this instance-specific "server.xml" file line-by-line + # to obtain the current PKI Status Definitions + exec < [PKI_SERVER_XML_CONF] + while read line; do + # first look for the well-known end PKI Status comment + # (to turn off processing) + if [ "$line" == "$end_pki_status_comment" ] ; then + pki_status_comment_found=0 + break; + fi + + # then look for the well-known begin PKI Status comment + # (to turn on processing) + if [ "$line" == "$begin_pki_status_comment" ] ; then + pki_status_comment_found=1 + fi + + # once the well-known begin PKI Status comment has been found, + # begin processing to obtain all of the PKI Status Definitions + if [ $pki_status_comment_found -eq 1 ] ; then + # look for a PKI Status Definition and print it + head=`echo "$line" | cut -b1-20` + if [ "$head" == "$unsecure_port_statement" ] || + [ "$head" == "$secure_agent_port_statement" ] || + [ "$head" == "$secure_ee_port_statement" ] || + [ "$head" == "$secure_admin_port_statement" ] || + [ "$head" == "$tomcat_port_statement" ] ; then + echo " $line" + total_ports=`expr ${total_ports} + 1` + fi + fi + done + + if [ ${total_ports} -eq 6 ] ; then + return 0 + else + return 255 + fi +} + get_pki_secure_port() { # establish well-known strings @@ -259,14 +342,17 @@ get_pki_secure_port() return 255 } -# See how we were called. start() { echo -n "Starting $TOMCAT_PROG: " - if [ -f /var/lock/subsys/[PKI_INSTANCE_ID] ] ; then - if [ -f /var/run/[PKI_INSTANCE_ID].pid ]; then - read kpid < /var/run/[PKI_INSTANCE_ID].pid + if [ -f ${RESTART_SERVER} ] ; then + rm -f ${RESTART_SERVER} + fi + + if [ -f ${lockfile} ] ; then + if [ -f ${pidfile} ]; then + read kpid < ${pidfile} if checkpid $kpid 2>&1; then echo echo "process already running" @@ -281,7 +367,7 @@ start() fi fi - CATALINA_PID=/var/run/[PKI_INSTANCE_ID].pid + CATALINA_PID=${pidfile} export CATALINA_PID touch $CATALINA_PID chown $TOMCAT_USER:$TOMCAT_GROUP $CATALINA_PID @@ -779,13 +865,13 @@ start() fi RETVAL=$? - [ $RETVAL = 0 ] && touch /var/lock/subsys/[PKI_INSTANCE_ID] + [ $RETVAL = 0 ] && touch ${lockfile} if [ $RETVAL = 0 ] ; then count=0; let swait=$STARTUP_WAIT - while [ ! -s /var/run/[PKI_INSTANCE_ID].pid ] && + while [ ! -s ${pidfile} ] && [ $count -lt $swait ] do echo -n "." @@ -833,8 +919,8 @@ stop() { echo -n "Stopping $TOMCAT_PROG: " - if [ -f /var/lock/subsys/[PKI_INSTANCE_ID] ] ; then - CATALINA_PID=/var/run/[PKI_INSTANCE_ID].pid + if [ -f ${lockfile} ] ; then + CATALINA_PID=${pidfile} export CATALINA_PID # daemon --user $TOMCAT_USER $TOMCAT_SCRIPT stop @@ -849,8 +935,8 @@ stop() if [ $RETVAL = 0 ]; then count=0; - if [ -f /var/run/[PKI_INSTANCE_ID].pid ]; then - read kpid < /var/run/[PKI_INSTANCE_ID].pid + if [ -f ${pidfile} ]; then + read kpid < ${pidfile} let kwait=$SHUTDOWN_WAIT until [ `ps -p $kpid | grep -c $kpid` = '0' ] || @@ -866,8 +952,8 @@ stop() fi fi - rm -f /var/lock/subsys/[PKI_INSTANCE_ID] - rm -f /var/run/[PKI_INSTANCE_ID].pid + rm -f ${lockfile} + rm -f ${pidfile} if [ -x /etc/init.d/functions ]; then if [ "$CONSOLETYPE" = "serial" ]; then @@ -895,6 +981,31 @@ stop() fi } +status() +{ + if [ -f ${pidfile} ] ; then + pid=`cat ${pidfile}` + if [ "${pid}" == "" ] ; then + echo "[PKI_INSTANCE_ID] pid file exists but is empty" + elif kill -0 ${pid} > /dev/null 2>&1 ; then + echo "[PKI_INSTANCE_ID] (pid ${pid}) is running ..." + echo + check_pki_configuration_status + if [ $? -eq 0 ] ; then + get_pki_status_definitions + if [ $? -ne 0 ] ; then + echo "[PKI_INSTANCE_ID] Status Definitions not found" + fi + fi + echo + else + echo "[PKI_INSTANCE_ID] is dead but pid file exists" + fi + else + echo "[PKI_INSTANCE_ID] is stopped" + fi +} + # See how we were called. case "$1" in start) @@ -909,18 +1020,21 @@ case "$1" in start ;; condrestart) - if [ -f /var/run/[PKI_INSTANCE_ID].pid ] ; then + if [ -f ${pidfile} ] ; then stop sleep 2 start else echo -n "Unable to restart process since " - echo -n "'/var/run/[PKI_INSTANCE_ID].pid' does not exist!" + echo -n "'${pidfile}' does not exist!" echo fi ;; + status) + status + ;; *) - echo "Usage: $TOMCAT_PROG {start|stop|restart|condrestart}" + echo "Usage: $TOMCAT_PROG {start|stop|restart|condrestart|status}" exit 1 esac diff --git a/pki/base/ocsp/shared/conf/server.xml b/pki/base/ocsp/shared/conf/server.xml index 44a1b1265..ed0a8371f 100644 --- a/pki/base/ocsp/shared/conf/server.xml +++ b/pki/base/ocsp/shared/conf/server.xml @@ -10,6 +10,17 @@ define subcomponents such as "Valves" or "Loggers" at this level. --> +<!-- DO NOT REMOVE - Begin PKI Status Definitions --> +<!-- +Unsecure Port = http://[PKI_MACHINE_NAME]:[PKI_UNSECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] +Secure Agent Port = https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/agent/[PKI_SUBSYSTEM_TYPE] +Secure EE Port = https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] +Secure Admin Port = https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/services +Secure Admin Port = pkiconsole https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE] +Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) +--> +<!-- DO NOT REMOVE - End PKI Status Definitions --> + <Server port="[TOMCAT_SERVER_PORT]" shutdown="SHUTDOWN"> <!-- Comment these entries out to disable JMX MBeans support used for the diff --git a/pki/base/ocsp/shared/etc/init.d/httpd b/pki/base/ocsp/shared/etc/init.d/httpd index 67409b59d..04b381937 100755 --- a/pki/base/ocsp/shared/etc/init.d/httpd +++ b/pki/base/ocsp/shared/etc/init.d/httpd @@ -21,8 +21,8 @@ # [PKI_INSTANCE_ID] Startup script for Tomcat 5.0, the Apache Servlet Engine # # chkconfig: - 83 17 -# description: Tomcat 5.0 is the Apache Servlet Engine RI -# for Servlet 2.4/JSP 2.0 +# description: Online Certificate Status Protocol Manager \ +# (Tomcat 5.0) # processname: [PKI_INSTANCE_ID] # pidfile: /var/run/[PKI_INSTANCE_ID].pid # config: /etc/[PKI_INSTANCE_ID]/tomcat5.conf @@ -115,7 +115,7 @@ else # The checkpid() function is provided for platforms that do not # contain the "/etc/init.d/functions" file (e. g. - Solaris) . . . - # Check if $pid (could be plural) are running (keep count) + # Check if ${pid} (could be plural) are running (keep count) checkpid() { rv=0 @@ -206,8 +206,91 @@ fi # Please use the /etc/tomcat.conf file instead ; it will # be read by the $tomcat script +pidfile=${PIDFILE:-/var/run/[PKI_INSTANCE_ID].pid} +lockfile=${LOCKFILE:-/var/lock/subsys/[PKI_INSTANCE_ID]} +RESTART_SERVER=/var/lib/[PKI_INSTANCE_ID]/conf/restart_server_after_configuration RETVAL=0 +check_pki_configuration_status() +{ + rv=0 + + rv=`grep -c ^preop /etc/[PKI_INSTANCE_ID]/CS.cfg` + + rv=`expr ${rv} + 0` + + if [ ${rv} -ne 0 ] ; then + echo " '[PKI_INSTANCE_ID]' must still be CONFIGURED!" + echo " (see /var/log/[PKI_INSTANCE_ID]-install.log)" + elif [ -f ${RESTART_SERVER} ] ; then + echo " Although '[PKI_INSTANCE_ID]' has been CONFIGURED, it must still be RESTARTED!" + rv=255 + fi + + return ${rv} +} + +get_pki_status_definitions() +{ + # establish well-known strings + begin_pki_status_comment="<!-- DO NOT REMOVE - Begin PKI Status Definitions -->" + end_pki_status_comment="<!-- DO NOT REMOVE - End PKI Status Definitions -->" + total_ports=0 + unsecure_port_statement="Unsecure Port = " + secure_agent_port_statement="Secure Agent Port = " + secure_ee_port_statement="Secure EE Port = " + secure_admin_port_statement="Secure Admin Port = " + tomcat_port_statement="Tomcat Port = " + + # initialize looping variables + pki_status_comment_found=0 + + # first check to see that an instance-specific "server.xml" file exists + if [ ! -f [PKI_SERVER_XML_CONF] ] ; then + echo "File '[PKI_SERVER_XML_CONF]' does not exist!" + exit 255 + fi + + # read this instance-specific "server.xml" file line-by-line + # to obtain the current PKI Status Definitions + exec < [PKI_SERVER_XML_CONF] + while read line; do + # first look for the well-known end PKI Status comment + # (to turn off processing) + if [ "$line" == "$end_pki_status_comment" ] ; then + pki_status_comment_found=0 + break; + fi + + # then look for the well-known begin PKI Status comment + # (to turn on processing) + if [ "$line" == "$begin_pki_status_comment" ] ; then + pki_status_comment_found=1 + fi + + # once the well-known begin PKI Status comment has been found, + # begin processing to obtain all of the PKI Status Definitions + if [ $pki_status_comment_found -eq 1 ] ; then + # look for a PKI Status Definition and print it + head=`echo "$line" | cut -b1-20` + if [ "$head" == "$unsecure_port_statement" ] || + [ "$head" == "$secure_agent_port_statement" ] || + [ "$head" == "$secure_ee_port_statement" ] || + [ "$head" == "$secure_admin_port_statement" ] || + [ "$head" == "$tomcat_port_statement" ] ; then + echo " $line" + total_ports=`expr ${total_ports} + 1` + fi + fi + done + + if [ ${total_ports} -eq 6 ] ; then + return 0 + else + return 255 + fi +} + get_pki_secure_port() { # establish well-known strings @@ -259,14 +342,17 @@ get_pki_secure_port() return 255 } -# See how we were called. start() { echo -n "Starting $TOMCAT_PROG: " - if [ -f /var/lock/subsys/[PKI_INSTANCE_ID] ] ; then - if [ -f /var/run/[PKI_INSTANCE_ID].pid ]; then - read kpid < /var/run/[PKI_INSTANCE_ID].pid + if [ -f ${RESTART_SERVER} ] ; then + rm -f ${RESTART_SERVER} + fi + + if [ -f ${lockfile} ] ; then + if [ -f ${pidfile} ]; then + read kpid < ${pidfile} if checkpid $kpid 2>&1; then echo echo "process already running" @@ -281,7 +367,7 @@ start() fi fi - CATALINA_PID=/var/run/[PKI_INSTANCE_ID].pid + CATALINA_PID=${pidfile} export CATALINA_PID touch $CATALINA_PID chown $TOMCAT_USER:$TOMCAT_GROUP $CATALINA_PID @@ -779,13 +865,13 @@ start() fi RETVAL=$? - [ $RETVAL = 0 ] && touch /var/lock/subsys/[PKI_INSTANCE_ID] + [ $RETVAL = 0 ] && touch ${lockfile} if [ $RETVAL = 0 ] ; then count=0; let swait=$STARTUP_WAIT - while [ ! -s /var/run/[PKI_INSTANCE_ID].pid ] && + while [ ! -s ${pidfile} ] && [ $count -lt $swait ] do echo -n "." @@ -833,8 +919,8 @@ stop() { echo -n "Stopping $TOMCAT_PROG: " - if [ -f /var/lock/subsys/[PKI_INSTANCE_ID] ] ; then - CATALINA_PID=/var/run/[PKI_INSTANCE_ID].pid + if [ -f ${lockfile} ] ; then + CATALINA_PID=${pidfile} export CATALINA_PID # daemon --user $TOMCAT_USER $TOMCAT_SCRIPT stop @@ -849,8 +935,8 @@ stop() if [ $RETVAL = 0 ]; then count=0; - if [ -f /var/run/[PKI_INSTANCE_ID].pid ]; then - read kpid < /var/run/[PKI_INSTANCE_ID].pid + if [ -f ${pidfile} ]; then + read kpid < ${pidfile} let kwait=$SHUTDOWN_WAIT until [ `ps -p $kpid | grep -c $kpid` = '0' ] || @@ -866,8 +952,8 @@ stop() fi fi - rm -f /var/lock/subsys/[PKI_INSTANCE_ID] - rm -f /var/run/[PKI_INSTANCE_ID].pid + rm -f ${lockfile} + rm -f ${pidfile} if [ -x /etc/init.d/functions ]; then if [ "$CONSOLETYPE" = "serial" ]; then @@ -895,6 +981,31 @@ stop() fi } +status() +{ + if [ -f ${pidfile} ] ; then + pid=`cat ${pidfile}` + if [ "${pid}" == "" ] ; then + echo "[PKI_INSTANCE_ID] pid file exists but is empty" + elif kill -0 ${pid} > /dev/null 2>&1 ; then + echo "[PKI_INSTANCE_ID] (pid ${pid}) is running ..." + echo + check_pki_configuration_status + if [ $? -eq 0 ] ; then + get_pki_status_definitions + if [ $? -ne 0 ] ; then + echo "[PKI_INSTANCE_ID] Status Definitions not found" + fi + fi + echo + else + echo "[PKI_INSTANCE_ID] is dead but pid file exists" + fi + else + echo "[PKI_INSTANCE_ID] is stopped" + fi +} + # See how we were called. case "$1" in start) @@ -909,18 +1020,21 @@ case "$1" in start ;; condrestart) - if [ -f /var/run/[PKI_INSTANCE_ID].pid ] ; then + if [ -f ${pidfile} ] ; then stop sleep 2 start else echo -n "Unable to restart process since " - echo -n "'/var/run/[PKI_INSTANCE_ID].pid' does not exist!" + echo -n "'${pidfile}' does not exist!" echo fi ;; + status) + status + ;; *) - echo "Usage: $TOMCAT_PROG {start|stop|restart|condrestart}" + echo "Usage: $TOMCAT_PROG {start|stop|restart|condrestart|status}" exit 1 esac diff --git a/pki/base/ra/etc/init.d/httpd b/pki/base/ra/etc/init.d/httpd index e0932b9c5..f4d8f06ec 100755 --- a/pki/base/ra/etc/init.d/httpd +++ b/pki/base/ra/etc/init.d/httpd @@ -21,8 +21,8 @@ # [INSTANCE_ID] Startup script for the Apache HTTP Server # # chkconfig: - 86 14 -# description: Apache is a World Wide Web server. It is used to serve \ -# HTML files and CGI. +# description: Registration Authority \ +# (Apache 2.2) # processname: [INSTANCE_ID] # config: [HTTPD_CONF] # pidfile: [SERVER_ROOT]/logs/[INSTANCE_ID].pid @@ -95,7 +95,7 @@ else # The checkpid() function is provided for platforms that do not # contain the "/etc/init.d/functions" file (e. g. - Solaris) . . . - # Check if $pid (could be plural) are running (keep count) + # Check if ${pid} (could be plural) are running (keep count) checkpid() { rv=0 @@ -160,6 +160,7 @@ httpd=${HTTPD:-[FORTITUDE_DIR]/sbin/httpd} prog=[INSTANCE_ID] pidfile=${PIDFILE:-[SERVER_ROOT]/logs/[INSTANCE_ID].pid} lockfile=${LOCKFILE:-/var/lock/subsys/[INSTANCE_ID]} +RESTART_SERVER=/var/lib/[INSTANCE_ID]/conf/restart_server_after_configuration RETVAL=0 # see if httpd is linked with the openldap libraries - we need to override them @@ -170,11 +171,7 @@ if [ ${OS} = "Linux" ]; then if [ $hasopenldap -eq 1 ] ; then LD_PRELOAD="[SYSTEM_USER_LIBRARIES]/libldap60.so" - if [ -e [SYSTEM_USER_LIBRARIES]/dirsec/libssl3.so ] ; then - LD_PRELOAD="[SYSTEM_USER_LIBRARIES]/dirsec/libssl3.so:${LD_PRELOAD}" - else - LD_PRELOAD="[SYSTEM_USER_LIBRARIES]/libssl3.so:${LD_PRELOAD}" - fi + LD_PRELOAD="[SYSTEM_USER_LIBRARIES]/libssl3.so:${LD_PRELOAD}" export LD_PRELOAD fi elif [ ${OS} = "SunOS" ] ; then @@ -183,6 +180,100 @@ elif [ ${OS} = "SunOS" ] ; then export LD_PRELOAD_64 fi +check_pki_configuration_status() +{ + rv=0 + + rv=`grep -c ^preop /etc/[INSTANCE_ID]/CS.cfg` + + rv=`expr ${rv} + 0` + + if [ ${rv} -ne 0 ] ; then + echo " '[INSTANCE_ID]' must still be CONFIGURED!" + echo " (see /var/log/[INSTANCE_ID]-install.log)" + elif [ -f ${RESTART_SERVER} ] ; then + echo " Although '[INSTANCE_ID]' has been CONFIGURED, it must still be RESTARTED!" + rv=255 + fi + + return ${rv} +} + +get_pki_status_definitions() +{ + # establish well-known strings + listen_statement="Listen" + total_ports=0 + UNSECURE_PORT="" + CLIENTAUTH_PORT="" + NON_CLIENTAUTH_PORT="" + + # check to see that an instance-specific "httpd.conf" file exists + if [ ! -f [HTTPD_CONF] ] ; then + echo "File '[HTTPD_CONF]' does not exist!" + exit 255 + fi + + # check to see that an instance-specific "nss.conf" file exists + if [ ! -f [NSS_CONF] ] ; then + echo "File '[NSS_CONF]' does not exist!" + exit 255 + fi + + # read this instance-specific "httpd.conf" file line-by-line + # to obtain the current value of the PKI unsecure port + + exec < [HTTPD_CONF] + while read line; do + # look for the listen statement + head=`echo $line | cut -b1-6` + if [ "$head" == "$listen_statement" ] ; then + # once the 'unsecure' listen statement has been found, + # extract the numeric port information + port=`echo $line | cut -d: -f2` + UNSECURE_PORT=$port + echo " Unsecure Port = http://[SERVER_NAME]:${UNSECURE_PORT}" + total_ports=`expr ${total_ports} + 1` + break; + fi + done + + # read this instance-specific "nss.conf" file line-by-line + # to obtain the current value of the "clientauth" PKI secure port + # AND the current value of the "non-clientauth" PKI secure port + + exec < [NSS_CONF] + while read line; do + # look for the listen statement + head=`echo $line | cut -b1-6` + if [ "$head" == "$listen_statement" ] && + [ ${total_ports} -eq 2 ] ; then + # once the 'non-clientauth' listen statement has been found, + # extract the numeric port information + non_clientauth_port=`echo $line | cut -d: -f2` + NON_CLIENTAUTH_PORT=$non_clientauth_port + echo " Secure Non-Clientauth Port = https://[SERVER_NAME]:${NON_CLIENTAUTH_PORT}" + total_ports=`expr ${total_ports} + 1` + break + fi + if [ "$head" == "$listen_statement" ] && + [ ${total_ports} -eq 1 ] ; then + # once the 'clientauth' listen statement has been found, + # extract the numeric port information + clientauth_port=`echo $line | cut -d: -f2` + CLIENTAUTH_PORT=$clientauth_port + echo " Secure Clientauth Port = https://[SERVER_NAME]:${CLIENTAUTH_PORT}" + total_ports=`expr ${total_ports} + 1` + fi + done + + if [ ${total_ports} -eq 3 ] ; then + return 0 + else + return 255 + fi +} + get_pki_secure_port() { # establish well-known strings @@ -195,13 +286,14 @@ get_pki_secure_port() fi # read this instance-specific "nss.conf" file line-by-line - # to obtain the current value of the PKI secure port + # to obtain the current value of the "clientauth" PKI secure port + exec < [NSS_CONF] while read line; do # look for the listen statement head=`echo $line | cut -b1-6` if [ "$head" == "$listen_statement" ] ; then - # once the listen statement has been found, + # once the 'clientauth' listen statement has been found, # extract the numeric port information port=`echo $line | cut -d: -f2` SECURE_PORT=$port @@ -216,9 +308,14 @@ get_pki_secure_port() # things -- attempting to start while running is a failure, and shutdown # when not running is also a failure. So we just do it the way init scripts # are expected to behave here. -start() { +start() +{ echo -n $"Starting $prog: " + if [ -f ${RESTART_SERVER} ] ; then + rm -f ${RESTART_SERVER} + fi + if [ -f ${lockfile} ] ; then if [ -f ${pidfile} ]; then read kpid < ${pidfile} @@ -314,7 +411,8 @@ start() { return $RETVAL } -stop() { +stop() +{ echo -n "Stopping $prog: " if [ -f ${lockfile} ] ; then @@ -364,7 +462,8 @@ stop() { fi } -reload() { +reload() +{ echo -n $"Reloading $prog: " if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then @@ -400,6 +499,31 @@ reload() { echo } +status() +{ + if [ -f ${pidfile} ] ; then + pid=`cat ${pidfile}` + if [ "${pid}" == "" ] ; then + echo "[INSTANCE_ID] pid file exists but is empty" + elif kill -0 ${pid} > /dev/null 2>&1 ; then + echo "[INSTANCE_ID] (pid ${pid}) is running ..." + echo + check_pki_configuration_status + if [ $? -eq 0 ] ; then + get_pki_status_definitions + if [ $? -ne 0 ] ; then + echo "[INSTANCE_ID] Status Definitions not found" + fi + fi + echo + else + echo "[INSTANCE_ID] is dead but pid file exists" + fi + else + echo "[INSTANCE_ID] is stopped" + fi +} + # See how we were called. case "$1" in start) @@ -408,10 +532,6 @@ case "$1" in stop) stop ;; - status) - status $httpd - RETVAL=$? - ;; restart) stop sleep 2 @@ -431,8 +551,11 @@ case "$1" in reload) reload ;; + status) + status + ;; *) - echo $"Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}" + echo $"Usage: $prog {start|stop|restart|condrestart|reload|status}" exit 1 esac diff --git a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm index c909f9504..727181df0 100755 --- a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm @@ -350,6 +350,13 @@ sub display $::config->deleteSubstore("preop."); $::config->commit(); + ## Create an empty file that designates the fact that although + ## this server instance has been configured, it has NOT yet + ## been restarted! + my $restart_server = "$instDir/conf/restart_server_after_configuration"; + system( "touch $restart_server" ); + system( "chmod 00660 $restart_server" ); + system("rm $instDir/conf/*.txt $instDir/conf/*.der"); return 1; } diff --git a/pki/base/setup/pkicreate b/pki/base/setup/pkicreate index 034a424d6..813b35cd9 100755 --- a/pki/base/setup/pkicreate +++ b/pki/base/setup/pkicreate @@ -2344,23 +2344,17 @@ LoadModule nss_module /opt/fortitude/modules.local/libmodnss.so $slot_hash{$PKI_INSTANCE_ROOT_SLOT} = $pki_instance_root; $slot_hash{$PKI_MACHINE_NAME_SLOT} = $host; $slot_hash{$PKI_RANDOM_NUMBER_SLOT} = $random; - - if (! $do_port_separation) { - $slot_hash{$PKI_SECURE_PORT_SLOT} = $secure_port; - } else { - $slot_hash{$PKI_SECURE_PORT_SLOT} = $ee_secure_port; - } - $slot_hash{$PKI_SERVER_XML_CONF} = $server_xml_instance_file_path; $slot_hash{$PKI_SUBSYSTEM_TYPE_SLOT} = $subsystem_type; $slot_hash{$PKI_UNSECURE_PORT_SLOT} = $unsecure_port; - # Take care of the case where we want separate listening ports. + # Define "Port Separation" versus "Shared Ports" if( $do_port_separation) { - $slot_hash{$PKI_SECURE_PORT_SLOT} = $agent_secure_port; - $slot_hash{$PKI_EE_SECURE_PORT_SLOT} = $ee_secure_port; - $slot_hash{$PKI_ADMIN_SECURE_PORT_SLOT} = $admin_secure_port; + $slot_hash{$PKI_SECURE_PORT_SLOT} = $agent_secure_port; + $slot_hash{$PKI_AGENT_SECURE_PORT_SLOT} = $agent_secure_port; + $slot_hash{$PKI_EE_SECURE_PORT_SLOT} = $ee_secure_port; + $slot_hash{$PKI_ADMIN_SECURE_PORT_SLOT} = $admin_secure_port; # Do NOT comment out the Admin/EE/Unsecure Ports # used by Port Separation $slot_hash{$PKI_OPEN_SEPARATE_PORTS_COMMENT_SERVER_SLOT} = ""; @@ -2373,6 +2367,10 @@ LoadModule nss_module /opt/fortitude/modules.local/libmodnss.so $slot_hash{$PKI_OPEN_SEPARATE_PORTS_COMMENT_WEB_SLOT} = $PKI_OPEN_COMMENT; $slot_hash{$PKI_CLOSE_SEPARATE_PORTS_COMMENT_WEB_SLOT} = $PKI_CLOSE_COMMENT; } else { + $slot_hash{$PKI_SECURE_PORT_SLOT} = $secure_port; + $slot_hash{$PKI_AGENT_SECURE_PORT_SLOT} = $secure_port; + $slot_hash{$PKI_EE_SECURE_PORT_SLOT} = $secure_port; + $slot_hash{$PKI_ADMIN_SECURE_PORT_SLOT} = $secure_port; # Comment out the Admin/EE/Unsecure Ports used by Port Separation $slot_hash{$PKI_OPEN_SEPARATE_PORTS_COMMENT_SERVER_SLOT} = $PKI_OPEN_COMMENT; $slot_hash{$PKI_CLOSE_SEPARATE_PORTS_COMMENT_SERVER_SLOT} = $PKI_CLOSE_COMMENT;; diff --git a/pki/base/tks/shared/conf/server.xml b/pki/base/tks/shared/conf/server.xml index 44a1b1265..ed0a8371f 100644 --- a/pki/base/tks/shared/conf/server.xml +++ b/pki/base/tks/shared/conf/server.xml @@ -10,6 +10,17 @@ define subcomponents such as "Valves" or "Loggers" at this level. --> +<!-- DO NOT REMOVE - Begin PKI Status Definitions --> +<!-- +Unsecure Port = http://[PKI_MACHINE_NAME]:[PKI_UNSECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] +Secure Agent Port = https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/agent/[PKI_SUBSYSTEM_TYPE] +Secure EE Port = https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] +Secure Admin Port = https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/services +Secure Admin Port = pkiconsole https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE] +Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) +--> +<!-- DO NOT REMOVE - End PKI Status Definitions --> + <Server port="[TOMCAT_SERVER_PORT]" shutdown="SHUTDOWN"> <!-- Comment these entries out to disable JMX MBeans support used for the diff --git a/pki/base/tks/shared/etc/init.d/httpd b/pki/base/tks/shared/etc/init.d/httpd index 19679ac98..b32ccaf47 100755 --- a/pki/base/tks/shared/etc/init.d/httpd +++ b/pki/base/tks/shared/etc/init.d/httpd @@ -21,8 +21,8 @@ # [PKI_INSTANCE_ID] Startup script for Tomcat 5.0, the Apache Servlet Engine # # chkconfig: - 84 16 -# description: Tomcat 5.0 is the Apache Servlet Engine RI -# for Servlet 2.4/JSP 2.0 +# description: Token Key Service \ +# (Tomcat 5.0) # processname: [PKI_INSTANCE_ID] # pidfile: /var/run/[PKI_INSTANCE_ID].pid # config: /etc/[PKI_INSTANCE_ID]/tomcat5.conf @@ -115,7 +115,7 @@ else # The checkpid() function is provided for platforms that do not # contain the "/etc/init.d/functions" file (e. g. - Solaris) . . . - # Check if $pid (could be plural) are running (keep count) + # Check if ${pid} (could be plural) are running (keep count) checkpid() { rv=0 @@ -206,8 +206,91 @@ fi # Please use the /etc/tomcat.conf file instead ; it will # be read by the $tomcat script +pidfile=${PIDFILE:-/var/run/[PKI_INSTANCE_ID].pid} +lockfile=${LOCKFILE:-/var/lock/subsys/[PKI_INSTANCE_ID]} +RESTART_SERVER=/var/lib/[PKI_INSTANCE_ID]/conf/restart_server_after_configuration RETVAL=0 +check_pki_configuration_status() +{ + rv=0 + + rv=`grep -c ^preop /etc/[PKI_INSTANCE_ID]/CS.cfg` + + rv=`expr ${rv} + 0` + + if [ ${rv} -ne 0 ] ; then + echo " '[PKI_INSTANCE_ID]' must still be CONFIGURED!" + echo " (see /var/log/[PKI_INSTANCE_ID]-install.log)" + elif [ -f ${RESTART_SERVER} ] ; then + echo " Although '[PKI_INSTANCE_ID]' has been CONFIGURED, it must still be RESTARTED!" + rv=255 + fi + + return ${rv} +} + +get_pki_status_definitions() +{ + # establish well-known strings + begin_pki_status_comment="<!-- DO NOT REMOVE - Begin PKI Status Definitions -->" + end_pki_status_comment="<!-- DO NOT REMOVE - End PKI Status Definitions -->" + total_ports=0 + unsecure_port_statement="Unsecure Port = " + secure_agent_port_statement="Secure Agent Port = " + secure_ee_port_statement="Secure EE Port = " + secure_admin_port_statement="Secure Admin Port = " + tomcat_port_statement="Tomcat Port = " + + # initialize looping variables + pki_status_comment_found=0 + + # first check to see that an instance-specific "server.xml" file exists + if [ ! -f [PKI_SERVER_XML_CONF] ] ; then + echo "File '[PKI_SERVER_XML_CONF]' does not exist!" + exit 255 + fi + + # read this instance-specific "server.xml" file line-by-line + # to obtain the current PKI Status Definitions + exec < [PKI_SERVER_XML_CONF] + while read line; do + # first look for the well-known end PKI Status comment + # (to turn off processing) + if [ "$line" == "$end_pki_status_comment" ] ; then + pki_status_comment_found=0 + break; + fi + + # then look for the well-known begin PKI Status comment + # (to turn on processing) + if [ "$line" == "$begin_pki_status_comment" ] ; then + pki_status_comment_found=1 + fi + + # once the well-known begin PKI Status comment has been found, + # begin processing to obtain all of the PKI Status Definitions + if [ $pki_status_comment_found -eq 1 ] ; then + # look for a PKI Status Definition and print it + head=`echo "$line" | cut -b1-20` + if [ "$head" == "$unsecure_port_statement" ] || + [ "$head" == "$secure_agent_port_statement" ] || + [ "$head" == "$secure_ee_port_statement" ] || + [ "$head" == "$secure_admin_port_statement" ] || + [ "$head" == "$tomcat_port_statement" ] ; then + echo " $line" + total_ports=`expr ${total_ports} + 1` + fi + fi + done + + if [ ${total_ports} -eq 6 ] ; then + return 0 + else + return 255 + fi +} + get_pki_secure_port() { # establish well-known strings @@ -259,14 +342,17 @@ get_pki_secure_port() return 255 } -# See how we were called. start() { echo -n "Starting $TOMCAT_PROG: " - if [ -f /var/lock/subsys/[PKI_INSTANCE_ID] ] ; then - if [ -f /var/run/[PKI_INSTANCE_ID].pid ]; then - read kpid < /var/run/[PKI_INSTANCE_ID].pid + if [ -f ${RESTART_SERVER} ] ; then + rm -f ${RESTART_SERVER} + fi + + if [ -f ${lockfile} ] ; then + if [ -f ${pidfile} ]; then + read kpid < ${pidfile} if checkpid $kpid 2>&1; then echo echo "process already running" @@ -281,7 +367,7 @@ start() fi fi - CATALINA_PID=/var/run/[PKI_INSTANCE_ID].pid + CATALINA_PID=${pidfile} export CATALINA_PID touch $CATALINA_PID chown $TOMCAT_USER:$TOMCAT_GROUP $CATALINA_PID @@ -779,13 +865,13 @@ start() fi RETVAL=$? - [ $RETVAL = 0 ] && touch /var/lock/subsys/[PKI_INSTANCE_ID] + [ $RETVAL = 0 ] && touch ${lockfile} if [ $RETVAL = 0 ] ; then count=0; let swait=$STARTUP_WAIT - while [ ! -s /var/run/[PKI_INSTANCE_ID].pid ] && + while [ ! -s ${pidfile} ] && [ $count -lt $swait ] do echo -n "." @@ -833,8 +919,8 @@ stop() { echo -n "Stopping $TOMCAT_PROG: " - if [ -f /var/lock/subsys/[PKI_INSTANCE_ID] ] ; then - CATALINA_PID=/var/run/[PKI_INSTANCE_ID].pid + if [ -f ${lockfile} ] ; then + CATALINA_PID=${pidfile} export CATALINA_PID # daemon --user $TOMCAT_USER $TOMCAT_SCRIPT stop @@ -849,8 +935,8 @@ stop() if [ $RETVAL = 0 ]; then count=0; - if [ -f /var/run/[PKI_INSTANCE_ID].pid ]; then - read kpid < /var/run/[PKI_INSTANCE_ID].pid + if [ -f ${pidfile} ]; then + read kpid < ${pidfile} let kwait=$SHUTDOWN_WAIT until [ `ps -p $kpid | grep -c $kpid` = '0' ] || @@ -866,8 +952,8 @@ stop() fi fi - rm -f /var/lock/subsys/[PKI_INSTANCE_ID] - rm -f /var/run/[PKI_INSTANCE_ID].pid + rm -f ${lockfile} + rm -f ${pidfile} if [ -x /etc/init.d/functions ]; then if [ "$CONSOLETYPE" = "serial" ]; then @@ -895,6 +981,31 @@ stop() fi } +status() +{ + if [ -f ${pidfile} ] ; then + pid=`cat ${pidfile}` + if [ "${pid}" == "" ] ; then + echo "[PKI_INSTANCE_ID] pid file exists but is empty" + elif kill -0 ${pid} > /dev/null 2>&1 ; then + echo "[PKI_INSTANCE_ID] (pid ${pid}) is running ..." + echo + check_pki_configuration_status + if [ $? -eq 0 ] ; then + get_pki_status_definitions + if [ $? -ne 0 ] ; then + echo "[PKI_INSTANCE_ID] Status Definitions not found" + fi + fi + echo + else + echo "[PKI_INSTANCE_ID] is dead but pid file exists" + fi + else + echo "[PKI_INSTANCE_ID] is stopped" + fi +} + # See how we were called. case "$1" in start) @@ -909,18 +1020,21 @@ case "$1" in start ;; condrestart) - if [ -f /var/run/[PKI_INSTANCE_ID].pid ] ; then + if [ -f ${pidfile} ] ; then stop sleep 2 start else echo -n "Unable to restart process since " - echo -n "'/var/run/[PKI_INSTANCE_ID].pid' does not exist!" + echo -n "'${pidfile}' does not exist!" echo fi ;; + status) + status + ;; *) - echo "Usage: $TOMCAT_PROG {start|stop|restart|condrestart}" + echo "Usage: $TOMCAT_PROG {start|stop|restart|condrestart|status}" exit 1 esac diff --git a/pki/base/tps/etc/init.d/httpd b/pki/base/tps/etc/init.d/httpd index 3d95cf367..983dd88f6 100755 --- a/pki/base/tps/etc/init.d/httpd +++ b/pki/base/tps/etc/init.d/httpd @@ -24,8 +24,8 @@ # [INSTANCE_ID] Startup script for the Apache HTTP Server # # chkconfig: - 87 13 -# description: Apache is a World Wide Web server. It is used to serve \ -# HTML files and CGI. +# description: Token Processing System \ +# (Apache 2.2) # processname: [INSTANCE_ID] # config: [HTTPD_CONF] # pidfile: [SERVER_ROOT]/logs/[INSTANCE_ID].pid @@ -98,7 +98,7 @@ else # The checkpid() function is provided for platforms that do not # contain the "/etc/init.d/functions" file (e. g. - Solaris) . . . - # Check if $pid (could be plural) are running (keep count) + # Check if ${pid} (could be plural) are running (keep count) checkpid() { rv=0 @@ -163,6 +163,7 @@ httpd=${HTTPD:-[FORTITUDE_DIR]/sbin/httpd} prog=[INSTANCE_ID] pidfile=${PIDFILE:-[SERVER_ROOT]/logs/[INSTANCE_ID].pid} lockfile=${LOCKFILE:-/var/lock/subsys/[INSTANCE_ID]} +RESTART_SERVER=/var/lib/[INSTANCE_ID]/conf/restart_server_after_configuration RETVAL=0 # see if httpd is linked with the openldap libraries - we need to override them @@ -182,6 +183,109 @@ elif [ ${OS} = "SunOS" ] ; then export LD_PRELOAD_64 fi +check_pki_configuration_status() +{ + rv=0 + + rv=`grep -c ^preop /etc/[INSTANCE_ID]/CS.cfg` + + rv=`expr ${rv} + 0` + + if [ ${rv} -ne 0 ] ; then + echo " '[INSTANCE_ID]' must still be CONFIGURED!" + echo " (see /var/log/[INSTANCE_ID]-install.log)" + elif [ -f ${RESTART_SERVER} ] ; then + echo " Although '[INSTANCE_ID]' has been CONFIGURED, it must still be RESTARTED!" + rv=255 + fi + + return ${rv} +} + +get_pki_status_definitions() +{ + # establish well-known strings + listen_statement="Listen" + total_ports=0 + UNSECURE_PORT="" + CLIENTAUTH_PORT="" + NON_CLIENTAUTH_PORT="" + + # check to see that an instance-specific "httpd.conf" file exists + if [ ! -f [HTTPD_CONF] ] ; then + echo "File '[HTTPD_CONF]' does not exist!" + exit 255 + fi + + # check to see that an instance-specific "nss.conf" file exists + if [ ! -f [NSS_CONF] ] ; then + echo "File '[NSS_CONF]' does not exist!" + exit 255 + fi + + # read this instance-specific "httpd.conf" file line-by-line + # to obtain the current value of the PKI unsecure port + + exec < [HTTPD_CONF] + while read line; do + # look for the listen statement + head=`echo $line | cut -b1-6` + if [ "$head" == "$listen_statement" ] ; then + # once the 'unsecure' listen statement has been found, + # extract the numeric port information + port=`echo $line | cut -d: -f2` + UNSECURE_PORT=$port + echo " Unsecure Port = http://[SERVER_NAME]:${UNSECURE_PORT}/cgi-bin/so/enroll.cgi" + echo " (ESC Security Officer Enrollment)" + echo " Unsecure Port = http://[SERVER_NAME]:${UNSECURE_PORT}/cgi-bin/home/index.cgi" + echo " (ESC Phone Home)" + total_ports=`expr ${total_ports} + 1` + break; + fi + done + + # read this instance-specific "nss.conf" file line-by-line + # to obtain the current value of the "clientauth" PKI secure port + # AND the current value of the "non-clientauth" PKI secure port + + exec < [NSS_CONF] + while read line; do + # look for the listen statement + head=`echo $line | cut -b1-6` + if [ "$head" == "$listen_statement" ] && + [ ${total_ports} -eq 2 ] ; then + # once the 'non-clientauth' listen statement has been found, + # extract the numeric port information + non_clientauth_port=`echo $line | cut -d: -f2` + NON_CLIENTAUTH_PORT=$non_clientauth_port + echo " Secure Non-Clientauth Port = https://[SERVER_NAME]:${NON_CLIENTAUTH_PORT}/cgi-bin/so/enroll.cgi" + echo " (ESC Security Officer Enrollment)" + echo " Secure Non-Clientauth Port = https://[SERVER_NAME]:${NON_CLIENTAUTH_PORT}/cgi-bin/home/index.cgi" + echo " (ESC Phone Home)" + total_ports=`expr ${total_ports} + 1` + break + fi + if [ "$head" == "$listen_statement" ] && + [ ${total_ports} -eq 1 ] ; then + # once the 'clientauth' listen statement has been found, + # extract the numeric port information + clientauth_port=`echo $line | cut -d: -f2` + CLIENTAUTH_PORT=$clientauth_port + echo " Secure Clientauth Port = https://[SERVER_NAME]:${CLIENTAUTH_PORT}/cgi-bin/sow/welcome.cgi" + echo " (ESC Security Officer Workstation)" + echo " Secure Clientauth Port = https://[SERVER_NAME]:${CLIENTAUTH_PORT}/tus" + echo " (TPS Roles - Operator/Administrator/Agent)" + total_ports=`expr ${total_ports} + 1` + fi + done + + if [ ${total_ports} -eq 3 ] ; then + return 0 + else + return 255 + fi +} + get_pki_secure_port() { # establish well-known strings @@ -194,13 +298,13 @@ get_pki_secure_port() fi # read this instance-specific "nss.conf" file line-by-line - # to obtain the current value of the PKI secure port + # to obtain the current value of the "clientauth" PKI secure port exec < [NSS_CONF] while read line; do # look for the listen statement head=`echo $line | cut -b1-6` if [ "$head" == "$listen_statement" ] ; then - # once the listen statement has been found, + # once the 'clientauth' listen statement has been found, # extract the numeric port information port=`echo $line | cut -d: -f2` SECURE_PORT=$port @@ -215,9 +319,14 @@ get_pki_secure_port() # things -- attempting to start while running is a failure, and shutdown # when not running is also a failure. So we just do it the way init scripts # are expected to behave here. -start() { +start() +{ echo -n $"Starting $prog: " + if [ -f ${RESTART_SERVER} ] ; then + rm -f ${RESTART_SERVER} + fi + if [ -f ${lockfile} ] ; then if [ -f ${pidfile} ]; then read kpid < ${pidfile} @@ -313,7 +422,8 @@ start() { return $RETVAL } -stop() { +stop() +{ echo -n "Stopping $prog: " if [ -f ${lockfile} ] ; then @@ -363,7 +473,8 @@ stop() { fi } -reload() { +reload() +{ echo -n $"Reloading $prog: " if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then @@ -399,6 +510,31 @@ reload() { echo } +status() +{ + if [ -f ${pidfile} ] ; then + pid=`cat ${pidfile}` + if [ "${pid}" == "" ] ; then + echo "[INSTANCE_ID] pid file exists but is empty" + elif kill -0 ${pid} > /dev/null 2>&1 ; then + echo "[INSTANCE_ID] (pid ${pid}) is running ..." + echo + check_pki_configuration_status + if [ $? -eq 0 ] ; then + get_pki_status_definitions + if [ $? -ne 0 ] ; then + echo "[INSTANCE_ID] Status Definitions not found" + fi + fi + echo + else + echo "[INSTANCE_ID] is dead but pid file exists" + fi + else + echo "[INSTANCE_ID] is stopped" + fi +} + # See how we were called. case "$1" in start) @@ -407,10 +543,6 @@ case "$1" in stop) stop ;; - status) - status $httpd - RETVAL=$? - ;; restart) stop sleep 2 @@ -430,8 +562,11 @@ case "$1" in reload) reload ;; + status) + status + ;; *) - echo $"Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}" + echo $"Usage: $prog {start|stop|restart|condrestart|reload|status}" exit 1 esac diff --git a/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm index 27a35c25e..6195b6e38 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm @@ -362,6 +362,13 @@ sub display $::config->deleteSubstore("preop."); $::config->commit(); + ## Create an empty file that designates the fact that although + ## this server instance has been configured, it has NOT yet + ## been restarted! + my $restart_server = "$instDir/conf/restart_server_after_configuration"; + system( "touch $restart_server" ); + system( "chmod 00660 $restart_server" ); + return 1; } |