diff options
author | Ade Lee <alee@redhat.com> | 2012-08-22 09:48:02 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-08-23 23:02:49 -0400 |
commit | 81671480be713bee013d505c6f0003431c508fc3 (patch) | |
tree | fe7293b4fd42eb104e7f19f919c3550d0368ffb2 | |
parent | 4d1a8a5a34e955e0f3b19dce3847891ad7084935 (diff) | |
download | pki-81671480be713bee013d505c6f0003431c508fc3.tar.gz pki-81671480be713bee013d505c6f0003431c508fc3.tar.xz pki-81671480be713bee013d505c6f0003431c508fc3.zip |
Added systemd files for RA and TPS
-rw-r--r-- | base/ra/CMakeLists.txt | 20 | ||||
-rw-r--r-- | base/ra/lib/systemd/system/pki-rad.target | 6 | ||||
-rw-r--r-- | base/ra/lib/systemd/system/pki-rad@.service | 13 | ||||
-rwxr-xr-x | base/setup/pkicreate | 21 | ||||
-rwxr-xr-x | base/setup/scripts/pki_apache_initscript | 4 | ||||
-rw-r--r-- | base/tps/CMakeLists.txt | 18 | ||||
-rw-r--r-- | base/tps/lib/systemd/system/pki-tpsd.target | 6 | ||||
-rw-r--r-- | base/tps/lib/systemd/system/pki-tpsd@.service | 12 | ||||
-rw-r--r-- | specs/pki-ra.spec | 74 | ||||
-rw-r--r-- | specs/pki-tps.spec | 75 |
10 files changed, 221 insertions, 28 deletions
diff --git a/base/ra/CMakeLists.txt b/base/ra/CMakeLists.txt index 59910fe95..cc3b53e72 100644 --- a/base/ra/CMakeLists.txt +++ b/base/ra/CMakeLists.txt @@ -3,6 +3,19 @@ project(ra) add_subdirectory(doc) add_subdirectory(setup) +# install systemd scripts +install( + FILES + lib/systemd/system/pki-rad.target + lib/systemd/system/pki-rad@.service + DESTINATION + ${SYSTEMD_LIB_INSTALL_DIR} + PERMISSIONS + OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ +) + # install init script install( FILES @@ -74,3 +87,10 @@ install( ${VAR_INSTALL_DIR}/run/pki/ra ) +install( + DIRECTORY + DESTINATION + ${SYSTEMD_ETC_INSTALL_DIR}/pki-rad.target.wants +) + + diff --git a/base/ra/lib/systemd/system/pki-rad.target b/base/ra/lib/systemd/system/pki-rad.target new file mode 100644 index 000000000..e1a4f808e --- /dev/null +++ b/base/ra/lib/systemd/system/pki-rad.target @@ -0,0 +1,6 @@ +[Unit] +Description=PKI Registration Authority Server +After=syslog.target network.target + +[Install] +WantedBy=multi-user.target diff --git a/base/ra/lib/systemd/system/pki-rad@.service b/base/ra/lib/systemd/system/pki-rad@.service new file mode 100644 index 000000000..68beb5005 --- /dev/null +++ b/base/ra/lib/systemd/system/pki-rad@.service @@ -0,0 +1,13 @@ +[Unit] +Description=PKI Registration Authority Server %i +After=pki-rad.target +BindTo=pki-rad.target + +[Service] +Type=forking +ExecStart=/usr/bin/pkicontrol start ra %i +ExecStop=/usr/bin/pkicontrol stop ra %i + +[Install] +WantedBy=multi-user.target + diff --git a/base/setup/pkicreate b/base/setup/pkicreate index 5aecd40a8..673972c44 100755 --- a/base/setup/pkicreate +++ b/base/setup/pkicreate @@ -2778,6 +2778,17 @@ sub process_pki_files_and_symlinks "${db_password}\n", $default_file_permissions, $pki_user, $pki_group); + ## Populate systemd links + if ($use_systemd) { + return 0 if !create_symlink( + "${pki_subsystem_systemd_wants_path}/${pki_instance_systemd_service_name}", + "$pki_subsystem_systemd_service_path", + $root_user, $root_group); + + # reload systemd configuration + run_command("/bin/systemctl --system daemon-reload"); + } + ## Populate instances (RA, TPS instances) if ($subsystem_type eq $RA || $subsystem_type eq $TPS) { # create an empty file called "pwcache.conf" for this @@ -2801,16 +2812,6 @@ sub process_pki_files_and_symlinks # to find our tomcat6 configuration file in /etc/sysconfig return 0 if !create_symlink($pki_instance_initscript_path, $tomcat6_initscript_path, $root_user, $root_group); - if ($use_systemd) { - return 0 if !create_symlink( - "${pki_subsystem_systemd_wants_path}/${pki_instance_systemd_service_name}", - "$pki_subsystem_systemd_service_path", - $root_user, $root_group); - - # reload systemd configuration - run_command("/bin/systemctl --system daemon-reload"); - - } return 0 if !create_directory($webinf_lib_instance_path, $default_dir_permissions, $pki_user, $pki_group); diff --git a/base/setup/scripts/pki_apache_initscript b/base/setup/scripts/pki_apache_initscript index e51231065..e29eb0c71 100755 --- a/base/setup/scripts/pki_apache_initscript +++ b/base/setup/scripts/pki_apache_initscript @@ -74,13 +74,13 @@ start() rv=$? if [ ${rv} = 0 ] ; then if [ ${ARCHITECTURE} = "i386" ] ; then - LANG=${PKI_HTTPD_LANG} daemon runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS} + LANG=${PKI_HTTPD_LANG} daemon runcon -t ${PKI_SELINUX_TYPE} -r system_r -- ${httpd} ${PKI_OPTIONS} rv=$? # overwrite output from "daemon" echo -n $"Starting ${prog}: " elif [ ${ARCHITECTURE} = "x86_64" ] ; then # NOTE: "daemon" is incompatible with "httpd" on 64-bit architectures - LANG=${PKI_HTTPD_LANG} runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS} + LANG=${PKI_HTTPD_LANG} runcon -t ${PKI_SELINUX_TYPE} -r system_r -- ${httpd} ${PKI_OPTIONS} rv=$? fi else diff --git a/base/tps/CMakeLists.txt b/base/tps/CMakeLists.txt index 96d23fefa..10c4d8efd 100644 --- a/base/tps/CMakeLists.txt +++ b/base/tps/CMakeLists.txt @@ -43,6 +43,19 @@ add_subdirectory(tools) add_subdirectory(doc) add_subdirectory(setup) +# install systemd scripts +install( + FILES + lib/systemd/system/pki-tpsd.target + lib/systemd/system/pki-tpsd@.service + DESTINATION + ${SYSTEMD_LIB_INSTALL_DIR} + PERMISSIONS + OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ +) + # install init script install( FILES @@ -206,3 +219,8 @@ install( ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/docroot/tps/admin/console/js ) +install( + DIRECTORY + DESTINATION + ${SYSTEMD_ETC_INSTALL_DIR}/pki-tpsd.target.wants +) diff --git a/base/tps/lib/systemd/system/pki-tpsd.target b/base/tps/lib/systemd/system/pki-tpsd.target new file mode 100644 index 000000000..37c693b08 --- /dev/null +++ b/base/tps/lib/systemd/system/pki-tpsd.target @@ -0,0 +1,6 @@ +[Unit] +Description=PKI Token Processing Server +After=syslog.target network.target + +[Install] +WantedBy=multi-user.target diff --git a/base/tps/lib/systemd/system/pki-tpsd@.service b/base/tps/lib/systemd/system/pki-tpsd@.service new file mode 100644 index 000000000..6a0d6a343 --- /dev/null +++ b/base/tps/lib/systemd/system/pki-tpsd@.service @@ -0,0 +1,12 @@ +[Unit] +Description=PKI Token Processing Server %i +After=pki-tpsd.target +BindTo=pki-tpsd.target + +[Service] +Type=forking +ExecStart=/usr/bin/pkicontrol start tps %i +ExecStop=/usr/bin/pkicontrol stop tps %i + +[Install] +WantedBy=multi-user.target diff --git a/specs/pki-ra.spec b/specs/pki-ra.spec index bcc33560c..146cba6d9 100644 --- a/specs/pki-ra.spec +++ b/specs/pki-ra.spec @@ -1,6 +1,6 @@ Name: pki-ra Version: 9.0.4 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Certificate System - Registration Authority URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -10,6 +10,11 @@ BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +# specify '_unitdir' macro for platforms that don't use 'systemd' +%if 0%{?rhel} || 0%{?fedora} < 16 +%define _unitdir /lib/systemd/system +%endif + BuildRequires: cmake BuildRequires: nspr-devel BuildRequires: nss-devel @@ -24,16 +29,15 @@ Requires: pki-setup Requires: perl-DBD-SQLite Requires: sqlite Requires: /usr/sbin/sendmail +%if 0%{?fedora} >= 16 +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +%else Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts Requires(postun): initscripts -%if 0%{?fedora} >= 15 -# Details: -# -# * https://fedoraproject.org/wiki/Features/var-run-tmpfs -# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft -# Requires: initscripts %endif @@ -102,7 +106,8 @@ chmod +x %{__perl_requires} %build %{__mkdir_p} build cd build -%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_RA:BOOL=ON .. +%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_RA:BOOL=ON .. \ + -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} %{__make} VERBOSE=1 %{?_smp_mflags} @@ -139,7 +144,14 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfile echo "D /var/run/pki/ra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ra.conf %endif +%if 0%{?fedora} >= 16 +%{__rm} %{buildroot}%{_initrddir}/pki-rad +%else +%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-rad.target.wants +%{__rm} -rf %{buildroot}%{_unitdir} +%endif +%if 0%{?rhel} || 0%{?fedora} < 16 %post # This adds the proper /etc/rc*.d links for the script /sbin/chkconfig --add pki-rad || : @@ -157,11 +169,54 @@ if [ "$1" -ge "1" ] ; then /sbin/service pki-rad condrestart >/dev/null 2>&1 || : fi +%else +%post +# Attempt to update ALL old "RA" instances to "systemd" +if [ -d /etc/sysconfig/pki/ra ]; then + for inst in `ls /etc/sysconfig/pki/ra`; do + if [ ! -e "/etc/systemd/system/pki-rad.target.wants/pki-rad@${inst}.service" ]; then + ln -s "/lib/systemd/system/pki-rad@.service" \ + "/etc/systemd/system/pki-rad.target.wants/pki-rad@${inst}.service" + + if [ -e /var/run/${inst}.pid ]; then + kill -9 `cat /var/run/${inst}.pid` || : + rm -f /var/run/${inst}.pid + echo "pkicreate.systemd.servicename=pki-rad@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + /bin/systemctl restart pki-rad@${inst}.service || : + else + echo "pkicreate.systemd.servicename=pki-rad@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + fi + fi + done +fi +/bin/systemctl daemon-reload >/dev/null 2>&1 || : + +%preun +if [ $1 = 0 ] ; then + /bin/systemctl --no-reload disable pki-rad.target > /dev/null 2>&1 || : + /bin/systemctl stop pki-rad.target > /dev/null 2>&1 || : +fi + +%postun +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ "$1" -ge "1" ] ; then + /bin/systemctl try-restart pki-rad.target >/dev/null 2>&1 || : +fi +%endif %files %defattr(-,root,root,-) %doc base/ra/LICENSE +%if 0%{?fedora} >= 16 +%dir %{_sysconfdir}/systemd/system/pki-rad.target.wants +%{_unitdir}/pki-rad@.service +%{_unitdir}/pki-rad.target +%else %{_initrddir}/pki-rad +%endif %dir %{_datadir}/pki/ra %{_datadir}/pki/ra/conf/ %{_datadir}/pki/ra/docroot/ @@ -181,6 +236,9 @@ fi %changelog +* Wed Aug 22 2012 Ade Lee <alee@redhat.com> 9.0.4-2 +- Added systemd scripts + * Thu Sep 22 2011 Ade Lee <alee@redhat.com> 9.0.4-1 - Bugzilla Bug #733065 - User enrollment with RA -- this fails with CA Connection Error diff --git a/specs/pki-tps.spec b/specs/pki-tps.spec index 19be48593..fd3fd021e 100644 --- a/specs/pki-tps.spec +++ b/specs/pki-tps.spec @@ -1,6 +1,6 @@ Name: pki-tps Version: 9.0.7 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Certificate System - Token Processing System URL: http://pki.fedoraproject.org/ License: LGPLv2 @@ -8,6 +8,11 @@ Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +# specify '_unitdir' macro for platforms that don't use 'systemd' +%if 0%{?rhel} || 0%{?fedora} < 16 +%define _unitdir /lib/systemd/system +%endif + BuildRequires: cmake BuildRequires: apr-devel BuildRequires: apr-util-devel @@ -30,16 +35,16 @@ Requires: pki-native-tools Requires: pki-selinux Requires: pki-setup Requires: pki-tps-theme >= 9.0.0 + +%if 0%{?fedora} >= 16 +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +%else Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts Requires(postun): initscripts -%if 0%{?fedora} >= 15 -# Details: -# -# * https://fedoraproject.org/wiki/Features/var-run-tmpfs -# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft -# Requires: initscripts %endif @@ -130,7 +135,8 @@ chmod +x %{__perl_requires} %build %{__mkdir_p} build cd build -%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_TPS:BOOL=ON .. +%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_TPS:BOOL=ON .. \ + -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} %{__make} VERBOSE=1 %{?_smp_mflags} @@ -171,7 +177,14 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfil echo "D /var/run/pki/tps 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf %endif +%if 0%{?fedora} >= 16 +%{__rm} %{buildroot}%{_initrddir}/pki-tpsd +%else +%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-tpsd.target.wants +%{__rm} -rf %{buildroot}%{_unitdir} +%endif +%if 0%{?rhel} || 0%{?fedora} < 16 %post /sbin/ldconfig # This adds the proper /etc/rc*.d links for the script @@ -190,11 +203,54 @@ if [ "$1" -ge "1" ] ; then /sbin/service pki-tpsd condrestart >/dev/null 2>&1 || : fi +%else +%post +# Attempt to update ALL old "TPS" instances to "systemd" +if [ -d /etc/sysconfig/pki/tps ]; then + for inst in `ls /etc/sysconfig/pki/tps`; do + if [ ! -e "/etc/systemd/system/pki-tpsd.target.wants/pki-tpsd@${inst}.service" ]; then + ln -s "/lib/systemd/system/pki-tpsd@.service" \ + "/etc/systemd/system/pki-tpsd.target.wants/pki-tpsd@${inst}.service" + + if [ -e /var/run/${inst}.pid ]; then + kill -9 `cat /var/run/${inst}.pid` || : + rm -f /var/run/${inst}.pid + echo "pkicreate.systemd.servicename=pki-tpsd@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + /bin/systemctl restart pki-tpsd@${inst}.service || : + else + echo "pkicreate.systemd.servicename=pki-tpsd@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + fi + fi + done +fi +/bin/systemctl daemon-reload >/dev/null 2>&1 || : + +%preun +if [ $1 = 0 ] ; then + /bin/systemctl --no-reload disable pki-tpsd.target > /dev/null 2>&1 || : + /bin/systemctl stop pki-tpsd.target > /dev/null 2>&1 || : +fi + +%postun +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ "$1" -ge "1" ] ; then + /bin/systemctl try-restart pki-tpsd.target >/dev/null 2>&1 || : +fi +%endif %files %defattr(-,root,root,-) %doc base/tps/LICENSE +%if 0%{?fedora} >= 16 +%dir %{_sysconfdir}/systemd/system/pki-tpsd.target.wants +%{_unitdir}/pki-tpsd@.service +%{_unitdir}/pki-tpsd.target +%else %{_initrddir}/pki-tpsd +%endif %config(noreplace) %{_sysconfdir}/ld.so.conf.d/tps-%{_arch}.conf %{_bindir}/tpsclient %{_libdir}/httpd/modules/* @@ -221,6 +277,9 @@ fi %changelog +* Wed Aug 22 2012 Ade Lee <alee@redhat.com> 9.0.7-5 +- Added systemd scripts + * Tue Aug 7 2012 Nathan Kinder <nkinder@redhat.com> 9.0.7-4 - The API changed between httpd 2.2 and 2.4. We now need to pass the module index to ap_log_error() when calling it. The remote_ip |