Added systemd files for RA and TPS

8 files changed, 88 insertions, 12 deletions

diff --git a/base/ra/CMakeLists.txt b/base/ra/CMakeLists.txt
index 59910fe95..cc3b53e72 100644
--- a/base/ra/CMakeLists.txt
+++ b/base/ra/CMakeLists.txt
@@ -3,6 +3,19 @@ project(ra)
 add_subdirectory(doc)
 add_subdirectory(setup)
 
+# install systemd scripts
+install(
+    FILES
+        lib/systemd/system/pki-rad.target
+        lib/systemd/system/pki-rad@.service
+    DESTINATION
+        ${SYSTEMD_LIB_INSTALL_DIR}
+    PERMISSIONS
+        OWNER_EXECUTE OWNER_WRITE OWNER_READ
+        GROUP_EXECUTE GROUP_READ
+        WORLD_EXECUTE WORLD_READ
+)
+
 # install init script
 install(
     FILES
@@ -74,3 +87,10 @@ install(
         ${VAR_INSTALL_DIR}/run/pki/ra
 )
 
+install(
+    DIRECTORY
+    DESTINATION
+        ${SYSTEMD_ETC_INSTALL_DIR}/pki-rad.target.wants
+)
+
+
diff --git a/base/ra/lib/systemd/system/pki-rad.target b/base/ra/lib/systemd/system/pki-rad.target
new file mode 100644
index 000000000..e1a4f808e
--- /dev/null
+++ b/base/ra/lib/systemd/system/pki-rad.target
@@ -0,0 +1,6 @@
+[Unit]
+Description=PKI Registration Authority Server
+After=syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
diff --git a/base/ra/lib/systemd/system/pki-rad@.service b/base/ra/lib/systemd/system/pki-rad@.service
new file mode 100644
index 000000000..68beb5005
--- /dev/null
+++ b/base/ra/lib/systemd/system/pki-rad@.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=PKI Registration Authority Server %i
+After=pki-rad.target
+BindTo=pki-rad.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pkicontrol start ra %i
+ExecStop=/usr/bin/pkicontrol stop ra %i
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/base/setup/pkicreate b/base/setup/pkicreate
index 5aecd40a8..673972c44 100755
--- a/base/setup/pkicreate
+++ b/base/setup/pkicreate
@@ -2778,6 +2778,17 @@ sub process_pki_files_and_symlinks
                              "${db_password}\n",
                              $default_file_permissions, $pki_user, $pki_group);
 
+    ## Populate systemd links
+    if ($use_systemd) {
+        return 0 if !create_symlink(
+            "${pki_subsystem_systemd_wants_path}/${pki_instance_systemd_service_name}",
+            "$pki_subsystem_systemd_service_path",
+             $root_user, $root_group);
+
+        # reload systemd configuration
+        run_command("/bin/systemctl --system daemon-reload");
+    }
+
     ## Populate instances (RA, TPS instances)
     if ($subsystem_type eq $RA || $subsystem_type eq $TPS) {
         # create an empty file called "pwcache.conf" for this
@@ -2801,16 +2812,6 @@ sub process_pki_files_and_symlinks
         # to find our tomcat6 configuration file in /etc/sysconfig
         return 0 if !create_symlink($pki_instance_initscript_path, $tomcat6_initscript_path,
                                     $root_user, $root_group);
-        if ($use_systemd) {
-            return 0 if !create_symlink(
-                "${pki_subsystem_systemd_wants_path}/${pki_instance_systemd_service_name}", 
-                "$pki_subsystem_systemd_service_path",
-                 $root_user, $root_group);
-            
-            # reload systemd configuration
-            run_command("/bin/systemctl --system daemon-reload"); 
-
-        }
 
         return 0 if !create_directory($webinf_lib_instance_path,
                                       $default_dir_permissions, $pki_user, $pki_group);
diff --git a/base/setup/scripts/pki_apache_initscript b/base/setup/scripts/pki_apache_initscript
index e51231065..e29eb0c71 100755
--- a/base/setup/scripts/pki_apache_initscript
+++ b/base/setup/scripts/pki_apache_initscript
@@ -74,13 +74,13 @@ start()
     rv=$?
     if [ ${rv} = 0 ] ; then	
 	if [ ${ARCHITECTURE} = "i386" ] ; then
-	    LANG=${PKI_HTTPD_LANG} daemon runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS}
+	    LANG=${PKI_HTTPD_LANG} daemon runcon -t ${PKI_SELINUX_TYPE} -r system_r -- ${httpd} ${PKI_OPTIONS}
             rv=$?
 	    # overwrite output from "daemon"
 	    echo -n $"Starting ${prog}: "
 	elif [ ${ARCHITECTURE} = "x86_64" ] ; then
 	    # NOTE:  "daemon" is incompatible with "httpd" on 64-bit architectures
-	    LANG=${PKI_HTTPD_LANG} runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS}
+	    LANG=${PKI_HTTPD_LANG} runcon -t ${PKI_SELINUX_TYPE} -r system_r -- ${httpd} ${PKI_OPTIONS}
             rv=$?
 	fi
     else
diff --git a/base/tps/CMakeLists.txt b/base/tps/CMakeLists.txt
index 96d23fefa..10c4d8efd 100644
--- a/base/tps/CMakeLists.txt
+++ b/base/tps/CMakeLists.txt
@@ -43,6 +43,19 @@ add_subdirectory(tools)
 add_subdirectory(doc)
 add_subdirectory(setup)
 
+# install systemd scripts
+install(
+    FILES
+        lib/systemd/system/pki-tpsd.target
+        lib/systemd/system/pki-tpsd@.service
+    DESTINATION
+        ${SYSTEMD_LIB_INSTALL_DIR}
+    PERMISSIONS
+        OWNER_EXECUTE OWNER_WRITE OWNER_READ
+        GROUP_EXECUTE GROUP_READ
+        WORLD_EXECUTE WORLD_READ
+)
+
 # install init script
 install(
     FILES
@@ -206,3 +219,8 @@ install(
         ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/docroot/tps/admin/console/js
 )
 
+install(
+    DIRECTORY
+    DESTINATION
+        ${SYSTEMD_ETC_INSTALL_DIR}/pki-tpsd.target.wants
+)
diff --git a/base/tps/lib/systemd/system/pki-tpsd.target b/base/tps/lib/systemd/system/pki-tpsd.target
new file mode 100644
index 000000000..37c693b08
--- /dev/null
+++ b/base/tps/lib/systemd/system/pki-tpsd.target
@@ -0,0 +1,6 @@
+[Unit]
+Description=PKI Token Processing Server
+After=syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
diff --git a/base/tps/lib/systemd/system/pki-tpsd@.service b/base/tps/lib/systemd/system/pki-tpsd@.service
new file mode 100644
index 000000000..6a0d6a343
--- /dev/null
+++ b/base/tps/lib/systemd/system/pki-tpsd@.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=PKI Token Processing Server %i
+After=pki-tpsd.target
+BindTo=pki-tpsd.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pkicontrol start tps %i
+ExecStop=/usr/bin/pkicontrol stop tps %i
+
+[Install]
+WantedBy=multi-user.target