diff options
Diffstat (limited to 'base')
-rw-r--r-- | base/ra/CMakeLists.txt | 20 | ||||
-rw-r--r-- | base/ra/lib/systemd/system/pki-rad.target | 6 | ||||
-rw-r--r-- | base/ra/lib/systemd/system/pki-rad@.service | 13 | ||||
-rwxr-xr-x | base/setup/pkicreate | 21 | ||||
-rwxr-xr-x | base/setup/scripts/pki_apache_initscript | 4 | ||||
-rw-r--r-- | base/tps/CMakeLists.txt | 18 | ||||
-rw-r--r-- | base/tps/lib/systemd/system/pki-tpsd.target | 6 | ||||
-rw-r--r-- | base/tps/lib/systemd/system/pki-tpsd@.service | 12 |
8 files changed, 88 insertions, 12 deletions
diff --git a/base/ra/CMakeLists.txt b/base/ra/CMakeLists.txt index 59910fe95..cc3b53e72 100644 --- a/base/ra/CMakeLists.txt +++ b/base/ra/CMakeLists.txt @@ -3,6 +3,19 @@ project(ra) add_subdirectory(doc) add_subdirectory(setup) +# install systemd scripts +install( + FILES + lib/systemd/system/pki-rad.target + lib/systemd/system/pki-rad@.service + DESTINATION + ${SYSTEMD_LIB_INSTALL_DIR} + PERMISSIONS + OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ +) + # install init script install( FILES @@ -74,3 +87,10 @@ install( ${VAR_INSTALL_DIR}/run/pki/ra ) +install( + DIRECTORY + DESTINATION + ${SYSTEMD_ETC_INSTALL_DIR}/pki-rad.target.wants +) + + diff --git a/base/ra/lib/systemd/system/pki-rad.target b/base/ra/lib/systemd/system/pki-rad.target new file mode 100644 index 000000000..e1a4f808e --- /dev/null +++ b/base/ra/lib/systemd/system/pki-rad.target @@ -0,0 +1,6 @@ +[Unit] +Description=PKI Registration Authority Server +After=syslog.target network.target + +[Install] +WantedBy=multi-user.target diff --git a/base/ra/lib/systemd/system/pki-rad@.service b/base/ra/lib/systemd/system/pki-rad@.service new file mode 100644 index 000000000..68beb5005 --- /dev/null +++ b/base/ra/lib/systemd/system/pki-rad@.service @@ -0,0 +1,13 @@ +[Unit] +Description=PKI Registration Authority Server %i +After=pki-rad.target +BindTo=pki-rad.target + +[Service] +Type=forking +ExecStart=/usr/bin/pkicontrol start ra %i +ExecStop=/usr/bin/pkicontrol stop ra %i + +[Install] +WantedBy=multi-user.target + diff --git a/base/setup/pkicreate b/base/setup/pkicreate index 5aecd40a8..673972c44 100755 --- a/base/setup/pkicreate +++ b/base/setup/pkicreate @@ -2778,6 +2778,17 @@ sub process_pki_files_and_symlinks "${db_password}\n", $default_file_permissions, $pki_user, $pki_group); + ## Populate systemd links + if ($use_systemd) { + return 0 if !create_symlink( + "${pki_subsystem_systemd_wants_path}/${pki_instance_systemd_service_name}", + "$pki_subsystem_systemd_service_path", + $root_user, $root_group); + + # reload systemd configuration + run_command("/bin/systemctl --system daemon-reload"); + } + ## Populate instances (RA, TPS instances) if ($subsystem_type eq $RA || $subsystem_type eq $TPS) { # create an empty file called "pwcache.conf" for this @@ -2801,16 +2812,6 @@ sub process_pki_files_and_symlinks # to find our tomcat6 configuration file in /etc/sysconfig return 0 if !create_symlink($pki_instance_initscript_path, $tomcat6_initscript_path, $root_user, $root_group); - if ($use_systemd) { - return 0 if !create_symlink( - "${pki_subsystem_systemd_wants_path}/${pki_instance_systemd_service_name}", - "$pki_subsystem_systemd_service_path", - $root_user, $root_group); - - # reload systemd configuration - run_command("/bin/systemctl --system daemon-reload"); - - } return 0 if !create_directory($webinf_lib_instance_path, $default_dir_permissions, $pki_user, $pki_group); diff --git a/base/setup/scripts/pki_apache_initscript b/base/setup/scripts/pki_apache_initscript index e51231065..e29eb0c71 100755 --- a/base/setup/scripts/pki_apache_initscript +++ b/base/setup/scripts/pki_apache_initscript @@ -74,13 +74,13 @@ start() rv=$? if [ ${rv} = 0 ] ; then if [ ${ARCHITECTURE} = "i386" ] ; then - LANG=${PKI_HTTPD_LANG} daemon runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS} + LANG=${PKI_HTTPD_LANG} daemon runcon -t ${PKI_SELINUX_TYPE} -r system_r -- ${httpd} ${PKI_OPTIONS} rv=$? # overwrite output from "daemon" echo -n $"Starting ${prog}: " elif [ ${ARCHITECTURE} = "x86_64" ] ; then # NOTE: "daemon" is incompatible with "httpd" on 64-bit architectures - LANG=${PKI_HTTPD_LANG} runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS} + LANG=${PKI_HTTPD_LANG} runcon -t ${PKI_SELINUX_TYPE} -r system_r -- ${httpd} ${PKI_OPTIONS} rv=$? fi else diff --git a/base/tps/CMakeLists.txt b/base/tps/CMakeLists.txt index 96d23fefa..10c4d8efd 100644 --- a/base/tps/CMakeLists.txt +++ b/base/tps/CMakeLists.txt @@ -43,6 +43,19 @@ add_subdirectory(tools) add_subdirectory(doc) add_subdirectory(setup) +# install systemd scripts +install( + FILES + lib/systemd/system/pki-tpsd.target + lib/systemd/system/pki-tpsd@.service + DESTINATION + ${SYSTEMD_LIB_INSTALL_DIR} + PERMISSIONS + OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ +) + # install init script install( FILES @@ -206,3 +219,8 @@ install( ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/docroot/tps/admin/console/js ) +install( + DIRECTORY + DESTINATION + ${SYSTEMD_ETC_INSTALL_DIR}/pki-tpsd.target.wants +) diff --git a/base/tps/lib/systemd/system/pki-tpsd.target b/base/tps/lib/systemd/system/pki-tpsd.target new file mode 100644 index 000000000..37c693b08 --- /dev/null +++ b/base/tps/lib/systemd/system/pki-tpsd.target @@ -0,0 +1,6 @@ +[Unit] +Description=PKI Token Processing Server +After=syslog.target network.target + +[Install] +WantedBy=multi-user.target diff --git a/base/tps/lib/systemd/system/pki-tpsd@.service b/base/tps/lib/systemd/system/pki-tpsd@.service new file mode 100644 index 000000000..6a0d6a343 --- /dev/null +++ b/base/tps/lib/systemd/system/pki-tpsd@.service @@ -0,0 +1,12 @@ +[Unit] +Description=PKI Token Processing Server %i +After=pki-tpsd.target +BindTo=pki-tpsd.target + +[Service] +Type=forking +ExecStart=/usr/bin/pkicontrol start tps %i +ExecStop=/usr/bin/pkicontrol stop tps %i + +[Install] +WantedBy=multi-user.target |