From d0f2e4efbd3eb0f1d7f5a28e7f97c1fb4ec027bb Mon Sep 17 00:00:00 2001 From: PKI Team Date: Tue, 18 Mar 2008 22:36:57 +0000 Subject: Initial open source version based upon proprietary Red Hat Certificate System (RHCS) 7.3. git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- pki/base/tps/etc/init.d/httpd | 433 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 433 insertions(+) create mode 100755 pki/base/tps/etc/init.d/httpd (limited to 'pki/base/tps/etc/init.d/httpd') diff --git a/pki/base/tps/etc/init.d/httpd b/pki/base/tps/etc/init.d/httpd new file mode 100755 index 000000000..4ccad2205 --- /dev/null +++ b/pki/base/tps/etc/init.d/httpd @@ -0,0 +1,433 @@ +#!/bin/bash +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# [INSTANCE_ID] Startup script for the Apache HTTP Server +# +# chkconfig: - 85 15 +# description: Apache is a World Wide Web server. It is used to serve \ +# HTML files and CGI. +# processname: httpd +# config: [HTTPD_CONF] +# pidfile: [SERVER_ROOT]/logs/[INSTANCE_ID].pid + +# Check to insure that this script's original invocation directory +# has not been deleted! +CWD=`/bin/pwd > /dev/null 2>&1` +if [ $? -ne 0 ] ; then + echo "Cannot invoke '$0' from non-existent directory!" + exit 255 +fi + +# Check to insure that at least one PKI subsystem +# currently resides on this system. +if [ ! -x /usr/bin/pkiarch ] || + [ ! -x /usr/bin/pkiflavor ] || + [ ! -x /usr/bin/pkiname ]; then + echo "This machine is missing all PKI subsystems!" + exit 255 +fi + +# Check to insure that this script's associated PKI +# subsystem currently resides on this system. +SUBSYSTEM_TYPE=[SUBSYSTEM_TYPE] +if [ ! -d /usr/share/`pkiflavor`/${SUBSYSTEM_TYPE} ] ; then + echo "This machine is missing the '${SUBSYSTEM_TYPE}' subsystem!" + exit 255 +fi + +# Obtain the operating system upon which this script is being executed +OS=`pkiname` +ARCHITECTURE=`pkiarch` + +# Time to wait in seconds, before killing process +# +# NOTE: Defined in "tomcat5.conf" for other PKI Subsystems. +# +STARTUP_WAIT=30 +SHUTDOWN_WAIT=30 + +# This script must be run as root! +RV=0 +if [ ${OS} = "Linux" ] ; then + if [ `id -u` -ne 0 ] ; then + echo "Must be 'root' to execute '$0'!" + exit 1 + fi +elif [ ${OS} = "SunOS" ] ; then + if [ `/usr/xpg4/bin/id -u` -ne 0 ] ; then + echo "Must be 'root' to execute '$0'!" + exit 1 + fi +else + echo "Unsupported OS '${OS}'!" + exit 1 +fi + +# Initialize environment variables +LD_LIBRARY_PATH=[SYSTEM_USER_LIBRARIES]:[SYSTEM_LIBRARIES]:${LD_LIBRARY_PATH} +LD_LIBRARY_PATH=[SECURITY_LIBRARIES]:${LD_LIBRARY_PATH} +export LD_LIBRARY_PATH + +# Source function library. +if [ -x /etc/init.d/functions ]; then + . /etc/init.d/functions +else + # The checkpid() function is provided for platforms that do not + # contain the "/etc/init.d/functions" file (e. g. - Solaris) . . . + + # Check if $pid (could be plural) are running (keep count) + checkpid() + { + rv=0 + for i in $* ; do + ps -p $i > /dev/null 2>&1 ; + if [ $? -ne 0 ] ; then + rv=`expr $rv + 1` + else + rv=`expr $rv + 0` + fi + done + # echo "rv=$rv" + return $rv + } + + # Create the following directories on platforms + # where they do not exist (e. g. - Solaris) . . . + if [ ! -d /var/lock/subsys ] ; then + mkdir -p /var/lock/subsys + fi +fi + +######################################################################## +# This section contains modified content of "/etc/sysconfig/httpd" # +######################################################################## +# Configuration file for the [INSTANCE_ID] service. + +# +# The default processing model (MPM) is the process-based +# 'prefork' model. A thread-based model, 'worker', is also +# available, but does not work with some modules (such as PHP). +# The service must be stopped before changing this variable. +# +HTTPD=[FORTITUDE_DIR]/sbin/httpd.worker + +# +# To pass additional options (for instance, -D definitions) to the +# httpd binary at startup, set OPTIONS here. +# +OPTIONS="-f [HTTPD_CONF]" + +# +# By default, the httpd process is started in the C locale; to +# change the locale in which the server runs, the HTTPD_LANG +# variable can be set. +# +HTTPD_LANG=C +######################################################################## +# # +######################################################################## + +# This will prevent initlog from swallowing up a pass-phrase prompt if +# mod_ssl needs a pass-phrase from the user. +INITLOG_ARGS="" + +# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server +# with the thread-based "worker" MPM; BE WARNED that some modules may not +# work correctly with a thread-based MPM; notably PHP will refuse to start. + +# Path to the server binary and short-form for messages. +httpd=${HTTPD:-[FORTITUDE_DIR]/sbin/httpd} +prog=[INSTANCE_ID] +pidfile=${PIDFILE:-[SERVER_ROOT]/logs/[INSTANCE_ID].pid} +lockfile=${LOCKFILE:-/var/lock/subsys/[INSTANCE_ID]} +RETVAL=0 + +# see if httpd is linked with the openldap libraries - we need to override them +if [ ${OS} = "Linux" ]; then + hasopenldap=0 + + /usr/bin/ldd $httpd 2>&1 | grep libldap- > /dev/null 2>&1 && hasopenldap=1 + + if [ $hasopenldap -eq 1 ] ; then + LD_PRELOAD="[SYSTEM_USER_LIBRARIES]/libldap60.so" + LD_PRELOAD="[SYSTEM_USER_LIBRARIES]/libssl3.so:${LD_PRELOAD}" + export LD_PRELOAD + fi +elif [ ${OS} = "SunOS" ] ; then + LD_PRELOAD_64="[SYSTEM_USER_LIBRARIES]/libldap60.so" + LD_PRELOAD_64="[SYSTEM_USER_LIBRARIES]/libssl3.so:${LD_PRELOAD_64}" + export LD_PRELOAD_64 +fi + +get_pki_secure_port() +{ + # establish well-known strings + listen_statement="Listen" + + # first check to see that an instance-specific "nss.conf" file exists + if [ ! -f [NSS_CONF] ] ; then + echo "File '[NSS_CONF]' does not exist!" + exit 255 + fi + + # read this instance-specific "nss.conf" file line-by-line + # to obtain the current value of the PKI secure port + exec < [NSS_CONF] + while read line; do + # look for the listen statement + head=`echo $line | cut -b1-6` + if [ "$head" == "$listen_statement" ] ; then + # once the listen statement has been found, + # extract the numeric port information + port=`echo $line | cut -d: -f2` + SECURE_PORT=$port + return 0 + fi + done + + return 255 +} + +# The semantics of these two functions differ from the way apachectl does +# things -- attempting to start while running is a failure, and shutdown +# when not running is also a failure. So we just do it the way init scripts +# are expected to behave here. +start() { + echo -n $"Starting $prog: " + + if [ -f ${lockfile} ] ; then + if [ -f ${pidfile} ]; then + read kpid < ${pidfile} + if checkpid $kpid 2>&1; then + echo + echo "process already running" + return -1 + else + echo + echo -n "lock file found but no process " + echo -n "running for pid $kpid, continuing" + echo + echo + fi + fi + fi + + if [ -x /etc/init.d/functions ]; then + /usr/sbin/selinuxenabled + RETVAL=$? + if [ $RETVAL = 0 ] ; then + # start Apache in unconfined mode in SELinux-enabled RHEL4 + if [ ${ARCHITECTURE} = "i386" ] ; then + LANG=$HTTPD_LANG daemon runcon -t unconfined_t -- $httpd $OPTIONS + # overwrite output from "daemon" + echo -n $"Starting $prog: " + elif [ ${ARCHITECTURE} = "x86_64" ] ; then + # NOTE: "daemon" is incompatible with "httpd" + # on 64-bit architectures + LANG=$HTTPD_LANG runcon -t unconfined_t -- $httpd $OPTIONS + fi + else + LANG=$HTTPD_LANG daemon $httpd $OPTIONS + # overwrite output from "daemon" + echo -n $"Starting $prog: " + fi + else + LANG=$HTTPD_LANG $httpd $OPTIONS -k start + fi + + RETVAL=$? + [ $RETVAL = 0 ] && touch ${lockfile} + + if [ $RETVAL = 0 ] ; then + count=0; + + let swait=$STARTUP_WAIT + until [ ! -s ${pidfile} ] || + [ $count -gt $swait ] + do + sleep 1 + let count=$count+1; + done + + if [ -x /etc/init.d/functions ]; then + echo_success > /etc/rhgb/temp/rhgb-console + cat /etc/rhgb/temp/rhgb-console + echo + else + echo " [ OK ]" + fi + + get_pki_secure_port + if [ $? -ne 0 ] ; then + SECURE_PORT="" + fi + + echo + echo -n "PKI service(s) are available at " + echo -n "https://[SERVER_NAME]:$SECURE_PORT" + echo + echo + else + if [ -x /etc/init.d/functions ]; then + echo_failure > /etc/rhgb/temp/rhgb-console + cat /etc/rhgb/temp/rhgb-console + echo + else + echo " [ FAILED ]" + fi + fi + + if [ ${OS} = "Linux" ] ; then + sleep 5 + elif [ ${OS} = "SunOS" ] ; then + sleep 20 + fi + return $RETVAL +} + +stop() { + echo -n "Stopping $prog: " + + if [ -f ${lockfile} ] ; then + $httpd $OPTIONS -k stop + + RETVAL=$? + + if [ $RETVAL = 0 ]; then + count=0; + + if [ -f ${pidfile} ]; then + read kpid < ${pidfile} + let kwait=$SHUTDOWN_WAIT + + until [ `ps -p $kpid | grep -c $kpid` = '0' ] || + [ $count -gt $kwait ] + do + sleep 1 + let count=$count+1; + done + + if [ $count -gt $kwait ]; then + kill -9 $kpid + fi + fi + + rm -f ${lockfile} + rm -f ${pidfile} + + if [ -x /etc/init.d/functions ]; then + echo_success > /etc/rhgb/temp/rhgb-console + cat /etc/rhgb/temp/rhgb-console + echo + else + echo " [ OK ]" + fi + else + if [ -x /etc/init.d/functions ]; then + echo_failure > /etc/rhgb/temp/rhgb-console + cat /etc/rhgb/temp/rhgb-console + echo + else + echo " [ FAILED ]" + fi + fi + else + echo + echo "process already stopped" + fi +} + +reload() { + echo -n $"Reloading $prog: " + + if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then + RETVAL=$? + echo $"not reloading due to configuration syntax error" + if [ -x /etc/init.d/functions ]; then + failure $"not reloading $httpd due to configuration syntax error" + else + echo $"not reloading $httpd due to configuration syntax error" + fi + else + if [ -x /etc/init.d/functions ]; then + killproc $httpd -HUP + # overwrite output from "killproc" + echo -n $"Stopping $prog: " + else + if [ -f ${lockfile} ] ; then + if [ -f ${pidfile} ]; then + read kpid < ${pidfile} + if checkpid $kpid 2>&1; then + kill -HUP $kpid + fi + else + echo + echo -n "lock file found but no process " + echo -n "running for pid $kpid, continuing" + echo + echo + fi + fi + fi + fi + echo +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + status $httpd + RETVAL=$? + ;; + restart) + stop + sleep 2 + start + ;; + condrestart) + if [ -f ${pidfile} ] ; then + stop + sleep 2 + start + else + echo -n "Unable to restart process since " + echo -n "'${pidfile}' does not exist!" + echo + fi + ;; + reload) + reload + ;; + *) + echo $"Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}" + exit 1 +esac + +exit $RETVAL + -- cgit