summaryrefslogtreecommitdiffstats
path: root/base/setup/scripts/pki_apache_initscript
blob: c50c812a48492d6c6186883538696192bc113e4e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
#!/bin/bash

command="$1"

# Source function library.
. /etc/init.d/functions

PKI_REGISTRY_FILE=[PKI_REGISTRY_FILE]

# Enable nullglob, if set then shell pattern globs which do not match any
# file returns the empty string rather than the unmodified glob pattern.
shopt -s nullglob

OS=`uname -s`
ARCHITECTURE=`uname -i`

# Source values associated with this particular PKI instance
if [ -f $PKI_REGISTRY_FILE ]; then
    . ${PKI_REGISTRY_FILE}
else
    echo "No PKI registry file ($PKI_REGISTRY_FILE)"
    case $command in
        status)
            exit 4
            ;;
        *)
            exit 1
            ;;
    esac
fi

prog=$PKI_INSTANCE_ID
lockfile=$PKI_LOCK_FILE
pidfile=$PKI_PID_FILE


STARTUP_WAIT=30
SHUTDOWN_WAIT=30

start()
{
    rv=0

    echo -n $"Starting ${prog}: "

    if [ -f ${lockfile} ] ; then
	if [ -f ${pidfile} ]; then
	    read kpid < ${pidfile}
	    if checkpid $kpid 2>&1; then
		echo
		echo "${PKI_INSTANCE_ID} (pid ${kpid}) is already running ..."
		echo
                return 0
	    else
		echo
		echo -n "lock file found but no process "
		echo -n "running for pid $kpid, continuing"
		echo
		echo
		rm -f ${lockfile}
	    fi
	fi
    fi

    # restore context for ncipher hsm
    [ -x /sbin/restorecon ] && [ -d /dev/nfast ] && /sbin/restorecon -R /dev/nfast
    
    /usr/sbin/selinuxenabled
    rv=$?
    if [ ${rv} = 0 ] ; then	
	if [ ${ARCHITECTURE} = "i386" ] ; then
	    LANG=${PKI_HTTPD_LANG} daemon runcon -t ${PKI_SELINUX_TYPE} -r system_r -- ${httpd} ${PKI_OPTIONS}
            rv=$?
	    # overwrite output from "daemon"
	    echo -n $"Starting ${prog}: "
	elif [ ${ARCHITECTURE} = "x86_64" ] ; then
	    # NOTE:  "daemon" is incompatible with "httpd" on 64-bit architectures
	    LANG=${PKI_HTTPD_LANG} runcon -t ${PKI_SELINUX_TYPE} -r system_r -- ${httpd} ${PKI_OPTIONS}
            rv=$?
	fi
    else
	LANG=${PKI_HTTPD_LANG} daemon ${httpd} ${PKI_OPTIONS}
        rv=$?
	# overwrite output from "daemon"
	echo -n $"Starting ${prog}: "
    fi

    if [ ${rv} = 0 ] ; then
	touch ${lockfile}
	chown ${PKI_USER}:${PKI_GROUP} ${lockfile}
	chmod 00600 ${lockfile}

	count=0;

	let swait=$STARTUP_WAIT
	until	[ -s ${pidfile} ] ||
	[ $count -gt $swait ]
	do
	    echo -n "."
	    sleep 1
	    let count=$count+1;
	done

	echo_success
        echo

	# Set permissions of log files
	for file in ${pki_logs_directory}/*; do
            if [ `basename $file` != "signedAudit" ]; then
	        chown ${PKI_USER}:${PKI_GROUP} ${file}
	        chmod 00640 ${file}
            fi
	done

        if [ -d ${pki_logs_directory}/signedAudit ]; then
	    for file in ${pki_logs_directory}/signedAudit/*; do
		chown ${PKI_USER} ${file}
		chmod 00640 ${file}
            done
        fi

    else
	echo_failure
        echo
    fi

	
    return ${rv}
}

stop()
{
    rv=0

    echo -n "Stopping ${prog}: "

    if [ -f ${lockfile} ] ; then
	${httpd} ${PKI_OPTIONS} -k stop
	rv=$?

	if [ ${rv} = 0 ]; then
	    count=0;
            
	    if [ -f ${pidfile} ]; then
		read kpid < ${pidfile}
		let kwait=$SHUTDOWN_WAIT
                
		until	[ `ps -p $kpid | grep -c $kpid` = '0' ] ||
		[ $count -gt $kwait ]
		do
		    echo -n "."
		    sleep 1
		    let count=$count+1;
		done
                
		if [ $count -gt $kwait ]; then
		    kill -9 $kpid
		fi
	    fi
            
	    rm -f ${lockfile}
	    rm -f ${pidfile}
            
	    echo_success
            echo
	else
	    echo_failure
            echo
	    rv=${default_error}
	fi
    else
	echo
	echo "process already stopped"
	rv=0
    fi
    
    return ${rv}
}

reload()
{
    rv=0
    
    echo -n $"Reloading ${prog}: "
    
    if ! LANG=${PKI_HTTPD_LANG} ${httpd} ${PKI_OPTIONS} -t >&/dev/null; then
	rv=$?
	echo $"not reloading due to configuration syntax error"
	failure $"not reloading ${httpd} due to configuration syntax error"
    else
	killproc -p ${pidfile} ${httpd} -HUP
	rv=$?
    fi
    echo

    return ${rv}
}

instance_status()
{
    status -p ${pidfile} ${prog}
    rv=$?
    return $rv
}

# See how we were called.
case $command in
    status)
        instance_status
        exit $?
        ;;
    start)
	start
	exit $?
	;;
    restart)
	restart
	exit $?
	;;
    stop)
	stop
	exit $?
	;;
    condrestart|force-restart|try-restart)
        [ ! -f ${lockfile} ] || restart
        exit $?
        ;;
    reload)
        echo "The 'reload' action is an unimplemented feature."
        exit 3
        ;;
    condrestart|force-restart|try-restart)
	[ ! -f ${lockfile} ] || restart
	exit $?
	;;
    *)
	echo "unknown action ($command)"
	exit 2
	;;
esac