230 lines
6.8 KiB
Bash
230 lines
6.8 KiB
Bash
#!/bin/sh
|
|
#
|
|
# Startup script for the Casa Authtoken Service Daemon (casa_atsd)
|
|
#
|
|
# /etc/init.d/casa_atsd
|
|
#
|
|
# description: casa_atsd is the CASA Authentication Token Service
|
|
# (ATS). CASA Client utilize this service to obtain CASA authentication
|
|
# tokens to authenticate to other services. The ATS executes as a
|
|
# tomcat webapp. casa_atsd is the tomcat process which contains
|
|
# the ATS.
|
|
#
|
|
# Note that some of the content from this file was copied from
|
|
# /etc/init.d/tomcat5 whose author was Petr Mladek.
|
|
# /etc/init.d/tomcat5 has the following copyrights:
|
|
#
|
|
# Copyright (c) 1995-2001 SuSE GmbH Nuernberg, Germany.
|
|
# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.
|
|
#
|
|
# processname: casa_atsd
|
|
# pidfile: None
|
|
# config utility: None
|
|
|
|
|
|
### BEGIN INIT INFO
|
|
# Provides: casa_atsd
|
|
# Required-Start: $local_fs $remote_fs
|
|
# X-UnitedLinux-Should-Start: $named $syslog $time
|
|
# Required-Stop: $local_fs $remote_fs $network
|
|
# X-UnitedLinux-Should-Stop: $named $syslog $time
|
|
# Default-Start: 2 3 5
|
|
# Default-Stop:
|
|
# Short-Description: Casa Authtoken Service Daemon
|
|
# Description: Start Casa Authtoken Service Daemon
|
|
### END INIT INFO
|
|
|
|
. /etc/rc.status
|
|
|
|
# Shell functions sourced from /etc/rc.status:
|
|
# rc_check check and set local and overall rc status
|
|
# rc_status check and set local and overall rc status
|
|
# rc_status -v ditto but be verbose in local rc status
|
|
# rc_status -v -r ditto and clear the local rc status
|
|
# rc_failed set local and overall rc status to failed
|
|
# rc_reset clear local rc status (overall remains)
|
|
# rc_exit exit appropriate to overall rc status
|
|
|
|
# First reset status of this service
|
|
rc_reset
|
|
|
|
DAEMON_USER=casaatsd
|
|
DAEMON_GROUP=casaauth
|
|
|
|
atsIsRunning()
|
|
{
|
|
ats_ps_log=`mktemp /var/tmp/ats-ps.log.XXXXXX`
|
|
ps aux --cols 1024 >"$ats_ps_log"
|
|
ats_is_running="false"
|
|
#if grep " -Dcatalina.base=$CATALINA_BASE.*-Dcatalina.home=$CATALINA_HOME.*org.apache.catalina.startup.Bootstrap" "$ats_ps_log" >/dev/null 2>/dev/null ; then
|
|
if grep "$DAEMON_USER" "$ats_ps_log" >/dev/null 2>/dev/null ; then
|
|
ats_is_running="true"
|
|
fi
|
|
rm -f "$ats_ps_log"
|
|
test "$ats_is_running" = "true"
|
|
}
|
|
|
|
StartDAEMON()
|
|
{
|
|
# Start the daemon
|
|
echo -n "Starting casa_atsd..."
|
|
## Start daemon with startproc(8). If this fails
|
|
## the echo return value is set appropriate.
|
|
|
|
# NOTE: startproc return 0, even if service is
|
|
# already running to match LSB spec.
|
|
if atsIsRunning ; then
|
|
rc_failed 0
|
|
else
|
|
# Try to fix permissions
|
|
chown --dereference $DAEMON_USER:$DAEMON_GROUP "$CATALINA_BASE"
|
|
for dir in "$CATALINA_BASE/conf" \
|
|
"$CATALINA_BASE/logs" \
|
|
"$CATALINA_BASE/temp" \
|
|
"$CATALINA_BASE/webapps" \
|
|
"$CATALINA_BASE/work" ; do
|
|
# the command true is used because of for example conf directory may be mounted read-only
|
|
test -d "$dir" && chown -R --dereference $DAEMON_USER:$DAEMON_GROUP "$dir" 2>/dev/null || true
|
|
done
|
|
|
|
TEST_IBM_JVM=$($JAVA_HOME/bin/java -version 2>&1 | grep -i ibm)
|
|
|
|
# Append the java.security.auth.login.conf property on the JAVA_OPTS environment
|
|
# variable if not utilizing the IBM JVM.
|
|
if [ -z "${TEST_IBM_JVM}" ]; then
|
|
export JAVA_OPTS="$JAVA_OPTS -Djava.security.auth.login.config=/etc/CASA/authtoken/svc/jaas.conf"
|
|
fi
|
|
|
|
# Make sure that the server.xml link has been made
|
|
if [ ! -f /srv/www/casaats/conf/server.xml ]; then
|
|
# The server.xml file link needs to be made. Use the appropriate
|
|
# file for the JVM version that we are using.
|
|
if [ -z "${TEST_IBM_JVM}" ]; then
|
|
# Assume Sun JVM
|
|
# Use PKCS12 version if PKCS12 store exists
|
|
if [ -f /etc/ssl/servercerts/keystore.p12 ]; then
|
|
ln -s /srv/www/casaats/conf/server-pkcs12-sun.xml /srv/www/casaats/conf/server.xml
|
|
else
|
|
ln -s /srv/www/casaats/conf/server-sun.xml /srv/www/casaats/conf/server.xml
|
|
fi
|
|
else
|
|
# IBM JVM
|
|
# Use PKCS12 version if PKCS12 store exists
|
|
if [ -f /etc/ssl/servercerts/keystore.p12 ]; then
|
|
ln -s /srv/www/casaats/conf/server-pkcs12-ibm.xml /srv/www/casaats/conf/server.xml
|
|
else
|
|
ln -s /srv/www/casaats/conf/server-ibm.xml /srv/www/casaats/conf/server.xml
|
|
fi
|
|
fi
|
|
|
|
# Make sure that our service has rights to the file
|
|
chown -h casaatsd:casaauth /srv/www/casaats/conf/server.xml
|
|
fi
|
|
|
|
# Start it up
|
|
su $DAEMON_USER -s /bin/bash -c "$CATALINA_START_CMD" >"$CATALINA_BASE/logs/start.log" 2>&1
|
|
sleep 1
|
|
if atsIsRunning ; then
|
|
rc_failed 0
|
|
|
|
# Check if we need to copy the Signing Certificate to the webapp folder
|
|
if [ ! -f /srv/www/casaats/webapps/CasaAuthTokenSvc/SigningCert ]; then
|
|
# Wait a max of 60 seconds for the webapp folder to be created
|
|
wait_sec=60
|
|
while [ "$wait_sec" != "0" ] ; do
|
|
sleep 1
|
|
if [ -d /srv/www/casaats/webapps/CasaAuthTokenSvc ]; then
|
|
# The folder was created, end the loop
|
|
wait_sec=0
|
|
break
|
|
fi
|
|
wait_sec=$((wait_sec -1))
|
|
done
|
|
|
|
# Copy the signing certificate to the webapps folder so that it can be downloaded from the ATS
|
|
cp /etc/CASA/authtoken/keys/localSigningCert /srv/www/casaats/webapps/CasaAuthTokenSvc/SigningCert
|
|
fi
|
|
else
|
|
rc_failed 7
|
|
fi
|
|
fi
|
|
rc_status -v
|
|
}
|
|
|
|
|
|
StopDAEMON()
|
|
{
|
|
# Stop the daemon
|
|
echo -n "Stopping casa_atsd..."
|
|
## Stop daemon with killproc(8) and if this fails
|
|
## set echo the echo return value.
|
|
if atsIsRunning ; then
|
|
su $DAEMON_USER -s /bin/bash -c "$CATALINA_STOP_CMD" >"$CATALINA_BASE/logs/stop.log" 2>&1
|
|
# wait 60 sec for stop at maximum
|
|
wait_sec=60
|
|
while [ "$wait_sec" != "0" ] ; do
|
|
sleep 1
|
|
if ! atsIsRunning ; then
|
|
# the server is stopped, end the loop
|
|
wait_sec=0
|
|
break
|
|
fi
|
|
wait_sec=$((wait_sec -1))
|
|
done
|
|
# check the final status
|
|
if atsIsRunning ; then
|
|
rc_failed 1
|
|
else
|
|
rc_failed 0
|
|
fi
|
|
else
|
|
rc_failed 0
|
|
fi
|
|
# Remember status and be verbose
|
|
rc_status -v
|
|
}
|
|
|
|
|
|
# Source the environments file for our daemon
|
|
. /etc/CASA/authtoken/svc/envvars
|
|
|
|
|
|
case "$1" in
|
|
start)
|
|
StartDAEMON
|
|
;;
|
|
stop)
|
|
StopDAEMON
|
|
;;
|
|
restart|reload|force-reload)
|
|
StopDAEMON
|
|
sleep 1
|
|
StartDAEMON
|
|
;;
|
|
status)
|
|
echo -n "Checking for casa_atsd"
|
|
## Check status with checkproc(8), if process is running
|
|
## checkproc will return with exit status 0.
|
|
|
|
# Status has a slightly different for the status command:
|
|
# 0 - service running
|
|
# 1 - service dead, but /var/run/ pid file exists
|
|
# 2 - service dead, but /var/lock/ lock file exists
|
|
# 3 - service not running
|
|
|
|
# NOTE: checkproc returns LSB compliant status values.
|
|
if atsIsRunning ; then
|
|
rc_failed 0
|
|
else
|
|
rc_failed 3
|
|
fi
|
|
rc_status -v
|
|
;;
|
|
*)
|
|
echo -n "Usage: $0 {start|stop|restart|reload|force-reload}"
|
|
exit 1
|
|
;;
|
|
esac
|
|
rc_exit
|
|
|