From 360f0d40a50f25ee912149cbd85e1adeaa252c03 Mon Sep 17 00:00:00 2001 From: Thierry Parmentelat Date: Thu, 21 Nov 2024 15:10:42 +0100 Subject: [PATCH] reformatted plc.d/httpd --- plc.d/httpd | 428 ++++++++++++++++++++++++++-------------------------- 1 file changed, 214 insertions(+), 214 deletions(-) diff --git a/plc.d/httpd b/plc.d/httpd index 4002309..17ddf67 100755 --- a/plc.d/httpd +++ b/plc.d/httpd @@ -25,71 +25,71 @@ php_fpm_conf=/etc/php-fpm.d/plc.conf php_fpm_dir=$(dirname $php_fpm_conf) function disable_file () { - file=$1; shift + local file=$1; shift [ -f $file ] && mv -f $file $file.disabled } function enable_file () { - file=$1; shift + local file=$1; shift [ ! -f $file ] && mv -f $file.disabled $file } case "$1" in start) - if [ "$PLC_API_ENABLED" != "1" -a \ - "$PLC_BOOT_ENABLED" != "1" -a \ - "$PLC_WWW_ENABLED" != "1" ] ; then - exit 0 - fi - - MESSAGE=$"Starting web server" - dialog "$MESSAGE" - - # set document root - not really useful on fedora but just in case - sed -i -e "s@^DocumentRoot.*@DocumentRoot \"$DocumentRoot\"@" $httpd_conf - # whether WWW is enabled or not : - if [ "$PLC_WWW_ENABLED" != "1" ] ; then - # avoid hitting drupal, that would try to connect to the db and create noise - disable_file $DocumentRoot/index.php - else - enable_file $DocumentRoot/index.php - fi - - # Set the default include path - include_path=".:$DocumentRoot/planetlab/includes:$DocumentRoot/plekit/php:$DocumentRoot/generated:/etc/planetlab/php:/usr/share/plc_api/php" - sed -i -e "s@[;]*include_path = \"\.:.*\"@include_path = \"$include_path\"@" $php_ini - - # Set open_basedir so as to avoid leaks - open_basedir="$DocumentRoot:/etc/planetlab/php:/usr/share/plc_api/php:/var/log/myslice:/var/tmp/bootmedium:/var/log/bm:/tmp" - sed -i -e "s@[;]*open_basedir =.*@open_basedir = \"$open_basedir\"@" $php_ini - - # for php-5.3 under fedora12, otherwise issues tons of warning messages - # Set timezone in php.ini if not already there - if grep '^;date.timezone' $php_ini >& /dev/null; then - dialog 'Setting PHP timezone to GMT' - sed -i -e 's,^;date.timezone.*,date.timezone = GMT,' $php_ini - fi - - if grep '^short_open_tag = Off' $php_ini >& /dev/null; then - sed -i -e 's,^short_open_tag = Off,short_open_tag = On,' $php_ini - fi - - ## patch php.ini - # memory limit - sed -i -e 's,^memory_limit = 32M *;,memory_limit = 80M ; patch myplc -- ,' $php_ini - # log_errors : is On by default - # error_log - if ! grep '^error_log *=' $php_ini > /dev/null ; then - sed -i -e '/^;error_log = syslog/a error_log = /var/log/php.log' $php_ini - sed -i -e 's/display_errors =.*/display_errors = On/' $php_ini - sed -i -e 's/display_startup_errors =.*/display_startup_errors = On/' $php_ini - # create the log file and make it writable by apache - touch /var/log/php.log - chmod 666 /var/log/php.log - fi - - # configure php-fpm as well if present (starting with f27) - if [ -d $php_fpm_dir ] ; then - cat > $php_fpm_conf << EOF + if [ "$PLC_API_ENABLED" != "1" -a \ + "$PLC_BOOT_ENABLED" != "1" -a \ + "$PLC_WWW_ENABLED" != "1" ] ; then + exit 0 + fi + + MESSAGE=$"Starting web server" + dialog "$MESSAGE" + + # set document root - not really useful on fedora but just in case + sed -i -e "s@^DocumentRoot.*@DocumentRoot \"$DocumentRoot\"@" $httpd_conf + # whether WWW is enabled or not : + if [ "$PLC_WWW_ENABLED" != "1" ] ; then + # avoid hitting drupal, that would try to connect to the db and create noise + disable_file $DocumentRoot/index.php + else + enable_file $DocumentRoot/index.php + fi + + # Set the default include path + include_path=".:$DocumentRoot/planetlab/includes:$DocumentRoot/plekit/php:$DocumentRoot/generated:/etc/planetlab/php:/usr/share/plc_api/php" + sed -i -e "s@[;]*include_path = \"\.:.*\"@include_path = \"$include_path\"@" $php_ini + + # Set open_basedir so as to avoid leaks + open_basedir="$DocumentRoot:/etc/planetlab/php:/usr/share/plc_api/php:/var/log/myslice:/var/tmp/bootmedium:/var/log/bm:/tmp" + sed -i -e "s@[;]*open_basedir =.*@open_basedir = \"$open_basedir\"@" $php_ini + + # for php-5.3 under fedora12, otherwise issues tons of warning messages + # Set timezone in php.ini if not already there + if grep '^;date.timezone' $php_ini >& /dev/null; then + dialog 'Setting PHP timezone to GMT' + sed -i -e 's,^;date.timezone.*,date.timezone = GMT,' $php_ini + fi + + if grep '^short_open_tag = Off' $php_ini >& /dev/null; then + sed -i -e 's,^short_open_tag = Off,short_open_tag = On,' $php_ini + fi + + ## patch php.ini + # memory limit + sed -i -e 's,^memory_limit = 32M *;,memory_limit = 80M ; patch myplc -- ,' $php_ini + # log_errors : is On by default + # error_log + if ! grep '^error_log *=' $php_ini > /dev/null ; then + sed -i -e '/^;error_log = syslog/a error_log = /var/log/php.log' $php_ini + sed -i -e 's/display_errors =.*/display_errors = On/' $php_ini + sed -i -e 's/display_startup_errors =.*/display_startup_errors = On/' $php_ini + # create the log file and make it writable by apache + touch /var/log/php.log + chmod 666 /var/log/php.log + fi + + # configure php-fpm as well if present (starting with f27) + if [ -d $php_fpm_dir ] ; then + cat > $php_fpm_conf << EOF [www] php_value[include_path] = $include_path php_value[open_basedir] = $open_basedir @@ -97,65 +97,65 @@ php_value[date.timezone] = GMT php_value[short_open_tag] = On php_value[memory_limit] = 80M EOF - # this is needed because otherwise, the first time - # we do this configuration, the service is already up - # and the config is usable only the second time - systemctl restart php-fpm - fi - - # Disable default Listen directive - sed -i -e '/^Listen/d' $httpd_conf - - plc_api_path_noslash=$(echo $PLC_API_PATH | sed -e s,/,,g) - # Set the port numbers - for server in WWW API BOOT ; do - enabled=PLC_${server}_ENABLED - if [ "${!enabled}" != "1" ] ; then - continue - fi - hostname=PLC_${server}_HOST - http_port=PLC_${server}_PORT - https_port=PLC_${server}_SSL_PORT - - # API should always be accessed via SSL - if [ "$server" = "API" ] ; then - https_port=${!http_port} - http_port= - fi - - # Check if we are already listening on these ports - skip_http=0 - skip_https=0 - for previous_server in WWW API BOOT ; do - if [ "$server" = "$previous_server" ] ; then - break - fi - previous_enabled=PLC_${previous_server}_ENABLED - if [ "${!previous_enabled}" != "1" ] ; then - continue + # this is needed because otherwise, the first time + # we do this configuration, the service is already up + # and the config is usable only the second time + systemctl restart php-fpm fi - previous_http_port=PLC_${previous_server}_PORT - previous_https_port=PLC_${previous_server}_SSL_PORT - - if [ -z "${http_port}" ]; then - skip_http=1; - elif [ -z "${!http_port}" ]; then - skip_http=1; - elif [ "${!http_port}" = "${!previous_http_port}" ] ; then - skip_http=1 - fi - if [ -z "${https_port}" ]; then - skip_https=1 - elif [ -z "${!https_port}" ]; then - skip_https=1 - elif [ "${!https_port}" = "${!previous_https_port}" ] ; then - skip_https=1 - fi - done - # HTTP configuration - if [ $skip_http -eq 0 ] ; then - cat < # Make sure that the admin web pages are always accessed via SSL @@ -167,42 +167,42 @@ Listen ${!http_port} EOF - fi - - # HTTPS configuration - if [ $skip_https -eq 0 ] ; then - # XXX Cannot support NameVirtualHost over SSL. If - # the API, boot, and web servers are all running - # on the same machine, the web server certificate - # takes precedence. - sed -i \ - -e "s/^Listen .*/Listen ${!https_port}/" \ - -e "s///" \ - $ssl_conf - # this is used to locate the right certificates - server_lower=$(echo $server | tr 'A-Z' 'a-z') - - # which one is used is currently configured in myplc.spec, - # with mod_python preferred - if rpm -q mod_python >& /dev/null ; then - configure_for_mod_python=true - elif rpm -q mod_wsgi >& /dev/null \ - || rpm -q python2-mod_wsgi >& /dev/null \ - || rpm -q python3-mod_wsgi >& /dev/null ; then - configure_for_mod_wsgi=true - else - echo "Requires mod_python or mod_wsgi.... exiting" - exit 1 - fi - - # It would be tempting to use here - # but early tests showed this could be tricky/fragile - # So let's hard-wire it for one module - # A lot of trial-and -error was involved in getting this that way... - - if [ -n "$configure_for_mod_python" ] ; then -#################### for mod_python - cat <//" \ + $ssl_conf + # this is used to locate the right certificates + server_lower=$(echo $server | tr 'A-Z' 'a-z') + + # which one is used is currently configured in myplc.spec, + # with mod_python preferred + if rpm -q mod_python >& /dev/null ; then + configure_for_mod_python=true + elif rpm -q mod_wsgi >& /dev/null \ + || rpm -q python2-mod_wsgi >& /dev/null \ + || rpm -q python3-mod_wsgi >& /dev/null ; then + configure_for_mod_wsgi=true + else + echo "Requires mod_python or mod_wsgi.... exiting" + exit 1 + fi + + # It would be tempting to use here + # but early tests showed this could be tricky/fragile + # So let's hard-wire it for one module + # A lot of trial-and -error was involved in getting this that way... + + if [ -n "$configure_for_mod_python" ] ; then + #################### for mod_python + cat < SetHandler mod_python @@ -211,9 +211,9 @@ EOF EOF - elif [ -n "$configure_for_mod_wsgi" ] ; then -#################### for mod_wsgi - cat < EOF - fi - fi - done >$plc_conf - - # Set custom Apache directives - ( - # could be restricted to boot boxes but harmless.. - cat <$plc_conf + + # Set custom Apache directives + ( + # could be restricted to boot boxes but harmless.. + cat < $(apache_forbid) EOF - fi + fi - # redirect www requests if not on the right server - if [ "$PLC_WWW_ENABLED" != "1" ] ; then - cat <>$plc_conf - - # Make alpina-logs directory writable for bootmanager log upload - chown apache:apache $DocumentRoot/alpina-logs/nodes - - # Make the Drupal files upload directory owned by Apache - mkdir -p $DocumentRoot/files - chown apache:apache $DocumentRoot/files - - # Symlink any (real) files or directories in - # /data/var/www/html/* to /var/www/html/. We could descend - # into subdirectories, but the code to do so properly would be - # madness. - for file in /data/$DocumentRoot/* ; do - if [ -e "$file" -a ! -h "$file" ] ; then - base=$(basename "$file") - if [ ! -e "$DocumentRoot/$base" ] ; then - ln -nsf "$file" "$DocumentRoot/$base" - fi - fi - done - - # Cleanup broken symlinks - for file in $DocumentRoot/* ; do - if [ -h "$file" -a ! -e "$file" ] ; then - rm -f "$file" - fi - done - - # Old style PHP constants - mkdir -p /etc/planetlab/php - cat >/etc/planetlab/php/site_constants.php <<"EOF" + fi + ) >>$plc_conf + + # Make alpina-logs directory writable for bootmanager log upload + chown apache:apache $DocumentRoot/alpina-logs/nodes + + # Make the Drupal files upload directory owned by Apache + mkdir -p $DocumentRoot/files + chown apache:apache $DocumentRoot/files + + # Symlink any (real) files or directories in + # /data/var/www/html/* to /var/www/html/. We could descend + # into subdirectories, but the code to do so properly would be + # madness. + for file in /data/$DocumentRoot/* ; do + if [ -e "$file" -a ! -h "$file" ] ; then + base=$(basename "$file") + if [ ! -e "$DocumentRoot/$base" ] ; then + ln -nsf "$file" "$DocumentRoot/$base" + fi + fi + done + + # Cleanup broken symlinks + for file in $DocumentRoot/* ; do + if [ -h "$file" -a ! -e "$file" ] ; then + rm -f "$file" + fi + done + + # Old style PHP constants + mkdir -p /etc/planetlab/php + cat >/etc/planetlab/php/site_constants.php <<"EOF" EOF - ## make room for logs - touch /var/log/plcapi.log - chmod 666 /var/log/plcapi.log + ## make room for logs + touch /var/log/plcapi.log + chmod 666 /var/log/plcapi.log - plc_daemon httpd - check + plc_daemon httpd + check - result "$MESSAGE" - ;; + result "$MESSAGE" + ;; stop) - MESSAGE=$"Stopping web server" - dialog "$MESSAGE" + MESSAGE=$"Stopping web server" + dialog "$MESSAGE" - pkill -f plc_httpd - check + pkill -f plc_httpd + check - result "$MESSAGE" - ;; + result "$MESSAGE" + ;; esac exit $ERRORS -- 2.47.0