From 98188608826b2833970a681ce8fe0090606b981a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jordan=20Aug=C3=A9?= Date: Wed, 3 Oct 2012 07:51:37 +0200 Subject: [PATCH] added files to run smoothly on debian --- debian/changelog | 5 + debian/compat | 1 + debian/control | 13 + debian/python-sfa.postinst | 2 + debian/rules | 5 + debian/sfa.debhelper.log | 35 ++ init.d/functions | 830 +++++++++++++++++++++++++++++++++++++ init.d/sfa | 33 +- init.d/sfa.old | 317 ++++++++++++++ setup.py | 2 +- 10 files changed, 1237 insertions(+), 6 deletions(-) create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/python-sfa.postinst create mode 100755 debian/rules create mode 100644 debian/sfa.debhelper.log create mode 100644 init.d/functions create mode 100755 init.d/sfa.old diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 00000000..5e538ac1 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +sfa (0.2.0) UNRELEASED; urgency=low + + * Initial release. (Closes: #XXXXXX) + + -- Jordan Augé Tue, 12 Jun 2012 17:22:18 +0300 diff --git a/debian/compat b/debian/compat new file mode 100644 index 00000000..ec635144 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 00000000..d6b7182d --- /dev/null +++ b/debian/control @@ -0,0 +1,13 @@ +Source: sfa +Section: misc +Priority: optional +Maintainer: Jordan Augé +Build-Depends: debhelper (>=7.0.50~), debconf, dpatch +Homepage: http://www.joomla.org +Standards-Version: 3.9.3.1 + +Package: sfa +Architecture: all +Depends: python-openssl, python-m2crypto, python-dateutil +Description: SFA + SFA diff --git a/debian/python-sfa.postinst b/debian/python-sfa.postinst new file mode 100644 index 00000000..16bcf7a8 --- /dev/null +++ b/debian/python-sfa.postinst @@ -0,0 +1,2 @@ +#!/bin/bash +cp diff --git a/debian/rules b/debian/rules new file mode 100755 index 00000000..b8796e6e --- /dev/null +++ b/debian/rules @@ -0,0 +1,5 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +%: + dh $@ diff --git a/debian/sfa.debhelper.log b/debian/sfa.debhelper.log new file mode 100644 index 00000000..b0a5c5d5 --- /dev/null +++ b/debian/sfa.debhelper.log @@ -0,0 +1,35 @@ +dh_auto_configure +dh_auto_build +dh_auto_test +dh_prep +dh_installdirs +dh_auto_install +dh_install +dh_installdocs +dh_installchangelogs +dh_installexamples +dh_installman +dh_installcatalogs +dh_installcron +dh_installdebconf +dh_installemacsen +dh_installifupdown +dh_installinfo +dh_installinit +dh_installmenu +dh_installmime +dh_installmodules +dh_installlogcheck +dh_installlogrotate +dh_installpam +dh_installppp +dh_installudev +dh_installwm +dh_installxfonts +dh_installgsettings +dh_bugfiles +dh_ucf +dh_lintian +dh_gconf +dh_icons +dh_perl diff --git a/init.d/functions b/init.d/functions new file mode 100644 index 00000000..f97c4ae1 --- /dev/null +++ b/init.d/functions @@ -0,0 +1,830 @@ +# -*-Shell-script-*- +# +# functions This file contains functions to be used by most or all +# shell scripts in the /etc/init.d directory. +# + +TEXTDOMAIN=initscripts + +# Make sure umask is sane +umask 022 + +# Set up a default search path. +PATH="/sbin:/usr/sbin:/bin:/usr/bin" +export PATH + +if [ $PPID -ne 1 -a -z "$SYSTEMCTL_SKIP_REDIRECT" ] && \ + ( /bin/mountpoint -q /cgroup/systemd || /bin/mountpoint -q /sys/fs/cgroup/systemd ) ; then + case "$0" in + /etc/init.d/*|/etc/rc.d/init.d/*) + _use_systemctl=1 + ;; + esac +fi + +systemctl_redirect () { + local s + local prog=${1##*/} + local command=$2 + + case "$command" in + start) + s=$"Starting $prog (via systemctl): " + ;; + stop) + s=$"Stopping $prog (via systemctl): " + ;; + reload|try-reload) + s=$"Reloading $prog configuration (via systemctl): " + ;; + restart|try-restart|condrestart) + s=$"Restarting $prog (via systemctl): " + ;; + esac + + action "$s" /bin/systemctl $command "$prog.service" +} + +# Get a sane screen width +[ -z "${COLUMNS:-}" ] && COLUMNS=80 + +#if [ -z "${CONSOLETYPE:-}" ]; then +# if [ -r "/dev/stderr" ]; then +# CONSOLETYPE="$(/sbin/consoletype < /dev/stderr)" +# else +# CONSOLETYPE="$(/sbin/consoletype)" +# fi +#fi + +if [ -z "${NOLOCALE:-}" ] && [ -z "${LANGSH_SOURCED:-}" ] && [ -f /etc/sysconfig/i18n ] ; then + . /etc/profile.d/lang.sh 2>/dev/null + # avoid propagating LANGSH_SOURCED any further + unset LANGSH_SOURCED +fi + +# Read in our configuration +if [ -z "${BOOTUP:-}" ]; then + if [ -f /etc/sysconfig/init ]; then + . /etc/sysconfig/init + else + # This all seem confusing? Look in /etc/sysconfig/init, + # or in /usr/doc/initscripts-*/sysconfig.txt + BOOTUP=color + RES_COL=60 + MOVE_TO_COL="echo -en \\033[${RES_COL}G" + SETCOLOR_SUCCESS="echo -en \\033[1;32m" + SETCOLOR_FAILURE="echo -en \\033[1;31m" + SETCOLOR_WARNING="echo -en \\033[1;33m" + SETCOLOR_NORMAL="echo -en \\033[0;39m" + LOGLEVEL=1 + fi + if [ "$CONSOLETYPE" = "serial" ]; then + BOOTUP=serial + MOVE_TO_COL= + SETCOLOR_SUCCESS= + SETCOLOR_FAILURE= + SETCOLOR_WARNING= + SETCOLOR_NORMAL= + fi +fi + +# Interpret escape sequences in an fstab entry +fstab_decode_str() { + fstab-decode echo "$1" +} + +# Check if any of $pid (could be plural) are running +checkpid() { + local i + + for i in $* ; do + [ -d "/proc/$i" ] && return 0 + done + return 1 +} + +__readlink() { + ls -bl "$@" 2>/dev/null| awk '{ print $NF }' +} + +__fgrep() { + s=$1 + f=$2 + while read line; do + if strstr "$line" "$s"; then + echo $line + return 0 + fi + done < $f + return 1 +} + +# __umount_loop awk_program fstab_file first_msg retry_msg umount_args +# awk_program should process fstab_file and return a list of fstab-encoded +# paths; it doesn't have to handle comments in fstab_file. +__umount_loop() { + local remaining sig= + local retry=3 count + + remaining=$(LC_ALL=C awk "/^#/ {next} $1" "$2" | sort -r) + while [ -n "$remaining" -a "$retry" -gt 0 ]; do + if [ "$retry" -eq 3 ]; then + action "$3" fstab-decode umount $5 $remaining + else + action "$4" fstab-decode umount $5 $remaining + fi + count=4 + remaining=$(LC_ALL=C awk "/^#/ {next} $1" "$2" | sort -r) + while [ "$count" -gt 0 ]; do + [ -z "$remaining" ] && break + count=$(($count-1)) + # jordan # usleep 500000 + sleep 0.5 + remaining=$(LC_ALL=C awk "/^#/ {next} $1" "$2" | sort -r) + done + [ -z "$remaining" ] && break + fstab-decode /sbin/fuser -k -m $sig $remaining >/dev/null + sleep 3 + retry=$(($retry -1)) + sig=-9 + done +} + +# Similar to __umount loop above, specialized for loopback devices +__umount_loopback_loop() { + local remaining devremaining sig= + local retry=3 + + remaining=$(awk '$1 ~ /^\/dev\/loop/ && $2 != "/" {print $2}' /proc/mounts) + devremaining=$(awk '$1 ~ /^\/dev\/loop/ && $2 != "/" {print $1}' /proc/mounts) + while [ -n "$remaining" -a "$retry" -gt 0 ]; do + if [ "$retry" -eq 3 ]; then + action $"Unmounting loopback filesystems: " \ + fstab-decode umount $remaining + else + action $"Unmounting loopback filesystems (retry):" \ + fstab-decode umount $remaining + fi + for dev in $devremaining ; do + losetup $dev > /dev/null 2>&1 && \ + action $"Detaching loopback device $dev: " \ + losetup -d $dev + done + remaining=$(awk '$1 ~ /^\/dev\/loop/ && $2 != "/" {print $2}' /proc/mounts) + devremaining=$(awk '$1 ~ /^\/dev\/loop/ && $2 != "/" {print $1}' /proc/mounts) + [ -z "$remaining" ] && break + fstab-decode /sbin/fuser -k -m $sig $remaining >/dev/null + sleep 3 + retry=$(($retry -1)) + sig=-9 + done +} + +# __proc_pids {program} [pidfile] +# Set $pid to pids from /var/run* for {program}. $pid should be declared +# local in the caller. +# Returns LSB exit code for the 'status' action. +__pids_var_run() { + local base=${1##*/} + local pid_file=${2:-/var/run/$base.pid} + + pid= + if [ -f "$pid_file" ] ; then + local line p + + [ ! -r "$pid_file" ] && return 4 # "user had insufficient privilege" + while : ; do + read line + [ -z "$line" ] && break + for p in $line ; do + [ -z "${p//[0-9]/}" ] && [ -d "/proc/$p" ] && pid="$pid $p" + done + done < "$pid_file" + + if [ -n "$pid" ]; then + return 0 + fi + return 1 # "Program is dead and /var/run pid file exists" + fi + return 3 # "Program is not running" +} + +# Output PIDs of matching processes, found using pidof +__pids_pidof() { + pidof -c -o $$ -o $PPID -o %PPID -x "$1" || \ + pidof -c -o $$ -o $PPID -o %PPID -x "${1##*/}" +# jordan # pidof -c -m -o $$ -o $PPID -o %PPID -x "$1" || \ +# jordan # pidof -c -m -o $$ -o $PPID -o %PPID -x "${1##*/}" +} + + +# A function to start a program. +daemon() { + # Test syntax. + local gotbase= force= nicelevel corelimit + local pid base= user= nice= bg= pid_file= + local cgroup= + nicelevel=0 + while [ "$1" != "${1##[-+]}" ]; do + case $1 in + '') echo $"$0: Usage: daemon [+/-nicelevel] {program}" + return 1;; + --check) + base=$2 + gotbase="yes" + shift 2 + ;; + --check=?*) + base=${1#--check=} + gotbase="yes" + shift + ;; + --user) + user=$2 + shift 2 + ;; + --user=?*) + user=${1#--user=} + shift + ;; + --pidfile) + pid_file=$2 + shift 2 + ;; + --pidfile=?*) + pid_file=${1#--pidfile=} + shift + ;; + --force) + force="force" + shift + ;; + [-+][0-9]*) + nice="nice -n $1" + shift + ;; + *) echo $"$0: Usage: daemon [+/-nicelevel] {program}" + return 1;; + esac + done + + # Save basename. + [ -z "$gotbase" ] && base=${1##*/} + + # See if it's already running. Look *only* at the pid file. + __pids_var_run "$base" "$pid_file" + + [ -n "$pid" -a -z "$force" ] && return + + # make sure it doesn't core dump anywhere unless requested + corelimit="ulimit -S -c ${DAEMON_COREFILE_LIMIT:-0}" + + # if they set NICELEVEL in /etc/sysconfig/foo, honor it + [ -n "${NICELEVEL:-}" ] && nice="nice -n $NICELEVEL" + + # if they set CGROUP_DAEMON in /etc/sysconfig/foo, honor it + if [ -n "${CGROUP_DAEMON}" ]; then + if [ ! -x /bin/cgexec ]; then + echo -n "Cgroups not installed"; warning + echo + else + cgroup="/bin/cgexec"; + for i in $CGROUP_DAEMON; do + cgroup="$cgroup -g $i"; + done + fi + fi + + # Echo daemon + [ "${BOOTUP:-}" = "verbose" -a -z "${LSB:-}" ] && echo -n " $base" + + # And start it up. + if [ -z "$user" ]; then + $cgroup $nice /bin/bash -c "$corelimit >/dev/null 2>&1 ; $*" + else + $cgroup $nice runuser -s /bin/bash $user -c "$corelimit >/dev/null 2>&1 ; $*" + fi + + [ "$?" -eq 0 ] && success $"$base startup" || failure $"$base startup" +} + +# A function to stop a program. +killproc() { + local RC killlevel= base pid pid_file= delay + + RC=0; delay=3 + # Test syntax. + if [ "$#" -eq 0 ]; then + echo $"Usage: killproc [-p pidfile] [ -d delay] {program} [-signal]" + return 1 + fi + if [ "$1" = "-p" ]; then + pid_file=$2 + shift 2 + fi + if [ "$1" = "-d" ]; then + delay=$2 + shift 2 + fi + + + # check for second arg to be kill level + [ -n "${2:-}" ] && killlevel=$2 + + # Save basename. + base=${1##*/} + + # Find pid. + __pids_var_run "$1" "$pid_file" + RC=$? + if [ -z "$pid" ]; then + if [ -z "$pid_file" ]; then + pid="$(__pids_pidof "$1")" + else + [ "$RC" = "4" ] && { failure $"$base shutdown" ; return $RC ;} + fi + fi + + # Kill it. + if [ -n "$pid" ] ; then + [ "$BOOTUP" = "verbose" -a -z "${LSB:-}" ] && echo -n "$base " + if [ -z "$killlevel" ] ; then + if checkpid $pid 2>&1; then + # TERM first, then KILL if not dead + kill -TERM $pid >/dev/null 2>&1 + sleep 0.1 + # jordan # usleep 100000 + if checkpid $pid && sleep 1 && + checkpid $pid && sleep $delay && + checkpid $pid ; then + kill -KILL $pid >/dev/null 2>&1 + sleep 0.1 + # jordan # usleep 100000 + fi + fi + checkpid $pid + RC=$? + [ "$RC" -eq 0 ] && failure $"$base shutdown" || success $"$base shutdown" + RC=$((! $RC)) + # use specified level only + else + if checkpid $pid; then + kill $killlevel $pid >/dev/null 2>&1 + RC=$? + [ "$RC" -eq 0 ] && success $"$base $killlevel" || failure $"$base $killlevel" + elif [ -n "${LSB:-}" ]; then + RC=7 # Program is not running + fi + fi + else + if [ -n "${LSB:-}" -a -n "$killlevel" ]; then + RC=7 # Program is not running + else + failure $"$base shutdown" + RC=0 + fi + fi + + # Remove pid file if any. + if [ -z "$killlevel" ]; then + rm -f "${pid_file:-/var/run/$base.pid}" + fi + return $RC +} + +# A function to find the pid of a program. Looks *only* at the pidfile +pidfileofproc() { + local pid + + # Test syntax. + if [ "$#" = 0 ] ; then + echo $"Usage: pidfileofproc {program}" + return 1 + fi + + __pids_var_run "$1" + [ -n "$pid" ] && echo $pid + return 0 +} + +# A function to find the pid of a program. +pidofproc() { + local RC pid pid_file= + + # Test syntax. + if [ "$#" = 0 ]; then + echo $"Usage: pidofproc [-p pidfile] {program}" + return 1 + fi + if [ "$1" = "-p" ]; then + pid_file=$2 + shift 2 + fi + fail_code=3 # "Program is not running" + + # First try "/var/run/*.pid" files + __pids_var_run "$1" "$pid_file" + RC=$? + if [ -n "$pid" ]; then + echo $pid + return 0 + fi + + [ -n "$pid_file" ] && return $RC + __pids_pidof "$1" || return $RC +} + +status() { + local base pid lock_file= pid_file= + + # Test syntax. + if [ "$#" = 0 ] ; then + echo $"Usage: status [-p pidfile] {program}" + return 1 + fi + if [ "$1" = "-p" ]; then + pid_file=$2 + shift 2 + fi + if [ "$1" = "-l" ]; then + lock_file=$2 + shift 2 + fi + base=${1##*/} + + if [ "$_use_systemctl" = "1" ]; then + systemctl status ${0##*/}.service + return $? + fi + + # First try "pidof" + __pids_var_run "$1" "$pid_file" + RC=$? + if [ -z "$pid_file" -a -z "$pid" ]; then + pid="$(__pids_pidof "$1")" + fi + if [ -n "$pid" ]; then + echo $"${base} (pid $pid) is running..." + return 0 + fi + + case "$RC" in + 0) + echo $"${base} (pid $pid) is running..." + return 0 + ;; + 1) + echo $"${base} dead but pid file exists" + return 1 + ;; + 4) + echo $"${base} status unknown due to insufficient privileges." + return 4 + ;; + esac + if [ -z "${lock_file}" ]; then + lock_file=${base} + fi + # See if /var/lock/subsys/${lock_file} exists + if [ -f /var/lock/subsys/${lock_file} ]; then + echo $"${base} dead but subsys locked" + return 2 + fi + echo $"${base} is stopped" + return 3 +} + +echo_success() { + [ "$BOOTUP" = "color" ] && $MOVE_TO_COL + echo -n "[" + [ "$BOOTUP" = "color" ] && $SETCOLOR_SUCCESS + echo -n $" OK " + [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL + echo -n "]" + echo -ne "\r" + return 0 +} + +echo_failure() { + [ "$BOOTUP" = "color" ] && $MOVE_TO_COL + echo -n "[" + [ "$BOOTUP" = "color" ] && $SETCOLOR_FAILURE + echo -n $"FAILED" + [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL + echo -n "]" + echo -ne "\r" + return 1 +} + +echo_passed() { + [ "$BOOTUP" = "color" ] && $MOVE_TO_COL + echo -n "[" + [ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING + echo -n $"PASSED" + [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL + echo -n "]" + echo -ne "\r" + return 1 +} + +echo_warning() { + [ "$BOOTUP" = "color" ] && $MOVE_TO_COL + echo -n "[" + [ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING + echo -n $"WARNING" + [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL + echo -n "]" + echo -ne "\r" + return 1 +} + +# Inform the graphical boot of our current state +update_boot_stage() { + if [ -x /usr/bin/plymouth ]; then + /usr/bin/plymouth --update="$1" + fi + return 0 +} + +# Log that something succeeded +success() { + [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_success + return 0 +} + +# Log that something failed +failure() { + local rc=$? + [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_failure + [ -x /usr/bin/plymouth ] && /usr/bin/plymouth --details + return $rc +} + +# Log that something passed, but may have had errors. Useful for fsck +passed() { + local rc=$? + [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_passed + return $rc +} + +# Log a warning +warning() { + local rc=$? + [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_warning + return $rc +} + +# Run some action. Log its output. +action() { + local STRING rc + + STRING=$1 + echo -n "$STRING " + shift + "$@" && success $"$STRING" || failure $"$STRING" + rc=$? + echo + return $rc +} + +# returns OK if $1 contains $2 +strstr() { + [ "${1#*$2*}" = "$1" ] && return 1 + return 0 +} + +# Confirm whether we really want to run this service +confirm() { + [ -x /usr/bin/plymouth ] && /usr/bin/plymouth --hide-splash + while : ; do + echo -n $"Start service $1 (Y)es/(N)o/(C)ontinue? [Y] " + read answer + if strstr $"yY" "$answer" || [ "$answer" = "" ] ; then + return 0 + elif strstr $"cC" "$answer" ; then + rm -f /var/run/confirm + [ -x /usr/bin/plymouth ] && /usr/bin/plymouth --show-splash + return 2 + elif strstr $"nN" "$answer" ; then + return 1 + fi + done +} + +# resolve a device node to its major:minor numbers in decimal or hex +get_numeric_dev() { +( + fmt="%d:%d" + if [ "$1" = "hex" ]; then + fmt="%x:%x" + fi + ls -lH "$2" | awk '{ sub(/,/, "", $5); printf("'"$fmt"'", $5, $6); }' +) 2>/dev/null +} + +# Check whether file $1 is a backup or rpm-generated file and should be ignored +is_ignored_file() { + case "$1" in + *~ | *.bak | *.orig | *.rpmnew | *.rpmorig | *.rpmsave) + return 0 + ;; + esac + return 1 +} + +# Evaluate shvar-style booleans +is_true() { + case "$1" in + [tT] | [yY] | [yY][eE][sS] | [tT][rR][uU][eE]) + return 0 + ;; + esac + return 1 +} + +# Evaluate shvar-style booleans +is_false() { + case "$1" in + [fF] | [nN] | [nN][oO] | [fF][aA][lL][sS][eE]) + return 0 + ;; + esac + return 1 +} + +key_is_random() { + [ "$1" = "/dev/urandom" -o "$1" = "/dev/hw_random" \ + -o "$1" = "/dev/random" ] +} + +find_crypto_mount_point() { + local fs_spec fs_file fs_vfstype remaining_fields + local fs + while read fs_spec fs_file remaining_fields; do + if [ "$fs_spec" = "/dev/mapper/$1" ]; then + echo $fs_file + break; + fi + done < /etc/fstab +} + +# Because of a chicken/egg problem, init_crypto must be run twice. /var may be +# encrypted but /var/lib/random-seed is needed to initialize swap. +init_crypto() { + local have_random dst src key opt mode owner params makeswap skip arg opt + local param value rc ret mke2fs mdir prompt mount_point + + ret=0 + have_random=$1 + while read dst src key opt; do + [ -z "$dst" -o "${dst#\#}" != "$dst" ] && continue + [ -b "/dev/mapper/$dst" ] && continue; + if [ "$have_random" = 0 ] && key_is_random "$key"; then + continue + fi + if [ -n "$key" -a "x$key" != "xnone" ]; then + if test -e "$key" ; then + owner=$(ls -l $key | (read a b owner rest; echo $owner)) + if ! key_is_random "$key"; then + mode=$(ls -l "$key" | cut -c 5-10) + if [ "$mode" != "------" ]; then + echo $"INSECURE MODE FOR $key" + fi + fi + if [ "$owner" != root ]; then + echo $"INSECURE OWNER FOR $key" + fi + else + echo $"Key file for $dst not found, skipping" + ret=1 + continue + fi + else + key="" + fi + params="" + makeswap="" + mke2fs="" + skip="" + # Parse the src field for UUID= and convert to real device names + if [ "${src%%=*}" == "UUID" ]; then + src=$(/sbin/blkid -t "$src" -l -o device) + elif [ "${src/^\/dev\/disk\/by-uuid\/}" != "$src" ]; then + src=$(__readlink $src) + fi + # Is it a block device? + [ -b "$src" ] || continue + # Is it already a device mapper slave? (this is gross) + devesc=${src##/dev/} + devesc=${devesc//\//!} + for d in /sys/block/dm-*/slaves ; do + [ -e $d/$devesc ] && continue 2 + done + # Parse the options field, convert to cryptsetup parameters and + # contruct the command line + while [ -n "$opt" ]; do + arg=${opt%%,*} + opt=${opt##$arg} + opt=${opt##,} + param=${arg%%=*} + value=${arg##$param=} + + case "$param" in + cipher) + params="$params -c $value" + if [ -z "$value" ]; then + echo $"$dst: no value for cipher option, skipping" + skip="yes" + fi + ;; + size) + params="$params -s $value" + if [ -z "$value" ]; then + echo $"$dst: no value for size option, skipping" + skip="yes" + fi + ;; + hash) + params="$params -h $value" + if [ -z "$value" ]; then + echo $"$dst: no value for hash option, skipping" + skip="yes" + fi + ;; + verify) + params="$params -y" + ;; + swap) + makeswap=yes + ;; + tmp) + mke2fs=yes + esac + done + if [ "$skip" = "yes" ]; then + ret=1 + continue + fi + if [ -z "$makeswap" ] && cryptsetup isLuks "$src" 2>/dev/null ; then + if key_is_random "$key"; then + echo $"$dst: LUKS requires non-random key, skipping" + ret=1 + continue + fi + if [ -n "$params" ]; then + echo "$dst: options are invalid for LUKS partitions," \ + "ignoring them" + fi + if [ -n "$key" ]; then + /sbin/cryptsetup -d $key luksOpen "$src" "$dst" <&1 2>/dev/null && success || failure + rc=$? + else + mount_point="$(find_crypto_mount_point $dst)" + [ -n "$mount_point" ] || mount_point=${src##*/} + prompt=$(printf $"%s is password protected" "$mount_point") + plymouth ask-for-password --prompt "$prompt" --command="/sbin/cryptsetup luksOpen -T1 $src $dst" <&1 + rc=$? + fi + else + [ -z "$key" ] && plymouth --hide-splash + /sbin/cryptsetup $params ${key:+-d $key} create "$dst" "$src" <&1 2>/dev/null && success || failure + rc=$? + [ -z "$key" ] && plymouth --show-splash + fi + if [ $rc -ne 0 ]; then + ret=1 + continue + fi + if [ -b "/dev/mapper/$dst" ]; then + if [ "$makeswap" = "yes" ]; then + mkswap "/dev/mapper/$dst" 2>/dev/null >/dev/null + fi + if [ "$mke2fs" = "yes" ]; then + if mke2fs "/dev/mapper/$dst" 2>/dev/null >/dev/null \ + && mdir=$(mktemp -d /tmp/mountXXXXXX); then + mount "/dev/mapper/$dst" "$mdir" && chmod 1777 "$mdir" + umount "$mdir" + rmdir "$mdir" + fi + fi + fi + done < /etc/crypttab + return $ret +} + +# A sed expression to filter out the files that is_ignored_file recognizes +__sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmorig\|\.rpmsave\)$/d' + +if [ "$_use_systemctl" = "1" ]; then + if [ "x$1" = xstart -o \ + "x$1" = xstop -o \ + "x$1" = xrestart -o \ + "x$1" = xreload -o \ + "x$1" = xtry-restart -o \ + "x$1" = xforce-reload -o \ + "x$1" = xcondrestart ] ; then + + systemctl_redirect $0 $1 + exit $? + fi +fi diff --git a/init.d/sfa b/init.d/sfa index 69cf6f6f..2fda7e0b 100755 --- a/init.d/sfa +++ b/init.d/sfa @@ -10,8 +10,31 @@ # source function library . /etc/init.d/functions + +# + +# borrowed from postgresql +versions=() +for v in `ls /usr/lib/postgresql/ 2>/dev/null`; do + if [ -x /usr/lib/postgresql/$v/bin/pg_ctl ] && [ ! -x /etc/init.d/postgresql-$v ]; then + versions+=($v) + fi +done +if [[ ${#versions[*]} == "0" ]]; then + echo "E: Missing postgresql installation. Aborting." + exit +fi +if [[ ${#versions[*]} != "1" ]]; then + echo "E: Too many postgresql versions installed. Aborting." + exit +fi +pgver=${versions[0]} + +LOCKFILE=/var/run/sfa-start.py +# + # Default locations -PGDATA=/var/lib/pgsql/data +PGDATA=/etc/postgresql/$pgver/main/ postgresql_conf=$PGDATA/postgresql.conf pghba_conf=$PGDATA/pg_hba.conf postgresql_sysconfig=/etc/sysconfig/pgsql @@ -44,7 +67,7 @@ check () function postgresql_check () { # wait until postmaster is up and running - or 10s max - if status postmaster >& /dev/null && [ -f /var/lock/subsys/postgresql ] ; then + if status postgres >& /dev/null && [ -f /var/run/postgresql/$pgver-main.pid ] ; then # The only way we can be sure is if we can access it for i in $(seq 1 10) ; do # Must do this as the postgres user initially (before we @@ -276,7 +299,7 @@ function start() { [ "$SFA_FLASHPOLICY_ENABLED" == 1 ] && \ action "Flash Policy Server" daemon /usr/bin/sfa_flashpolicy.py --file="$SFA_FLASHPOLICY_CONFIG_FILE" --port=$SFA_FLASHPOLICY_PORT -d - touch /var/lock/subsys/sfa-start.py + touch $LOCKFILE } @@ -285,7 +308,7 @@ function stop() { db_stop - rm -f /var/lock/subsys/sfa-start.py + rm -f $LOCKFILE } @@ -295,7 +318,7 @@ case "$1" in reload) reload force ;; restart) stop; start ;; condrestart) - if [ -f /var/lock/subsys/sfa-start.py ]; then + if [ -f $LOCKFILE ]; then stop start fi diff --git a/init.d/sfa.old b/init.d/sfa.old new file mode 100755 index 00000000..69cf6f6f --- /dev/null +++ b/init.d/sfa.old @@ -0,0 +1,317 @@ +#!/bin/bash +# +# sfa Wraps PLCAPI into the SFA compliant API +# +# hopefully right after plc +# chkconfig: 2345 61 39 +# +# description: Wraps PLCAPI into the SFA compliant API +# + +# source function library +. /etc/init.d/functions +# Default locations +PGDATA=/var/lib/pgsql/data +postgresql_conf=$PGDATA/postgresql.conf +pghba_conf=$PGDATA/pg_hba.conf +postgresql_sysconfig=/etc/sysconfig/pgsql + +# SFA consolidated (merged) config file +sfa_whole_config=/etc/sfa/sfa_config +# SFA default config (read-only template) +sfa_default_config=/etc/sfa/default_config.xml +# SFA local (site-dependent) file +sfa_local_config=/etc/sfa/configs/site_config +sfa_local_config_xml=/etc/sfa/configs/site_config.xml + +# Source sfa shell config if present +[ -f /etc/sfa/sfa_config.sh ] && . /etc/sfa/sfa_config.sh + +# Export so that we do not have to specify -p to psql invocations +export PGPORT=$SFA_DB_PORT + +########## +# Total number of errors +ERRORS=0 + +# Count the exit status of the last command +check () +{ + ERRORS=$(($ERRORS+$?)) +} + +# can't trust the return of service postgresql start / nor status +function postgresql_check () { + + # wait until postmaster is up and running - or 10s max + if status postmaster >& /dev/null && [ -f /var/lock/subsys/postgresql ] ; then + # The only way we can be sure is if we can access it + for i in $(seq 1 10) ; do + # Must do this as the postgres user initially (before we + # fix pg_hba.conf to passwordless localhost access). + su -c 'psql -U postgres -c "" template1' postgres && return 0 + sleep 1 + done + fi + + return 1 +} + +# use a single date of this script invocation for the dump_*_db functions. +DATE=$(date +"%Y-%m-%d-%H-%M-%S") + +# Dumps the database - optional argument to specify filename suffix +function dump_sfa_db() { + if [ -n "$1" ] ; then suffix="-$1" ; else suffix="" ; fi + mkdir -p /usr/share/sfa/backups + dumpfile=/usr/share/sfa/backups/$(date +"${SFA_DB_NAME}.${DATE}${suffix}.sql") + pg_dump -U $SFA_DB_USER $SFA_DB_NAME > $dumpfile + echo "Saved sfa database in $dumpfile" + check +} + +# Regenerate configuration files - almost verbatim from plc.init +function reload () { + force=$1 + + # Regenerate the main configuration file from default values + # overlaid with site-specific and current values. + # Thierry -- 2007-07-05 : values in plc_config.xml are *not* taken into account here + files=( $sfa_default_config $sfa_local_config ) + for file in "${files[@]}" ; do + if [ -n "$force" -o $file -nt $sfa_whole_config ] ; then + tmp=$(mktemp /tmp/sfa_config.XXXXXX) + sfa-config --python "${files[@]}" >$tmp + if [ $? -eq 0 ] ; then + mv $tmp $sfa_whole_config + chmod 444 $sfa_whole_config + else + echo "SFA: Warning: Invalid configuration file(s) detected" + rm -f $tmp + fi + break + fi + done + + # Convert configuration to various formats + if [ -f $sfa_local_config_xml ] ; then + sfa-config --python $sfa_local_config_xml > $sfa_local_config + rm $sfa_local_config_xml + fi + if [ -n "$force" -o $sfa_local_config -nt $sfa_whole_config ] ; then + sfa-config --python $sfa_default_config $sfa_local_config > $sfa_whole_config + fi + if [ -n "$force" -o $sfa_whole_config -nt /etc/sfa/sfa_config.sh ] ; then + sfa-config --shell $sfa_default_config $sfa_local_config > /etc/sfa/sfa_config.sh + fi +# if [ -n "$force" -o $sfa_whole_config -nt /etc/sfa/php/sfa_config.php ] ; then +# mkdir -p /etc/sfa/php +# plc-config --php $sfa_whole_config >/etc/sfa/php/sfa_config.php +# fi + + # [re]generate the sfa_component_config + # this is a server-side thing but produces a file that somehow needs to be pushed + # on the planetlab nodes; in the case where sfa and myplc run on different boxes + # (or there is no myplc at all) this should be turned off + # as the component manager is not operational yet we skip this for now + #gen-sfa-cm-config.py + + # reload the shell version + [ -f /etc/sfa/sfa_config.sh ] && . /etc/sfa/sfa_config.sh + +} + +### initialize DB (don't chkconfig postgresql on) +function db_start () { + + # only if enabled + [ "$SFA_DB_ENABLED" == 1 -o "$SFA_DB_ENABLED" == True ] || return + + if ! rpm -q myplc >& /dev/null; then + + ######## standalone deployment - no colocated myplc + + ######## sysconfig + # Set data directory and redirect startup output to /var/log/pgsql + mkdir -p $(dirname $postgresql_sysconfig) + # remove previous definitions + touch $postgresql_sysconfig + tmp=${postgresql_sysconfig}.new + ( egrep -v '^(PGDATA=|PGLOG=|PGPORT=)' $postgresql_sysconfig + echo "PGDATA=$PGDATA" + echo "PGLOG=/var/log/pgsql" + echo "PGPORT=$SFA_DB_PORT" + ) >> $tmp ; mv -f $tmp $postgresql_sysconfig + + ######## /var/lib/pgsql/data + # Fix ownership (rpm installation may have changed it) + chown -R -H postgres:postgres $(dirname $PGDATA) + + # PostgreSQL must be started at least once to bootstrap + # /var/lib/pgsql/data + if [ ! -f $postgresql_conf ] ; then + service postgresql initdb &> /dev/null || : + check + fi + + ######## /var/lib/pgsql/data/postgresql.conf + registry_ip="" + foo=$(python -c "import socket; print socket.gethostbyname(\"$SFA_REGISTRY_HOST\")") && registry_ip="$foo" + # Enable DB server. drop Postgresql<=7.x + # PostgreSQL >=8.0 defines listen_addresses + # listen on a specific IP + localhost, more robust when run within a vserver + sed -i -e '/^listen_addresses/d' $postgresql_conf + if [ -z "$registry_ip" ] ; then + echo "listen_addresses = 'localhost'" >> $postgresql_conf + else + echo "listen_addresses = '${registry_ip},localhost'" >> $postgresql_conf + fi + # tweak timezone to be 'UTC' + sed -i -e '/^timezone=/d' $postgresql_conf + echo "timezone='UTC'" >> $postgresql_conf + + ######## /var/lib/pgsql/data/pg_hba.conf + # Disable access to all DBs from all hosts + sed -i -e '/^\(host\|local\)/d' $pghba_conf + + # Enable passwordless localhost access + echo "local all all trust" >>$pghba_conf + # grant access + ( + echo "host $SFA_DB_NAME $SFA_DB_USER 127.0.0.1/32 password" + [ -n "$registry_ip" ] && echo "host $SFA_DB_NAME $SFA_DB_USER ${registry_ip}/32 password" + ) >>$pghba_conf + + if [ "$SFA_GENERIC_FLAVOUR" == "openstack" ] ; then + [ -n "$registry_ip" ] && echo "host nova nova ${registry_ip}/32 password" >> $pghba_conf + fi + + # Fix ownership (sed -i changes it) + chown postgres:postgres $postgresql_conf $pghba_conf + + ######## compute a password if needed + if [ -z "$SFA_DB_PASSWORD" ] ; then + SFA_DB_PASSWORD=$(uuidgen) + sfa-config --category=sfa_db --variable=password --value="$SFA_DB_PASSWORD" --save=$sfa_local_config $sfa_local_config >& /dev/null + reload force + fi + + else + + ######## we are colocated with a myplc + # no need to worry about the pgsql setup (see /etc/plc.d/postgresql) + # myplc enforces the password for its user + PLC_DB_USER=$(plc-config --category=plc_db --variable=user) + PLC_DB_PASSWORD=$(plc-config --category=plc_db --variable=password) + # store this as the SFA user/password + sfa-config --category=sfa_db --variable=user --value=$PLC_DB_USER --save=$sfa_local_config $sfa_local_config >& /dev/null + sfa-config --category=sfa_db --variable=password --value=$PLC_DB_PASSWORD --save=$sfa_local_config $sfa_local_config >& /dev/null + reload force + fi + + ######## Start up the server + # not too nice, but.. when co-located with myplc we'll let it start/stop postgresql + if ! rpm -q myplc >& /dev/null ; then + echo STARTING... + service postgresql start >& /dev/null + fi + postgresql_check + check + + ######## make sure we have the user and db created + # user + if ! psql -U $SFA_DB_USER -c "" template1 >/dev/null 2>&1 ; then + psql -U postgres -c "CREATE USER $SFA_DB_USER PASSWORD '$SFA_DB_PASSWORD'" template1 >& /dev/null + else + psql -U postgres -c "ALTER USER $SFA_DB_USER WITH PASSWORD '$SFA_DB_PASSWORD'" template1 >& /dev/null + fi + check + + # db + if ! psql -U $SFA_DB_USER -c "" $SFA_DB_NAME >/dev/null 2>&1 ; then + createdb -U postgres --template=template0 --encoding=UNICODE --owner=$SFA_DB_USER $SFA_DB_NAME + check + fi + check + # mention sfaadmin.py instead of just sfaadmin for people who do not install through rpm + sfaadmin.py reg sync_db + + MESSAGE=$"SFA: Checking for PostgreSQL server" + echo -n "$MESSAGE" + [ "$ERRORS" == 0 ] && success "$MESSAGE" || failure "$MESSAGE" ; echo +} + +# shutdown DB +function db_stop () { + + # only if enabled + [ "$SFA_DB_ENABLED" == 1 -o "$SFA_DB_ENABLED" == True ] || return + + # not too nice, but.. when co-located with myplc we'll let it start/stop postgresql + if ! rpm -q myplc >& /dev/null ; then + service postgresql stop >& /dev/null + check + MESSAGE=$"Stopping PostgreSQL server" + echo -n "$MESSAGE" + [ "$ERRORS" == 0 ] && success "$MESSAGE" || failure "$MESSAGE" ; echo + fi +} + +function start() { + + reload + + db_start + # migrations are now handled in the code by sfa.storage.dbschema + + # install peer certs + action $"SFA: installing peer certs" daemon /usr/bin/sfa-start.py -t -d $OPTIONS + + [ "$SFA_REGISTRY_ENABLED" == 1 -o "$SFA_REGISTRY_ENABLED" == True ] && action $"SFA: Registry" daemon /usr/bin/sfa-start.py -r -d $OPTIONS + + [ "$SFA_AGGREGATE_ENABLED" == 1 -o "$SFA_AGGREGATE_ENABLED" == True ] && action $"SFA: Aggregate" daemon /usr/bin/sfa-start.py -a -d $OPTIONS + + [ "$SFA_SM_ENABLED" == 1 -o "$SFA_SM_ENABLED" == True ] && action "SFA: SliceMgr" daemon /usr/bin/sfa-start.py -s -d $OPTIONS + + [ "$SFA_FLASHPOLICY_ENABLED" == 1 ] && \ + action "Flash Policy Server" daemon /usr/bin/sfa_flashpolicy.py --file="$SFA_FLASHPOLICY_CONFIG_FILE" --port=$SFA_FLASHPOLICY_PORT -d + + touch /var/lock/subsys/sfa-start.py + +} + +function stop() { + action $"Shutting down SFA" killproc sfa-start.py + + db_stop + + rm -f /var/lock/subsys/sfa-start.py +} + + +case "$1" in + start) start ;; + stop) stop ;; + reload) reload force ;; + restart) stop; start ;; + condrestart) + if [ -f /var/lock/subsys/sfa-start.py ]; then + stop + start + fi + ;; + status) + status sfa-start.py + RETVAL=$? + ;; + dbdump) + dump_sfa_db + ;; + *) + echo $"Usage: $0 {start|stop|reload|restart|condrestart|status|dbdump}" + exit 1 + ;; +esac + +exit $RETVAL + diff --git a/setup.py b/setup.py index 041904ca..490b2e0a 100755 --- a/setup.py +++ b/setup.py @@ -45,7 +45,7 @@ packages = [ 'sfatables/processors', ] -initscripts = [ 'sfa', 'sfa-cm' ] +initscripts = [ 'functions', 'sfa', 'sfa-cm' ] data_files = [ ('/etc/sfa/', [ 'config/aggregates.xml', 'config/registries.xml', -- 2.43.0