[BACK]Return to loncontrol CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom / init.d

Diff for /loncom/init.d/loncontrol between versions 1.11 and 1.36

version 1.11, 2003/09/16 21:01:39 version 1.36, 2009/06/07 23:20:38
Line 1 Line 1
 #!/usr/bin/perl  #!/usr/bin/perl
 #  #
   # $Id$
   #
 # The LearningOnline Network with CAPA  # The LearningOnline Network with CAPA
 #  #
   # Copyright Michigan State University Board of Trustees
   #
   # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
   #
   # LON-CAPA is free software; you can redistribute it and/or modify
   # it under the terms of the GNU General Public License as published by
   # the Free Software Foundation; either version 2 of the License, or
   # (at your option) any later version.
   #
   # LON-CAPA is distributed in the hope that it will be useful,
   # but WITHOUT ANY WARRANTY; without even the implied warranty of
   # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   # GNU General Public License for more details.
   #
   # You should have received a copy of the GNU General Public License
   # along with LON-CAPA; if not, write to the Free Software
   # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   #
   # /home/httpd/html/adm/gpl.txt
   #
   # http://www.lon-capa.org/
   #
 # Startup script for the LON-CAPA network processes  # Startup script for the LON-CAPA network processes
 #  #
 # YEAR=2000  
 # YEAR=2001  
 # YEAR=2002  
   
 # chkconfig: 345 95 5  # chkconfig: 345 95 5
 # description: LON-CAPA is a "network of knowledge".  It is used to  # description: LON-CAPA is a "network of knowledge".  It is used to \
 # distribute knowledge resources and instructional management.  # distribute knowledge resources and instructional management.
 # processnames: lonc, lond, lonsql  # processnames: lonc, lond, lonsql, lonmaxima, lonr
 # pidfiles: /home/httpd/perl/logs/lon*.pid  # pidfiles: /home/httpd/perl/logs/lon*.pid
 # config: /etc/httpd/conf/loncapa.conf  # config: /etc/httpd/conf/loncapa.conf
 # config: /home/httpd/lonTabs/hosts.tab  # config: /home/httpd/lonTabs/hosts.tab
 # config: /home/httpd/lonTabs/spare.tab  # config: /home/httpd/lonTabs/spare.tab
   # SuSE chkconfig/insserv info
   ### BEGIN INIT INFO
   # Provides:       loncapa
   # Required-Start: mysql apache2 $network $remote_fs
   # Required-Stop:
   # Default-Start:  3 4 5
   # Default-Stop:
   # Description:    Starts the LON-CAPA services
   ### END INIT INFO
   
   use strict;
   use lib '/home/httpd/lib/perl/';
   use LONCAPA::Configuration;
   use Apache::lonnet;
   
 $command=$ARGV[0]; $command=~s/[^a-z]//g;  my $command=$ARGV[0]; $command=~s/[^a-z]//g;
   
 $ENV{'PATH'}="/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin";  $ENV{'PATH'}="/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin";
 $ENV{'BASH_ENV'}="";  $ENV{'BASH_ENV'}="";
   
   { # Firewall variable scoping
       # Firewall code is based on the code in FC2 /etc/init.d/ntpd
       my $fw_chain = 'RH-Firewall-1-INPUT';
       my $iptables = '/sbin/iptables';
       if (! -e $iptables) {
    $iptables = '/usr/sbin/iptables';
    if (!-e $iptables) {
       print("Unable to find iptables command\n");
    }
       }
       my $suse_config = "/etc/sysconfig/SuSEfirewall2";
       if (-e $suse_config) {
           $fw_chain = 'input_ext';
       } else {
           if (!-e '/etc/sysconfig/iptables') {
               print("Unable to find iptables file containing static definitions\n");
           }
       }
       my $lond_port = &get_lond_port();
       if (!$lond_port) {
           print("Unable to determine lond port number from LON-CAPA configuration.\n");
       }
   
   sub firewall_open_port {
       return 'inactive firewall' if (! &firewall_is_active);
       return 'port number unknown' if !$lond_port;
       my @opened;
       if (! `$iptables -L -n 2>/dev/null | grep $fw_chain | wc -l`) {
           return 'Expected chain "'.$fw_chain.'" missing from iptables'."\n";
       }
       # iptables is running with expected chain
       #
       # For lond port, restrict the servers allowed to attempt to communicate
       # to include only source IPs in the LON-CAPA cluster.
       foreach my $port ($lond_port) {
           print "Opening firewall access on port $port.\n";
           my $result;
           if ($port eq $lond_port) {
               my (@port_error,@command_error,@lond_port_open);
               my %iphost = &Apache::lonnet::get_iphost();
               if (keys(%iphost) > 0) {
                   &firewall_close_anywhere($port);
                   foreach my $ip (keys(%iphost)) {
                       my $firewall_command = 
                           "$iptables -I $fw_chain -p tcp -s $ip -d 0/0 --dport $port -j ACCEPT";
                       system($firewall_command);
                       my $return_status = $?>>8;
                       if ($return_status == 1) {
                           push (@port_error,$ip);
                       } elsif ($return_status == 2) {
                           push(@command_error,$ip);
                       } elsif ($return_status == 0) {
                           push(@lond_port_open,$ip);
                       }
                   }
               }
               if (@lond_port_open) {
                   push(@opened,$port);
                   print "Port $port opened for ".scalar(@lond_port_open)." IP addresses\n";  
               }
               if (@port_error) {
                   print "Error opening port $port for following IP addresses: ".join(', ',@port_error)."\n";
               }
               if (@command_error) {
                   print "Bad command error opening port for following IP addresses: ".
                         join(', ',@command_error)."\n".
                         'Command was: "'."$iptables -I $fw_chain -p tcp -s ".'$ip'." -d 0/0 --dport $port -j ACCEPT".'", where $ip is IP address'."\n";
               }
           } else {
               my $firewall_command =
                   "$iptables -I $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT";
               system($firewall_command);
               my $return_status = $?>>8;
               if ($return_status == 1) {
                   # Error
                   print "Error opening port.\n";
               } elsif ($return_status == 2) {
                   # Bad command
                   print "Bad command error opening port.  Command was\n".
                         "  ".$firewall_command."\n";
               } elsif ($return_status == 0) {
                   push(@opened,$port);
               }
           }
       }
       foreach my $port ($lond_port) {
           if (!grep(/^\Q$port\E$/,@opened)) {
               return 'Required port not open: '.$port."\n";  
           }
       }
       return 'ok';
   }
   
   sub firewall_is_port_open {
       my ($port) = @_;
       # for lond port returns number of source IPs for which firewall port is open
       # for other ports returns 1 if the firewall port is open, 0 if not.
       #
       # check if firewall is active or installed
       return if (! &firewall_is_active);
       if ($port eq $lond_port) {
           my %iphost = &Apache::lonnet::get_iphost();
           foreach my $ip (keys(%iphost)) {
               my $count = `$iptables -L -n 2>/dev/null | grep "tcp dpt:$port" | wc -l`;
               return $count;
           }
       } else {
           if (`$iptables -L -n 2>/dev/null | grep "tcp dpt:$port"`) { 
               return 1;
           } else {
               return 0;
           }
       }
   }
   
   sub firewall_is_active {
       if (-e '/proc/net/ip_tables_names') {
           return 1;
       } else {
           return 0;
       }
   }
   
   sub firewall_close_port {
       return 'inactive firewall' if (! &firewall_is_active);
       return 'port number unknown' if !$lond_port;
       if (! `$iptables -L -n 2>/dev/null | grep $fw_chain | wc -l`) {
           return 'Expected chain "'.$fw_chain.'" missing from iptables'."\n";
       }
       foreach my $port ($lond_port) {
           print "Closing firewall access on port $port\n";
           if ($port eq $lond_port) {
               my (@port_error,@command_error,@lond_port_close);
               my %iphost = &Apache::lonnet::get_iphost();
               my %toclose;
               if (keys(%iphost) > 0) {
                   open(PIPE, "$iptables -n -L $fw_chain |");
                   while (<PIPE>) {
                       chomp();
                       next unless (/dpt:\Q$port\E\s*$/);
                       if (/^ACCEPT\s+tcp\s+\-{2}\s+([\S]+)\s+/) {
                           $toclose{$1} = $port;
                       }
                   }
                   close(PIPE);
               }
               foreach my $ip (keys(%iphost)) {
                   next unless (exists($toclose{$ip}));
                   my $firewall_command =
                       "$iptables -D $fw_chain -p tcp -s $ip -d 0/0 --dport $port -j ACCEPT";
                   system($firewall_command);
                   my $return_status = $?>>8;
                   if ($return_status == 1) {
                       push (@port_error,$ip);
                   } elsif ($return_status == 2) {
                       push(@command_error,$ip);
                   } elsif ($return_status == 0) {
                       push(@lond_port_close,$ip);
                   }
               }
               if (@lond_port_close) {
                   print "Port $port closed for ".scalar(@lond_port_close)." IP addresses\n";
               }
               if (@port_error) {
                   print "Error closing port $port for following IP addresses: ".join(', ',@port_error)."\n";
               }
               if (@command_error) {
                   print "Bad command error opening port for following IP addresses: ".
                         join(', ',@command_error)."\n".
                         'Command was: "'."$iptables -D $fw_chain -p tcp -s ".'$ip'." -d 0/0 --dport $port -j ACCEPT".'", where $ip is IP address'."\n";
               }
               &firewall_close_anywhere($port);
           } else {
               my $firewall_command = 
                   "$iptables -D $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT";
               system($firewall_command);
               my $return_status = $?>>8;
               if ($return_status == 1) {
                   # Error
                   print "Error closing port.\n";
               } elsif ($return_status == 2) {
                   # Bad command
                   print "Bad command error closing port.  Command was\n".
                         "  ".$firewall_command."\n";
               } else {
                   print "Port closed.\n";
               }
           }
       }
       return;
   }
   
   sub get_lond_port {
       my $perlvarref=&LONCAPA::Configuration::read_conf();
       my $lond_port;
       if (ref($perlvarref) eq 'HASH') {
           if (defined($perlvarref->{'londPort'})) {
               $lond_port = $perlvarref->{'londPort'};
           }
       }
       return $lond_port;
   }
   
   sub firewall_close_anywhere {
       my ($port) = @_;
       open(PIPE, "$iptables --line-numbers -n -L $fw_chain |");
       while (<PIPE>) {
           next unless (/dpt:\Q$port\E/);
           chomp();
           if (/^(\d+)\s+ACCEPT\s+tcp\s+\-{2}\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0/) {
               my $firewall_command = "$iptables -D $fw_chain $1";
               system($firewall_command);
               my $return_status = $?>>8;
               if ($return_status == 1) {
                   print 'Error closing port '.$port.' for source "anywhere"'."\n";
               } elsif ($return_status == 2) {
                   print 'Bad command error closing port '.$port.' for source "anywhere".  Command was'."\n".
                         ' '.$firewall_command."\n";
               } else {
                   print 'Port '.$port.' closed for source "anywhere"'."\n";
               }
           }
       }
       close(PIPE);
   }
   
   } # End firewall variable scope
   
 sub stop_daemon {  sub stop_daemon {
     my ($daemon)=@_;      my ($daemon,$killallname)=@_;
     my $pidfile="/home/httpd/perl/logs/$daemon.pid";      my $pidfile="/home/httpd/perl/logs/$daemon.pid";
           
     printf("%-10s ",$daemon);      printf("%-15s ",$daemon);
     if (-e $pidfile) {      if (-e $pidfile) {
  open(PIDFILE,$pidfile);   open(PIDFILE,$pidfile);
  my $daemonpid=<PIDFILE>;   my $daemonpid=<PIDFILE>;
  chomp($daemonpid);   chomp($daemonpid);
  kill TERM => $daemonpid;   kill TERM => $daemonpid;
  sleep 2;   my $count=0;
    while ($count++ < 5 && kill(0 => $daemonpid)) {
       sleep 1;
    }
  if (kill 0 => $daemonpid) {   if (kill 0 => $daemonpid) {
     kill KILL => $daemonpid;      kill KILL => $daemonpid;
     sleep 2;      sleep 1;
     if (kill 0 => $daemonpid) {      if (kill 0 => $daemonpid) {
  print("failed to kill\n"); return;   print("failed to kill");
     } else {      } else {
  print("killed\n"); return;   print("killed");
     }      }
  } else {   } else {
     print("stopped\n"); return;      print("stopped");
  }   }
       } else {
    print("not running");
       }
       system("killall -q -0 $killallname");
       if ($? == 0) {
    system("killall -q $killallname");
    print(", killed off extraneous processes");
     }      }
     print("not running\n");      unlink($pidfile);
       print("\n");
 }  }
   
 if (($command eq "restart") or ($command eq "reload")) {  sub clean_sockets {
       opendir(SOCKETS,"/home/httpd/sockets/");
       my $perlvarref=&LONCAPA::Configuration::read_conf();
       return if (ref($perlvarref) ne 'HASH');
       while (my $fname=readdir(SOCKETS)) {
    next if (-d $fname
    || $fname=~/(mysqlsock|maximasock|\Q$perlvarref->{'lonSockDir'}\E)/);
    unlink("/home/httpd/sockets/$fname");
       }
   }
   
   if ($command eq "restart") {
     print 'Restarting LON-CAPA'."\n";      print 'Restarting LON-CAPA'."\n";
     print 'Ending LON-CAPA client and daemon processes'."\n";      print 'Ending LON-CAPA client and daemon processes'."\n";
     foreach my $daemon ('lonsql','lond','lonc','lonhttpd') {      foreach my $daemon ('lonsql','lond','lonc','lonmemcached','lonmaxima','lonr') {
  &stop_daemon($daemon);   my $killallname=$daemon;
    if ($daemon eq 'lonc') { $killallname='loncnew'; }
    &stop_daemon($daemon,$killallname);
     }      }
     print 'Starting LON-CAPA client and daemon processes (please be patient)'.      print 'Starting LON-CAPA client and daemon processes (please be patient)'.
  "\n";   "\n";
     system("su -c '/home/httpd/perl/loncron' www");      system("su www -c '/home/httpd/perl/loncron --justcheckdaemons'");
 }  } elsif ($command eq "stop") {
 elsif ($command eq "stop") {  
     print 'Stopping LON-CAPA'."\n";      print 'Stopping LON-CAPA'."\n";
     foreach my $daemon ('lonsql','lond','lonc','lonhttpd') {      foreach my $daemon ('lonsql','lond','lonc','lonmemcached','lonmaxima','lonr') {
  &stop_daemon($daemon);   my $killallname=$daemon;
    if ($daemon eq 'lonc') { $killallname='loncnew'; }
    &stop_daemon($daemon,$killallname);
     }      }
 }      my $firewall_result = &firewall_close_port();
 elsif ($command eq "start") {      if ($firewall_result) {
     print 'Starting LON-CAPA'."\n";          print "$firewall_result\n";
     print 'Starting LON-CAPA client and daemon processes (please be patient)'.      }
  "\n";       &clean_sockets();
     system("su -c '/home/httpd/perl/loncron' www");  } elsif ($command eq "start") {
 }      my $firewall_result = &firewall_open_port();
 elsif ($command eq "status") {      if (($firewall_result eq 'ok') || ($firewall_result eq 'inactive firewall')) {
     $response=`/bin/cat /home/httpd/perl/logs/*.pid 2>&1`;          if ($firewall_result eq 'inactive firewall') {
               print "WARNING: iptables firewall is currently inactive\n";
           }
           print 'Starting LON-CAPA'."\n";
           print 'Starting LON-CAPA client and daemon processes (please be patient)'.
         "\n";
           system("su www -c '/home/httpd/perl/loncron --justcheckdaemons'");
       } else {
           print "Not starting LON-CAPA\n";
           if ($firewall_result eq 'port number unknown') {
               print "Could not check for status of LON-CAPA port in running firewall - port number unknown.  \n";
           } elsif ($firewall_result) {
               print "$firewall_result\n";
           }
       }
   } elsif ($command eq "reload") {
       print 'Reload LON-CAPA config files'."\n";
       system("su www -c '/home/httpd/perl/loncron --justreload'");
   } elsif ($command eq "status") {
       my $lond_port = &get_lond_port();
       my $response=`/bin/cat /home/httpd/perl/logs/*.pid 2>&1`;
     if ($response=~/No such file or directory/) {      if ($response=~/No such file or directory/) {
  print 'LON-CAPA is not running.'."\n";   print 'LON-CAPA is not running.'."\n";
     }      } else {
     else {  
  print 'LON-CAPA is running.'."\n";   print 'LON-CAPA is running.'."\n";
    system("su www -c '/home/httpd/perl/loncron --justcheckconnections'");
     }      }
 }      if (! &firewall_is_active) {
 else {          print 'The iptables firewall is not active'."\n";
     print 'You need to specify restart|stop|start|status on the command line'.      }
  ' argument.'."\n";      my $lond_port = &get_lond_port();
       if ($lond_port) {
           if (&firewall_is_port_open($lond_port)) {
               print "The LON-CAPA port ($lond_port) is open in firewall.\n";
           } elsif (&firewall_is_active) {
               print "The LON-CAPA port ($lond_port) is NOT open in running firewall!\n";
           }
       } else {
           if (&firewall_is_active) {
               print "Could not check for status of LON-CAPA port in running firewall - port number unknown.\n";
           } else {
               print "LON-CAPA port number is unknown, and firewall is not running.\n";
           }
       }
   } else {
       print "You need to specify one of restart|stop|start|status on the command line.\n";
 }  }
Removed from v.1.11  
changed lines
  Added in v.1.36

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>