--- loncom/init.d/loncontrol 2000/10/26 01:37:36 1.2 +++ loncom/init.d/loncontrol 2007/06/12 23:45:42 1.32 @@ -1,87 +1,230 @@ #!/usr/bin/perl # +# $Id: loncontrol,v 1.32 2007/06/12 23:45:42 albertel Exp $ +# +# The LearningOnline Network with CAPA +# +# Copyright Michigan State University Board of Trustees +# +# This file is part of the LearningOnline Network with CAPA (LON-CAPA). +# +# LON-CAPA is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# LON-CAPA is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with LON-CAPA; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# /home/httpd/html/adm/gpl.txt +# +# http://www.lon-capa.org/ +# # Startup script for the LON-CAPA network processes -# Scott Harrison 10/25/2000 # -# chkconfig: 345 85 15 -# description: Apache is a World Wide Web server. It is used to serve \ -# HTML files and CGI. -# processnames: lonc, lond, lonsql + +# chkconfig: 345 95 5 +# description: LON-CAPA is a "network of knowledge". It is used to \ +# distribute knowledge resources and instructional management. +# processnames: lonc, lond, lonsql, lonmaxima # pidfiles: /home/httpd/perl/logs/lon*.pid -# config: /etc/httpd/conf/access.conf +# config: /etc/httpd/conf/loncapa.conf # config: /home/httpd/lonTabs/hosts.tab # config: /home/httpd/lonTabs/spare.tab +# SuSE chkconfig/insserv info +### BEGIN INIT INFO +# Provides: loncapa +# Required-Start: mysql apache2 $network $remote_fs +# Required-Stop: +# Default-Start: 3 4 5 +# Default-Stop: +# Description: Starts the LON-CAPA services +### END INIT INFO -open (IN, "; -close IN; -for $l (@lines) { - chop $l; - @F=split(/\:/,$l); - if ($F[0] eq 'www') {$wwwid=$F[2];} -} -$<=$wwwid; - -open (OUT, ">junk"); -print OUT "stuff"; -close OUT; -__END__ $command=$ARGV[0]; $command=~s/[^a-z]//g; -# ($euid,$egid,$uid,$gid)=($>,$),$<,$(); $ENV{'PATH'}="/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin"; $ENV{'BASH_ENV'}=""; -open (IN, "; -close IN; -for $l (@lines) { - chop $l; - @F=split(/\:/,$l); - if ($F[0] eq 'www') {$wwwid=$F[2];} -} -if ($wwwid!=$<) { - die("User ID mismatch. This program must be run as user 'www'\n"); -} - -if (($command eq "restart") or ($command eq "reload")) { - print "Restarting LON-CAPA\n"; - ($<,$>)=($>,$<); - print "Ending LON-CAPA client and daemon processes\n"; - print `/bin/kill \`/bin/cat /home/httpd/perl/logs/*.pid\``; - print "Starting LON-CAPA client and daemon processes (please be patient)\n"; - system("/home/httpd/perl/loncron"); - ($<,$>)=($>,$<); - print "Restarting web server\n"; - print `/etc/rc.d/init.d/httpd restart`; -} -elsif ($command eq "stop") { - print "Stopping LON-CAPA\n"; - ($<,$>)=($>,$<); - print `/bin/kill \`/bin/cat /home/httpd/perl/logs/*.pid\``; - ($<,$>)=($>,$<); - print "Stopping web server\n"; - print `/etc/rc.d/init.d/httpd stop`; -} -elsif ($command eq "start") { - print "Starting LON-CAPA\n"; - print "Starting LON-CAPA client and daemon processes (please be patient)\n"; - ($<,$>)=($>,$<); - system("/home/httpd/perl/loncron"); - ($<,$>)=($>,$<); - print "Starting web server\n"; - print `/etc/rc.d/init.d/httpd start`; +{ # Firewall variable scoping + # Firewall code is based on the code in FC2 /etc/init.d/ntpd + my $fw_chain = 'RH-Firewall-1-INPUT'; + my $iptables = '/sbin/iptables'; + if (! -e $iptables) { + $iptables = '/usr/sbin/iptables'; + if (! -e $iptables) { + print("Unable to find iptables command\n"); + } + } + my $lond_port = 5663; + my $lonhttpd_port = 8080; + +sub firewall_open_port { + return if (! &firewall_is_active); + if (! `$iptables -L -n 2>/dev/null | grep $fw_chain | wc -l`) { return; } + # iptables is running with our chain + # + # We could restrict the servers allowed to attempt to communicate + # here, but the logistics of updating the /home/httpd/lonTabs/host.tab + # file are likely to be a problem + foreach my $port ($lond_port,$lonhttpd_port) { + print "Opening firewall access on port $port.\n"; + + my $firewall_command = + "$iptables -I $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT"; + system($firewall_command); + my $return_status = $?>>8; + if ($return_status == 1) { + # Error + print "Error opening port.\n"; + } elsif ($return_status == 2) { + # Bad command + print "Bad command error opening port. Command was\n". + " ".$firewall_command."\n"; + } + } + } -elsif ($command eq "status") { + +sub firewall_is_port_open { + # returns 1 if the firewall port is open, 0 if not. + # + # check if firewall is active or installed + return if (! &firewall_is_active); + if (`$iptables -L -n 2>/dev/null | grep "tcp dpt:$port"`) { + return 1; + } else { + return 0; + } +} + +sub firewall_is_active { + if (-e '/proc/net/ip_tables_names') { + return 1; + } else { + return 0; + } +} + +sub firewall_close_port { + return if (! &firewall_is_active); + foreach my $port ($lond_port,$lonhttpd_port) { + print "Closing firewall access on port $port.\n"; + my $firewall_command = + "$iptables -D $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT"; + system($firewall_command); + my $return_status = $?>>8; + if ($return_status == 1) { + # Error + print "Error closing port.\n"; + } elsif ($return_status == 2) { + # Bad command + print "Bad command error closing port. Command was\n". + " ".$firewall_command."\n"; + } + } +} + +} # End firewall variable scope + +sub stop_daemon { + my ($daemon,$killallname)=@_; + my $pidfile="/home/httpd/perl/logs/$daemon.pid"; + + printf("%-15s ",$daemon); + if (-e $pidfile) { + open(PIDFILE,$pidfile); + my $daemonpid=; + chomp($daemonpid); + kill TERM => $daemonpid; + my $count=0; + while ($count++ < 5 && kill(0 => $daemonpid)) { + sleep 1; + } + if (kill 0 => $daemonpid) { + kill KILL => $daemonpid; + sleep 1; + if (kill 0 => $daemonpid) { + print("failed to kill"); + } else { + print("killed"); + } + } else { + print("stopped"); + } + } else { + print("not running"); + } + system("killall -q -0 $killallname"); + if ($? == 0) { + system("killall -q $killallname"); + print(", killed off extraneous processes"); + } + unlink($pidfile); + print("\n"); +} + +sub clean_sockets { + opendir(SOCKETS,"/home/httpd/sockets/"); + while (my $fname=readdir(SOCKETS)) { + next if (-d $fname + || $fname=~/(mysqlsock|maximasock|\Q$perlvar{'lonSockDir'}\E)/); + unlink("/home/httpd/sockets/$fname"); + } +} + +if ($command eq "restart") { + print 'Restarting LON-CAPA'."\n"; + print 'Ending LON-CAPA client and daemon processes'."\n"; + foreach my $daemon ('lonsql','lond','lonc','lonhttpd','lonmemcached','lonmaxima') { + my $killallname=$daemon; + if ($daemon eq 'lonc') { $killallname='loncnew'; } + &stop_daemon($daemon,$killallname); + } + print 'Starting LON-CAPA client and daemon processes (please be patient)'. + "\n"; + system("su www -c '/home/httpd/perl/loncron --justcheckdaemons'"); +} elsif ($command eq "stop") { + print 'Stopping LON-CAPA'."\n"; + foreach my $daemon ('lonsql','lond','lonc','lonhttpd','lonmemcached','lonmaxima') { + my $killallname=$daemon; + if ($daemon eq 'lonc') { $killallname='loncnew'; } + &stop_daemon($daemon,$killallname); + } + &firewall_close_port(); + &clean_sockets(); +} elsif ($command eq "start") { + &firewall_open_port(); + print 'Starting LON-CAPA'."\n"; + print 'Starting LON-CAPA client and daemon processes (please be patient)'. + "\n"; + system("su www -c '/home/httpd/perl/loncron --justcheckdaemons'"); +} elsif ($command eq "reload") { + print 'Reload LON-CAPA config files'."\n"; + system("su www -c '/home/httpd/perl/loncron --justreload'"); +} elsif ($command eq "status") { $response=`/bin/cat /home/httpd/perl/logs/*.pid 2>&1`; if ($response=~/No such file or directory/) { - print "LON-CAPA is not running.\n"; + print 'LON-CAPA is not running.'."\n"; + } else { + print 'LON-CAPA is running.'."\n"; + system("su www -c '/home/httpd/perl/loncron --justcheckconnections'"); } - else { - print "LON-CAPA is running.\n"; + if (! &firewall_is_active) { + print 'The iptables firewall is not active'."\n"; } -} -else { - print "You need to specify restart|stop|start on the command line argument.\n"; + if (&firewall_is_port_open()) { + print 'The LON-CAPA port is open in firewall.'."\n"; + } elsif (&firewall_is_active) { + print 'The LON-CAPA port is NOT open in running firewall!'."\n"; + } +} else { + print 'You need to specify one of restart|stop|start|status on the command line.'."\n"; }