loncom/init.d/loncontrol - view

File: [LON-CAPA] / loncom / init.d / loncontrol
Revision 1.33: download - view: text, annotated - select for diffs
Tue Nov 4 21:06:31 2008 UTC (15 years, 7 months ago) by www
Branches: MAIN
CVS tags: version_2_8_0, version_2_7_99_1, version_2_7_99_0, HEAD

Eliminate lonhttpd on port 8080 due to increasing number of user and
institutional firewall issues

1: #!/usr/bin/perl 2: # 3: # $Id: loncontrol,v 1.33 2008/11/04 21:06:31 www Exp $ 4: # 5: # The LearningOnline Network with CAPA 6: # 7: # Copyright Michigan State University Board of Trustees 8: # 9: # This file is part of the LearningOnline Network with CAPA (LON-CAPA). 10: # 11: # LON-CAPA is free software; you can redistribute it and/or modify 12: # it under the terms of the GNU General Public License as published by 13: # the Free Software Foundation; either version 2 of the License, or 14: # (at your option) any later version. 15: # 16: # LON-CAPA is distributed in the hope that it will be useful, 17: # but WITHOUT ANY WARRANTY; without even the implied warranty of 18: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19: # GNU General Public License for more details. 20: # 21: # You should have received a copy of the GNU General Public License 22: # along with LON-CAPA; if not, write to the Free Software 23: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 24: # 25: # /home/httpd/html/adm/gpl.txt 26: # 27: # http://www.lon-capa.org/ 28: # 29: # Startup script for the LON-CAPA network processes 30: # 31: 32: # chkconfig: 345 95 5 33: # description: LON-CAPA is a "network of knowledge". It is used to \ 34: # distribute knowledge resources and instructional management. 35: # processnames: lonc, lond, lonsql, lonmaxima 36: # pidfiles: /home/httpd/perl/logs/lon*.pid 37: # config: /etc/httpd/conf/loncapa.conf 38: # config: /home/httpd/lonTabs/hosts.tab 39: # config: /home/httpd/lonTabs/spare.tab 40: # SuSE chkconfig/insserv info 41: ### BEGIN INIT INFO 42: # Provides: loncapa 43: # Required-Start: mysql apache2 $network $remote_fs 44: # Required-Stop: 45: # Default-Start: 3 4 5 46: # Default-Stop: 47: # Description: Starts the LON-CAPA services 48: ### END INIT INFO 49: 50: 51: $command=$ARGV[0]; $command=~s/[^a-z]//g; 52: 53: $ENV{'PATH'}="/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin"; 54: $ENV{'BASH_ENV'}=""; 55: 56: { # Firewall variable scoping 57: # Firewall code is based on the code in FC2 /etc/init.d/ntpd 58: my $fw_chain = 'RH-Firewall-1-INPUT'; 59: my $iptables = '/sbin/iptables'; 60: if (! -e $iptables) { 61: $iptables = '/usr/sbin/iptables'; 62: if (! -e $iptables) { 63: print("Unable to find iptables command\n"); 64: } 65: } 66: my $lond_port = 5663; 67: 68: sub firewall_open_port { 69: return if (! &firewall_is_active); 70: if (! `$iptables -L -n 2>/dev/null | grep $fw_chain | wc -l`) { return; } 71: # iptables is running with our chain 72: # 73: # We could restrict the servers allowed to attempt to communicate 74: # here, but the logistics of updating the /home/httpd/lonTabs/host.tab 75: # file are likely to be a problem 76: foreach my $port ($lond_port) { 77: print "Opening firewall access on port $port.\n"; 78: 79: my $firewall_command = 80: "$iptables -I $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT"; 81: system($firewall_command); 82: my $return_status = $?>>8; 83: if ($return_status == 1) { 84: # Error 85: print "Error opening port.\n"; 86: } elsif ($return_status == 2) { 87: # Bad command 88: print "Bad command error opening port. Command was\n". 89: " ".$firewall_command."\n"; 90: } 91: } 92: 93: } 94: 95: sub firewall_is_port_open { 96: # returns 1 if the firewall port is open, 0 if not. 97: # 98: # check if firewall is active or installed 99: return if (! &firewall_is_active); 100: if (`$iptables -L -n 2>/dev/null | grep "tcp dpt:$port"`) { 101: return 1; 102: } else { 103: return 0; 104: } 105: } 106: 107: sub firewall_is_active { 108: if (-e '/proc/net/ip_tables_names') { 109: return 1; 110: } else { 111: return 0; 112: } 113: } 114: 115: sub firewall_close_port { 116: return if (! &firewall_is_active); 117: foreach my $port ($lond_port) { 118: print "Closing firewall access on port $port.\n"; 119: my $firewall_command = 120: "$iptables -D $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT"; 121: system($firewall_command); 122: my $return_status = $?>>8; 123: if ($return_status == 1) { 124: # Error 125: print "Error closing port.\n"; 126: } elsif ($return_status == 2) { 127: # Bad command 128: print "Bad command error closing port. Command was\n". 129: " ".$firewall_command."\n"; 130: } 131: } 132: } 133: 134: } # End firewall variable scope 135: 136: sub stop_daemon { 137: my ($daemon,$killallname)=@_; 138: my $pidfile="/home/httpd/perl/logs/$daemon.pid"; 139: 140: printf("%-15s ",$daemon); 141: if (-e $pidfile) { 142: open(PIDFILE,$pidfile); 143: my $daemonpid=<PIDFILE>; 144: chomp($daemonpid); 145: kill TERM => $daemonpid; 146: my $count=0; 147: while ($count++ < 5 && kill(0 => $daemonpid)) { 148: sleep 1; 149: } 150: if (kill 0 => $daemonpid) { 151: kill KILL => $daemonpid; 152: sleep 1; 153: if (kill 0 => $daemonpid) { 154: print("failed to kill"); 155: } else { 156: print("killed"); 157: } 158: } else { 159: print("stopped"); 160: } 161: } else { 162: print("not running"); 163: } 164: system("killall -q -0 $killallname"); 165: if ($? == 0) { 166: system("killall -q $killallname"); 167: print(", killed off extraneous processes"); 168: } 169: unlink($pidfile); 170: print("\n"); 171: } 172: 173: sub clean_sockets { 174: opendir(SOCKETS,"/home/httpd/sockets/"); 175: while (my $fname=readdir(SOCKETS)) { 176: next if (-d $fname 177: || $fname=~/(mysqlsock|maximasock|\Q$perlvar{'lonSockDir'}\E)/); 178: unlink("/home/httpd/sockets/$fname"); 179: } 180: } 181: 182: if ($command eq "restart") { 183: print 'Restarting LON-CAPA'."\n"; 184: print 'Ending LON-CAPA client and daemon processes'."\n"; 185: foreach my $daemon ('lonsql','lond','lonc','lonmemcached','lonmaxima') { 186: my $killallname=$daemon; 187: if ($daemon eq 'lonc') { $killallname='loncnew'; } 188: &stop_daemon($daemon,$killallname); 189: } 190: print 'Starting LON-CAPA client and daemon processes (please be patient)'. 191: "\n"; 192: system("su www -c '/home/httpd/perl/loncron --justcheckdaemons'"); 193: } elsif ($command eq "stop") { 194: print 'Stopping LON-CAPA'."\n"; 195: foreach my $daemon ('lonsql','lond','lonc','lonmemcached','lonmaxima') { 196: my $killallname=$daemon; 197: if ($daemon eq 'lonc') { $killallname='loncnew'; } 198: &stop_daemon($daemon,$killallname); 199: } 200: &firewall_close_port(); 201: &clean_sockets(); 202: } elsif ($command eq "start") { 203: &firewall_open_port(); 204: print 'Starting LON-CAPA'."\n"; 205: print 'Starting LON-CAPA client and daemon processes (please be patient)'. 206: "\n"; 207: system("su www -c '/home/httpd/perl/loncron --justcheckdaemons'"); 208: } elsif ($command eq "reload") { 209: print 'Reload LON-CAPA config files'."\n"; 210: system("su www -c '/home/httpd/perl/loncron --justreload'"); 211: } elsif ($command eq "status") { 212: $response=`/bin/cat /home/httpd/perl/logs/*.pid 2>&1`; 213: if ($response=~/No such file or directory/) { 214: print 'LON-CAPA is not running.'."\n"; 215: } else { 216: print 'LON-CAPA is running.'."\n"; 217: system("su www -c '/home/httpd/perl/loncron --justcheckconnections'"); 218: } 219: if (! &firewall_is_active) { 220: print 'The iptables firewall is not active'."\n"; 221: } 222: if (&firewall_is_port_open()) { 223: print 'The LON-CAPA port is open in firewall.'."\n"; 224: } elsif (&firewall_is_active) { 225: print 'The LON-CAPA port is NOT open in running firewall!'."\n"; 226: } 227: } else { 228: print 'You need to specify one of restart|stop|start|status on the command line.'."\n"; 229: }