[ -n "$GLITE_LB_IL_SOCK" ] && sock="--socket $GLITE_LB_IL_SOCK"
[ -n "$GLITE_LB_IL_FPREFIX" ] && fprefix="--file-prefix $GLITE_LB_IL_FPREFIX"
- log4c="LOG4C_RCPATH='$GLITE_LOCATION/etc'"
+ log4c="LOG4C_RCPATH='$GLITE_LOCATION/etc/lb'"
mkdir -p /var/glite/log
chown $GLITE_USER /var/glite/log
$(MAKE) install PREFIX=${stagedir} DOSTAGE=yes
install:
- -mkdir -p ${PREFIX}/bin ${PREFIX}/etc ${PREFIX}/etc/init.d ${PREFIX}/interface
+ -mkdir -p ${PREFIX}/bin ${PREFIX}/etc/lb ${PREFIX}/etc/init.d ${PREFIX}/interface
-mkdir -p ${PREFIX}/share/doc/${package}-${version}
-mkdir -p ${PREFIX}/share/man/man1
-mkdir -p ${PREFIX}/${libdir}
ln -sf liblcas_lb.so ${PREFIX}/${libdir}/modules/lcas_lb.mod
for f in dbsetup.sql index.conf.template; do \
- ${INSTALL} -m 644 ${top_srcdir}/config/"glite-lb-$$f" ${PREFIX}/etc; \
+ ${INSTALL} -m 644 ${top_srcdir}/config/"glite-lb-$$f" ${PREFIX}/etc/lb; \
done
- ${INSTALL} -m 755 ${top_srcdir}/config/glite-lb-migrate_db2version20 ${PREFIX}/etc
+ ${INSTALL} -m 755 ${top_srcdir}/config/glite-lb-migrate_db2version20 ${PREFIX}/etc/lb
${INSTALL} -m 755 ${top_srcdir}/config/startup ${PREFIX}/etc/init.d/glite-lb-bkserverd
fi
fi
- log4c="LOG4C_RCPATH='$GLITE_LOCATION/etc'"
+ log4c="LOG4C_RCPATH='$GLITE_LOCATION/etc/lb'"
- policy="$GLITE_LOCATION/etc/glite-lb-authz.conf"
- lcas_log="LCAS_LOG_FILE='/var/log/glite/glite-lb-lcas.log'"
+ policy="$GLITE_LOCATION/etc/lb/glite-lb-authz.conf"
+ lcas_log="LCAS_LOG_FILE='/var/log/glite/glite-lb-lcas.log' LCAS_ETC_DIR='/opt/glite/etc/lb'"
if test -f "$policy"; then
- policy="--enable-lcas --policy '$policy'"
+ # lcas not enabled by default yet
+ policy="--policy '$policy'"
else
unset policy
unset lcas_log
[ -n "$GLITE_LB_EXPORT_JPPS" ] && jpps="--jpps $GLITE_LB_EXPORT_JPPS"
fi
- if test -r "$GLITE_LOCATION/etc/LB-super-users"; then
- super="--super-users-file $GLITE_LOCATION/etc/LB-super-users"
- fi
-
[ -z "$creds" ] && echo $0: WARNING: No credentials specified. Using default lookup which is dangerous. >&2
[ -n "$GLITE_LB_SERVER_PORT" ] && port="-p $GLITE_LB_SERVER_PORT"
return 1;
}
+ if (enable_lcas) {
+ char s[3];
+
+ switch (glite_common_log_get_priority(LOG_CATEGORY_LB_AUTHZ)) {
+ case LOG_PRIORITY_FATAL:
+ case LOG_PRIORITY_ERROR:
+ case LOG_PRIORITY_WARN:
+ i = 0;
+ break;
+ case LOG_PRIORITY_INFO:
+ i = 1;
+ break;
+ case LOG_PRIORITY_DEBUG:
+ i = 2;
+ break;
+ default:
+ i = 0;
+ }
+ snprintf(s, 3, "%d", i);
+ setenv("LCAS_DEBUG_LEVEL", s, 1);
+ }
if (mode & SERVICE_SERVER) {
if (check_mkdir(dumpStorage)){
superusers="`echo \"$superusers\"| grep -v ^$ | tr ',' '\n' | sed 's/\(.*\)/\t\tsubject = \"\1\"/'`"
rtm="`echo \"$rtm\"| grep -v ^$ | tr ',' '\n' | sed 's/\(.*\)/\t\tsubject = \"\1\"/'`"
+ authconf="$GLITE_LOCATION/etc/lb/glite-lb-authz.conf"
- cat <<EOF > "$GLITE_LOCATION/etc/glite-lb-authz.conf.new"
+ cat <<EOF > "$authconf".new
resource "LB" {
EOF
if test ! -z "$superusers"; then
- cat <<EOF >> "$GLITE_LOCATION/etc/glite-lb-authz.conf.new"
+ cat <<EOF >> "$authconf".new
action "ADMIN_ACCESS" {
rule permit {
$superusers
fi
if test ! -z "$rtm"; then
- cat <<EOF >> "$GLITE_LOCATION/etc/glite-lb-authz.conf.new"
+ cat <<EOF >> "$authconf".new
action "STATUS_FOR_MONITORING" {
rule permit {
$rtm
EOF
fi
- cat <<EOF >> "$GLITE_LOCATION/etc/glite-lb-authz.conf.new"
+ cat <<EOF >> "$authconf".new
action "REGISTER_JOBS" {
rule permit {
subject = ".*"
}
EOF
# something changed
- if test -f "$GLITE_LOCATION/etc/glite-lb-authz.conf"; then
- diff -w "$GLITE_LOCATION/etc/glite-lb-authz.conf" "$GLITE_LOCATION/etc/glite-lb-authz.conf.new" >/dev/null
+ if test -f "$authconf"; then
+ diff -w "$authconf" "$authconf".new >/dev/null
if test "$?" != "0"; then
- yaimlog WARNING "Original authz configuration moved to '$GLITE_LOCATION/etc/glite-lb-authz.conf.yaimorig'"
- mv "$GLITE_LOCATION/etc/glite-lb-authz.conf" "$GLITE_LOCATION/etc/glite-lb-authz.conf.yaimorig"
+ yaimlog WARNING "Original authz configuration moved to '$authconf.yaimorig'"
+ mv "$authconf" "$authconf".yaimorig
fi
fi
rm "${GLITE_LOCATION}/etc/LB-super-users"
fi
- mv "$GLITE_LOCATION/etc/glite-lb-authz.conf.new" "$GLITE_LOCATION/etc/glite-lb-authz.conf"
+ mv "$authconf".new "$authconf"
}
function config_glite_lb() {
if [ ! $? = 0 ]; then
mysql -u root --password="$MYSQL_PASSWORD" -e "CREATE DATABASE lbserver20"
- mysql --password="$MYSQL_PASSWORD" lbserver20 < ${INSTALL_ROOT}/glite/etc/glite-lb-dbsetup.sql
+ mysql --password="$MYSQL_PASSWORD" lbserver20 < ${INSTALL_ROOT}/glite/etc/lb/glite-lb-dbsetup.sql
mysql -u root --password="$MYSQL_PASSWORD" -e "GRANT ALL PRIVILEGES on lbserver20.* to lbserver IDENTIFIED BY '' WITH GRANT OPTION;"
mysql -u root --password="$MYSQL_PASSWORD" -e "GRANT ALL PRIVILEGES on lbserver20.* to lbserver@'$HOSTNAME' IDENTIFIED BY '' WITH GRANT OPTION;"
mysql -u root --password="$MYSQL_PASSWORD" -e "GRANT ALL PRIVILEGES on lbserver20.* to lbserver@localhost IDENTIFIED BY '' WITH GRANT OPTION;"
fi
fi
lcas_plugin="$GLITE_LOCATION/$lcas_libarch/modules/lcas_lb.mod"
- mkdir -p /opt/glite/etc/lcas
- echo "pluginname=\"$lcas_plugin\"" > /opt/glite/etc/lcas/lcas.db
+ echo "pluginname=\"$lcas_plugin\"" > ${INSTALL_ROOT}/etc/lb/lcas.db
# log file
logfile=/var/log/glite/glite-lb-lcas.log
touch $logfile
chown $GLITE_USER:$GLITE_USER $logfile
- cat > /etc/logrotate.d/lcas <<EOF
+ cat > /etc/logrotate.d/lb-lcas <<EOF
$logfile {
- weekly
+ daily
compress
rotate 4
missingok
config_glite_lb_authz "$GLITE_LB_SUPER_USERS" ""
fi
- if [ ! -f ${GLITE_LOCATION}/etc/glite-lb-harvester.conf ]; then
- echo $HOSTNAME > ${GLITE_LOCATION}/etc/glite-lb-harvester.conf
+ if [ ! -f ${GLITE_LOCATION}/etc/lb/glite-lb-harvester.conf ]; then
+ echo $HOSTNAME > ${GLITE_LOCATION}/etc/lb/glite-lb-harvester.conf
fi
. /opt/glite/etc/profile.d/grid-env.sh
mkdir -p ${PREFIX}/share/doc/${package}-${version}
${INSTALL} -m 644 ${top_srcdir}/LICENSE ${PREFIX}/share/doc/${package}-${version}
${INSTALL} -m 644 ${top_srcdir}/README ${PREFIX}/share/doc/${package}-${version}
- mkdir -p ${PREFIX}/etc
- ${INSTALL} -m 644 ${top_srcdir}/config/log4crc ${PREFIX}/etc/log4crc
+ mkdir -p ${PREFIX}/etc/lb
+ ${INSTALL} -m 644 ${top_srcdir}/config/log4crc ${PREFIX}/etc/lb/log4crc
${INSTALL} -m 644 ${top_srcdir}/config/log4crc ${PREFIX}/share/doc/${package}-${version}/log4crc.example-production
${INSTALL} -m 644 ${top_srcdir}/config/log4crc.debugging ${PREFIX}/share/doc/${package}-${version}/log4crc.example-debugging
mkdir -p ${PREFIX}/${libdir}
<!-- category name="LB.LOGD" priority="debug" appender="stderr"/-->
<!-- category name="LB.INTERLOGD" priority="debug" appender="stderr"/-->
<!-- category name="LB.SERVER" priority="debug" appender="stderr"/-->
+ <!-- category name="LB.AUTHZ" priority="debug" appender="syslog"/-->
<!-- category name="LB.HARVESTER" priority="*" appender="syslog"/-->
<!-- default appenders ===================================== -->
#define LOG_CATEGORY_LB_SERVER_REQUEST "LB.SERVER.REQUEST"
#define LOG_CATEGORY_LB_HARVESTER "LB.HARVESTER"
#define LOG_CATEGORY_LB_HARVESTER_DB "LB.HARVESTER.DB"
+#define LOG_CATEGORY_LB_AUTHZ "LB.AUTHZ"
/* default priorities
* - follow LOG4C_PRIORITY_* defined in <log4c/priority.h>
git://scientific.zcu.cz / jra1mw.git / commitdiff