From: František Dvořák <valtri@civ.zcu.cz>
Date: Tue, 28 Aug 2012 10:53:14 +0000 (+0000)
Subject: Update startup script due to new GSS mechanisms - pass certificates through environme... 
X-Git-Tag: glite-lb-common_R_8_2_4_1~7
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=3034b26b9b053e67eb15298aef8c0ccf1afc7181;p=jra1mw.git

Update startup script due to new GSS mechanisms - pass certificates through environment instead of argument. Needed for Kerberos GSS library.
---

diff --git a/org.glite.lb.logger/config/startup b/org.glite.lb.logger/config/startup
index 3d4a673..83b14ca 100755
--- a/org.glite.lb.logger/config/startup
+++ b/org.glite.lb.logger/config/startup
@@ -29,6 +29,10 @@ GLITE_LB_LOCATION=${GLITE_LB_LOCATION:-'@glite_prefix@'}
 GLITE_LB_LOCATION_ETC=${GLITE_LB_LOCATION_ETC:-'@glite_etc@'}
 GLITE_LB_LOCATION_VAR=${GLITE_LB_LOCATION_VAR:-'@glite_var@'}
 
+KRB5_KTNAME="FILE:/var/glite/krb5kt_lb"
+KRB5CCNAME="FILE:/var/glite/krb5cc_lb"
+LOG4C_RCPATH="$GLITE_LB_LOCATION_ETC/glite-lb"
+
 [ -f /etc/profile.d/grid-env.sh ] && . /etc/profile.d/grid-env.sh
 [ -f /etc/glite.conf ] && . /etc/glite.conf
 [ -f $GLITE_LB_LOCATION_ETC/glite-wms.conf ] && . $GLITE_LB_LOCATION_ETC/glite-wms.conf
@@ -42,9 +46,6 @@ LL_PIDFILE=${LL_PIDFILE:-$GLITE_LB_LOCATION_VAR/glite-lb-logd.pid}
 IL_PIDFILE=${IL_PIDFILE:-$GLITE_LB_LOCATION_VAR/glite-lb-interlogd.pid}
 IL_SOCKFILE=/tmp/interlogger.sock
 
-KRB5_KTNAME=${KRB5_KTNAME:-'FILE:/var/glite/krb5kt_lb'}
-KRB5CCNAME=${KRB5CCNAME:-'FILE:/var/glite/krb5cc_lb'}
-
 lockfile=/var/lock/glite-lb-locallogger
 
 unset creds port env
@@ -123,24 +124,25 @@ start()
 		return 1
 	fi
 
-	env="LOG4C_RCPATH='$GLITE_LB_LOCATION_ETC/glite-lb'"
+	if [ -n "$LOG4C_RCPATH" ]; then env="$env LOG4C_RCPATH='$LOG4C_RCPATH'"; fi
+	if [ -n "$KRB5_KTNAME" ]; then env="$env KRB5_KTNAME='$KRB5_KTNAME'"; fi
+	if [ -n "$KRB5CCNAME" ]; then env="$env KRB5CCNAME='$KRB5CCNAME'"; fi
 
-	if [ x"$GLITE_GSS_MECH" = x"krb5" ]; then
-		env="$env KRB5_KTNAME='$KRB5_KTNAME' KRB5CCNAME='$KRB5CCNAME'"
-	else
-		[ -n "$GLITE_HOST_CERT" -a -n "$GLITE_HOST_KEY" ] &&
-			creds="-c $GLITE_HOST_CERT -k $GLITE_HOST_KEY"
-
-		if test -z "$creds"; then
-			if su - $GLITE_USER -c "test -r /etc/grid-security/hostkey.pem -a -r /etc/grid-security/hostcert.pem"; then
-				echo "$0: WARNING: /etc/grid-security/hostkey.pem readable by $GLITE_USER"
-				creds="-c /etc/grid-security/hostcert.pem -k /etc/grid-security/hostkey.pem"
-			fi
-		fi
+	if [ -n "$GLITE_HOST_CERT" -a -n "$GLITE_HOST_KEY" ]; then
+		env="$env X509_USER_CERT=$GLITE_HOST_CERT X509_USER_KEY=$GLITE_HOST_KEY"
+		creds=1
+	fi
 
-		[ -z "$creds" ] && echo $0: WARNING: No credentials specified. Using default lookup which is dangerous. >&2
+	if test -z "$creds"; then
+		if su - $GLITE_USER -c "test -r /etc/grid-security/hostkey.pem -a -r /etc/grid-security/hostcert.pem"; then
+			echo "$0: WARNING: /etc/grid-security/hostkey.pem readable by $GLITE_USER"
+			env="$env X509_USER_CERT=$GLITE_HOST_CERT X509_USER_KEY=$GLITE_HOST_KEY"
+			creds=1
+		fi
 	fi
 
+	[ -z "$creds" ] && echo $0: WARNING: No credentials specified. Using default lookup which is dangerous. >&2
+
 	[ -n "$GLITE_LB_LOGGER_PORT" ] && port="--port $GLITE_LB_LOGGER_PORT"
 	[ -n "$GLITE_LB_IL_SOCK" ] && sock="--socket $GLITE_LB_IL_SOCK"
 	[ -n "$GLITE_LB_IL_FPREFIX" ] && fprefix="--file-prefix $GLITE_LB_IL_FPREFIX"
@@ -149,10 +151,10 @@ start()
 	chown $GLITE_USER /var/glite/log
         (cd /tmp && ls -f /tmp |grep ^dglogd_sock_ |xargs rm -f)
 	start_daemon "glite-lb-logd" "$LL_PIDFILE" "$GLITE_LB_LOCATION/bin/glite-lb-logd \
-		-i $LL_PIDFILE $creds $port $sock $fprefix"
+		-i $LL_PIDFILE $port $sock $fprefix"
 
 	start_daemon "glite-lb-interlogd" "$IL_PIDFILE" "$GLITE_LB_LOCATION/bin/glite-lb-interlogd \
-		-i $IL_PIDFILE $creds $sock $fprefix" "$IL_SOCKFILE"
+		-i $IL_PIDFILE $sock $fprefix" "$IL_SOCKFILE"
 }
 
 killwait()
diff --git a/org.glite.lb.server/config/startup b/org.glite.lb.server/config/startup
index 3c94508..95d1dbe 100755
--- a/org.glite.lb.server/config/startup
+++ b/org.glite.lb.server/config/startup
@@ -30,6 +30,10 @@ GLITE_LB_LOCATION_VAR=${GLITE_LB_LOCATION_VAR:-'@glite_var@'}
 GLITE_LB_LOCATION_ETC=${GLITE_LB_LOCATION_ETC:-'@glite_etc@'}
 GLITE_JP_LOCATION=${GLITE_JP_LOCATION:-$GLITE_LB_LOCATION}
 
+KRB5_KTNAME="FILE:/var/glite/krb5kt_lb"
+KRB5CCNAME="FILE:/var/glite/krb5cc_lb"
+LOG4C_RCPATH="$GLITE_LB_LOCATION_ETC/glite-lb"
+
 [ -f /etc/profile.d/grid-env.sh ] && . /etc/profile.d/grid-env.sh
 [ -f /etc/glite.conf ] && . /etc/glite.conf
 [ -f $GLITE_LB_LOCATION_ETC/glite-wms.conf ] && . $GLITE_LB_LOCATION_ETC/glite-wms.conf
@@ -58,9 +62,6 @@ if [ -f "$msgconf" ]; then
 	GLITE_LB_SERVER_OTHER_OPTIONS="$GLITE_LB_SERVER_OTHER_OPTIONS -F $msgconf"
 fi
 
-KRB5_KTNAME=${KRB5_KTNAME:-'FILE:/var/glite/krb5kt_lb'}
-KRB5CCNAME=${KRB5CCNAME:-'FILE:/var/glite/krb5cc_lb'}
-
 lockfile=/var/lock/glite-lb-bkserverd
 
 unset creds port env
@@ -160,24 +161,25 @@ start()
 		return 1
 	fi
 
-	env="LOG4C_RCPATH='$GLITE_LB_LOCATION_ETC/glite-lb'"
+	if [ -n "$LOG4C_RCPATH" ]; then env="$env LOG4C_RCPATH='$LOG4C_RCPATH'"; fi
+	if [ -n "$KRB5_KTNAME" ]; then env="$env KRB5_KTNAME='$KRB5_KTNAME'"; fi
+	if [ -n "$KRB5CCNAME" ]; then env="$env KRB5CCNAME='$KRB5CCNAME'"; fi
 
-	if [ x"$GLITE_GSS_MECH" = x"krb5" ]; then
-		env="$env KRB5_KTNAME='$KRB5_KTNAME' KRB5CCNAME='$KRB5CCNAME'"
-	else
-		[ -n "$GLITE_HOST_CERT" -a -n "$GLITE_HOST_KEY" ] &&
-			creds="-c $GLITE_HOST_CERT -k $GLITE_HOST_KEY"
+	if [ -n "$GLITE_HOST_CERT" -a -n "$GLITE_HOST_KEY" ]; then
+		env="$env X509_USER_CERT=$GLITE_HOST_CERT X509_USER_KEY=$GLITE_HOST_KEY"
+		creds=1
+	fi
 
-		if test -z "$creds"; then
-			if su - $GLITE_USER -c "test -r /etc/grid-security/hostkey.pem -a -r /etc/grid-security/hostcert.pem"; then
-				echo "$0: WARNING: /etc/grid-security/hostkey.pem readable by $GLITE_USER"
-				creds="-c /etc/grid-security/hostcert.pem -k /etc/grid-security/hostkey.pem"
-			fi
+	if test -z "$creds"; then
+		if su - $GLITE_USER -c "test -r /etc/grid-security/hostkey.pem -a -r /etc/grid-security/hostcert.pem"; then
+			echo "$0: WARNING: /etc/grid-security/hostkey.pem readable by $GLITE_USER"
+			env="$env X509_USER_CERT=/etc/grid-security/hostcert.pem X509_USER_KEY=/etc/grid-security/hostkey.pem"
+			creds=1
 		fi
-
-		[ -z "$creds" ] && echo $0: WARNING: No credentials specified. Using default lookup which is dangerous. >&2
 	fi
 
+	[ -z "$creds" ] && echo $0: WARNING: No credentials specified. Using default lookup which is dangerous. >&2
+
 	policy="$GLITE_LB_LOCATION_ETC/glite-lb/glite-lb-authz.conf"
 	lcas_log="LCAS_LOG_FILE='/var/log/glite/glite-lb-server-lcas.log' LCAS_ETC_DIR='$GLITE_LB_LOCATION_ETC/glite-lb'"
 	if test -f "$policy"; then
@@ -249,14 +251,14 @@ start()
 	start_daemon glite-lb-bkserver "$BK_PIDFILE" "$lcas_log $GLITE_LB_LOCATION/bin/glite-lb-bkserverd \
 		--notif-il-sock=$GLITE_LB_NOTIF_SOCK \
 		--notif-il-fprefix=$GLITE_LB_NOTIF_FPREFIX \
-		$super $creds -i $BK_PIDFILE $port $wport $dumpdir $purgedir $lbreg_maildir $proxy $policy\
+		$super -i $BK_PIDFILE $port $wport $dumpdir $purgedir $lbreg_maildir $proxy $policy\
 		$GLITE_LB_SERVER_OTHER_OPTIONS" "/tmp/lb_proxy_serve.sock /tmp/lb_proxy_store.sock"
 
 	if test -x $GLITE_LB_LOCATION/bin/glite-lb-notif-interlogd; then
 		start_daemon glite-lb-notif-interlogd "$NOTIF_IL_PIDFILE" "$GLITE_LB_LOCATION/bin/glite-lb-notif-interlogd \
 			-f $GLITE_LB_NOTIF_FPREFIX -s $GLITE_LB_NOTIF_SOCK \
 			-i $NOTIF_IL_PIDFILE -M 10485760 \
-			$creds $GLITE_LB_NOTIF_IL_OTHER_OPTIONS" "$GLITE_LB_NOTIF_SOCK"
+			$GLITE_LB_NOTIF_IL_OTHER_OPTIONS" "$GLITE_LB_NOTIF_SOCK"
 	else
 		echo Warning: glite-lb-notif-interlogd not installed, LB notifications will not work
 	fi
@@ -266,7 +268,7 @@ start()
 		LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GLITE_JP_LOCATION/lib \
 		$GLITE_JP_LOCATION/bin/glite-jp-importer \
 			-i $jp_importer_pidfile $jpreg_maildir $jpdump_maildir $sandbox_maildir \
-			$jpps $creds $GLITE_JP_IMPORTER_ARGS"
+			$jpps $GLITE_JP_IMPORTER_ARGS"
 	fi
 
 	if test x"$GLITE_LB_TYPE" = x"proxy" -o x"$GLITE_LB_TYPE" = x"both" ; then
@@ -274,7 +276,7 @@ start()
 			start_daemon "glite-lb-interlog for proxy" "$PROXY_IL_PIDFILE" "$GLITE_LB_LOCATION/bin/glite-lb-interlogd \
 				-f $GLITE_LB_PROXY_FPREFIX -s $GLITE_LB_PROXY_SOCK \
 				-i $PROXY_IL_PIDFILE \
-				$creds $GLITE_LB_PROXY_IL_OTHER_OPTIONS" "$GLITE_LB_PROXY_SOCK"
+				$GLITE_LB_PROXY_IL_OTHER_OPTIONS" "$GLITE_LB_PROXY_SOCK"
 		else
 			echo Warning: glite-lb-interlogd not installed, logging to LB proxy will not work
 		fi