/
eucaconsole.init
executable file
·173 lines (141 loc) · 3.42 KB
/
eucaconsole.init
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
#!/bin/sh
### BEGIN INIT INFO
# Provides: eucaconsole
# Required-Start: $network $remote_fs
# Required-Stop: $network $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Eucalyptus Console Server
# Description: Eucalyptus Console Server
### END INIT INFO
. /etc/rc.d/init.d/functions
[ -f /etc/sysconfig/eucaconsole ] && . /etc/sysconfig/eucaconsole
SERVICE=eucaconsole
PROCESS=eucaconsole
PIDFILE=/var/run/eucaconsole/eucaconsole.pid
CONSOLEUSER=eucaconsole
LOCKFILE=/var/lock/subsys/eucaconsole
start() {
if [ "x${GENERATE_CERT}" != "xNO" ]; then
generate_cert
fi
if ! [ -f /etc/eucaconsole/session-keys.ini ]; then
generate_cookie_secrets
fi
echo -n $"Starting $SERVICE: "
daemon --user=$CONSOLEUSER --pidfile=$PIDFILE $PROCESS -d -p $PIDFILE
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $LOCKFILE
return $RETVAL
}
stop() {
echo -n $"Stopping $SERVICE: "
killproc -p $PIDFILE $PROCESS
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $LOCKFILE
[ -f $PIDFILE ] && rm -f $PIDFILE
}
restart() {
stop
start
}
condrestart() {
if [ -e $LOCKFILE ] ; then
restart
RETVAL=$?
return $RETVAL
fi
RETVAL=0
return $RETVAL
}
generate_cookie_secrets(){
cat > /etc/eucaconsole/session-keys.ini << _EOF_
[general]
session.encrypt_key = $(dd if=/dev/urandom bs=24 count=1 status=none | base64 | tr -d '/+=')
session.validate_key = $(dd if=/dev/urandom bs=24 count=1 status=none | base64 | tr -d '/+=')
_EOF_
}
generate_cert() {
local key=/etc/eucaconsole/console.key
local cert=/etc/eucaconsole/console.crt
if [ -f $key ] && [ -f $cert ]; then
return 1
fi
echo -n $"Generating self-signed certificate: "
rm -f $key $cert
local csr=`mktemp`
local cn=
if nslookup `hostname` &>/dev/null; then
cn=$(nslookup `hostname` 2>&1 | tail -3 | grep Name | sed -e 's@^Name:\s*@@')
else
cn=`hostname`
fi
local country=US
local state=CA
local location="Santa Barbara"
local org="Eucalyptus Systems, Inc."
local unit="Eucalyptus User Console"
if ! openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out $key &>/dev/null; then
rm -f $csr
failure $"Generating RSA key"
echo
exit 1
fi
openssl req -new -key $key -sha512 -out $csr &>/dev/null <<EOF
$country
$state
$location
$org
$unit
$cn
$USER@$cn
EOF
if [ $? -ne 0 ]; then
rm -f $key $csr
failure $"Generating certificate request"
echo
exit 1
fi
if ! openssl x509 -req -in $csr -signkey $key -days 365 -sha512 -out $cert &>/dev/null; then
rm -f $key $csr
failure $"Generating certificate"
echo
exit 1
fi
rm -f $csr
chmod 600 $cert
chown $CONSOLEUSER:$CONSOLEUSER $cert
chmod 600 $key
chown $CONSOLEUSER:$CONSOLEUSER $key
success $"Generating certificate"
echo
}
# See how we were called.
case "$1" in
start)
start
RETVAL=$?
;;
stop)
stop
RETVAL=$?
;;
status)
status -p $PIDFILE $PROCESS
RETVAL=$?
;;
restart)
restart
RETVAL=$?
;;
condrestart)
condrestart
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
RETVAL=2
esac
exit $RETVAL