Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

executable file 192 lines (172 sloc) 4.605 kB
#! /bin/bash
### BEGIN INIT INFO
# Provides: xapissl
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: XenAPI server SSL proxy
# Description: This file will initialize stunnel for
# the XenAPI server.
### END INIT INFO
#
# chkconfig: 2345 91 01
# description: XenAPI server SSL proxy
# processname: stunnel
# config: @ETCDIR@/stunnel.conf
# pidfile: /var/run/xapissl.pid
# Source function library.
. /lib/lsb/init-functions
PEMFILE="@ETCDIR@/xapi-ssl.pem"
SSLPIDFILE="/var/run/xapissl.pid"
SSLCONFFILE="@ETCDIR@/xapi-ssl.conf"
XAPISSL_LOCK="/var/lock/xapissl"
# If stunnel4 exists, use it. Otherwise use stunnel.
[ $(which stunnel4) ] && STUNNEL=$(which stunnel4)
[ -z ${STUNNEL} ] && STUNNEL=$(which stunnel)
. @INVENTORY@
mgmt_ip() {
if [ -n "${MANAGEMENT_INTERFACE}" ] &&
[ "${MANAGEMENT_INTERFACE}" != "lo" ];
then
while [ true ]; do
IP=`/sbin/ifconfig ${MANAGEMENT_INTERFACE} | sed -ne 's/.*inet addr:\([^ ]*\).*/\1/p'`
if [ -n "$IP" ]; then
echo "$IP"
return
else
sleep 1
fi
done
fi
}
ACCEPT=443
ss -ln | grep -q :::80
if [ $? -eq 0 ]; then
ACCEPT=:::443
fi
# Write out the stunnel config file. This requires the management
# interface, so it's done here rather than written statically.
writeconffile () {
# Initial boilerplate which is valid whether the management
# interface is enabled or disabled.
cat > $SSLCONFFILE <<EOF
; Autogenerated by init.d/xapissl
pid = ${SSLPIDFILE}
socket = r:TCP_NODELAY=1
socket = a:TCP_NODELAY=1
socket = l:TCP_NODELAY=1
compression = zlib
[xapi]
accept = ${ACCEPT}
connect = 80
cert = ${PEMFILE}
ciphers = !SSLv2:RSA+AES256-SHA:RSA+AES128-SHA:RSA+RC4-SHA:RSA+RC4-MD5:RSA+DES-CBC3-SHA
TIMEOUTclose = 0
EOF
return
}
start() {
echo -n $"Starting xapi SSL: "
if [ -e ${XAPISSL_LOCK} ]; then
if [ -e ${SSLPIDFILE} ] && [ -e /proc/`cat ${SSLPIDFILE}` ]; then
echo -n $"cannot start xapi SSL: xapi SSL is already running.";
failure $"cannot start xapi SSL: xapi SSL already running.";
echo
return 1
fi
fi
if [ ! -f ${PEMFILE} ]; then
# generating a pem file
CN=`hostname -f`
case "${CN}" in
localhost*)
CN=`mgmt_ip`;;
*.*)
:;;
*)
CN=`mgmt_ip`;;
esac
"@LIBEXECDIR@/generate_ssl_cert" ${PEMFILE} ${CN}
fi
writeconffile
start_daemon ${STUNNEL} ${SSLCONFFILE}
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch ${XAPISSL_LOCK};
return $RETVAL
}
stop() {
echo -n $"Stopping xapi SSL: "
if [ ! -e ${XAPISSL_LOCK} ]; then
echo -n $"cannot stop xapi SSL: xapi SSL is not running."
failure $"cannot stop xapi: xapi SSL is not running."
echo
return 1;
fi
SSLPID=$(cat ${SSLPIDFILE})
kill ${SSLPID}
if [ $? -ne 0 ]; then
echo -n $"stunnel already dead"
failure $"stunnel already dead"
return 1
fi
# Wait until the stunnel pid disappears
RETRIES=180
while [ ${RETRIES} -ne 0 ]; do
RETRIES=$(( ${RETRIES} - 1 ))
kill -0 $SSLPID 2> /dev/null
if [ $? -eq 0 ]; then
echo -n .
kill ${SSLPID} # in case the first signal was missed
sleep 1
else
echo
rm -f ${XAPISSL_LOCK}
return 0
fi
done
# If stunnel still hasn't exited then kill it forcefully
echo -n $"stunnel ($SSLPID) failed to terminate \
gracefully, terminating forcefully"
failure $"stunnel ($SSLPID) failed to terminate \
gracefully, terminating forcefully"
kill -9 ${SSLPID}
rm -f ${XAPISSL_LOCK}
return 1
}
status() {
if [ -e ${XAPISSL_LOCK} ] &&
[ -e ${SSLPIDFILE} ] &&
[ -e /proc/`cat ${SSLPIDFILE}` ];
then
status_of_proc ${STUNNEL} `basename ${STUNNEL}` && exit 0 || exit $?
else
echo "stunnel is not running ... failed!"
exit 1
fi
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
status)
status
;;
condrestart)
[ -f ${XAPISSL_LOCK} ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart}"
exit 1
esac
Jump to Line
Something went wrong with that request. Please try again.