[LON-CAPA-cvs] cvs: loncom /init.d loncontrol
raeburn
raeburn@source.lon-capa.org
Mon, 02 Feb 2009 17:06:55 -0000
This is a MIME encoded message
--raeburn1233594415
Content-Type: text/plain
raeburn Mon Feb 2 17:06:55 2009 EDT
Modified files:
/loncom/init.d loncontrol
Log:
- Add strict pragma.
- Get lond port number from LONCAPA::Configuration.
- For SuSE systems check for entries in /etc/sysconfig/SuSEfirewall2.
- Dynamic opening/closing of ports not implemented for SuSE systems.
--raeburn1233594415
Content-Type: text/plain
Content-Disposition: attachment; filename="raeburn-20090202170655.txt"
Index: loncom/init.d/loncontrol
diff -u loncom/init.d/loncontrol:1.33 loncom/init.d/loncontrol:1.34
--- loncom/init.d/loncontrol:1.33 Tue Nov 4 21:06:31 2008
+++ loncom/init.d/loncontrol Mon Feb 2 17:06:55 2009
@@ -1,6 +1,6 @@
#!/usr/bin/perl
#
-# $Id: loncontrol,v 1.33 2008/11/04 21:06:31 www Exp $
+# $Id: loncontrol,v 1.34 2009/02/02 17:06:55 raeburn Exp $
#
# The LearningOnline Network with CAPA
#
@@ -47,8 +47,11 @@
# Description: Starts the LON-CAPA services
### END INIT INFO
+use strict;
+use lib '/home/httpd/lib/perl/';
+use LONCAPA::Configuration;
-$command=$ARGV[0]; $command=~s/[^a-z]//g;
+my $command=$ARGV[0]; $command=~s/[^a-z]//g;
$ENV{'PATH'}="/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin";
$ENV{'BASH_ENV'}="";
@@ -59,40 +62,79 @@
my $iptables = '/sbin/iptables';
if (! -e $iptables) {
$iptables = '/usr/sbin/iptables';
- if (! -e $iptables) {
+ if (!-e $iptables) {
print("Unable to find iptables command\n");
}
}
- my $lond_port = 5663;
+ my $suse_config = "/etc/sysconfig/SuSEfirewall2";
+ if (!-e $suse_config) {
+ if (!-e '/etc/sysconfig/iptables') {
+ print("Unable to find iptables file containing static definitions\n");
+ }
+ }
+ my $lond_port = &get_lond_port();
+ if (!$lond_port) {
+ print("Unable to determine lond port number from LON-CAPA configuration.\n");
+ }
sub firewall_open_port {
- return if (! &firewall_is_active);
- if (! `$iptables -L -n 2>/dev/null | grep $fw_chain | wc -l`) { return; }
- # iptables is running with our chain
- #
- # We could restrict the servers allowed to attempt to communicate
- # here, but the logistics of updating the /home/httpd/lonTabs/host.tab
- # file are likely to be a problem
+ return 'inactive firewall' if (! &firewall_is_active);
+ return 'port number unknown' if !$lond_port;
+ my @opened;
+ my $suse_config = "/etc/sysconfig/SuSEfirewall2";
+ if (-e $suse_config) {
+ if (open(my $fh,"<$suse_config")) {
+ while(<$fh>) {
+ chomp();
+ if (/^FW_SERVICES_EXT_TCP="([^"]+)"\s*$/) {
+ my $portstr = $1;
+ my @suseports = split(/\s+/,$portstr);
+ foreach my $port ($lond_port) {
+ if (grep/^\Q$port\E$/,@suseports) {
+ push(@opened,$port);
+ }
+ }
+ }
+ }
+ }
+ } else {
+ if (! `$iptables -L -n 2>/dev/null | grep $fw_chain | wc -l`) {
+ return 'chain error';
+ }
+ # iptables is running with our chain
+ #
+ # We could restrict the servers allowed to attempt to communicate
+ # here, but the logistics of updating the /home/httpd/lonTabs/host.tab
+ # file are likely to be a problem
+ foreach my $port ($lond_port) {
+ print "Opening firewall access on port $port.\n";
+ my $result;
+ my $firewall_command =
+ "$iptables -I $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT";
+ system($firewall_command);
+ my $return_status = $?>>8;
+ if ($return_status == 1) {
+ # Error
+ print "Error opening port.\n";
+ } elsif ($return_status == 2) {
+ # Bad command
+ print "Bad command error opening port. Command was\n".
+ " ".$firewall_command."\n";
+ } elsif ($return_status == 0) {
+ push(@opened,$port);
+ }
+ }
+ }
foreach my $port ($lond_port) {
- print "Opening firewall access on port $port.\n";
-
- my $firewall_command =
- "$iptables -I $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT";
- system($firewall_command);
- my $return_status = $?>>8;
- if ($return_status == 1) {
- # Error
- print "Error opening port.\n";
- } elsif ($return_status == 2) {
- # Bad command
- print "Bad command error opening port. Command was\n".
- " ".$firewall_command."\n";
+ if (!grep(/^\Q$port\E$/,@opened)) {
+ return 'Required port not open: '.$port."\n";
}
}
-
+ return 'ok';
}
sub firewall_is_port_open {
+ my ($port) = @_;
# returns 1 if the firewall port is open, 0 if not.
#
# check if firewall is active or installed
@@ -113,9 +155,12 @@
}
sub firewall_close_port {
- return if (! &firewall_is_active);
+ return 'inactive firewall' if (! &firewall_is_active);
+ return 'port number unknown' if !$lond_port;
+ my $suse_config = "/etc/sysconfig/SuSEfirewall2";
+ return if (-e $suse_config);
foreach my $port ($lond_port) {
- print "Closing firewall access on port $port.\n";
+ print "Closing firewall access on port $port\n";
my $firewall_command =
"$iptables -D $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT";
system($firewall_command);
@@ -127,8 +172,22 @@
# Bad command
print "Bad command error closing port. Command was\n".
" ".$firewall_command."\n";
+ } else {
+ print "Port closed.\n";
}
}
+ return;
+}
+
+sub get_lond_port {
+ my $perlvarref=&LONCAPA::Configuration::read_conf();
+ my $lond_port;
+ if (ref($perlvarref) eq 'HASH') {
+ if (defined($perlvarref->{'londPort'})) {
+ $lond_port = $perlvarref->{'londPort'};
+ }
+ }
+ return $lond_port;
}
} # End firewall variable scope
@@ -172,9 +231,11 @@
sub clean_sockets {
opendir(SOCKETS,"/home/httpd/sockets/");
+ my $perlvarref=&LONCAPA::Configuration::read_conf();
+ return if (ref($perlvarref) ne 'HASH');
while (my $fname=readdir(SOCKETS)) {
next if (-d $fname
- || $fname=~/(mysqlsock|maximasock|\Q$perlvar{'lonSockDir'}\E)/);
+ || $fname=~/(mysqlsock|maximasock|\Q$perlvarref->{'lonSockDir'}\E)/);
unlink("/home/httpd/sockets/$fname");
}
}
@@ -197,19 +258,35 @@
if ($daemon eq 'lonc') { $killallname='loncnew'; }
&stop_daemon($daemon,$killallname);
}
- &firewall_close_port();
+ my $firewall_result = &firewall_close_port();
+ if ($firewall_result) {
+ print "$firewall_result\n";
+ }
&clean_sockets();
} elsif ($command eq "start") {
- &firewall_open_port();
- print 'Starting LON-CAPA'."\n";
- print 'Starting LON-CAPA client and daemon processes (please be patient)'.
- "\n";
- system("su www -c '/home/httpd/perl/loncron --justcheckdaemons'");
+ my $firewall_result = &firewall_open_port();
+ if (($firewall_result eq 'ok') || ($firewall_result eq 'inactive firewall')) {
+ if ($firewall_result eq 'inactive firewall') {
+ print "WARNING: iptables firewall is currently inactive\n";
+ }
+ print 'Starting LON-CAPA'."\n";
+ print 'Starting LON-CAPA client and daemon processes (please be patient)'.
+ "\n";
+ system("su www -c '/home/httpd/perl/loncron --justcheckdaemons'");
+ } else {
+ print "Not starting LON-CAPA\n";
+ if ($firewall_result eq 'port number unknown') {
+ print "Could not check for status of LON-CAPA port in running firewall - port number unknown. \n";
+ } elsif ($firewall_result) {
+ print "$firewall_result\n";
+ }
+ }
} elsif ($command eq "reload") {
print 'Reload LON-CAPA config files'."\n";
system("su www -c '/home/httpd/perl/loncron --justreload'");
} elsif ($command eq "status") {
- $response=`/bin/cat /home/httpd/perl/logs/*.pid 2>&1`;
+ my $lond_port = &get_lond_port();
+ my $response=`/bin/cat /home/httpd/perl/logs/*.pid 2>&1`;
if ($response=~/No such file or directory/) {
print 'LON-CAPA is not running.'."\n";
} else {
@@ -219,11 +296,20 @@
if (! &firewall_is_active) {
print 'The iptables firewall is not active'."\n";
}
- if (&firewall_is_port_open()) {
- print 'The LON-CAPA port is open in firewall.'."\n";
- } elsif (&firewall_is_active) {
- print 'The LON-CAPA port is NOT open in running firewall!'."\n";
+ my $lond_port = &get_lond_port();
+ if ($lond_port) {
+ if (&firewall_is_port_open($lond_port)) {
+ print "The LON-CAPA port ($lond_port) is open in firewall.\n";
+ } elsif (&firewall_is_active) {
+ print "The LON-CAPA port ($lond_port) is NOT open in running firewall!\n";
+ }
+ } else {
+ if (&firewall_is_active) {
+ print "Could not check for status of LON-CAPA port in running firewall - port number unknown.\n";
+ } else {
+ print "LON-CAPA port number is unknown, and firewall is not running.\n";
+ }
}
} else {
- print 'You need to specify one of restart|stop|start|status on the command line.'."\n";
+ print "You need to specify one of restart|stop|start|status on the command line.\n";
}
--raeburn1233594415--