--- /dev/null
+#!/usr/bin/pagsh.openafs
+
+# This script should go in /etc/init.d/ on Debian Linux systems running Domtool slaves.
+
+SELF=$(cd $(dirname $0); pwd -P)/$(basename $0)
+PIDFILE="/var/run/k5start-domtool-slave.pid"
+
+set -e
+
+case $1 in
+ start)
+ echo -n "Starting Domtool slave: domtool-slave"
+ if sudo -u domtool domtool-admin-sudo slave-ping; then
+ echo "...already running."
+ else
+ start-stop-daemon --start --pidfile $PIDFILE \
+ -c domtool:domtool \
+ --exec /usr/bin/k5start -- -b -f /etc/keytabs/domtool.keytab \
+ -K 300 -t -p $PIDFILE \
+ domtool/deleuze.hcoop.net \
+ domtool-slave-logged
+ echo "."
+ fi
+ ;;
+
+ stop)
+ echo -n "Stopping Domtool slave: domtool-slave"
+ if sudo -u domtool domtool-admin-sudo slave-shutdown; then
+ echo "."
+ else
+ start-stop-daemon --stop --pidfile $PIDFILE
+ echo "."
+ fi
+ rm -f $PIDFILE
+ ;;
+
+ restart|reload|force-reload)
+ $SELF stop
+ $SELF start
+ ;;
+
+ status)
+ if sudo -u domtool domtool-admin-sudo slave-ping; then
+ echo "Domtool slave is running."
+ else
+ echo "Domtool slave is stopped."
+ exit 3
+ fi
+ ;;
+
+ *)
+ echo "Usage: $SELF start|stop|restart|reload|force-reload|status"
+ exit 1
+ ;;
+esac
val dispatcher =
Config.dispatcher ^ ":" ^ Int.toString Config.dispatcherPort
+val self =
+ "localhost:" ^ Int.toString Config.slavePort
+
fun requestContext f =
let
val uid = Posix.ProcEnv.getuid ()
(user, OpenSSL.connect (context, dispatcher))
end
+fun requestSlaveBio () =
+ let
+ val (user, context) = requestContext (fn () => ())
+ in
+ (user, OpenSSL.connect (context, self))
+ end
+
fun request fname =
let
val (user, bio) = requestBio (fn () => ignore (check fname))
OpenSSL.close bio
end
+fun requestSlavePing () =
+ let
+ val (_, bio) = requestSlaveBio ()
+ in
+ OpenSSL.close bio;
+ OS.Process.success
+ end
+ handle _ => OS.Process.failure
+
+fun requestSlaveShutdown () =
+ let
+ val (_, bio) = requestSlaveBio ()
+ in
+ Msg.send (bio, MsgShutdown);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print "Shutdown begun.\n"
+ | MsgError s => print ("Shutdown failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio
+ end
+
fun requestGrant acl =
let
val (user, bio) = requestBio (fn () => ())
Domain.rmdom doms
end
+fun now () = Date.toString (Date.fromTimeUniv (Time.now ()))
+
fun service () =
let
val () = Acl.read Config.aclFile
| SOME bio =>
let
val user = OpenSSL.peerCN bio
- val () = print ("\nConnection from " ^ user ^ " at " ^ Date.toString (Date.fromTimeUniv (Time.now ())) ^ "\n")
+ val () = print ("\nConnection from " ^ user ^ " at " ^ now () ^ "\n")
val () = Domain.setUser user
fun doIt f cleanup =
| MsgShutdown =>
if Acl.query {user = user, class = "priv", value = "all"}
orelse Acl.query {user = user, class = "priv", value = "shutdown"} then
- print ("Domtool dispatcher shutting down at " ^ Date.toString (Date.fromTimeUniv (Time.now ())) ^ "\n\n")
+ print ("Domtool dispatcher shutting down at " ^ now () ^ "\n\n")
else
(print "Unauthorized shutdown command!\n";
OpenSSL.close bio
handle OpenSSL.OpenSSL _ => ();
loop ())
in
- print ("Domtool dispatcher starting up at " ^ Date.toString (Date.fromTimeUniv (Time.now ())) ^ "\n");
+ print ("Domtool dispatcher starting up at " ^ now () ^ "\n");
print "Listening for connections....\n";
loop ();
OpenSSL.shutdown sock
val sock = OpenSSL.listen (context, Config.slavePort)
+ val _ = print ("Slave server starting at " ^ now () ^ "\n")
+
fun loop () =
case OpenSSL.accept sock of
NONE => ()
| SOME bio =>
let
val peer = OpenSSL.peerCN bio
- val () = print ("\nConnection from " ^ peer ^ "\n")
+ val () = print ("\nConnection from " ^ peer ^ " at " ^ now () ^ "\n")
in
- if peer <> Config.dispatcherName then
- (print "Not authorized!\n";
- OpenSSL.close bio;
- loop ())
- else let
+ if peer = Config.dispatcherName then let
fun loop' files =
case Msg.recv bio of
NONE => print "Dispatcher closed connection unexpectedly\n"
OpenSSL.close bio;
loop ()
end
+ else if peer = "domtool" then
+ case Msg.recv bio of
+ SOME MsgShutdown => (OpenSSL.close bio;
+ print ("Shutting down at " ^ now () ^ "\n\n"))
+ | _ => (OpenSSL.close bio;
+ loop ())
+ else
+ (print "Not authorized!\n";
+ OpenSSL.close bio;
+ loop ())
end handle OpenSSL.OpenSSL s =>
(print ("OpenSSL error: "^ s ^ "\n");
OpenSSL.close bio