#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
#
function check_prop {
if [ -z "$1" ]; then
echo "ERROR: SMF property for $2 was empty"
exit $SMF_EXIT_ERR_FATAL
fi
}
function get_pair {
NAME=$1
shift 2
echo "${NAME}=\"$@\""
echo "export ${NAME}"
}
# A function to pull in the config properties from the FMRI given
# as the first argument. This allows us to make a single call
# to svcprop, rather than calling svcprop for each value we
# want to retrieve.
function get_smf_props {
IFS="
"
IFS=,
for line in $SMF_PROPS ; do
IFS='
'
done
}
function check_failure {
RESULT=$1
MESSAGE=$2
NON_FATAL=$3
echo $MESSAGE
return
fi
exit $SMF_EXIT_ERR_FATAL
fi
}
function check_apache_failure {
RESULT=$1
MESSAGE=$2
echo $MESSAGE
exit $SMF_EXIT_ERR_FATAL
fi
}
function abspath {
# print a normalized version of a path, needed because
# many utilities will not dereference non-existent directories
# in path names, e.g. cat /etc/no-such-dir/../motd will fail.
'import os.path ; import sys ; print os.path.normpath(sys.stdin.read())'
}
function run_depot {
if [ "${depot_https}" == "true" ]; then
https_cmd="--https"
smf_fmri_cmd="--smf-fmri ${SMF_FMRI}"
if ! [ -z "${depot_ssl_cert_file}" ]; then
ssl_cert_file_cmd="--cert ${depot_ssl_cert_file}"
fi
if ! [ -z "${depot_ssl_key_file}" ]; then
ssl_key_file_cmd="--key ${depot_ssl_key_file}"
fi
if ! [ -z "${depot_ssl_ca_cert_file}" ]; then
ssl_ca_cert_file_cmd="--ca-cert ${depot_ssl_ca_cert_file}"
fi
if ! [ -z "${depot_ssl_ca_key_file}" ]; then
ssl_ca_key_file_cmd="--ca-key ${depot_ssl_ca_key_file}"
fi
if ! [ -z "${depot_ssl_cert_key_dir}" ]; then
ssl_cert_key_dir_cmd="--cert-key-dir ${depot_ssl_cert_key_dir}"
fi
if ! [ -z "${depot_ssl_cert_chain_file}" ]; then
ssl_cert_chain_file_cmd="--cert-chain ${depot_ssl_cert_chain_file}"
fi
fi
-S \
-c ${depot_cache_dir} \
-h ${depot_host} \
-l ${depot_log_dir} \
-p ${depot_port} \
-r ${depot_runtime_dir} \
-s ${depot_cache_max} \
-T ${depot_template_dir} \
${smf_fmri_cmd} \
${ssl_cert_file_cmd} \
${ssl_key_file_cmd} \
${ssl_ca_cert_file_cmd} \
${ssl_ca_key_file_cmd} \
${ssl_cert_key_dir_cmd} \
failure=$?
# make sure we leave nothing behind
"pkg.depot-config: failed to create Apache config"
fi
}
function run_htcacheclean {
# if we dropped to maintenance and are in the process of
# clearing that state, we may have htcacheclean processes
# hanging around.
if [ "${depot_cache_max}" != "0" ] ; then
# Start a cache cleaning daemon, scanning every 2 weeks,
# being intelligent about only running if the cache has
# changed, limiting the cache to ${depot_cache_max}
# megabytes, being nice about scheduling and removing
# empty directories if necessary.
/usr/apache2/2.4/bin/htcacheclean \
-d${interval} -i -l ${depot_cache_max}M -n \
-p ${depot_cache_dir} \
-P ${depot_cache_dir}/../depot_htcacheclean.pid \
-t
check_failure $? "htcacheclean failed to run cleanly"
fi
}
function kill_htcacheclean {
if [ -f $pid_file ]; then
check_failure $? "failed to kill htcacheclean process\
$PID" "not_fatal"
fi
}
function kill_apache {
# We go to lengths to kill remaining httpd processes: if we kill
# just the pid, then child httpd processes become zombies,
# hanging onto the server port, which causes problems
# when trying to start a service that is transitioning from
# maintenance.
# This function should only be called when the service is
# transitioning to maintenance: normal Apache shutdown is
# preferable.
pid_file=$(abspath ${depot_runtime_dir}/../depot_httpd.pid)
if [ -f $pid_file ]; then
"not_fatal"
fi
}
function server_ping {
# Ping the service, ensuring the index gets built if does
# not exist.
# Since curl --retry uses an exponential backoff algorithm, this
# can result in us waiting 40 seconds, which ought to be long
# enough for Apache to come online. (index refreshes are run in
# the background on the server after it has returned a response)
url="http://${depot_host}:${depot_port}"
ipv6=$(echo ${depot_host} | /usr/bin/grep :)
url="http://\[${depot_host}\]:${depot_port}"
fi
check_failure $? "Unable to access the server at ${url}. Check\
the SMF service log or the error log at ${depot_log_dir}/error_log for\
more information, if any."
}
if [ "${depot_allow_refresh}" == "true" ] ; then
depot_allow_refresh="-A"
else
fi
FAILED_TO_RUN="Server failed to %s. Check the SMF service log or the\
error log at ${depot_log_dir}/error_log for more information, if any."
case "$1" in
"start")
cmd="start"
# drop privileges now that we've written our configuration
;;
"refresh")
cmd="graceful"
# drop privileges now that we've written our configuration
;;
"stop")
cmd="stop"
emsg=$(/usr/bin/printf ${FAILED_TO_RUN} stop)
# If https service is on and user blindly deleted the certificate dir,
# then the stop method will cause error due to not find certificate
# and key files. Instead of causing this error, we kill the apache
# instance manually.
if [[ "${depot_https}" == "true" && \
! ( -f "${depot_ssl_cert_file}" && \
-f "${depot_ssl_key_file}" ) ]]; then
else
fi
;;
*)
echo "Usage: $0 {start|stop|refresh}"
exit $SMF_EXIT_ERR_CONFIG
;;
esac
exit $SMF_EXIT_OK