Changeset 2214

Timestamp:

27/02/07 16:10:40 (14 years ago)

Author:

pjkersha

Message:

python/share/ndg-aa: fixed for tests with DEWS running on glue.

python/share/Makefile: auto-generates ndg-sm, ndg-log, ndg-gk and ndg-ca from ndg-aa.
ndg-aa is now a template file for the others.

python/ndg.security.common/ndg/security/common/AttCert.py: changed namespace to
urn:ndg:security:attributeCertificate

python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg:
tests for DEWS.

Location:

TI12-security/trunk/python

Files:

• ndg.security.common/ndg/security/common/AttCert.py (modified) (1 diff)
• ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg (modified) (1 diff)
• share/Makefile (added)
• share/ndg-aa (modified) (7 diffs)
• share/ndg-ca (modified) (7 diffs)
• share/ndg-gk (modified) (7 diffs)
• share/ndg-log (modified) (8 diffs)
• share/ndg-sm (modified) (7 diffs)

TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttCert.py

@@ -93 +93 @@
     # certificate
     __validProvenanceSettings = ('original', 'mapped')
-    namespace = "urn:ndg.security"
+    namespace = "urn:ndg:security:attributeCertificate"
 
     #_________________________________________________________________________    

TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg

@@ -11 +11 @@
 # setting for test6GetMappedAttCert
 uri = http://localhost:5000/AttributeAuthority
-#uri = http://glue.badc.rl.ac.uk:42000/AttributeAuthority
+uri = http://glue.badc.rl.ac.uk:41000/AttributeAuthority
 
 # X.509 certificate for Attribute Authority - to verify the signature of

TI12-security/trunk/python/share/ndg-aa

@@ -31 +31 @@
 tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac
 
+# Set a specific location for the properties file if required
+#export NDGSEC_AA_PROPFILEPATH=
+
 serviceName=${0##*/}
 
@@ -42 +45 @@
 # process listing
 prog=/usr/local/NDG/bin/twistd
+
+# Specify python for status() to search when looking for an existing process
+# running
+statCheckProg=/usr/local/NDG/bin/python
+
 args="-u ${uid} -g ${gid} --syslog --prefix=${serviceName} \
 --pidfile=${pidFilePath} -oy ${tacFilePath}"
@@ -90 +98 @@
     
         mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
+        
+        # Put in placeholder so as not to upset twistd when it looks for it
+        # on shutdown
+        touch /tmp/${serviceName}.pid
+        chown ${uid}:${gid} /tmp/${serviceName}.pid
         
         touch /var/lock/subsys/${serviceName}        
@@ -144 +157 @@
     fi
 
-    # Remove pid file if any.
+    # Remove pid and lock files if any.
     rm -f /var/run/${serviceName}.pid
-
+    rm -f /var/lock/subsys/${serviceName}
+    
     echo
 }
@@ -164 +178 @@
     
     # Get pid from "/var/run/*.pid" file
+    local pidFound=
     if [ -f $pidFilePath ] ; then
         read pid < $pidFilePath
@@ -170 +185 @@
             return
         fi
+        pidFound=Yes
     fi
 
     # look for pid in listing
-    local pidFound=
-    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do
+    for i in `pidof -o $$ -o $PPID -o %PPID -x "${statCheckProg}"`; do
         [[ $i = $pid ]] && pidFound=Yes && break;
     done
@@ -180 +195 @@
     if [ -n "$pidFound" ]; then
         echo $"$prog (pid $pid) is running..."
-        return
-       
+
     elif [ -f /var/lock/subsys/${serviceName} ]; then
-        echo $"$prog dead but subsys locked and pid file $pidFilePath exists"
-        return
+        echo $"$prog is dead but subsys locked"
+
+    elif [ -f /var/run/${serviceName}.pid ]; then
+        echo $"$prog is dead but pid file $pidFilePath exists"
     else
-        echo $"$prog dead but pid file $pidFilePath exists"   
+        echo $"$prog is dead"
     fi
 }

TI12-security/trunk/python/share/ndg-ca

@@ -28 +28 @@
 # set tacFilePath directly
 prefixDir=$(dirname $(dirname $(type -p python)))
-srvSubDir=lib/site-packages/ndg/security/server/ca
+srvSubDir=lib/site-packages/ndg/security/server/CertificateAuthority
 tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac
+
+# Set a specific location for the properties file if required
+#export NDGSEC_AA_PROPFILEPATH=
 
 serviceName=${0##*/}
@@ -42 +45 @@
 # process listing
 prog=/usr/local/NDG/bin/twistd
+
+# Specify python for status() to search when looking for an existing process
+# running
+statCheckProg=/usr/local/NDG/bin/python
+
 args="-u ${uid} -g ${gid} --syslog --prefix=${serviceName} \
 --pidfile=${pidFilePath} -oy ${tacFilePath}"
@@ -81 +89 @@
     RETVAL=$?
     if [ $RETVAL = 0 ]; then    
-        # Use root privilege to move pid file to correct location - put wait 
-        # in to give twistd some leaway
-        i=0
-        while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 
-            sleep 1; 
-            let "i++"; 
-        done
-                
-        mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
+        # Use root privilege to move pid file to correct location - put wait 
+        # in to give twistd some leaway
+        i=0
+        while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 
+            sleep 1; 
+            let "i++"; 
+        done
+    
+        mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
+        
+        # Put in placeholder so as not to upset twistd when it looks for it
+        # on shutdown
+        touch /tmp/${serviceName}.pid
+        chown ${uid}:${gid} /tmp/${serviceName}.pid
         
         touch /var/lock/subsys/${serviceName}        
@@ -144 +157 @@
     fi
 
-    # Remove pid file if any.
+    # Remove pid and lock files if any.
     rm -f /var/run/${serviceName}.pid
-
+    rm -f /var/lock/subsys/${serviceName}
+    
     echo
 }
@@ -164 +178 @@
     
     # Get pid from "/var/run/*.pid" file
+    local pidFound=
     if [ -f $pidFilePath ] ; then
         read pid < $pidFilePath
@@ -170 +185 @@
             return
         fi
+        pidFound=Yes
     fi
 
     # look for pid in listing
-    local pidFound=
-    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do
+    for i in `pidof -o $$ -o $PPID -o %PPID -x "${statCheckProg}"`; do
         [[ $i = $pid ]] && pidFound=Yes && break;
     done
@@ -180 +195 @@
     if [ -n "$pidFound" ]; then
         echo $"$prog (pid $pid) is running..."
-        return
-       
+
     elif [ -f /var/lock/subsys/${serviceName} ]; then
-        echo $"$prog dead but subsys locked and pid file $pidFilePath exists"
-        return
+        echo $"$prog is dead but subsys locked"
+
+    elif [ -f /var/run/${serviceName}.pid ]; then
+        echo $"$prog is dead but pid file $pidFilePath exists"
     else
-        echo $"$prog dead but pid file $pidFilePath exists"   
+        echo $"$prog is dead"
     fi
 }

TI12-security/trunk/python/share/ndg-gk

@@ -31 +31 @@
 tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac
 
+# Set a specific location for the properties file if required
+#export NDGSEC_AA_PROPFILEPATH=
+
 serviceName=${0##*/}
 
@@ -42 +45 @@
 # process listing
 prog=/usr/local/NDG/bin/twistd
+
+# Specify python for status() to search when looking for an existing process
+# running
+statCheckProg=/usr/local/NDG/bin/python
+
 args="-u ${uid} -g ${gid} --syslog --prefix=${serviceName} \
 --pidfile=${pidFilePath} -oy ${tacFilePath}"
@@ -81 +89 @@
     RETVAL=$?
     if [ $RETVAL = 0 ]; then    
-        # Use root privilege to move pid file to correct location - put wait 
-        # in to give twistd some leaway
-        i=0
-        while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 
-            sleep 1; 
-            let "i++"; 
-        done
-                
-        mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
+        # Use root privilege to move pid file to correct location - put wait 
+        # in to give twistd some leaway
+        i=0
+        while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 
+            sleep 1; 
+            let "i++"; 
+        done
+    
+        mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
+        
+        # Put in placeholder so as not to upset twistd when it looks for it
+        # on shutdown
+        touch /tmp/${serviceName}.pid
+        chown ${uid}:${gid} /tmp/${serviceName}.pid
         
         touch /var/lock/subsys/${serviceName}        
@@ -144 +157 @@
     fi
 
-    # Remove pid file if any.
+    # Remove pid and lock files if any.
     rm -f /var/run/${serviceName}.pid
-
+    rm -f /var/lock/subsys/${serviceName}
+    
     echo
 }
@@ -164 +178 @@
     
     # Get pid from "/var/run/*.pid" file
+    local pidFound=
     if [ -f $pidFilePath ] ; then
         read pid < $pidFilePath
@@ -170 +185 @@
             return
         fi
+        pidFound=Yes
     fi
 
     # look for pid in listing
-    local pidFound=
-    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do
+    for i in `pidof -o $$ -o $PPID -o %PPID -x "${statCheckProg}"`; do
         [[ $i = $pid ]] && pidFound=Yes && break;
     done
@@ -180 +195 @@
     if [ -n "$pidFound" ]; then
         echo $"$prog (pid $pid) is running..."
-        return
-       
+
     elif [ -f /var/lock/subsys/${serviceName} ]; then
-        echo $"$prog dead but subsys locked and pid file $pidFilePath exists"
-        return
+        echo $"$prog is dead but subsys locked"
+
+    elif [ -f /var/run/${serviceName}.pid ]; then
+        echo $"$prog is dead but pid file $pidFilePath exists"
     else
-        echo $"$prog dead but pid file $pidFilePath exists"   
+        echo $"$prog is dead"
     fi
 }

TI12-security/trunk/python/share/ndg-log

@@ -1 +1 @@
 #!/bin/bash
 #
-# SysV init script for NDG Security Log Service
+# SysV init script for NDG Security Log
 #
 # P J Kershaw
@@ -31 +31 @@
 tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac
 
+# Set a specific location for the properties file if required
+#export NDGSEC_AA_PROPFILEPATH=
+
 serviceName=${0##*/}
 
@@ -42 +45 @@
 # process listing
 prog=/usr/local/NDG/bin/twistd
+
+# Specify python for status() to search when looking for an existing process
+# running
+statCheckProg=/usr/local/NDG/bin/python
+
 args="-u ${uid} -g ${gid} --syslog --prefix=${serviceName} \
 --pidfile=${pidFilePath} -oy ${tacFilePath}"
@@ -81 +89 @@
     RETVAL=$?
     if [ $RETVAL = 0 ]; then    
-        # Use root privilege to move pid file to correct location - put wait 
-        # in to give twistd some leaway
-        i=0
-        while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 
-            sleep 1; 
-            let "i++"; 
-        done
-                
-        mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
+        # Use root privilege to move pid file to correct location - put wait 
+        # in to give twistd some leaway
+        i=0
+        while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 
+            sleep 1; 
+            let "i++"; 
+        done
+    
+        mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
+        
+        # Put in placeholder so as not to upset twistd when it looks for it
+        # on shutdown
+        touch /tmp/${serviceName}.pid
+        chown ${uid}:${gid} /tmp/${serviceName}.pid
         
         touch /var/lock/subsys/${serviceName}        
@@ -144 +157 @@
     fi
 
-    # Remove pid file if any.
+    # Remove pid and lock files if any.
     rm -f /var/run/${serviceName}.pid
-
+    rm -f /var/lock/subsys/${serviceName}
+    
     echo
 }
@@ -164 +178 @@
     
     # Get pid from "/var/run/*.pid" file
+    local pidFound=
     if [ -f $pidFilePath ] ; then
         read pid < $pidFilePath
@@ -170 +185 @@
             return
         fi
+        pidFound=Yes
     fi
 
     # look for pid in listing
-    local pidFound=
-    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do
+    for i in `pidof -o $$ -o $PPID -o %PPID -x "${statCheckProg}"`; do
         [[ $i = $pid ]] && pidFound=Yes && break;
     done
@@ -180 +195 @@
     if [ -n "$pidFound" ]; then
         echo $"$prog (pid $pid) is running..."
-        return
-       
+
     elif [ -f /var/lock/subsys/${serviceName} ]; then
-        echo $"$prog dead but subsys locked and pid file $pidFilePath exists"
-        return
+        echo $"$prog is dead but subsys locked"
+
+    elif [ -f /var/run/${serviceName}.pid ]; then
+        echo $"$prog is dead but pid file $pidFilePath exists"
     else
-        echo $"$prog dead but pid file $pidFilePath exists"   
+        echo $"$prog is dead"
     fi
 }

TI12-security/trunk/python/share/ndg-sm

@@ -31 +31 @@
 tacFilePath=${prefixDir}/${srvSubDir}/server-config.tac
 
+# Set a specific location for the properties file if required
+#export NDGSEC_AA_PROPFILEPATH=
+
 serviceName=${0##*/}
 
@@ -42 +45 @@
 # process listing
 prog=/usr/local/NDG/bin/twistd
+
+# Specify python for status() to search when looking for an existing process
+# running
+statCheckProg=/usr/local/NDG/bin/python
+
 args="-u ${uid} -g ${gid} --syslog --prefix=${serviceName} \
 --pidfile=${pidFilePath} -oy ${tacFilePath}"
@@ -81 +89 @@
     RETVAL=$?
     if [ $RETVAL = 0 ]; then    
-        # Use root privilege to move pid file to correct location - put wait 
-        # in to give twistd some leaway
-        i=0
-        while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 
-            sleep 1; 
-            let "i++"; 
-        done
-                
-        mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
+        # Use root privilege to move pid file to correct location - put wait 
+        # in to give twistd some leaway
+        i=0
+        while [ ! -f /tmp/${serviceName}.pid ] && [ "$i" -lt 10 ]; do 
+            sleep 1; 
+            let "i++"; 
+        done
+    
+        mv /tmp/${serviceName}.pid /var/run/${serviceName}.pid
+        
+        # Put in placeholder so as not to upset twistd when it looks for it
+        # on shutdown
+        touch /tmp/${serviceName}.pid
+        chown ${uid}:${gid} /tmp/${serviceName}.pid
         
         touch /var/lock/subsys/${serviceName}        
@@ -144 +157 @@
     fi
 
-    # Remove pid file if any.
+    # Remove pid and lock files if any.
     rm -f /var/run/${serviceName}.pid
-
+    rm -f /var/lock/subsys/${serviceName}
+    
     echo
 }
@@ -164 +178 @@
     
     # Get pid from "/var/run/*.pid" file
+    local pidFound=
     if [ -f $pidFilePath ] ; then
         read pid < $pidFilePath
@@ -170 +185 @@
             return
         fi
+        pidFound=Yes
     fi
 
     # look for pid in listing
-    local pidFound=
-    for i in `pidof -o $$ -o $PPID -o %PPID -x "${prog}"`; do
+    for i in `pidof -o $$ -o $PPID -o %PPID -x "${statCheckProg}"`; do
         [[ $i = $pid ]] && pidFound=Yes && break;
     done
@@ -180 +195 @@
     if [ -n "$pidFound" ]; then
         echo $"$prog (pid $pid) is running..."
-        return
-       
+
     elif [ -f /var/lock/subsys/${serviceName} ]; then
-        echo $"$prog dead but subsys locked and pid file $pidFilePath exists"
-        return
+        echo $"$prog is dead but subsys locked"
+
+    elif [ -f /var/run/${serviceName}.pid ]; then
+        echo $"$prog is dead but pid file $pidFilePath exists"
     else
-        echo $"$prog dead but pid file $pidFilePath exists"   
+        echo $"$prog is dead"
     fi
 }