Jonathan Druart
8994ded2c4
Since D10, the behaviour of start-stop-daemon changed, see from its manual: """ Warning: using this match option with a world-writable pidfile or using it alone with a daemon that writes the pidfile as an unprivileged (non-root) user will be refused with an error (since version 1.19.3) as this is a security risk, because either any user can write to it, or if the daemon gets compromised, the contents of the pidfile cannot be trusted, and then a privileged runner (such as an init script executed as root) would end up acting on any system process. Using /dev/null is exempt from these checks. """ Test plan: koha-plack --restart kohadev should success with this patch. Without this patch you get: start-stop-daemon: matching only on non-root pidfile /var/run/koha/kohadev/plack.pid is insecure Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
446 lines
13 KiB
Bash
Executable file
446 lines
13 KiB
Bash
Executable file
#!/bin/bash
|
||
#
|
||
# Copyright 2015 Theke Solutions
|
||
# Copyright 2016 Koha-Suomi
|
||
#
|
||
# This file is part of Koha.
|
||
#
|
||
# This program is free software: you can redistribute it and/or modify
|
||
# it under the terms of the GNU General Public License as published by
|
||
# the Free Software Foundation, either version 3 of the License, or
|
||
# (at your option) any later version.
|
||
#
|
||
# This program is distributed in the hope that it will be useful,
|
||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
# GNU General Public License for more details.
|
||
#
|
||
# You should have received a copy of the GNU General Public License
|
||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||
|
||
set -e
|
||
|
||
. /lib/lsb/init-functions
|
||
|
||
# Read configuration variable file if it is present
|
||
[ -r /etc/default/koha-common ] && . /etc/default/koha-common
|
||
|
||
# include helper functions
|
||
if [ -f "/usr/share/koha/bin/koha-functions.sh" ]; then
|
||
. "/usr/share/koha/bin/koha-functions.sh"
|
||
else
|
||
echo "Error: /usr/share/koha/bin/koha-functions.sh not present." 1>&2
|
||
exit 1
|
||
fi
|
||
|
||
usage()
|
||
{
|
||
local scriptname=$(basename $0)
|
||
|
||
cat <<EOF
|
||
$scriptname
|
||
|
||
This script lets you manage the plack daemons for your Koha instances.
|
||
|
||
Usage:
|
||
$scriptname --start|--stop|--restart [--quiet|-q] instancename1 [instancename2...]
|
||
$scriptname --enable|--disable instancename1 [instancename2]
|
||
$scriptname -h|--help
|
||
|
||
--start Start the plack daemon for the specified instances
|
||
--stop Stop the plack daemon for the specified instances
|
||
--restart Restart the plack daemon for the specified instances
|
||
--enable Enable plack for the specified instances
|
||
--disable Disable plack for the specified instances
|
||
--debugger Enable running Plack in debug mode
|
||
--debugger-key Specify the key the IDE is expecting
|
||
--debugger-location Specify the host:port for your debugger tool (defaults
|
||
to localhost:9000)
|
||
--debugger-path Specify the path for the debugger library
|
||
--quiet|-q Make the script quiet about non existent instance names
|
||
(useful for calling from another scripts).
|
||
--help|-h Display this help message
|
||
|
||
EOF
|
||
}
|
||
|
||
start_plack()
|
||
{
|
||
local instancename=$1
|
||
|
||
local PIDFILE="/var/run/koha/${instancename}/plack.pid"
|
||
local PLACKSOCKET="/var/run/koha/${instancename}/plack.sock"
|
||
local PSGIFILE="/etc/koha/plack.psgi"
|
||
local NAME="${instancename}-koha-plack"
|
||
|
||
if [ -e "/etc/koha/sites/${instancename}/plack.psgi" ]; then
|
||
# pick instance-specific psgi file
|
||
PSGIFILE="/etc/koha/sites/${instancename}/plack.psgi"
|
||
fi # else stick with the default one
|
||
|
||
_check_and_fix_perms $instancename
|
||
|
||
PLACK_MAX_REQUESTS=$(run_safe_xmlstarlet $instancename plack_max_requests)
|
||
[ -z $PLACK_MAX_REQUESTS ] && PLACK_MAX_REQUESTS="50"
|
||
PLACK_WORKERS=$(run_safe_xmlstarlet $instancename plack_workers)
|
||
[ -z $PLACK_WORKERS ] && PLACK_WORKERS="2"
|
||
|
||
instance_user="${instancename}-koha"
|
||
|
||
environment="deployment"
|
||
daemonize="--daemonize"
|
||
logging="--access-log /var/log/koha/${instancename}/plack.log \
|
||
--error-log /var/log/koha/${instancename}/plack-error.log"
|
||
max_requests_and_workers="--max-requests ${PLACK_MAX_REQUESTS} --workers ${PLACK_WORKERS}"
|
||
|
||
if [ "$DEV_INSTALL" = "1" ]; then
|
||
# Maybe we should switch off debug_mode if DEV_INSTALL is not set?
|
||
environment="development"
|
||
fi
|
||
|
||
if [ "$debug_mode" = "yes" ]; then
|
||
environment="development"
|
||
daemonize=""
|
||
logging="" # remote debugger takes care
|
||
max_requests_and_workers="--workers 1"
|
||
STARMAN="/usr/bin/perl -d ${STARMAN}"
|
||
fi
|
||
|
||
STARMANOPTS="-M FindBin ${max_requests_and_workers} \
|
||
--user=${instance_user} --group ${instancename}-koha \
|
||
--pid ${PIDFILE} ${daemonize} ${logging} \
|
||
-E ${environment} --socket ${PLACKSOCKET} ${PSGIFILE}"
|
||
|
||
if ! is_plack_running ${instancename}; then
|
||
export KOHA_CONF="/etc/koha/sites/${instancename}/koha-conf.xml"
|
||
|
||
log_daemon_msg "Starting Plack daemon for ${instancename}"
|
||
|
||
# Change to the instance's user dir
|
||
current_dir=$(pwd)
|
||
eval cd ~$instance_user
|
||
|
||
if ${STARMAN} ${STARMANOPTS}; then
|
||
log_end_msg 0
|
||
else
|
||
log_end_msg 1
|
||
fi
|
||
# Go back to the original dir
|
||
cd "$current_dir"
|
||
|
||
else
|
||
log_daemon_msg "Error: Plack already running for ${instancename}"
|
||
log_end_msg 1
|
||
fi
|
||
}
|
||
|
||
stop_plack()
|
||
{
|
||
local instancename=$1
|
||
|
||
local PIDFILE="/var/run/koha/${instancename}/plack.pid"
|
||
|
||
if is_plack_running ${instancename}; then
|
||
|
||
log_daemon_msg "Stopping Plack daemon for ${instancename}"
|
||
|
||
if start-stop-daemon --pidfile ${PIDFILE} --user="${instancename}-koha" --stop --retry=TERM/30/KILL/5; then
|
||
log_end_msg 0
|
||
else
|
||
log_end_msg 1
|
||
fi
|
||
else
|
||
log_daemon_msg "Error: Plack not running for ${instancename}"
|
||
log_end_msg 1
|
||
fi
|
||
}
|
||
|
||
restart_plack()
|
||
{
|
||
local instancename=$1
|
||
|
||
local PIDFILE="/var/run/koha/${instancename}/plack.pid"
|
||
|
||
if is_plack_running ${instancename}; then
|
||
stop_plack $instancename && start_plack $instancename
|
||
else
|
||
log_daemon_msg "Error: Plack not running for ${instancename}"
|
||
log_end_msg 1
|
||
fi
|
||
}
|
||
|
||
enable_plack()
|
||
{
|
||
local instancename=$1
|
||
local instancefile=$(get_apache_config_for "$instancename")
|
||
|
||
alreadyopac=0
|
||
alreadyintra=0
|
||
failopac=0
|
||
failintra=0
|
||
if ! is_plack_enabled_opac $instancefile; then
|
||
# Uncomment the plack related lines for OPAC
|
||
sed -i 's:^\s*#\(\s*Include /etc/koha/apache-shared-opac-plack.conf\)$:\1:' "$instancefile"
|
||
if ! is_plack_enabled_opac $instancefile; then
|
||
[ "${quiet}" != "yes" ] && warn "Plack not enabled for ${instancename} OPAC"
|
||
failopac=1
|
||
else
|
||
[ "${quiet}" != "yes" ] && warn "Plack enabled for ${instancename} OPAC"
|
||
fi
|
||
else
|
||
[ "${quiet}" != "yes" ] && warn "Plack already enabled for ${instancename} OPAC"
|
||
alreadyopac=1
|
||
fi
|
||
if ! is_plack_enabled_intranet $instancefile; then
|
||
# Uncomment the plack related lines for intranet
|
||
sed -i 's:^\s*#\(\s*Include /etc/koha/apache-shared-intranet-plack.conf\)$:\1:' "$instancefile"
|
||
if ! is_plack_enabled_intranet $instancefile; then
|
||
[ "${quiet}" != "yes" ] && warn "Plack not enabled for ${instancename} Intranet"
|
||
failintra=1
|
||
else
|
||
[ "${quiet}" != "yes" ] && warn "Plack enabled for ${instancename} Intranet"
|
||
fi
|
||
else
|
||
[ "${quiet}" != "yes" ] && warn "Plack already enabled for ${instancename} Intranet"
|
||
alreadyintra=1
|
||
fi
|
||
|
||
# Fail if it was already plack enabled.
|
||
if [ $alreadyopac -eq 1 ] && [ $alreadyintra -eq 1 ] ; then
|
||
return 1
|
||
elif [ "$alreadyopac" != "$alreadyintra" ]; then
|
||
[ "${quiet}" != "yes" ] && warn "$instancename had a plack configuration error. Please confirm it is corrected."
|
||
fi
|
||
|
||
# Succeed if both or any plack were turned on.
|
||
if [ $failopac -eq 0 ] || [ $failintra -eq 0 ] ; then
|
||
return 0
|
||
else
|
||
return 1
|
||
fi
|
||
}
|
||
|
||
disable_plack()
|
||
{
|
||
local instancename=$1
|
||
local instancefile=$(get_apache_config_for "$instancename")
|
||
|
||
alreadyopac=0
|
||
alreadyintra=0
|
||
failopac=0
|
||
failintra=0
|
||
if is_plack_enabled_opac $instancefile ; then
|
||
# Comment the plack related lines for OPAC
|
||
sed -i 's:^\(\s*Include /etc/koha/apache-shared-opac-plack.conf\)$:#\1:' "$instancefile"
|
||
if is_plack_enabled_opac $instancefile ; then
|
||
[ "${quiet}" != "yes" ] && warn "Plack not disabled for ${instancename} OPAC"
|
||
failopac=1
|
||
else
|
||
[ "${quiet}" != "yes" ] && warn "Plack disabled for ${instancename} OPAC"
|
||
fi
|
||
else
|
||
[ "${quiet}" != "yes" ] && warn "Plack already disabled for ${instancename} OPAC"
|
||
alreadyopac=1
|
||
fi
|
||
if is_plack_enabled_intranet $instancefile; then
|
||
# Comment the plack related lines for intranet
|
||
sed -i 's:^\(\s*Include /etc/koha/apache-shared-intranet-plack.conf\)$:#\1:' "$instancefile"
|
||
if is_plack_enabled_intranet $instancefile; then
|
||
[ "${quiet}" != "yes" ] && warn "Plack not disabled for ${instancename} Intranet"
|
||
failintra=1
|
||
else
|
||
[ "${quiet}" != "yes" ] && warn "Plack disabled for ${instancename} Intranet"
|
||
fi
|
||
else
|
||
[ "${quiet}" != "yes" ] && warn "Plack already disabled for ${instancename} Intranet"
|
||
alreadyintra=1
|
||
fi
|
||
|
||
# Fail if it was already plack disabled.
|
||
if [ $alreadyopac -eq 1 ] && [ $alreadyintra -eq 1 ] ; then
|
||
return 1
|
||
elif [ "$alreadyopac" != "$alreadyintra" ]; then
|
||
[ "${quiet}" != "yes" ] && warn "$instancename had a plack configuration error. Please confirm it is corrected."
|
||
fi
|
||
|
||
# Succeed if both or any plack were turned off.
|
||
if [ $failopac -eq 0 ] || [ $failintra -eq 0 ] ; then
|
||
return 0
|
||
else
|
||
return 1
|
||
fi
|
||
}
|
||
|
||
check_env_and_warn()
|
||
{
|
||
local apache_version_ok="no"
|
||
local required_modules="headers proxy_http"
|
||
local missing_modules=""
|
||
|
||
if /usr/sbin/apache2ctl -v | grep -q "Server version: Apache/2.4"; then
|
||
apache_version_ok="yes"
|
||
fi
|
||
|
||
for module in ${required_modules}; do
|
||
if ! /usr/sbin/apachectl -M 2> /dev/null | grep -q ${module}; then
|
||
missing_modules="${missing_modules}${module} "
|
||
fi
|
||
done
|
||
|
||
if [ "${apache_version_ok}" != "yes" ]; then
|
||
warn "WARNING: koha-plack requires Apache 2.4.x and you don't have that."
|
||
fi
|
||
|
||
if [ "${missing_modules}" != "" ]; then
|
||
cat 1>&2 <<EOM
|
||
WARNING: koha-plack requires some Apache modules that you are missing.
|
||
You can install them with:
|
||
|
||
sudo a2enmod ${missing_modules}
|
||
|
||
EOM
|
||
|
||
fi
|
||
}
|
||
|
||
_check_and_fix_perms()
|
||
{
|
||
local instance=$1
|
||
|
||
local files="/var/log/koha/${instance}/plack.log \
|
||
/var/log/koha/${instance}/plack-error.log"
|
||
|
||
for file in ${files}
|
||
do
|
||
if [ ! -e "${file}" ]; then
|
||
touch ${file}
|
||
fi
|
||
chown "${instance}-koha":"${instance}-koha" ${file}
|
||
done
|
||
}
|
||
|
||
set_action()
|
||
{
|
||
if [ "$op" = "" ]; then
|
||
op=$1
|
||
else
|
||
die "Error: only one action can be specified."
|
||
fi
|
||
}
|
||
|
||
STARMAN=$(which starman)
|
||
op=""
|
||
quiet="no"
|
||
debug_mode="no"
|
||
debugger_key=""
|
||
debugger_location="localhost:9000"
|
||
debugger_path=""
|
||
|
||
# Read command line parameters
|
||
while [ $# -gt 0 ]; do
|
||
|
||
case "$1" in
|
||
-h|--help)
|
||
usage ; exit 0 ;;
|
||
-q|--quiet)
|
||
quiet="yes"
|
||
shift ;;
|
||
--start)
|
||
set_action "start"
|
||
shift ;;
|
||
--stop)
|
||
set_action "stop"
|
||
shift ;;
|
||
--restart)
|
||
set_action "restart"
|
||
shift ;;
|
||
--enable)
|
||
set_action "enable"
|
||
shift ;;
|
||
--disable)
|
||
set_action "disable"
|
||
shift ;;
|
||
--debugger)
|
||
debug_mode="yes"
|
||
shift ;;
|
||
--debugger-key)
|
||
debugger_key="$2"
|
||
shift 2 ;;
|
||
--debugger-location)
|
||
debugger_location="$2"
|
||
shift 2 ;;
|
||
--debugger-path)
|
||
debugger_path="$2"
|
||
shift 2 ;;
|
||
-*)
|
||
die "Error: invalid option switch ($1)" ;;
|
||
*)
|
||
# We expect the remaining stuff are the instance names
|
||
break ;;
|
||
esac
|
||
|
||
done
|
||
|
||
[ "${quiet}" != "yes" ] && check_env_and_warn
|
||
|
||
if [ $# -gt 0 ]; then
|
||
# We have at least one instance name
|
||
for name in "$@"; do
|
||
|
||
if is_instance $name; then
|
||
|
||
adjust_paths_dev_install $name
|
||
export DEV_INSTALL
|
||
export KOHA_HOME
|
||
PERL5LIB=$PERL5LIB:$KOHA_HOME/installer:$KOHA_HOME/lib/installer
|
||
# If debug mode is enabled, add the debugger lib path
|
||
# to PERL5LIB if appropriate
|
||
if [ "$debug_mode" = "yes" ]; then
|
||
if [ "$debugger_path" != "" ]; then
|
||
PERL5LIB="${debugger_path}":$PERL5LIB
|
||
fi
|
||
export PERL5DB="BEGIN { require q(${debugger_path}/perl5db.pl) }"
|
||
export PERLDB_OPTS="RemotePort=${debugger_location} async=1 LogFile=/var/log/koha/${name}/plack-debug.log"
|
||
export DBGP_IDEKEY=${debugger_key}
|
||
export PLACK_DEBUG=1
|
||
export PERL5OPT="-d"
|
||
fi
|
||
|
||
export PERL5LIB
|
||
|
||
case $op in
|
||
"start")
|
||
start_plack $name
|
||
;;
|
||
"stop")
|
||
stop_plack $name
|
||
;;
|
||
"restart")
|
||
restart_plack $name
|
||
;;
|
||
"enable")
|
||
enable_plack $name
|
||
;;
|
||
"disable")
|
||
disable_plack $name
|
||
;;
|
||
*)
|
||
usage
|
||
;;
|
||
esac
|
||
|
||
else
|
||
if [ "$quiet" = "no" ]; then
|
||
log_daemon_msg "Error: Invalid instance name $name"
|
||
log_end_msg 1
|
||
fi
|
||
fi
|
||
|
||
done
|
||
else
|
||
if [ "$quiet" = "no" ]; then
|
||
warn "Error: you must provide at least one instance name"
|
||
fi
|
||
fi
|
||
|
||
exit 0
|