[mirror_ovs.git] / debian / openvswitch-ipsec.init

#!/bin/sh
#
# Copyright (c) 2007, 2009 Javier Fernandez-Sanguino <jfs@debian.org>
#
# This is free software; you may redistribute it and/or modify
# it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2,
# or (at your option) any later version.
#
# This is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License with
# the Debian operating system, in /usr/share/common-licenses/GPL;  if
# not, write to the Free Software Foundation, Inc., 59 Temple Place,
# Suite 330, Boston, MA 02111-1307 USA
#
### BEGIN INIT INFO
# Provides:          openvswitch-ipsec
# Required-Start:    $network $local_fs $remote_fs openvswitch-switch
# Required-Stop:     $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Open vSwitch GRE-over-IPsec daemon
# Description:       The ovs-monitor-ipsec script provides support for encrypting GRE
#                    tunnels with IPsec.
### END INIT INFO

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

DAEMON=/usr/share/openvswitch/scripts/ovs-monitor-ipsec # Daemon's location
NAME=ovs-monitor-ipsec          # Introduce the short server's name here
LOGDIR=/var/log/openvswitch     # Log directory to use

PIDFILE=/var/run/openvswitch/$NAME.pid 

test -x $DAEMON || exit 0

. /lib/lsb/init-functions

DODTIME=10              # Time to wait for the server to die, in seconds
                        # If this value is set too low you might not
                        # let some servers to die gracefully and
                        # 'restart' will not work
                        
set -e

running_pid() {
# Check if a given process pid's cmdline matches a given name
    pid=$1
    name=$2
    [ -z "$pid" ] && return 1 
    [ ! -d /proc/$pid ] &&  return 1
    cmd=`cat /proc/$pid/cmdline | tr "\000" " "|cut -d " " -f 2`
    # Is this the expected server
    [ "$cmd" != "$name" ] &&  return 1
    return 0
}

running() {
# Check if the process is running looking at /proc
# (works for all users)

    # No pidfile, probably no daemon present
    [ ! -f "$PIDFILE" ] && return 1
    pid=`cat $PIDFILE`
    running_pid $pid $DAEMON || return 1
    return 0
}

uninstall_mark_rule() {
    iptables -D INPUT -t mangle $1 -j MARK --set-mark 1/1 || return 0
}

install_mark_rule() {
    if ( ! iptables -C INPUT -t mangle $1 -j MARK --set-mark 1/1 2> /dev/null); then
        iptables -A INPUT -t mangle $1 -j MARK --set-mark 1/1
    fi
}

start_server() {
    if [ ! -d /var/run/openvswitch ]; then
        install -d -m 755 -o root -g root /var/run/openvswitch
    fi

    install_mark_rule "-p esp"
    install_mark_rule "-p udp --dport 4500"
    /usr/share/openvswitch/scripts/ovs-monitor-ipsec \
           --pidfile=$PIDFILE --log-file --detach --monitor \
           unix:/var/run/openvswitch/db.sock

    return 0
}

stop_server() {
    if [ -e $PIDFILE ]; then
        kill `cat $PIDFILE`
    fi
    uninstall_mark_rule "-p esp"
    uninstall_mark_rule "-p udp --dport 4500"

    return 0
}

force_stop() {
# Force the process to die killing it manually
    [ ! -e "$PIDFILE" ] && return
    if running ; then
        kill -15 $pid
        # Is it really dead?
        sleep "$DODTIME"
        if running ; then
            kill -9 $pid
            sleep "$DODTIME"
            if running ; then
                echo "Cannot kill $NAME (pid=$pid)!"
                exit 1
            fi
        fi
    fi
    rm -f $PIDFILE
}


case "$1" in
  start)
        log_daemon_msg "Starting $NAME"
        # Check if it's running first
        if running ;  then
            log_progress_msg "apparently already running"
            log_end_msg 0
            exit 0
        fi
        if start_server && running ;  then
            # It's ok, the server started and is running
            log_end_msg 0
        else
            # Either we could not start it or it is not running
            # after we did
            # NOTE: Some servers might die some time after they start,
            # this code does not try to detect this and might give
            # a false positive (use 'status' for that)
            log_end_msg 1
        fi
        ;;
  stop)
        log_daemon_msg "Stopping $NAME"
        if running ; then
            # Only stop the server if we see it running
            stop_server
            log_end_msg $?
        else
            # If it's not running don't do anything
            log_progress_msg "apparently not running"
            log_end_msg 0
            exit 0
        fi
        ;;
  force-stop)
        # First try to stop gracefully the program
        $0 stop
        if running; then
            # If it's still running try to kill it more forcefully
            log_daemon_msg "Stopping (force) $NAME"
            force_stop
            log_end_msg $?
        fi
        ;;
  restart|force-reload)
        log_daemon_msg "Restarting $NAME"
        stop_server
        # Wait some sensible amount, some server need this
        [ -n "$DODTIME" ] && sleep $DODTIME
        start_server
        running
        log_end_msg $?
        ;;
  status)
        log_daemon_msg "Checking status of $NAME"
        if running ;  then
            log_progress_msg "running"
            log_end_msg 0
        else
            log_progress_msg "apparently not running"
            log_end_msg 1
            exit 1
        fi
        ;;
  # Use this if the daemon cannot reload
  reload)
        log_warning_msg "Reloading $NAME daemon: not implemented, as the daemon"
        log_warning_msg "cannot re-read the config file (use restart)."
        ;;
  *)
        N=/etc/init.d/openvswitch-ipsec
        echo "Usage: $N {start|stop|force-stop|restart|force-reload|status}" >&2
        exit 1
        ;;
esac

exit 0
Commit	Line	Data
a3acf0b0 JP	1	#!/bin/sh
	2	#
	3	# Copyright (c) 2007, 2009 Javier Fernandez-Sanguino <jfs@debian.org>
	4	#
	5	# This is free software; you may redistribute it and/or modify
	6	# it under the terms of the GNU General Public License as
	7	# published by the Free Software Foundation; either version 2,
	8	# or (at your option) any later version.
	9	#
	10	# This is distributed in the hope that it will be useful, but
	11	# WITHOUT ANY WARRANTY; without even the implied warranty of
	12	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	13	# GNU General Public License for more details.
	14	#
	15	# You should have received a copy of the GNU General Public License with
	16	# the Debian operating system, in /usr/share/common-licenses/GPL; if
	17	# not, write to the Free Software Foundation, Inc., 59 Temple Place,
	18	# Suite 330, Boston, MA 02111-1307 USA
	19	#
	20	### BEGIN INIT INFO
	21	# Provides: openvswitch-ipsec
bd9e5b0e	22	# Required-Start: $network $local_fs $remote_fs openvswitch-switch
a3acf0b0 JP	23	# Required-Stop: $remote_fs
	24	# Default-Start: 2 3 4 5
	25	# Default-Stop: 0 1 6
	26	# Short-Description: Open vSwitch GRE-over-IPsec daemon
1db6b185 TG	27	# Description: The ovs-monitor-ipsec script provides support for encrypting GRE
1db6b185 TG	28	# tunnels with IPsec.
a3acf0b0 JP	29	### END INIT INFO
	30
	31	PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
	32
	33	DAEMON=/usr/share/openvswitch/scripts/ovs-monitor-ipsec # Daemon's location
	34	NAME=ovs-monitor-ipsec # Introduce the short server's name here
	35	LOGDIR=/var/log/openvswitch # Log directory to use
	36
	37	PIDFILE=/var/run/openvswitch/$NAME.pid
	38
	39	test -x $DAEMON \|\| exit 0
	40
	41	. /lib/lsb/init-functions
	42
	43	DODTIME=10 # Time to wait for the server to die, in seconds
	44	# If this value is set too low you might not
	45	# let some servers to die gracefully and
	46	# 'restart' will not work
	47
	48	set -e
	49
	50	running_pid() {
	51	# Check if a given process pid's cmdline matches a given name
	52	pid=$1
	53	name=$2
	54	[ -z "$pid" ] && return 1
	55	[ ! -d /proc/$pid ] && return 1
	56	cmd=`cat /proc/$pid/cmdline \| tr "\000" " "\|cut -d " " -f 2`
	57	# Is this the expected server
	58	[ "$cmd" != "$name" ] && return 1
	59	return 0
	60	}
	61
	62	running() {
	63	# Check if the process is running looking at /proc
	64	# (works for all users)
	65
	66	# No pidfile, probably no daemon present
	67	[ ! -f "$PIDFILE" ] && return 1
	68	pid=`cat $PIDFILE`
	69	running_pid $pid $DAEMON \|\| return 1
	70	return 0
	71	}
	72
7849d3e4 AA	73	uninstall_mark_rule() {
	74	iptables -D INPUT -t mangle $1 -j MARK --set-mark 1/1 \|\| return 0
	75	}
	76
	77	install_mark_rule() {
	78	if ( ! iptables -C INPUT -t mangle $1 -j MARK --set-mark 1/1 2> /dev/null); then
	79	iptables -A INPUT -t mangle $1 -j MARK --set-mark 1/1
	80	fi
	81	}
	82
a3acf0b0	83	start_server() {
b0e62f3d JP	84	if [ ! -d /var/run/openvswitch ]; then
	85	install -d -m 755 -o root -g root /var/run/openvswitch
	86	fi
	87
7849d3e4 AA	88	install_mark_rule "-p esp"
7849d3e4 AA	89	install_mark_rule "-p udp --dport 4500"
00488a5e	90	/usr/share/openvswitch/scripts/ovs-monitor-ipsec \
65b23a2a	91	--pidfile=$PIDFILE --log-file --detach --monitor \
a3acf0b0 JP	92	unix:/var/run/openvswitch/db.sock
	93
	94	return 0
	95	}
	96
	97	stop_server() {
	98	if [ -e $PIDFILE ]; then
	99	kill `cat $PIDFILE`
	100	fi
7849d3e4 AA	101	uninstall_mark_rule "-p esp"
7849d3e4 AA	102	uninstall_mark_rule "-p udp --dport 4500"
a3acf0b0 JP	103
	104	return 0
	105	}
	106
	107	force_stop() {
	108	# Force the process to die killing it manually
	109	[ ! -e "$PIDFILE" ] && return
	110	if running ; then
	111	kill -15 $pid
	112	# Is it really dead?
97044604	113	sleep "$DODTIME"
a3acf0b0 JP	114	if running ; then
a3acf0b0 JP	115	kill -9 $pid
97044604	116	sleep "$DODTIME"
a3acf0b0 JP	117	if running ; then
	118	echo "Cannot kill $NAME (pid=$pid)!"
	119	exit 1
	120	fi
	121	fi
	122	fi
	123	rm -f $PIDFILE
	124	}
	125
	126
	127	case "$1" in
	128	start)
	129	log_daemon_msg "Starting $NAME"
	130	# Check if it's running first
	131	if running ; then
	132	log_progress_msg "apparently already running"
	133	log_end_msg 0
	134	exit 0
	135	fi
	136	if start_server && running ; then
	137	# It's ok, the server started and is running
	138	log_end_msg 0
	139	else
	140	# Either we could not start it or it is not running
	141	# after we did
	142	# NOTE: Some servers might die some time after they start,
	143	# this code does not try to detect this and might give
	144	# a false positive (use 'status' for that)
	145	log_end_msg 1
	146	fi
	147	;;
	148	stop)
	149	log_daemon_msg "Stopping $NAME"
	150	if running ; then
	151	# Only stop the server if we see it running
	152	stop_server
	153	log_end_msg $?
	154	else
	155	# If it's not running don't do anything
	156	log_progress_msg "apparently not running"
	157	log_end_msg 0
	158	exit 0
	159	fi
	160	;;
	161	force-stop)
	162	# First try to stop gracefully the program
	163	$0 stop
	164	if running; then
	165	# If it's still running try to kill it more forcefully
	166	log_daemon_msg "Stopping (force) $NAME"
	167	force_stop
	168	log_end_msg $?
	169	fi
	170	;;
	171	restart\|force-reload)
	172	log_daemon_msg "Restarting $NAME"
	173	stop_server
	174	# Wait some sensible amount, some server need this
97044604	175	[ -n "$DODTIME" ] && sleep $DODTIME
a3acf0b0 JP	176	start_server
	177	running
	178	log_end_msg $?
	179	;;
	180	status)
	181	log_daemon_msg "Checking status of $NAME"
	182	if running ; then
	183	log_progress_msg "running"
	184	log_end_msg 0
	185	else
	186	log_progress_msg "apparently not running"
	187	log_end_msg 1
	188	exit 1
	189	fi
	190	;;
	191	# Use this if the daemon cannot reload
	192	reload)
	193	log_warning_msg "Reloading $NAME daemon: not implemented, as the daemon"
	194	log_warning_msg "cannot re-read the config file (use restart)."
	195	;;
	196	*)
	197	N=/etc/init.d/openvswitch-ipsec
	198	echo "Usage: $N {start\|stop\|force-stop\|restart\|force-reload\|status}" >&2
	199	exit 1
	200	;;
	201	esac
	202
	203	exit 0