]>
Commit | Line | Data |
---|---|---|
a3acf0b0 JP |
1 | #!/bin/sh |
2 | # | |
3 | # Copyright (c) 2007, 2009 Javier Fernandez-Sanguino <jfs@debian.org> | |
4 | # | |
5 | # This is free software; you may redistribute it and/or modify | |
6 | # it under the terms of the GNU General Public License as | |
7 | # published by the Free Software Foundation; either version 2, | |
8 | # or (at your option) any later version. | |
9 | # | |
10 | # This is distributed in the hope that it will be useful, but | |
11 | # WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
13 | # GNU General Public License for more details. | |
14 | # | |
15 | # You should have received a copy of the GNU General Public License with | |
16 | # the Debian operating system, in /usr/share/common-licenses/GPL; if | |
17 | # not, write to the Free Software Foundation, Inc., 59 Temple Place, | |
18 | # Suite 330, Boston, MA 02111-1307 USA | |
19 | # | |
20 | ### BEGIN INIT INFO | |
21 | # Provides: openvswitch-ipsec | |
bd9e5b0e | 22 | # Required-Start: $network $local_fs $remote_fs openvswitch-switch |
a3acf0b0 JP |
23 | # Required-Stop: $remote_fs |
24 | # Default-Start: 2 3 4 5 | |
25 | # Default-Stop: 0 1 6 | |
26 | # Short-Description: Open vSwitch GRE-over-IPsec daemon | |
1db6b185 TG |
27 | # Description: The ovs-monitor-ipsec script provides support for encrypting GRE |
28 | # tunnels with IPsec. | |
a3acf0b0 JP |
29 | ### END INIT INFO |
30 | ||
31 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin | |
32 | ||
33 | DAEMON=/usr/share/openvswitch/scripts/ovs-monitor-ipsec # Daemon's location | |
34 | NAME=ovs-monitor-ipsec # Introduce the short server's name here | |
35 | LOGDIR=/var/log/openvswitch # Log directory to use | |
36 | ||
37 | PIDFILE=/var/run/openvswitch/$NAME.pid | |
38 | ||
39 | test -x $DAEMON || exit 0 | |
40 | ||
41 | . /lib/lsb/init-functions | |
42 | ||
43 | DODTIME=10 # Time to wait for the server to die, in seconds | |
44 | # If this value is set too low you might not | |
45 | # let some servers to die gracefully and | |
46 | # 'restart' will not work | |
47 | ||
48 | set -e | |
49 | ||
50 | running_pid() { | |
51 | # Check if a given process pid's cmdline matches a given name | |
52 | pid=$1 | |
53 | name=$2 | |
54 | [ -z "$pid" ] && return 1 | |
55 | [ ! -d /proc/$pid ] && return 1 | |
56 | cmd=`cat /proc/$pid/cmdline | tr "\000" " "|cut -d " " -f 2` | |
57 | # Is this the expected server | |
58 | [ "$cmd" != "$name" ] && return 1 | |
59 | return 0 | |
60 | } | |
61 | ||
62 | running() { | |
63 | # Check if the process is running looking at /proc | |
64 | # (works for all users) | |
65 | ||
66 | # No pidfile, probably no daemon present | |
67 | [ ! -f "$PIDFILE" ] && return 1 | |
68 | pid=`cat $PIDFILE` | |
69 | running_pid $pid $DAEMON || return 1 | |
70 | return 0 | |
71 | } | |
72 | ||
7849d3e4 AA |
73 | uninstall_mark_rule() { |
74 | iptables -D INPUT -t mangle $1 -j MARK --set-mark 1/1 || return 0 | |
75 | } | |
76 | ||
77 | install_mark_rule() { | |
78 | if ( ! iptables -C INPUT -t mangle $1 -j MARK --set-mark 1/1 2> /dev/null); then | |
79 | iptables -A INPUT -t mangle $1 -j MARK --set-mark 1/1 | |
80 | fi | |
81 | } | |
82 | ||
a3acf0b0 | 83 | start_server() { |
b0e62f3d JP |
84 | if [ ! -d /var/run/openvswitch ]; then |
85 | install -d -m 755 -o root -g root /var/run/openvswitch | |
86 | fi | |
87 | ||
7849d3e4 AA |
88 | install_mark_rule "-p esp" |
89 | install_mark_rule "-p udp --dport 4500" | |
00488a5e | 90 | /usr/share/openvswitch/scripts/ovs-monitor-ipsec \ |
65b23a2a | 91 | --pidfile=$PIDFILE --log-file --detach --monitor \ |
a3acf0b0 JP |
92 | unix:/var/run/openvswitch/db.sock |
93 | ||
94 | return 0 | |
95 | } | |
96 | ||
97 | stop_server() { | |
98 | if [ -e $PIDFILE ]; then | |
99 | kill `cat $PIDFILE` | |
100 | fi | |
7849d3e4 AA |
101 | uninstall_mark_rule "-p esp" |
102 | uninstall_mark_rule "-p udp --dport 4500" | |
a3acf0b0 JP |
103 | |
104 | return 0 | |
105 | } | |
106 | ||
107 | force_stop() { | |
108 | # Force the process to die killing it manually | |
109 | [ ! -e "$PIDFILE" ] && return | |
110 | if running ; then | |
111 | kill -15 $pid | |
112 | # Is it really dead? | |
97044604 | 113 | sleep "$DODTIME" |
a3acf0b0 JP |
114 | if running ; then |
115 | kill -9 $pid | |
97044604 | 116 | sleep "$DODTIME" |
a3acf0b0 JP |
117 | if running ; then |
118 | echo "Cannot kill $NAME (pid=$pid)!" | |
119 | exit 1 | |
120 | fi | |
121 | fi | |
122 | fi | |
123 | rm -f $PIDFILE | |
124 | } | |
125 | ||
126 | ||
127 | case "$1" in | |
128 | start) | |
129 | log_daemon_msg "Starting $NAME" | |
130 | # Check if it's running first | |
131 | if running ; then | |
132 | log_progress_msg "apparently already running" | |
133 | log_end_msg 0 | |
134 | exit 0 | |
135 | fi | |
136 | if start_server && running ; then | |
137 | # It's ok, the server started and is running | |
138 | log_end_msg 0 | |
139 | else | |
140 | # Either we could not start it or it is not running | |
141 | # after we did | |
142 | # NOTE: Some servers might die some time after they start, | |
143 | # this code does not try to detect this and might give | |
144 | # a false positive (use 'status' for that) | |
145 | log_end_msg 1 | |
146 | fi | |
147 | ;; | |
148 | stop) | |
149 | log_daemon_msg "Stopping $NAME" | |
150 | if running ; then | |
151 | # Only stop the server if we see it running | |
152 | stop_server | |
153 | log_end_msg $? | |
154 | else | |
155 | # If it's not running don't do anything | |
156 | log_progress_msg "apparently not running" | |
157 | log_end_msg 0 | |
158 | exit 0 | |
159 | fi | |
160 | ;; | |
161 | force-stop) | |
162 | # First try to stop gracefully the program | |
163 | $0 stop | |
164 | if running; then | |
165 | # If it's still running try to kill it more forcefully | |
166 | log_daemon_msg "Stopping (force) $NAME" | |
167 | force_stop | |
168 | log_end_msg $? | |
169 | fi | |
170 | ;; | |
171 | restart|force-reload) | |
172 | log_daemon_msg "Restarting $NAME" | |
173 | stop_server | |
174 | # Wait some sensible amount, some server need this | |
97044604 | 175 | [ -n "$DODTIME" ] && sleep $DODTIME |
a3acf0b0 JP |
176 | start_server |
177 | running | |
178 | log_end_msg $? | |
179 | ;; | |
180 | status) | |
181 | log_daemon_msg "Checking status of $NAME" | |
182 | if running ; then | |
183 | log_progress_msg "running" | |
184 | log_end_msg 0 | |
185 | else | |
186 | log_progress_msg "apparently not running" | |
187 | log_end_msg 1 | |
188 | exit 1 | |
189 | fi | |
190 | ;; | |
191 | # Use this if the daemon cannot reload | |
192 | reload) | |
193 | log_warning_msg "Reloading $NAME daemon: not implemented, as the daemon" | |
194 | log_warning_msg "cannot re-read the config file (use restart)." | |
195 | ;; | |
196 | *) | |
197 | N=/etc/init.d/openvswitch-ipsec | |
198 | echo "Usage: $N {start|stop|force-stop|restart|force-reload|status}" >&2 | |
199 | exit 1 | |
200 | ;; | |
201 | esac | |
202 | ||
203 | exit 0 |