Setting tag myplc-5.3-3
[myplc.git] / plc.d / httpd
1 #!/bin/bash
2 #
3 # priority: 600
4 #
5 # Configure Apache web server
6 #
7 # Mark Huang <mlhuang@cs.princeton.edu>
8 # Copyright (C) 2006 The Trustees of Princeton University
9 #
10
11 # Source function library and configuration
12 . /etc/plc.d/functions
13 . /etc/planetlab/plc_config
14
15 # Be verbose
16 set -x
17
18 # Default locations
19 DocumentRoot=/var/www/html
20 php_ini=/etc/php.ini
21 httpd_conf=/etc/httpd/conf/httpd.conf
22 ssl_conf=/etc/httpd/conf.d/ssl.conf
23 plc_conf=/etc/httpd/conf.d/plc.conf
24
25 function disable_file () {
26     file=$1; shift
27     [ -f $file ] && mv -f $file $file.disabled
28 }
29 function enable_file () {
30     file=$1; shift
31     [ ! -f $file ] && mv -f $file.disabled $file
32 }
33
34 case "$1" in
35     start)
36         if [ "$PLC_API_ENABLED" != "1" -a \
37              "$PLC_BOOT_ENABLED" != "1" -a \
38              "$PLC_WWW_ENABLED" != "1" ] ; then
39             exit 0
40         fi
41
42         MESSAGE=$"Starting web server"
43         dialog "$MESSAGE"
44
45         # set document root - not really useful on fedora but just in case
46         sed -i -e "s@^DocumentRoot.*@DocumentRoot \"$DocumentRoot\"@" $httpd_conf
47         # whether WWW is enabled or not : 
48         if [ "$PLC_WWW_ENABLED" != "1" ] ; then
49             # avoid hitting drupal, that would try to connect to the db and create noise
50             disable_file $DocumentRoot/index.php
51         else
52             enable_file $DocumentRoot/index.php
53         fi
54
55         # Set the default include path
56         include_path=".:$DocumentRoot/planetlab/includes:$DocumentRoot/plekit/php:$DocumentRoot/generated:/etc/planetlab/php:/usr/share/plc_api/php"
57         sed -i -e "s@[;]*include_path = \"\.:.*\"@include_path = \"$include_path\"@" $php_ini
58
59         # Set open_basedir so as to avoid leaks
60         open_basedir="$DocumentRoot:/etc/planetlab/php:/usr/share/plc_api/php:/var/log/myslice:/var/tmp/bootmedium:/var/log/bm:/tmp"
61         sed -i -e "s@[;]*open_basedir =.*@open_basedir = \"$open_basedir\"@" $php_ini
62         
63         # for php-5.3 under fedora12, otherwise issues tons of warning messages
64         # Set timezone in php.ini if not already there
65         if grep '^;date.timezone' $php_ini >& /dev/null; then
66             dialog 'Setting PHP timezone to GMT'
67             sed -i -e 's,^;date.timezone.*,date.timezone = GMT,' $php_ini
68         fi
69
70         if grep '^short_open_tag = Off' $php_ini >& /dev/null; then
71             sed -i -e 's,^short_open_tag = Off,short_open_tag = On,' $php_ini
72         fi
73
74         # Disable default Listen directive
75         sed -i -e '/^Listen/d' $httpd_conf
76
77         plc_api_path_noslash=$(echo $PLC_API_PATH | sed -e s,/,,g)
78         # Set the port numbers
79         for server in WWW API BOOT ; do
80             enabled=PLC_${server}_ENABLED
81             if [ "${!enabled}" != "1" ] ; then
82                 continue
83             fi
84             hostname=PLC_${server}_HOST
85             http_port=PLC_${server}_PORT
86             https_port=PLC_${server}_SSL_PORT
87
88             # API should always be accessed via SSL
89             if [ "$server" = "API" ] ; then
90                 https_port=${!http_port}
91                 http_port=
92             fi
93
94             echo "# DBG server=$server hostname=${!hostname} http_port=${!http_port} https_port=${!https_port}"
95
96             # Check if we are already listening on these ports
97             skip_http=0
98             skip_https=0
99             for previous_server in WWW API BOOT ; do
100                 if [ "$server" = "$previous_server" ] ; then
101                     break
102                 fi
103                 previous_enabled=PLC_${previous_server}_ENABLED
104                 if [ "${!previous_enabled}" != "1" ] ; then
105                     continue
106                 fi
107                 previous_http_port=PLC_${previous_server}_PORT
108                 previous_https_port=PLC_${previous_server}_SSL_PORT
109
110                 if [ "${!http_port}" = "${!previous_http_port}" ] ; then
111                     skip_http=1
112                 fi
113                 if [ "${!https_port}" = "${!previous_https_port}" ] ; then
114                     skip_https=1
115                 fi
116             done
117
118             # HTTP configuration
119             if [ $skip_http -eq 0 -a -n "${!http_port}" ] ; then
120                 cat <<EOF
121 Listen ${!http_port}
122 <VirtualHost *:${!http_port}>
123     # Make sure that the admin web pages are always accessed via SSL
124     Redirect /db https://$PLC_WWW_HOST:$PLC_WWW_SSL_PORT/db
125     Redirect /planetlab https://$PLC_WWW_HOST:$PLC_WWW_SSL_PORT/planetlab
126 # as a matter of fact most xmlrpc clients won't follow the redirection
127 # so this is mostly rethorical, but just in case...
128    Redirect /$plc_api_path_noslash https://$PLC_WWW_HOST:$PLC_WWW_SSL_PORT/$plc_api_path_noslash
129 </VirtualHost>
130
131 EOF
132             fi
133
134             # HTTPS configuration
135             if [ $skip_https -eq 0 -a -n "${!https_port}" ] ; then
136                 # XXX Cannot support NameVirtualHost over SSL. If
137                 # the API, boot, and web servers are all running
138                 # on the same machine, the web server certificate
139                 # takes precedence.
140                 sed -i \
141                     -e "s/^Listen .*/Listen ${!https_port}/" \
142                     -e "s/<VirtualHost _default_:.*>/<VirtualHost _default_:${!https_port}>/" \
143                     $ssl_conf
144                 # this is used to locate the right certificates
145                 server_lower=$(echo $server | tr 'A-Z' 'a-z')
146
147                 # which one is used is currently configured in myplc.spec,
148                 # with mod_python preferred
149                 if rpm -q mod_python >& /dev/null ; then
150                     configure_for_mod_python=true
151                 elif rpm -q mod_wsgi >& /dev/null ; then
152                     configure_for_mod_wsgi=true
153                 else
154                     echo "Requires mod_python or mod_wsgi.... exiting"
155                     exit 1
156                 fi
157
158                 # It would be tempting to use <IfModule> here 
159                 # but early tests showed this could be tricky/fragile
160                 # So let's hard-wire it for one module
161                 # A lot of trial-and -error was involved in getting this that way...
162
163                 if [ -n "$configure_for_mod_python" ] ; then
164 #################### for mod_python
165                     cat <<EOF
166 # mod_python location
167 <Location /PLCAPI/>
168     SetHandler mod_python
169     PythonPath "sys.path + ['/usr/share/plc_api']"
170     PythonHandler apache.ModPython
171 </Location>
172 EOF
173
174                 elif [ -n "$configure_for_mod_wsgi" ] ; then
175 #################### for mod_wsgi
176                     cat <<EOF
177 # create wsgi socket where we have the permission
178 WSGISocketPrefix run/wsgi
179
180 <VirtualHost *:${!https_port}>
181
182    # SSL
183    SSLEngine On
184    SSLCertificateFile /etc/planetlab/${server_lower}_ssl.crt
185    SSLCertificateKeyFile /etc/planetlab/${server_lower}_ssl.key
186    SSLCertificateChainFile /etc/planetlab/${server_lower}_ca_ssl.crt
187
188    WSGIScriptAlias /$plc_api_path_noslash /usr/share/plc_api/apache/plc.wsgi
189 # xxx would be cool to be able to tweak this through config
190    WSGIDaemonProcess plcapi-wsgi-ssl user=apache group=apache processes=1 threads=25
191    WSGIProcessGroup plcapi-wsgi-ssl
192
193    <Directory "/usr/share/plc_api/apache">
194       Options +ExecCGI
195       $(apache_allow)
196    </Directory>
197
198 </VirtualHost>
199 EOF
200                 fi
201             fi
202         done >$plc_conf
203
204         # Set custom Apache directives
205         (
206             # could be restricted to boot boxes but harmless..
207             cat <<EOF
208 AddType application/octet-stream .iso
209 AddType application/octet-stream .usb
210 EOF
211             # make sure /PLCAPI can't get accessed if API not enabled here
212             if [ "$PLC_API_ENABLED" != "1" ] ; then
213                 cat <<EOF
214 # mod_wsgi location
215 <Location $PLC_API_PATH>
216     $(apache_forbid)
217 </Location> 
218 EOF
219             fi
220
221             # redirect www requests if not on the right server
222             if [ "$PLC_WWW_ENABLED" != "1" ] ; then
223                 cat <<EOF
224 Redirect /index.html http://$PLC_WWW_HOST:$PLC_WWW_PORT/
225 EOF
226             fi
227         ) >>$plc_conf
228
229         # Make alpina-logs directory writable for bootmanager log upload
230         chown apache:apache $DocumentRoot/alpina-logs/nodes
231
232         # Make the Drupal files upload directory owned by Apache
233         mkdir -p $DocumentRoot/files
234         chown apache:apache $DocumentRoot/files
235
236         # Symlink any (real) files or directories in
237         # /data/var/www/html/* to /var/www/html/. We could descend
238         # into subdirectories, but the code to do so properly would be
239         # madness.
240         for file in /data/$DocumentRoot/* ; do
241             if [ -e "$file" -a ! -h "$file" ] ; then
242                 base=$(basename "$file")
243                 if [ ! -e "$DocumentRoot/$base" ] ; then
244                     ln -nsf "$file" "$DocumentRoot/$base"
245                 fi
246             fi
247         done
248
249         # Cleanup broken symlinks
250         for file in $DocumentRoot/* ; do
251             if [ -h "$file" -a ! -e "$file" ] ; then
252                 rm -f "$file"
253             fi
254         done
255
256         # Old style PHP constants
257         mkdir -p /etc/planetlab/php
258         cat >/etc/planetlab/php/site_constants.php <<"EOF"
259 <?php
260 include('plc_config.php');
261
262 define('PL_API_SERVER', PLC_API_HOST);
263 define('PL_API_PATH', PLC_API_PATH);
264 define('PL_API_PORT', PLC_API_PORT);
265 define('PL_API_CAPABILITY_AUTH_METHOD', 'capability');
266 define('PL_API_CAPABILITY_PASS', PLC_API_MAINTENANCE_PASSWORD);
267 define('PL_API_CAPABILITY_USERNAME', PLC_API_MAINTENANCE_USER);
268 define('WWW_BASE', PLC_WWW_HOST);
269 define('BOOT_BASE', PLC_BOOT_HOST);
270 define('DEBUG', PLC_WWW_DEBUG);
271 define('API_CALL_DEBUG', PLC_API_DEBUG);
272 define('SENDMAIL', PLC_MAIL_ENABLED);
273 define('PLANETLAB_SUPPORT_EMAIL', PLC_NAME . ' Support <' . PLC_MAIL_SUPPORT_ADDRESS . '>');
274 define('PLANETLAB_SUPPORT_EMAIL_ONLY', PLC_MAIL_SUPPORT_ADDRESS);
275 ?>
276 EOF
277
278         ## patch php.ini
279         # memory limit
280         sed -i -e 's,^memory_limit = 32M *;,memory_limit = 80M ; patch myplc -- ,' $php_ini 
281         # log_errors : is On by default
282         # error_log
283         if ! grep '^error_log *=' $php_ini > /dev/null ; then
284           echo 'error_log = /var/log/php.log' >> $php_ini
285           touch /var/log/php.log
286           chmod 666 /var/log/php.log
287         fi
288
289         plc_daemon httpd
290         check
291
292         result "$MESSAGE"
293         ;;
294
295     stop)
296         MESSAGE=$"Stopping web server"
297         dialog "$MESSAGE"
298
299         killproc plc_httpd
300         check
301
302         result "$MESSAGE"
303         ;;
304 esac
305
306 exit $ERRORS