#! /bin/sh

# globus-gatekeeper Authorize and execute a grid service
# chkconfig: 235 20 80

### BEGIN INIT INFO
# Provides:          globus-gatekeeper
# Required-Start:    $remote_fs $network $time
# Required-Stop:     $remote_fs $network
# Default-Start:     2 3 5
# Default-Stop:      0 1 4 6
# Short-Description: Globus Gatekeeper
# Description:       The Globus Gatekeeper service authenticates network
#                    connections using an SSL-based protocol and then
#                    starts service instances on the remote user's behalf.
#                    It is part of the Grid Community Toolkit
### END INIT INFO

#
# Copyright 1999-2010 University of Chicago
# 
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# 
# http://www.apache.org/licenses/LICENSE-2.0
# 
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

prefix="${GLOBUS_LOCATION-/usr}"
exec_prefix="/usr"
sbindir="/usr/sbin"
bindir="/usr/bin"
libdir="/usr/lib64"
includedir="/usr/include/globus"
datarootdir="${prefix}/share"
datadir="/usr/share"
libexecdir="/usr/share/globus"
sysconfdir="/etc"
sharedstatedir="/usr/com"
localstatedir="/var"

if [ -r ${libexecdir}/globus-script-initializer ]; then
    . ${libexecdir}/globus-script-initializer
else
    echo "Unable to locate globus-script-initializer" 1>&2
    exit 1
fi

GLOBUS_GATEKEEPER_CONFIG=${GLOBUS_GATEKEEPER_CONFIG:-/var/adm/fillup-templates/sysconfig.globus-gatekeeper}
test -f "${GLOBUS_GATEKEEPER_CONFIG}" && . "${GLOBUS_GATEKEEPER_CONFIG}"
prog="${sbindir}/globus-gatekeeper"
progname="globus-gatekeeper"
lockfile="/var/lock/subsys/globus-gatekeeper"

. /lib/lsb/init-functions

GLOBUS_GATEKEEPER_PIDFILE="${GLOBUS_GATEKEEPER_PIDFILE:-${localstatedir}/run/globus-gatekeeper.pid}"
GLOBUS_GATEKEEPER_PORT="${GLOBUS_GATEKEEPER_PORT:-2119}"


start()
{
    cert="${GLOBUS_GATEKEEPER_CERT_FILE:-${sysconfdir}/grid-security/hostcert.pem}"
    if [ ! -f $cert ]; then
        echo "Error: Gatekeeper's certificate file ($cert) is missing."
        log_failure_msg "Failed to start globus-gatekeeper"
        exit 6
    fi

    key="${GLOBUS_GATEKEEPER_KEY_FILE:-${sysconfdir}/grid-security/hostkey.pem}"
    if [ ! -f $key ]; then
        echo "Error: Gatekeeper's private key file is ($key) is missing."
        log_failure_msg "Failed to start globus-gatekeeper"
        exit 6
    fi
    
    if [ "${GLOBUS_GATEKEEPER_KERBEROS_ENABLED:-false}" = "true" ]; then
        kflag="-k"
    else
        kflag=""
    fi

    start_daemon \
        ${GLOBUS_GATEKEEPER_NICE_LEVEL:+-n "${GLOBUS_GATEKEEPER_NICE_LEVEL}"} \
        "$prog" \
        -pidfile ${GLOBUS_GATEKEEPER_PIDFILE} \
        ${GLOBUS_GATEKEEPER_LOG_FACILITY:+-lf "$GLOBUS_GATEKEEPER_LOG_FACILITY"} \
        ${GLOBUS_GATEKEEPER_PORT:+-p ${GLOBUS_GATEKEEPER_PORT}} \
        ${GLOBUS_GATEKEEPER_LOG:+-l "${GLOBUS_GATEKEEPER_LOG}"} \
        ${GLOBUS_GATEKEEPER_GRID_SERVICES:+-grid_services "${GLOBUS_GATEKEEPER_GRID_SERVICES}"} \
        ${GLOBUS_GATEKEEPER_GRIDMAP:+-gridmap "${GLOBUS_GATEKEEPER_GRIDMAP}"} \
        ${GLOBUS_GATEKEEPER_CERT_DIR:+-x509_cert_dir "${GLOBUS_GATEKEEPER_CERT_DIR}"} \
        ${GLOBUS_GATEKEEPER_CERT_FILE:+-x509_user_cert "${GLOBUS_GATEKEEPER_CERT_FILE}"} \
        ${GLOBUS_GATEKEEPER_KEY_FILE:+-x509_user_key "${GLOBUS_GATEKEEPER_KEY_FILE}"} \
        $kflag \
        ${GLOBUS_GATEKEEPER_KMAP:+-globuskmap "${GLOBUS_GATEKEEPER_KMAP}"} \
        > /dev/null
    rc=$?
    if [ $rc = 0 ]; then
        log_success_msg "Started globus-gatekeeper"
        touch "$lockfile"
    else
        log_failure_msg "Failed to start globus-gatekeeper"
    fi
    return $rc
}

stop()
{
    killproc -p "${GLOBUS_GATEKEEPER_PIDFILE}" "${prog}"
    rc=$?
    if [ $rc = 0 ]; then
        log_success_msg "Stopped globus-gatekeeper"
        rm -f "$lockfile"
    else
        log_failure_msg "Failed to stop globus-gatekeeper"
    fi
    return $rc
}

restart()
{
    stop
    start
}

status()
{
    pid="$(pidofproc -p "${GLOBUS_GATEKEEPER_PIDFILE}" "${prog}")"
    rc=$?
    case $rc in
        0)
            echo "$progname is running (pid=$pid)"
            ;;
        1)
            echo "Stale PID file for $progname"
            ;;
        2|3)
            if [ -f "${lockfile}" ]; then
                echo "Stale lock file for $progname"
            else
                echo "$progname is not running"
            fi
            ;;
        4)
            # Debian pidofproc returns 4 when pid file is specified
            # but does not exist. LSB Spec says:
            # If the -p pidfile option is specified and the named pidfile
            # does not exist, the functions shall assume that the daemon is
            # not running.
            if [ ! -f "${GLOBUS_GATEKEEPER_PIDFILE}" ]; then
                echo "$progname is not running"
                rc=0
            fi
            ;;
        *)
            echo "Unknown status for $progname"
            ;;
    esac

    return $rc
}

case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    restart)
        restart
        ;;
    reload)
        exit 0
        ;;
    force-reload)
        restart
        ;;
    status)
        status
        ;;
    condrestart|try-restart)
        status || exit 0
        restart
        ;;
    *)
        echo "Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
        exit 2
esac
