strongswan/strongswan.init.in

279 lines
8.6 KiB
Plaintext
Raw Normal View History

#!/bin/bash
#
# SUSE/LSB system startup script for strongswan ipsec
#
# Copyright (C) 2007 Marius Tomaschewski, SUSE / Novell Inc.
# based on /etc/init.d/skeleton.compat by Kurt Garloff.
#
# This library is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or (at
# your option) any later version.
#
# This library is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307,
# USA.
#
# /etc/init.d/ipsec
# and its symbolic link
# /usr/sbin/rcipsec
#
# LSB compatible service control script; see http://www.linuxbase.org/spec/
# Please send feedback to http://www.suse.de/feedback/
#
# Note: This script uses functions rc_XXX defined in /etc/rc.status on
# UnitedLinux/SUSE/Novell based Linux distributions. However, it shoule
# work on other distributions as well, by using the LSB (Linux Standard
# Base) or RH functions or by open coding the needed functions.
#
# chkconfig: 345 99 00
# description: StrongSwan IPsec
#
### BEGIN INIT INFO
# Provides: ipsec
# Required-Start: $syslog $remote_fs $named
# Should-Start: $time
# Required-Stop: $syslog $remote_fs $named
# Should-Stop: $time
# Default-Start: 3 4 5
# Default-Stop: 0 1 2 6
# Short-Description: StrongSwan IPsec
# Description: StrongSwan IPsec provides encrypted and authenticated
# communication via a unsafe network, such as the internet.
# This scripts loads the kernel modules and starts the user-space setup.
### END INIT INFO
# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
IPSEC_CMD="/usr/sbin/ipsec"
test -x $IPSEC_CMD || {
echo "$IPSEC_CMD not installed";
if [ "$1" = "stop" ]; then exit 0; else exit 5; fi;
}
IPSEC_STARTER="@libexecdir@/ipsec/starter"
test -x $IPSEC_STARTER || {
echo "$IPSEC_STARTER not installed";
if [ "$1" = "stop" ]; then exit 0; else exit 5; fi;
}
# The pid file of the ipsec starter
IPSEC_PIDFILE="/var/run/starter.pid"
# Check for existence of needed config files
IPSEC_CONFIG="/etc/ipsec.conf"
test -r $IPSEC_CONFIG || {
echo "$IPSEC_CONFIG not existing";
if [ "$1" = "stop" ]; then exit 0; else exit 6; fi;
}
IPSEC_SECRET="/etc/ipsec.secrets"
test -r $IPSEC_SECRET || {
echo "$IPSEC_SECRET not existing";
if [ "$1" = "stop" ]; then exit 0; else exit 6; fi;
}
# Source LSB init functions
# providing start_daemon, killproc, pidofproc,
# log_success_msg, log_failure_msg and log_warning_msg.
# This is currently not used by UnitedLinux based distributions and
# not needed for init scripts for UnitedLinux only. If it is used,
# the functions from rc.status should not be sourced or used.
#. /lib/lsb/init-functions
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
# Use the SUSE rc_ init script functions;
# emulate them on LSB, RH and other systems
# Default: Assume sysvinit binaries exist
start_daemon() { /sbin/start_daemon ${1+"$@"}; }
killproc() { /sbin/killproc ${1+"$@"}; }
pidofproc() { /sbin/pidofproc ${1+"$@"}; }
checkproc() { /sbin/checkproc ${1+"$@"}; }
if test -e /etc/rc.status; then
# SUSE rc script library
. /etc/rc.status
else
export LC_ALL=POSIX
_cmd=$1
declare -a _SMSG
if test "${_cmd}" = "status"; then
_SMSG=(running dead dead unused unknown reserved)
_RC_UNUSED=3
else
_SMSG=(done failed failed missed failed skipped unused failed failed reserved)
_RC_UNUSED=6
fi
if test -e /lib/lsb/init-functions; then
# LSB
. /lib/lsb/init-functions
echo_rc()
{
if test ${_RC_RV} = 0; then
log_success_msg " [${_SMSG[${_RC_RV}]}] "
else
log_failure_msg " [${_SMSG[${_RC_RV}]}] "
fi
}
# TODO: Add checking for lockfiles
checkproc() { pidofproc ${1+"$@"} >/dev/null 2>&1; }
elif test -e /etc/init.d/functions; then
# RHAT
. /etc/init.d/functions
echo_rc()
{
#echo -n " [${_SMSG[${_RC_RV}]}] "
if test ${_RC_RV} = 0; then
success " [${_SMSG[${_RC_RV}]}] "
else
failure " [${_SMSG[${_RC_RV}]}] "
fi
}
checkproc() { status ${1+"$@"}; }
start_daemon() { daemon ${1+"$@"}; }
else
# emulate it
echo_rc() { echo " [${_SMSG[${_RC_RV}]}] "; }
fi
rc_reset() { _RC_RV=0; }
rc_failed()
{
if test -z "$1"; then
_RC_RV=1;
elif test "$1" != "0"; then
_RC_RV=$1;
fi
return ${_RC_RV}
}
rc_check()
{
rc_failed $?
}
rc_status()
{
rc_failed $?
if test "$1" = "-r"; then _RC_RV=0; shift; fi
if test "$1" = "-s"; then rc_failed 5; echo_rc; rc_failed 3; shift; fi
if test "$1" = "-u"; then rc_failed ${_RC_UNUSED}; echo_rc; rc_failed 3; shift; fi
if test "$1" = "-v"; then echo_rc; shift; fi
if test "$1" = "-r"; then _RC_RV=0; shift; fi
return ${_RC_RV}
}
rc_exit() { exit ${_RC_RV}; }
rc_active()
{
local x
for x in /etc/rc.d/rc[0-9].d/S[0-9][0-9]${1} ; do
test -e $x && return 0 || break
done
return 1
}
fi
# Reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - user had insufficient privileges
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.
case "$1" in
start)
$IPSEC_CMD start 2>&1 | sed -e "s/ -- .*//g"
rc_status -v1
;;
stop)
$IPSEC_CMD stop 2>&1
rc_status -v1
;;
try-restart|condrestart)
## Do a restart only if the service was active before.
## Note: try-restart is now part of LSB (as of 1.9).
## RH has a similar command named condrestart.
if test "$1" = "condrestart"; then
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
fi
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
# Remember status and be quiet
rc_status
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
sleep 2
$0 start
# Remember status and be quiet
rc_status
;;
reload|force-reload)
$IPSEC_CMD reload
rc_status -v1
;;
status)
# Return value is slightly different for the status command:
# 0 - service up and running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running (unused)
# 4 - service status unknown :-(
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
echo -n "Checking for service strongSwan IPsec "
#checkproc $IPSEC_STARTER
$IPSEC_CMD status 2>&1 >/dev/null
# NOTE: rc_status knows that we called this init script with
# "status" option and adapts its messages accordingly.
rc_status -v
;;
probe)
## Optional: Probe for the necessity of a reload, print out the
## argument to this init script which is required for a reload.
## Note: probe is not (yet) part of LSB (as of 1.9)
test $IPSEC_CONFIG -nt $IPSEC_PIDFILE || \
test $IPSEC_SECRET -nt $IPSEC_PIDFILE && echo reload
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit