#!/bin/bash

# globus-gatekeeper
#
# chkconfig: - 20 80
# description: Authorize and execute a grid service

### BEGIN INIT INFO
# Provides:          globus-gatekeeper
# Required-Start:    $remote_fs $network $time
# Required-Stop:     $remote_fs $network
# Default-Stop:      0 1 2 3 4 5 6
# Short-Description: Globus Gatekeeper
# Description:       The Globus Gatekeeper service authenticates network
#                    connections using an SSL-based protocol and then
#                    starts service instances on the remote user's behalf.
#                    It is part of the Globus Toolkit(tm)
### END INIT INFO

# Copyright 1999-2010 University of Chicago
# 
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# 
# http://www.apache.org/licenses/LICENSE-2.0
# 
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

progname=globus-gatekeeper
prog=/usr/sbin/${progname}

if [ -r /etc/sysconfig/globus-gatekeeper ] ; then
    . /etc/sysconfig/globus-gatekeeper
fi

test -f ${prog} || exit 0

lockfile=/var/lock/subsys/${progname}

GLOBUS_GATEKEEPER_PIDFILE="${GLOBUS_GATEKEEPER_PIDFILE:-/var/run/${progname}.pid}"
GLOBUS_GATEKEEPER_PORT="${GLOBUS_GATEKEEPER_PORT:-2119}"

start() {
    status > /dev/null
    rc=$?

    if [ $rc -eq 0 ]; then
        echo "$progname is already running"
        return 0
    fi

    cert="${GLOBUS_GATEKEEPER_CERT_FILE:-/etc/grid-security/hostcert.pem}"
    if [ ! -f $cert ]; then
        echo "Error: Gatekeeper's certificate file ($cert) is missing."
        echo "Failed to start globus-gatekeeper"
        exit 6
    fi

    key="${GLOBUS_GATEKEEPER_KEY_FILE:-/etc/grid-security/hostkey.pem}"
    if [ ! -f $key ]; then
        echo "Error: Gatekeeper's private key file is ($key) is missing."
        echo "Failed to start globus-gatekeeper"
        exit 6
    fi

    if [ "${GLOBUS_GATEKEEPER_KERBEROS_ENABLED:-false}" = "true" ]; then
        kflag="-k"
    else
        kflag=""
    fi

    ${GLOBUS_GATEKEEPER_NICE_LEVEL:+nice -n "${GLOBUS_GATEKEEPER_NICE_LEVEL}"} \
    ${prog} \
        -pidfile "${GLOBUS_GATEKEEPER_PIDFILE}" \
        ${GLOBUS_GATEKEEPER_LOG_FACILITY:+-lf "$GLOBUS_GATEKEEPER_LOG_FACILITY"} \
        ${GLOBUS_GATEKEEPER_PORT:+-p "${GLOBUS_GATEKEEPER_PORT}"} \
        ${GLOBUS_GATEKEEPER_LOG:+-l "${GLOBUS_GATEKEEPER_LOG}"} \
        ${GLOBUS_GATEKEEPER_GRID_SERVICES:+-grid_services "${GLOBUS_GATEKEEPER_GRID_SERVICES}"} \
        ${GLOBUS_GATEKEEPER_GRIDMAP:+-gridmap "${GLOBUS_GATEKEEPER_GRIDMAP}"} \
        ${GLOBUS_GATEKEEPER_CERT_DIR:+-x509_cert_dir "${GLOBUS_GATEKEEPER_CERT_DIR}"} \
        ${GLOBUS_GATEKEEPER_CERT_FILE:+-x509_user_cert "${GLOBUS_GATEKEEPER_CERT_FILE}"} \
        ${GLOBUS_GATEKEEPER_KEY_FILE:+-x509_user_key "${GLOBUS_GATEKEEPER_KEY_FILE}"} \
        $kflag \
        ${GLOBUS_GATEKEEPER_KMAP:+-globuskmap "${GLOBUS_GATEKEEPER_KMAP}"} \
        > /dev/null
    rc=$?

    if [ "$rc" = 0 ]; then
        echo "Started globus-gatekeeper"
        touch "$lockfile"
    else
        echo "Failed to start globus-gatekeeper"
    fi

    return $rc;
}

stop() {
    if test -f "${GLOBUS_GATEKEEPER_PIDFILE}"; then
        read pid < "${GLOBUS_GATEKEEPER_PIDFILE}" 2> /dev/null
        if [ "$pid" -gt 0 ] 2> /dev/null; then
            if kill -0 "${pid}" 2> /dev/null; then
                kill -TERM "${pid}"

                if sleep 1 && kill -0 "${pid}" 2> /dev/null && sleep 3 && kill -0 "${pid}" 2> /dev/null;then
                    kill -KILL "${pid}"
                fi

                if kill -0 "${pid}" 2> /dev/null; then
                    echo "Failed to stop globus-gatekeeper"
                    return 1
                else
                    echo "Stopped globus-gatekeeper"
                fi

            fi
        fi
        rm -f "${GLOBUS_GATEKEEPER_PIDFILE}"
        rm -f "$lockfile"
    else
        echo "$progname is not running"
        return 0
    fi
}

restart() {
    stop
    start
}

status() {
    if test -f "${GLOBUS_GATEKEEPER_PIDFILE}"; then
        read pid <"${GLOBUS_GATEKEEPER_PIDFILE}" 2>/dev/null
        if [ "$pid" -gt 0 ] 2> /dev/null; then
            if ps -p "$pid" > /dev/null; then
                echo "globus-gatekeeper is running (pid=$pid)"
                return 0
            else
                echo "Stale PID file for globus-gatekeeper"
                return 1
            fi
        fi
    elif test -f "${lockfile}"; then
        echo "Stale lock file for globus-gatekeeper"
        return 2
    else
        echo "globus-gatekeeper is not running"
        return 3
    fi
}

case "$1" in
    start)
        start
        ;;

    stop)
        stop
        ;;

    restart)
        restart
        ;;

    reload)
        exit 0
        ;;

    force-reload)
        restart
        ;;
    status)
        status
        ;;
    condrestart|try-restart)
        status || exit 0
        restart
        ;;
    *)
        echo "Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
        exit 2
esac