diff options
Diffstat (limited to 'qpid/cpp/etc')
| -rw-r--r-- | qpid/cpp/etc/CMakeLists.txt | 57 | ||||
| -rw-r--r-- | qpid/cpp/etc/cluster.conf-example.xml.in | 90 | ||||
| -rw-r--r-- | qpid/cpp/etc/emacs/qpid-c++-mode.el | 226 | ||||
| -rw-r--r-- | qpid/cpp/etc/qpidc.conf | 26 | ||||
| -rwxr-xr-x | qpid/cpp/etc/qpidd-primary.in | 113 | ||||
| -rw-r--r-- | qpid/cpp/etc/qpidd.conf | 24 | ||||
| -rwxr-xr-x | qpid/cpp/etc/qpidd.in | 168 | ||||
| -rw-r--r-- | qpid/cpp/etc/sasl2/qpidd.conf | 82 | ||||
| -rw-r--r-- | qpid/cpp/etc/selinux/.gitignore | 26 | ||||
| -rw-r--r-- | qpid/cpp/etc/selinux/qpidd.te | 49 | ||||
| -rw-r--r-- | qpid/cpp/etc/selinux/qpiddevel.te | 54 |
11 files changed, 915 insertions, 0 deletions
diff --git a/qpid/cpp/etc/CMakeLists.txt b/qpid/cpp/etc/CMakeLists.txt new file mode 100644 index 0000000000..c39257e6cc --- /dev/null +++ b/qpid/cpp/etc/CMakeLists.txt @@ -0,0 +1,57 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +if (UNIX) + + # Use absolute paths as these are substituted into init scripts. + set_absolute_install_path (bindir ${QPID_INSTALL_BINDIR}) + set_absolute_install_path (sysconfdir ${SYSCONF_INSTALL_DIR}) + set_absolute_install_path (sbindir ${QPID_INSTALL_SBINDIR}) + set_absolute_install_path (initdir ${QPID_INSTALL_INITDDIR}) + set_absolute_install_path (confdir ${QPID_INSTALL_CONFDIR}) + + configure_file(qpidd.in + ${CMAKE_CURRENT_BINARY_DIR}/qpidd + @ONLY) + + configure_file(qpidd-primary.in + ${CMAKE_CURRENT_BINARY_DIR}/qpidd-primary + @ONLY) + +install(FILES ${CMAKE_CURRENT_BINARY_DIR}/qpidd ${CMAKE_CURRENT_BINARY_DIR}/qpidd-primary + PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE + DESTINATION ${QPID_INSTALL_INITDDIR} + COMPONENT ${QPID_COMPONENT_BROKER}) +endif (UNIX) + +install(FILES qpidc.conf + DESTINATION ${QPID_INSTALL_CONFDIR} + COMPONENT ${QPID_COMPONENT_CLIENT}) + +install(FILES qpidd.conf + DESTINATION ${QPID_INSTALL_CONFDIR} + COMPONENT ${QPID_COMPONENT_BROKER}) + +if (BUILD_SASL) + install(FILES sasl2/qpidd.conf + DESTINATION ${QPID_INSTALL_SASLDIR} + COMPONENT ${QPID_COMPONENT_BROKER} + RENAME ${QPID_BROKER_SASL_NAME}.conf) +endif (BUILD_SASL) + diff --git a/qpid/cpp/etc/cluster.conf-example.xml.in b/qpid/cpp/etc/cluster.conf-example.xml.in new file mode 100644 index 0000000000..d6f0c082af --- /dev/null +++ b/qpid/cpp/etc/cluster.conf-example.xml.in @@ -0,0 +1,90 @@ +<?xml version="1.0"?> + +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> + +<!-- +This is an example of a cluster.conf file to run qpidd HA under rgmanager. +This example assumes a 3 node cluster, with nodes named node1, node2 and node3. + +NOTE: fencing is not shown, it should be configured in a real cluster configuration. +--> + +<cluster name="qpid-test" config_version="18"> + <!-- The cluster has 3 nodes. Each has a unique nodid and one vote + for quorum. --> + <clusternodes> + <clusternode name="node1.example.com" nodeid="1"/> + <clusternode name="node2.example.com" nodeid="2"/> + <clusternode name="node3.example.com" nodeid="3"/> + </clusternodes> + <!-- Resouce Manager configuration. --> + <rm> + <!-- + There is a failoverdomain for each node containing just that node. + This lets us stipulate that the qpidd service should always run on each node. + --> + <failoverdomains> + <failoverdomain name="node1-domain" restricted="1"> + <failoverdomainnode name="node1.example.com"/> + </failoverdomain> + <failoverdomain name="node2-domain" restricted="1"> + <failoverdomainnode name="node2.example.com"/> + </failoverdomain> + <failoverdomain name="node3-domain" restricted="1"> + <failoverdomainnode name="node3.example.com"/> + </failoverdomain> + </failoverdomains> + + <resources> + <!-- This script starts a qpidd broker acting as a backup. --> + <script file="!!sysconfdir!!/init.d/qpidd" name="qpidd"/> + + <!-- This script promotes the qpidd broker on this node to primary. --> + <script file="!!sysconfdir!!/init.d/qpidd-primary" name="qpidd-primary"/> + + <!-- This is a virtual IP address for broker replication traffic. --> + <ip address="20.0.10.200" monitor_link="1"/> + + <!-- This is a virtual IP address on a seprate network for client traffic. --> + <ip address="20.0.20.200" monitor_link="1"/> + </resources> + + <!-- There is a qpidd service on each node, it should be restarted if it fails. --> + <service name="node1-qpidd-service" domain="node1-domain" recovery="restart"> + <script ref="qpidd"/> + </service> + <service name="node2-qpidd-service" domain="node2-domain" recovery="restart"> + <script ref="qpidd"/> + </service> + <service name="node3-qpidd-service" domain="node3-domain" recovery="restart"> + <script ref="qpidd"/> + </service> + + <!-- There should always be a single qpidd-primary service, it can run on any node. --> + <service name="qpidd-primary-service" autostart="1" exclusive="0" recovery="relocate"> + <script ref="qpidd-primary"/> + <!-- The primary has the IP addresses for brokers and clients to connect. --> + <ip ref="20.0.10.200"/> + <ip ref="20.0.20.200"/> + </service> + </rm> + <fencedevices/> + <fence_daemon clean_start="0" post_fail_delay="0" post_join_delay="3"/> +</cluster> diff --git a/qpid/cpp/etc/emacs/qpid-c++-mode.el b/qpid/cpp/etc/emacs/qpid-c++-mode.el new file mode 100644 index 0000000000..ed1b4aa44b --- /dev/null +++ b/qpid/cpp/etc/emacs/qpid-c++-mode.el @@ -0,0 +1,226 @@ +;;; qpid-c++-mode.el --- Qpid specific c++-mode customizations. + +;; +;; Licensed to the Apache Software Foundation (ASF) under one or more +;; contributor license agreements. See the NOTICE file distributed +;; with this work for additional information regarding copyright +;; ownership. The ASF licenses this file to you under the Apache +;; License, Version 2.0 (the * "License") ; you may not use this file +;; except in compliance with the License. You may obtain a copy of +;; the License at +;; +;; http://www.apache.org/licenses/LICENSE-2.0 +;; +;; Unless required by applicable law or agreed to in writing, software +;; distributed under the License is distributed on an "AS IS" BASIS, +;; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +;; implied. See the License for the specific language governing +;; permissions and limitations under the License. +;; + +;;;===================================================================== +;;; Commentary: +;; +;; C++ customizations to make c++ mode follow the Qpid style guidelines, +;; along with some other handy functions to generate initial starting point +;; .h and .cpp files etc. +;; +;; I have this in my .emacs: +;; (add-to-list 'auto-mode-alist '("\\.h$" . c++-mode)) +;; (require 'qpid-c++-mode) +;; +;; Written by Alan Conway: aconway@redhat.com +;; +;; For latest version, check +;; http://svn.apache.org/repos/asf/qpid/trunk/qpid/cpp/etc/emacs/qpid-c++-mode.el +;; + +(require 'cc-mode) + +;; Increment the version number if you change this file. +(defconst qpid-c++-version "1.00" "Qpid C++ style support version number.") + +(defun qpid-c++-version () + "Echo the current version of qpid-c++-mode in the minibuffer." + (interactive) + (message "Using qpid-c++-mode version %s" qpid-c++-version)) + +(defun qpid-c++-mode () + "Qpid C++ mode customizations" + (c-add-style "qpid-c++" + '("gnu" + (indent-tabs-mode . nil) + (c-basic-offset . 4) + (c-offsets-alist . + ((statement-case-intro . *) + (statement-case-open . *) + (substatement-open . 0) + (case-label . *) + (access-label . /) + (friend . /) + (arglist-intro . +) + (arglist-cont . 0) + (arglist-close . 0) + (inline-open . 0) + (brace-list-open . 0) + (innamespace . 0) + ))) ) + (c-set-style "qpid-c++") + (setq c-hungry-delete-key t) + (setq c-tab-always-indent t) + (setq c-hanging-braces-alist '((substatement-open . (after)) + (extern-lang-open . (after)) + (defun-open . (after)) + (class-open . (after)) + (block-open . (after)) + + (inline-open . (after)) + (defun-block-intro . (after)) + (inclass . (after)) + (topmost-intro . (after)) + + (brace-list-open) + (brace-list-close) + (namespace-open) + )) + (setq c-hanging-colons-alist '((member-init-intro) + (inher-intro) + (case-label) + (label) + (access-label))) + (setq mode-name "Qpid C++")) + + +(defun copyright () + (interactive) + (insert "/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * \"License\"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */")) + +(defun indent-buffer () + (interactive) + (indent-region (point-min) (point-max) nil)) + +(defun path-to-namespace (path) + (replace-regexp-in-string "/" "::" (replace-regexp-in-string "/$" "" path))) + +(defun src-subpath (path) + (if (string-match "/src/\\(.*\\)$" path) (match-string 1 path) "")) + +(defun namespace-for-file (file) + (path-to-namespace (src-subpath (file-name-directory file)))) + +(defun cpp-guard-for-file (file) + (upcase (replace-regexp-in-string "[/.-]" "_" (src-subpath file)))) + +(defun ask-for-namespace () + (read-from-minibuffer "Namespace: " (namespace-for-file (buffer-file-name)))) + +;;; Generate starting point code for new files + +(defun insert-ns-open (namespaces) + (mapcar (lambda (ns) (insert "namespace " ns " {\n")) namespaces)) + +(defun insert-ns-close (namespaces) + (mapcar (lambda (ns) (insert "}")) namespaces) + (insert " // namespace " (mapconcat 'identity namespaces "::") "\n")) + +(defun ns-around-region (namespace) + (interactive (list (ask-for-namespace))) + (save-excursion + (let ((namespaces (split-string namespace "::"))) + (if (< (mark) (point)) (exchange-point-and-mark)) + (insert "\n") + (insert-ns-open namespaces) + (goto-char (mark)) + (insert "\n") + (insert-ns-close namespaces)))) + +(defun insert-class.h (class namespaces) + "Insert class skeleton in .h file" + (insert-ns-open namespaces) + (insert "\n" + "/**\n *\n */\n" + " class " class "\n" + " {\n public:\nprivate:\n};\n" + ) + (insert-ns-close namespaces)) + +(defun insert-platform.h (class namespaces) + "Insert platform #include for platform class." + (insert "#include <qpid/sys/platform.h>\n" + "#include QPID_PLATFORM_H(" class ".h)\n")) + +(defun .h (namespace &optional content) + "Initialize a .h file with Qpid copyright etc." + (interactive (list (ask-for-namespace))) + (copyright) + (let ((content (or content 'insert-class.h)) + (class (file-name-nondirectory + (file-name-sans-extension(buffer-file-name)))) + (namespaces (split-string namespace "::"))) + + (insert "\n") + (apply content class namespaces nil) + (insert "\n")) + (previous-line 1) + (beginning-of-line) + (indent-buffer) + (save-excursion (cpp-guard))) + +(defun .cpp (namespace) + "Initialize an empty .cpp file with Qpid copyright etc." + (interactive (list (ask-for-namespace))) + (copyright) + (insert "\n#include \"" (file-name-sans-extension + (file-name-nondirectory buffer-file-name)) + ".h\"\n\n") + (let ((namespaces (split-string namespace "::"))) + (insert-ns-open namespaces) + (insert-ns-close namespaces)) + (indent-buffer)) + +(defun cpp-guard () + "Insert C preprocessor macro guard to prevent file rescanning. +The guard macro is defined from the name of the immediate containing +directory and the name of the file." + (interactive) + (let ((name (cpp-guard-for-file (buffer-file-name)))) + (goto-char (point-min)) + (save-excursion + (if (looking-at "#ifndef .*\n#define .*\n\n") + (let ((ifndef (match-data 0))) + (goto-char (point-max)) + (previous-line 1) + (beginning-of-line) + (if (looking-at "#endif") + (progn + (kill-line 1) + (kill-region (car ifndef) (cadr ifndef))))))) + (insert "#ifndef " name "\n#define " name "\n\n") + (goto-char (point-max)) + (beginning-of-line) + (insert (format "#endif /*!%s*/\n" name)))) + +(add-hook 'c++-mode-hook 'qpid-c++-mode) + +(provide 'qpid-c++-mode) + + diff --git a/qpid/cpp/etc/qpidc.conf b/qpid/cpp/etc/qpidc.conf new file mode 100644 index 0000000000..36dcbb3183 --- /dev/null +++ b/qpid/cpp/etc/qpidc.conf @@ -0,0 +1,26 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# Configuration file for the qpid c++ client library. Entries are of +# the form: +# name=value +# +# (Note: no spaces on either side of '=') + +# To make AMQP 1.0 the default, uncomment the following line +#protocol-defaults=amqp1.0,amqp0-10 diff --git a/qpid/cpp/etc/qpidd-primary.in b/qpid/cpp/etc/qpidd-primary.in new file mode 100755 index 0000000000..86bc76d5e1 --- /dev/null +++ b/qpid/cpp/etc/qpidd-primary.in @@ -0,0 +1,113 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# +# qpidd Startup script for the Qpid messaging daemon. +# + +### BEGIN INIT INFO +# Provides: qpidd-primary +# Required-Start: $qpidd +# Required-Stop: $qpidd +# Default-Start: +# Default-Stop: 0 1 2 3 4 5 6 +# Short-Description: promote qpidd to cluster primary +# Description: Qpidd can be run in an active/passive cluster. Promote a running qpidd to primary. +### END INIT INFO + +# chkconfig: - 85 15 +# description: Qpidd can be run in an active/passive cluster. Promote a running qpidd to primary. +# processname: qpidd + +prog=qpidd + +# The following variables can be overridden in @sysconfdir@/sysconfig/$prog +QPID_INIT=@initdir@/$prog +QPID_CONFIG=@confdir@/qpidd.conf +QPID_HA=@bindir@/qpid-ha +QPID_HA_OPTIONS="--config $QPID_CONFIG" + +# Source configuration +test -f @sysconfdir@/sysconfig/$prog && source @sysconfdir@/sysconfig/$prog +source /etc/rc.d/init.d/functions + +# Check presence of executables/scripts +for f in $QPID_INIT $QPID_HA; do + test -x $f || { echo "$f not found or not executable"; exit 5; } +done + +QPID_HA="$QPID_HA $QPID_HA_OPTIONS" + +RETVAL=0 + +status() { + if $QPID_HA status --is-primary ; then + echo "qpidd is primary" + else + echo "qpidd is not primary" + return 1 + fi +} + +# Ensure no concurrent start/stop of services. +lock() { + export QPID_HA_LOCK_HELD=1 # For calls to the qpidd script + exec 9< $QPID_INIT + flock 9 +} + +start() { + lock + $QPID_INIT start primary || return $? + echo -n $"Promoting to primary: " + err=$($QPID_HA promote --cluster-manager 2>&1) + RETVAL=$? + [ $RETVAL = 0 ] && success || { echo -n "$err: "; failure; } + echo + return $RETVAL +} + +stop() { + $QPID_INIT stop primary +} + +reload() { + echo 1>&2 $"$0: reload not supported" + return 3 +} + +restart() { + stop && start +} + +# See how we were called. +case "$1" in + start|stop|status|restart|reload) + $1 + RETVAL=$? + ;; + force-reload) + restart + ;; + *) + echo 1>&2 $"Usage: $0 {start|stop|status|restart|force-reload}" + exit 2 +esac + +exit $RETVAL diff --git a/qpid/cpp/etc/qpidd.conf b/qpid/cpp/etc/qpidd.conf new file mode 100644 index 0000000000..0f78f49750 --- /dev/null +++ b/qpid/cpp/etc/qpidd.conf @@ -0,0 +1,24 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# Configuration file for qpidd. Entries are of the form: +# name=value +# +# (Note: no spaces on either side of '='). +# Run "qpidd --help" or see "man qpidd" for more details. + diff --git a/qpid/cpp/etc/qpidd.in b/qpid/cpp/etc/qpidd.in new file mode 100755 index 0000000000..d363308c7f --- /dev/null +++ b/qpid/cpp/etc/qpidd.in @@ -0,0 +1,168 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# +# qpidd Startup script for the Qpid messaging daemon. +# + +### BEGIN INIT INFO +# Provides: qpidd +# Required-Start: $local_fs +# Required-Stop: $local_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: start or stop qpidd +# Description: Qpidd is an AMQP broker. It receives, stores, routes and forwards messages using the AMQP protcol. +### END INIT INFO + +# chkconfig: - 85 15 +# description: Qpidd is an AMQP broker. It receives, stores, routes and forwards messages using the AMQP protcol. +# processname: qpidd + +prog=qpidd +lockfile=/var/lock/subsys/$prog +pidfile=/var/run/qpidd.pid + +# The following variables can be overridden in @sysconfdir@/sysconfig/$prog +QPID_INIT=@initdir@/$prog +QPID_BIN=@sbindir@/$prog +QPID_DATA_DIR=/var/lib/qpidd +QPID_CONFIG=@confdir@/qpidd.conf +QPID_HA=@bindir@/qpid-ha +QPID_HA_OPTIONS="--config $QPID_CONFIG" + +# Source configuration +test -f @sysconfdir@/sysconfig/$prog && source @sysconfdir@/sysconfig/$prog +source /etc/rc.d/init.d/functions + +# Data dir: respect the config file if set. +grep -q '^ *data-dir *=' $QPID_CONFIG || QPIDD_OPTIONS="$QPIDD_OPTIONS --data-dir=$QPID_DATA_DIR" + +# Check for HA configuration +if grep -iq '^ *ha-cluster *= *\(true\|on\|1\|yes\)' $QPID_CONFIG; then + # HA is configured, do some extra checks. + test -x $QPID_HA || { echo "HA configured but $QPID_HA not found"; return 5; } + + ha_ping() { $QPID_HA $QPID_HA_OPTIONS ping >/dev/null 2>&1; } + + ha_allow_stop() { + # Primary script does not stop backup brokers and vice versa. + if $QPID_HA $QPID_HA_OPTIONS status --is-primary 2>&1 > /dev/null; then + [ "$1" = primary ] || { echo -n "stop primary broker with 'qpidd-primary stop'"; return 1; } + else + [ "$1" = primary ] && { echo -n "stop backup broker with 'qpidd stop'"; return 1; } + fi + return 0 + } +else + # No HA configuration, HA checks are no-ops. + ha_ping() { true; } + ha_allow_stop() { true; } +fi + +# Check presence of executables/scripts +for f in $QPID_BIN; do + test -x $f || { echo "$f not found or not executable"; exit 5; } +done + +RETVAL=0 + +# Ensure user has sufficient permissions +runuser -s /bin/sh qpidd -c "echo x > /dev/null" 2> /dev/null || RETVAL=4 +if [ $RETVAL = 4 ]; then + echo "user had insufficient privilege"; + exit $RETVAL +fi + +do_status() { + # Check PID file and ping for liveness + MESSAGE=$(status -p $pidfile $prog) && { + ha_ping || return 1 + } + RC=$? + echo $MESSAGE + return $RC +} + +FLOCK_FD=9 +# Ensure no concurrent start/stop of services. +lock() { + [ "$QPID_HA_LOCK_HELD" ] || { # Held by caller + exec 9< $QPID_INIT + flock $FLOCK_FD + } +} + +start() { + lock + echo -n $"Starting Qpid AMQP daemon: " + touch $pidfile + chown qpidd.qpidd $pidfile + [ -x /sbin/restorecon ] && /sbin/restorecon $pidfile + daemon --pidfile $pidfile --check $prog --user qpidd $QPID_BIN --config $QPID_CONFIG --daemon $QPIDD_OPTIONS --close-fd $FLOCK_FD --pidfile $pidfile + RETVAL=$? + echo + [ $RETVAL = 0 ] && touch $lockfile + return $RETVAL +} + +stop() { + lock + if ha_allow_stop $1; then + echo -n $"Stopping Qpid AMQP daemon: " + killproc -p ${pidfile} $prog + RETVAL=$? + [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile} + fi + [ "$RETVAL" = 0 ] && success + echo + return $RETVAL +} + + +reload() { + echo 1>&2 $"$0: reload not supported" + return 3 +} + +restart() { + stop && start +} + +# See how we were called. +case "$1" in + start|stop|restart|reload) + $1 $2 + ;; + status) + do_status + RETVAL=$? + ;; + force-reload) + restart + ;; + try-restart|condrestart) + [ -e $lockfile ] && restart || : + ;; + *) + echo 1>&2 $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|force-reload}" + exit 2 +esac + +exit $RETVAL diff --git a/qpid/cpp/etc/sasl2/qpidd.conf b/qpid/cpp/etc/sasl2/qpidd.conf new file mode 100644 index 0000000000..3d13a6d650 --- /dev/null +++ b/qpid/cpp/etc/sasl2/qpidd.conf @@ -0,0 +1,82 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# +#--------------------------------- +# SASL Mechanisms and Users +#--------------------------------- +# +# This default mech list allows for PLAIN, but that +# mechanism sends credentials in the clear, and is normally +# only used along with SSL transport-layer security. +# +# This default also permits DIGEST-MD5, but you must have +# a user and password defined in your sasldb file to use +# this mechanism. ( See notes below. ) +# +# PLEASE NOTE +# For production messaging systems, a high-security mechanism such as +# DIGEST-MD5 or PLAIN+SSL should be used. +# +# +pwcheck_method: auxprop +auxprop_plugin: sasldb +sasldb_path: /var/lib/qpidd/qpidd.sasldb +mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN + + + +#--------------------------------- +# Please Note +#--------------------------------- +# +# 1. If you use a nonstandard location for your sasl_config directory, +# you can point qpidd to it by using the --sasl-config option. +# If your nonstandard sasl directory is $MY_SASL_DIR, put a copy +# of this file at $MY_SASL_DIR/qpidd.conf, alter the mech list as +# appropriate for your installation, and then use the saslpasswd2 +# command to add new user+passwd pairs: +# echo $PASSWD | saslpasswd2 -c -p -f $MY_SASL_DIR/qpidd.sasldb -u QPID $USERNAME +# +# +# 2. The standard location for the qpidd sasldb file is +# /var/lib/qpidd/qpidd.sasldb +# +# 3. You can see what usernames have been stored in the sasldb, with the +# command "sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb" +# +# 4. The REALM is important and should be the same as the --realm +# option to the broker. This lets the broker properly find the user in +# the sasldb file. +# +# 5. The sasldb file must be readable by the user running the qpidd +# daemon, ( the user name is qpidd ) and should be readable only +# by that user. +# +# 6. The EXTERNAL mechanism allows you to use SSL transport layer +# security. In that case, you can also set the broker option +# --ssl-require-client-authentication . + + + +# The following line stops spurious 'sql_select option missing' errors when +# cyrus-sql-sasl plugin is installed +sql_select: dummy select + + + diff --git a/qpid/cpp/etc/selinux/.gitignore b/qpid/cpp/etc/selinux/.gitignore new file mode 100644 index 0000000000..aca772170b --- /dev/null +++ b/qpid/cpp/etc/selinux/.gitignore @@ -0,0 +1,26 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +/qpidd.fc +/qpidd.if +/qpidd.pp +/qpiddevel.fc +/qpiddevel.if +/qpiddevel.pp +/tmp diff --git a/qpid/cpp/etc/selinux/qpidd.te b/qpid/cpp/etc/selinux/qpidd.te new file mode 100644 index 0000000000..52b8e29509 --- /dev/null +++ b/qpid/cpp/etc/selinux/qpidd.te @@ -0,0 +1,49 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# selinux policy needed to run the qpidd service with clustering +# enabled and selinux in enforcing mode. +# +# To build the qpid.pp module in this directory do: +# sudo make -f /usr/share/selinux/devel/Makefile +# To install the compiled qpidd.pp +# sudo semodule -i qpidd.pp + +policy_module(qpidd, 1.2) + +gen_require(` + type initrc_t; + type ccs_t; + class sem { write unix_read unix_write associate read destroy }; + class shm { unix_read write unix_write associate read destroy }; +') + +fs_rw_tmpfs_files(ccs_t) +allow ccs_t initrc_t:sem { read write unix_read unix_write associate destroy }; +allow ccs_t initrc_t:shm { read write unix_read unix_write associate destroy }; +allow ccs_t self:capability { ipc_owner dac_override }; + +optional_policy(` + gen_require(` + type aisexec_t; + ') + allow aisexec_t initrc_t:sem { read write unix_read unix_write associate destroy }; + allow aisexec_t initrc_t:shm { read write unix_read unix_write associate destroy }; + allow aisexec_t self:capability { sys_admin ipc_owner dac_override }; +') diff --git a/qpid/cpp/etc/selinux/qpiddevel.te b/qpid/cpp/etc/selinux/qpiddevel.te new file mode 100644 index 0000000000..10c5dfc880 --- /dev/null +++ b/qpid/cpp/etc/selinux/qpiddevel.te @@ -0,0 +1,54 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# selinux policy for qpid developers. +# If you have configured a qpid source tree with cluster support, you will need +# this policy to run the make check tests with with selinux in enforcing mode. +# +# To build the qpid.pp module in this directory do: +# sudo make -f /usr/share/selinux/devel/Makefile +# To install the compiled qpiddevel.pp +# sudo semodule -i qpiddevel.pp + +policy_module(qpiddevel, 1.1) + +gen_require(` + type unconfined_t; + type unconfined_execmem_t; + type ccs_t; + class capability sys_admin; + class sem { write unix_read unix_write associate read destroy }; + class shm { unix_read write unix_write associate read destroy }; +') + +allow ccs_t self:capability sys_admin; +allow ccs_t unconfined_t:sem { write unix_read unix_write associate read destroy }; +allow ccs_t unconfined_t:shm { unix_read write unix_write associate read destroy }; + +optional_policy(` + gen_require(` + type aisexec_t; + ') + allow aisexec_t self:capability sys_admin; + allow aisexec_t unconfined_t:sem { read write unix_read unix_write associate destroy }; + allow aisexec_t unconfined_t:shm { read write unix_read unix_write associate destroy }; + allow aisexec_t unconfined_execmem_t:sem { write unix_read unix_write associate read destroy }; + allow aisexec_t unconfined_execmem_t:shm { write unix_read unix_write associate read destroy }; + +') |