From 6479a34349f74f6792cfba1e9e911242889db518 Mon Sep 17 00:00:00 2001
From: Michel Jouvin <jouvin@lal.in2p3.fr>
Date: Mon, 23 Dec 2019 14:50:03 +0100
Subject: [PATCH] UMD-4: GSISSH UI: Add personality (#223)

Based on UMD-3 personality with the following changes:
* Modernise and clean
* Move script from inline to external file
* Clean up reference to missing template
* Remove TODO, now issue #229.
* Clean up comments

Co-authored-by: James Adams <james.adams@stfc.ac.uk>
---
 personality/ui_gsissh/SXXsshd.sh  | 92 +++++++++++++++++++++++++++++++
 personality/ui_gsissh/config.pan  | 24 ++++++++
 personality/ui_gsissh/service.pan | 30 ++++++++++
 3 files changed, 146 insertions(+)
 create mode 100644 personality/ui_gsissh/SXXsshd.sh
 create mode 100644 personality/ui_gsissh/config.pan
 create mode 100644 personality/ui_gsissh/service.pan

diff --git a/personality/ui_gsissh/SXXsshd.sh b/personality/ui_gsissh/SXXsshd.sh
new file mode 100644
index 00000000..a465409b
--- /dev/null
+++ b/personality/ui_gsissh/SXXsshd.sh
@@ -0,0 +1,92 @@
+#!/bin/sh
+#
+# Init file for OpenSSH server daemon for GRIF interrsite logins
+#
+# chkconfig: 2345 99 25
+# description: OpenSSH server daemon for GRIF intersite logins
+#
+
+#this is a sh script : don't assume environment is defined, especially when using "service" to restart services
+#and globus things really need the globus environment
+ENV_FILE="/etc/profile.d/env.sh"
+if [ -f $ENV_FILE ]; then
+         source $ENV_FILE
+else
+        echo "error : could not source environment for GLOBUS initialisation ($ENV_FILE)" >&2
+        exit 2
+fi
+
+export GRIDMAPDIR=/etc/grid-security/gridmapdir
+
+GLOBUS_LOCATION="/opt/globus"
+export GLOBUS_LOCATION
+
+. ${GLOBUS_LOCATION}/libexec/globus-script-initializer
+. ${libexecdir}/globus-sh-tools.sh
+
+PID_FILE=${localstatedir}/sshd.pid
+EOF
+
+SSHD_ARGS="-p GSISSH_PORT"
+
+do_start()
+{
+    if [ ! -d $localstatedir ]; then
+        mkdir -p $localstatedir
+    fi
+    echo -n "Starting up GSI-OpenSSH sshd server... "
+    ${sbindir}/sshd $SSHD_ARGS > /dev/null 2>&1 &
+    if [ $? -eq 0 ]; then
+        echo "done."
+    else
+        echo "failed to start GSI-OpenSSH sshd server!"
+    fi
+}
+
+do_stop()
+{
+    echo -n "Stopping the GSI-OpenSSH sshd server... "
+    pid=`cat $PID_FILE`
+    kill -TERM $pid
+    sleep 2
+    kill -TERM $pid 2> /dev/null
+    rm -f $PID_FILE
+    echo "done."
+}
+
+case "$1" in
+    start)
+        if [ ! -f $PID_FILE ]; then
+            do_start
+        else
+            pid=`cat $PID_FILE`
+            psout=`ps -A | grep $pid | grep -v grep | awk "{if (\\\$1 == $pid) print}"`
+            if [ "x$psout" = "x" ]; then
+                echo "Found stale sshd pid file... removing it."
+                rm -f $PID_FILE
+                do_start
+            else
+                echo "GSI-OpenSSH sshd server is already running!"
+            fi
+        fi
+        ;;
+
+    stop)
+        if [ -f $PID_FILE ] ; then
+            do_stop
+        else
+            echo "The server's pid file does not exist!  Are you sure the server is running?"
+        fi
+        ;;
+
+    restart)
+        $0 stop
+        $0 start
+        ;;
+
+    *)
+        echo "Usage: $0 (start|stop|restart)"
+        exit 1
+esac
+
+exit 0
diff --git a/personality/ui_gsissh/config.pan b/personality/ui_gsissh/config.pan
new file mode 100644
index 00000000..90ee0cd4
--- /dev/null
+++ b/personality/ui_gsissh/config.pan
@@ -0,0 +1,24 @@
+unique template personality/ui_gsissh/config;
+
+#base configuration
+
+"/software/components/chkconfig/service/gsisshd/on" = "";
+"/software/components/chkconfig/service/gsisshd/startstop" = true;
+"/software/components/gsissh/server/port" = GSISSH_PORT;
+
+# Change the GLOBUS SXXsshd file, that is read by ncm-gsissh, in order to
+#   - use gsisshd name
+#   - SOURCE the environment before starting the server
+
+"/software/components/filecopy/services/{/opt/globus/sbin/SXXsshd}" = dict(
+    "config", replace('/GSISSH_PORT/', GSISSH_PORT, file_contents('personality/ui_gsissh/SXXsshd.sh')),
+    "owner", "root:root",
+    "perms", "0744"
+);
+
+"/software/components/symlink/links" ?= list();
+"/software/components/symlink/links" = append(SELF, dict(
+    "name", "/etc/init.d/SXXsshd",
+    "target", "/opt/globus/sbin/SXXsshd",
+    "delete", true,
+));
diff --git a/personality/ui_gsissh/service.pan b/personality/ui_gsissh/service.pan
new file mode 100644
index 00000000..44e29002
--- /dev/null
+++ b/personality/ui_gsissh/service.pan
@@ -0,0 +1,30 @@
+
+template personality/ui_gsissh/service;
+
+# Add base UI
+include 'personality/ui/service';
+
+# Configure Globus sysconfig variables
+include 'features/globus/sysconfig';
+
+# Ensure that the host certificates have the correct permissions.
+include 'features/security/host_certs';
+
+# Modify the loadable library path.
+include 'features/ldconf/config';
+
+# Authorization via grid mapfile.
+include 'features/mkgridmap/standard';
+
+# Configuration for LCMAPS.
+include 'features/lcmaps/base';
+
+# Configuration for LCAS.
+include 'features/lcas/base';
+
+# Include gsissh server
+include 'components/iptables/config';
+include 'features/gsissh/server/config';
+
+# Do base configuration for gsissh
+include 'personality/ui_gsissh/config';