Commit bb85f2a6 authored by Jonathon Duerig's avatar Jonathon Duerig

Updated initsite to detect for a flash policy server.

parent ced6c68a
...@@ -31,6 +31,7 @@ my $OURDOMAIN = "@OURDOMAIN@"; ...@@ -31,6 +31,7 @@ my $OURDOMAIN = "@OURDOMAIN@";
my $PGENIDOMAIN = "@PROTOGENI_DOMAIN@"; my $PGENIDOMAIN = "@PROTOGENI_DOMAIN@";
my $PGENISUPPORT = @PROTOGENI_SUPPORT@; my $PGENISUPPORT = @PROTOGENI_SUPPORT@;
my $PROTOGENI_RPCNAME = "@PROTOGENI_RPCNAME@"; my $PROTOGENI_RPCNAME = "@PROTOGENI_RPCNAME@";
my $PROTOGENI_RPCPORT = "@PROTOGENI_RPCPORT@";
my $PROTOGENI_URL = "@PROTOGENI_URL@"; my $PROTOGENI_URL = "@PROTOGENI_URL@";
my $geniuserid = "geniuser"; my $geniuserid = "geniuser";
my $geniprojid = "GeniSlices"; my $geniprojid = "GeniSlices";
...@@ -64,7 +65,7 @@ my $OPENSSL = "/usr/bin/openssl"; ...@@ -64,7 +65,7 @@ my $OPENSSL = "/usr/bin/openssl";
my $APACHE_START = "@APACHE_START_COMMAND@"; my $APACHE_START = "@APACHE_START_COMMAND@";
my $APACHE_CONF = "@INSTALL_APACHE_CONFIG@/httpd.conf"; my $APACHE_CONF = "@INSTALL_APACHE_CONFIG@/httpd.conf";
my $APACHE_FLAGS = ("@APACHE_VERSION@" == "22" ? my $APACHE_FLAGS = ("@APACHE_VERSION@" == "22" ?
"apache22_flags" ? "apache_flags"); "apache22_flags" : "apache_flags");
# un-taint path # un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin:/usr/site/bin'; $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin:/usr/site/bin';
...@@ -269,6 +270,22 @@ close CROSS_OUT; ...@@ -269,6 +270,22 @@ close CROSS_OUT;
chmod(0644, "$TB/www/protogeni/crossdomain.xml"); chmod(0644, "$TB/www/protogeni/crossdomain.xml");
my $FLASH_LINE = "flashpolicy stream tcp nowait root /bin/echo /bin/echo '<cross-domain-policy> <site-control permitted-cross-domain-policies=\"master-only\"/> <allow-access-from domain=\"*\" to-ports=\"80,443,$PROTOGENI_RPCPORT\"/> </cross-domain-policy>'";
my $restartinetd = 0;
if (system("egrep -q -s 'flashpolicy' /etc/services")) {
print "Please add 'flashpolicy 843/tcp' to /etc/services\n";
$restartinetd++;
}
if (system("egrep -q -s 'flashpolicy' /etc/inetd.conf")) {
print "Please add \n$FLASH_LINE\n to /etc/services\n";
$restartinetd++;
}
if ($restartinetd) {
print "Then restart inetd and rerun this script.\n";
exit(1);
}
# #
# The web server needs to do client authentication, for the geni xmlrpc # The web server needs to do client authentication, for the geni xmlrpc
# interface. A bundle of CA certs from the trusted roots (emulabs) will # interface. A bundle of CA certs from the trusted roots (emulabs) will
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment