[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Handle-info] Starting and stopping the handle server from Unix rc scripts [SEC=UNCLASSIFIED]

Hi Phil,

> For unattended booting, we won't be encrypting the (administrator's ?)
> private key, because we don't want the handle server to stall on input,
> ever.

Exactly - the SERVER key must not use a passphrase if you
want unattended boot.  This is not the same as the ADMIN
key. The server key is used to "sign" responses by the HS
server if the client asks for that, and probably to get
some security for master / mirror synchronization... Yet
it might be possible to send a passphrase without a human
by using something like "java ... < pass.txt" to start HS?

> I expect that the start/stop scrips posted leave the handle server
> attached to /dev/console as the controlling terminal after boot (or what
> ever tty was last used to start the server).  That means it will get
> signals directed at an inherited process group (rather than its own,
> private, process group).  Very undesirable, and will cause the server to
> die unexpectedly (usually from SIGHUP when somebody logs out) in
> aparently bizzare ways.

That sounds scary. Actually I do not remember experiencing
such problems with our init.d script. We start the service
with "su -u daemon java -cp ... ... > logfile 2> errorlog &"
where the "&" is similar to the Ctrl-Z and bg you mention.

> A quick look at the handle server code shows it uses the swing
> libraries, which require a frame buffer display.

Actually it does not. It only comes with some graphical tools
for the admin / users which use swing. The server itself has
almost no dependencies. If you use, say, postgresql, you will
need a suitable JDBC jar. Default is using an embedded DB, at
the moment called JE jar as far as I remember. Never versions
of HS also depend on cnriutil and ICU/IDNA. Some parts also
use Jython, but the server itself was not among those...

The main handle server just needs to write stdout and stderr,
read config / keys etc, access DB and transaction directory
and also a "cache DB" data file (not sure if it still does).
Only if you use a passphrase, it also needs to read stdin.

Eric

PS: The information above is just based on local experience,
so it may refer to "strange" HS versions or configurations.


_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info