From 9f970337fef03d30f97b2d89e7e075901d693581 Mon Sep 17 00:00:00 2001
From: Guillem Jover <gjover@sipwise.com>
Date: Tue, 17 Apr 2018 20:52:33 +0200
Subject: [PATCH] TT#26264 Use better systemd native units

While still not the ideal implementation, this is certainly better than
the sysvinit script wrapper. We then will "only" need to move the setup
scripts into proper service files later on.

Change-Id: I990d6847117a4b91a8365a5e307fd96cf5b1899f
(cherry picked from commit aee2a27c3e294e1429d465ddd4658b1111bf1c0f)
(cherry picked from commit 1b489bd45da32f00c67d6636209cbfaa3f0ea8f7)
(cherry picked from commit 79807a9c2e68eaad17bdb6d02e93e2a0984e2065)
---
 debian/ngcp-rtpengine-daemon.init             |  46 +-------
 debian/ngcp-rtpengine-daemon.install          |   1 +
 debian/ngcp-rtpengine-daemon.service          |  16 +++
 debian/ngcp-rtpengine-iptables-setup          | 100 ++++++++++++++++++
 debian/ngcp-rtpengine-recording-daemon.init   |  11 +-
 .../ngcp-rtpengine-recording-daemon.install   |   1 +
 .../ngcp-rtpengine-recording-daemon.service   |  14 +++
 debian/ngcp-rtpengine-recording-nfs-setup     |  37 +++++++
 8 files changed, 173 insertions(+), 53 deletions(-)
 create mode 100644 debian/ngcp-rtpengine-daemon.service
 create mode 100755 debian/ngcp-rtpengine-iptables-setup
 create mode 100644 debian/ngcp-rtpengine-recording-daemon.service
 create mode 100755 debian/ngcp-rtpengine-recording-nfs-setup

diff --git a/debian/ngcp-rtpengine-daemon.init b/debian/ngcp-rtpengine-daemon.init
index 0df02baac..ff1bf28ed 100755
--- a/debian/ngcp-rtpengine-daemon.init
+++ b/debian/ngcp-rtpengine-daemon.init
@@ -15,7 +15,6 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin
 NAME=ngcp-rtpengine-daemon
 DESC="RTP/media proxy"
 TABLE=0
-MANAGE_IPTABLES=yes
 
 DAEMON=$(which rtpengine)
 DEFAULTS=/etc/default/${NAME}
@@ -37,7 +36,6 @@ fi
 
 OPTIONS=""
 START_OPTIONS=""
-MODPROBE_OPTIONS=""
 
 if [ ! -z "$INTERFACES" ]; then
 	for interface in $INTERFACES; do
@@ -125,30 +123,16 @@ fi
 
 if ! test -z "$SET_USER"; then
 	START_OPTIONS="$START_OPTIONS --chuid $SET_USER"
-	PUID=$(id -u "$SET_USER" 2> /dev/null)
-	test -z "$PUID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_uid=$PUID"
-	if test -z "$SET_GROUP"; then
-		PGID=$(id -g "$SET_USER" 2> /dev/null)
-		test -z "$PGID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_gid=$PGID"
-	fi
 	test "$DO_DIR_CHOWN" = 1 && chown "$SET_USER": "$PIDDIR"
 fi
 
 if ! test -z "$SET_GROUP"; then
 	START_OPTIONS="$START_OPTIONS --group $SET_GROUP"
-	PGID=$(grep "^$SET_GROUP:" /etc/group | cut -d: -f3 2> /dev/null)
-	test -z "$PGID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_gid=$PGID"
 	test "$DO_DIR_CHOWN" = 1 && chgrp "$SET_GROUP" "$PIDDIR"
 fi
 
 ###
 
-if [ -x /usr/sbin/ngcp-virt-identify ]; then
-	if /usr/sbin/ngcp-virt-identify --type container; then
-		VIRT="yes"
-	fi
-fi
-
 case "$1" in
   start)
 	set +e
@@ -165,23 +149,7 @@ case "$1" in
 	      ;;
 	  esac
 	fi
-	if [ "$TABLE" -ge 0 ] && [ "$VIRT" != "yes" ]; then
-		if [ "$MANAGE_IPTABLES" = "yes" ]; then
-			# shellcheck disable=SC2086
-			modprobe xt_RTPENGINE $MODPROBE_OPTIONS
-
-			iptables -N rtpengine 2> /dev/null
-			iptables -D INPUT -j rtpengine 2> /dev/null
-			iptables -I INPUT -j rtpengine
-			iptables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
-			iptables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
-			ip6tables -N rtpengine 2> /dev/null
-			ip6tables -D INPUT -j rtpengine 2> /dev/null
-			ip6tables -I INPUT -j rtpengine
-			ip6tables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
-			ip6tables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
-		fi
-	fi
+	ngcp-rtpengine-iptables-setup start
 	set -e
 	log_daemon_msg "Starting $DESC" "$NAME"
 	# shellcheck disable=SC2086
@@ -197,17 +165,7 @@ case "$1" in
 		return $?
 	fi
 	set +e
-	if [ "$TABLE" -ge 0 ] && [ "$VIRT" != "yes" ]; then
-		sleep 1
-		if [ -e /proc/rtpengine/control ]; then
-			echo "del $TABLE" > /proc/rtpengine/control 2>/dev/null
-		fi
-		if [ "$MANAGE_IPTABLES" = "yes" ]; then
-			iptables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
-			ip6tables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
-			rmmod xt_RTPENGINE 2>/dev/null
-		fi
-	fi
+	ngcp-rtpengine-iptables-setup stop
 	set -e
 	rm -f $PIDFILE
 	log_end_msg $?
diff --git a/debian/ngcp-rtpengine-daemon.install b/debian/ngcp-rtpengine-daemon.install
index cdd5be3e2..6d133cf0f 100644
--- a/debian/ngcp-rtpengine-daemon.install
+++ b/debian/ngcp-rtpengine-daemon.install
@@ -1,2 +1,3 @@
 daemon/rtpengine /usr/sbin/
+debian/ngcp-rtpengine-iptables-setup /usr/sbin
 etc/rtpengine.sample.conf /etc/rtpengine/
diff --git a/debian/ngcp-rtpengine-daemon.service b/debian/ngcp-rtpengine-daemon.service
new file mode 100644
index 000000000..f937f65ec
--- /dev/null
+++ b/debian/ngcp-rtpengine-daemon.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=NGCP RTP/media Proxy Daemon
+After=network-online.target
+After=remote-fs.target
+Requires=network-online.target
+
+[Service]
+Type=simple
+EnvironmentFile=/etc/default/ngcp-rtpengine-daemon
+PIDFile=/var/run/ngcp-rtpengine-daemon.pid
+ExecStartPre=/usr/sbin/ngcp-rtpengine-iptables-setup start
+ExecStart=/usr/sbin/rtpengine -f -E --pidfile /var/run/ngcp-rtpengine-daemon.pid --config-file /etc/rtpengine/rtpengine.conf --table $TABLE
+ExecStopPost=/usr/sbin/ngcp-rtpengine-iptables-setup stop
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/ngcp-rtpengine-iptables-setup b/debian/ngcp-rtpengine-iptables-setup
new file mode 100755
index 000000000..7764b2c13
--- /dev/null
+++ b/debian/ngcp-rtpengine-iptables-setup
@@ -0,0 +1,100 @@
+#!/bin/sh
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+TABLE=0
+MODNAME=xt_RTPENGINE
+MANAGE_IPTABLES=yes
+
+DEFAULTS=/etc/default/ngcp-rtpengine-daemon
+
+# Load startup options if available
+if [ -f "$DEFAULTS" ]; then
+  . "$DEFAULTS" || true
+fi
+
+MODPROBE_OPTIONS=""
+
+# Handle requested setuid/setgid.
+if ! test -z "$SET_USER"; then
+  PUID=$(id -u "$SET_USER" 2> /dev/null)
+  test -z "$PUID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_uid=$PUID"
+  if test -z "$SET_GROUP"; then
+    PGID=$(id -g "$SET_USER" 2> /dev/null)
+    test -z "$PGID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_gid=$PGID"
+  fi
+fi
+
+if ! test -z "$SET_GROUP"; then
+  PGID=$(grep "^$SET_GROUP:" /etc/group | cut -d: -f3 2> /dev/null)
+  test -z "$PGID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_gid=$PGID"
+fi
+
+###
+
+if [ -x /usr/sbin/ngcp-virt-identify ]; then
+  if /usr/sbin/ngcp-virt-identify --type container; then
+    VIRT="yes"
+  fi
+fi
+
+firewall_setup()
+{
+  if [ "$TABLE" -lt 0 ] || [ "$VIRT" = "yes" ]; then
+    return
+  fi
+
+  if [ "$MANAGE_IPTABLES" != "yes" ]; then
+    return
+  fi
+
+  # shellcheck disable=SC2086
+  modprobe $MODNAME $MODPROBE_OPTIONS
+
+  iptables -N rtpengine 2>/dev/null
+  iptables -D INPUT -j rtpengine 2>/dev/null
+  iptables -I INPUT -j rtpengine
+  iptables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
+  iptables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
+  ip6tables -N rtpengine 2>/dev/null
+  ip6tables -D INPUT -j rtpengine 2>/dev/null
+  ip6tables -I INPUT -j rtpengine
+  ip6tables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
+  ip6tables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
+}
+
+firewall_teardown()
+{
+  if [ "$TABLE" -lt 0 ] || [ "$VIRT" = "yes" ]; then
+    return
+  fi
+
+  # XXX: Wait a bit to make sure the daemon has been stopped.
+  sleep 1
+
+  if [ -e /proc/rtpengine/control ]; then
+    echo "del $TABLE" >/proc/rtpengine/control 2>/dev/null
+  fi
+
+  if [ "$MANAGE_IPTABLES" != "yes" ]; then
+    return
+  fi
+
+  iptables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
+  ip6tables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
+  rmmod $MODNAME 2>/dev/null
+}
+
+case "$1" in
+  start)
+    firewall_setup
+    ;;
+  stop)
+    firewall_teardown
+    ;;
+  *)
+    echo "Usage: $0 {start|stop}" >&2
+    exit 1
+    ;;
+esac
+
+exit 0
diff --git a/debian/ngcp-rtpengine-recording-daemon.init b/debian/ngcp-rtpengine-recording-daemon.init
index 40f1f17ae..4664efdd2 100755
--- a/debian/ngcp-rtpengine-recording-daemon.init
+++ b/debian/ngcp-rtpengine-recording-daemon.init
@@ -32,7 +32,6 @@ if [ "$RUN_RTPENGINE_RECORDING" != "yes" ]; then
 	exit 0
 fi
 [ -z "$PIDFILE" ] && PIDFILE="/var/run/rtpengine-recording.pid"
-[ -z "$NFS_OPTIONS" ] && NFS_OPTIONS="hard,tcp,intr"
 
 OPTIONS=""
 START_OPTIONS=""
@@ -83,15 +82,9 @@ case "$1" in
 	fi
 	set -e
 
-	log_daemon_msg "Starting $DESC" "$NAME"
+	ngcp-rtpengine-recording-nfs-setup start
 
-	if [ "$MUST_NFS" = yes ]; then
-		if ! grep -E -q "^[^ :]+:[^ :]+ $NFS_LOCAL_MOUNT nfs.? " /proc/mounts; then
-			log_progress_msg "Mounting NFS share"
-			test -d "$NFS_LOCAL_MOUNT" || mkdir -p "$NFS_LOCAL_MOUNT"
-			mount -t nfs -o "$NFS_OPTIONS" "$NFS_HOST:$NFS_REMOTE_PATH" "$NFS_LOCAL_MOUNT"
-		fi
-	fi
+	log_daemon_msg "Starting $DESC" "$NAME"
 
 	# shellcheck disable=SC2086
 	start-stop-daemon --start --quiet --pidfile "$PIDFILE" \
diff --git a/debian/ngcp-rtpengine-recording-daemon.install b/debian/ngcp-rtpengine-recording-daemon.install
index b5754cc90..bf5afae1f 100644
--- a/debian/ngcp-rtpengine-recording-daemon.install
+++ b/debian/ngcp-rtpengine-recording-daemon.install
@@ -1 +1,2 @@
 recording-daemon/rtpengine-recording /usr/sbin/
+debian/ngcp-rtpengine-recording-nfs-setup /usr/sbin/
diff --git a/debian/ngcp-rtpengine-recording-daemon.service b/debian/ngcp-rtpengine-recording-daemon.service
new file mode 100644
index 000000000..85f3d33f0
--- /dev/null
+++ b/debian/ngcp-rtpengine-recording-daemon.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=NGCP RTP/media Recording Daemon
+After=network-online.target
+After=remote-fs.target
+Requires=network-online.target
+
+[Service]
+Type=simple
+PIDFile=/run/ngcp-rtpengine-recording-daemon.pid
+ExecStartPre=/usr/sbin/ngcp-rtpengine-recording-nfs-setup start
+ExecStart=/usr/sbin/rtpengine-recording -f -E --pidfile /run/ngcp-rtpengine-recording-daemon.pid --config-file /etc/rtpengine/rtpengine-recording.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/ngcp-rtpengine-recording-nfs-setup b/debian/ngcp-rtpengine-recording-nfs-setup
new file mode 100755
index 000000000..4b70ef0de
--- /dev/null
+++ b/debian/ngcp-rtpengine-recording-nfs-setup
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DEFAULTS=/etc/default/ngcp-rtpengine-recording-daemon
+
+. /lib/lsb/init-functions
+
+# Load startup options if available
+if [ -f "$DEFAULTS" ]; then
+  . "$DEFAULTS" || true
+fi
+
+[ -z "$NFS_OPTIONS" ] && NFS_OPTIONS="hard,tcp,intr"
+
+###
+
+case "$1" in
+  start)
+    if [ "$MUST_NFS" = yes ]; then
+      if ! grep -E -q "^[^ :]+:[^ :]+ $NFS_LOCAL_MOUNT nfs.? " /proc/mounts; then
+        log_action_msg "Mounting NFS share"
+        test -d "$NFS_LOCAL_MOUNT" || mkdir -p "$NFS_LOCAL_MOUNT"
+        mount -t nfs -o "$NFS_OPTIONS" "$NFS_HOST:$NFS_REMOTE_PATH" "$NFS_LOCAL_MOUNT"
+      fi
+    fi
+    ;;
+  stop)
+    ;;
+  *)
+    echo "Usage: $0 {start|stop}" >&2
+    exit 1
+    ;;
+esac
+
+exit 0