path: root/policy-pe
diff options
Diffstat (limited to 'policy-pe')
4 files changed, 802 insertions, 0 deletions
diff --git a/policy-pe/Dockerfile b/policy-pe/Dockerfile
new file mode 100644
index 00000000..cce1de1b
--- /dev/null
+++ b/policy-pe/Dockerfile
@@ -0,0 +1,13 @@
+FROM ecomp-nexus:51220/policy/policy-base
+RUN mkdir -p /opt/app/policy /tmp/policy-install && chown policy /opt/app/policy /tmp/policy-install
+WORKDIR /tmp/policy-install
+COPY install.zip docker-install.sh do-start.sh wait-for-port.sh ./
+RUN unzip install.zip && rm install.zip && chown policy * && chmod +x *.sh
+USER policy
+ENTRYPOINT [ "bash", "./do-start.sh" ]
diff --git a/policy-pe/do-start.sh b/policy-pe/do-start.sh
new file mode 100644
index 00000000..8bdb8bc9
--- /dev/null
+++ b/policy-pe/do-start.sh
@@ -0,0 +1,97 @@
+# Script to configure and start the Policy components that are to run in the designated container,
+# It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the
+# script just goes into a long sleep so that the script does not exit (which would cause the
+# container to be torn down).
+case $container in
+ comps="base pap paplp console mysql"
+ ;;
+ comps="base pdp pdplp"
+ ;;
+ comps="base pypdp"
+ ;;
+ comps="base brmsgw"
+ ;;
+ echo "Usage: do-start.sh pap|pdp|pypdp|brmsgw" >&2
+ exit 1
+# skip installation if build.info file is present (restarting an existing container)
+if [[ -f /opt/app/policy/etc/build.info ]]; then
+ echo "Found existing installation, will not reinstall"
+ . /opt/app/policy/etc/profile.d/env.sh
+ if [[ -d config ]]; then
+ cp config/*.conf .
+ fi
+ for comp in $comps; do
+ echo "Installing component: $comp"
+ ./docker-install.sh --install $comp
+ done
+ for comp in $comps; do
+ echo "Configuring component: $comp"
+ ./docker-install.sh --configure $comp
+ done
+ . /opt/app/policy/etc/profile.d/env.sh
+ # install keystore
+ #changed to use http instead of http, so keystore no longer needed
+ #cp config/policy-keystore.jks $POLICY_HOME/etc/ssl/policy-keystore
+ if [[ -f config/$container-tweaks.sh ]] ; then
+ # file may not be executable; running it as an
+ # argument to bash avoids needing execute perms.
+ bash config/$container-tweaks.sh
+ fi
+ if [[ $container == pap ]]; then
+ # wait for DB up
+ ./wait-for-port.sh mariadb 3306
+ # now that DB is up, invoke database upgrade
+ # (which does nothing if the db is already up-to-date)
+ dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
+ dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
+ db_upgrade_remote.sh $dbuser $dbpw mariadb
+ fi
+# pap needs to wait for mariadb up before starting;
+# others need to wait for pap up (in case it had to do db upgrade)
+if [[ $container == pap ]]; then
+ # we may have already done this above, but doesn't hurt to repeat
+ ./wait-for-port.sh mariadb 3306
+ ./wait-for-port.sh pap 9091
+policy.sh start
+# on pap, wait for pap, pdp, pypdp, brmsgw, and nexus up,
+# then push the initial default policies
+if [[ $container == pap ]]; then
+ ./wait-for-port.sh pap 9091
+ ./wait-for-port.sh pdp 8081
+ ./wait-for-port.sh pypdp 8480
+ # brmsgw doesn't have a REST API, so check for JMX port instead
+ ./wait-for-port.sh brmsgw 9989
+ ./wait-for-port.sh nexus 8081
+ # wait addional 1 minute for all processes to get fully initialized and synched up
+ sleep 60
+ bash config/push-policies.sh
+sleep 1000d
diff --git a/policy-pe/docker-install.sh b/policy-pe/docker-install.sh
new file mode 100644
index 00000000..d85e3592
--- /dev/null
+++ b/policy-pe/docker-install.sh
@@ -0,0 +1,674 @@
+## Functions
+function usage() {
+ echo -n "syntax: $(basename $0) "
+ echo -n "--debug ("
+ echo -n "[--install base|pap|pdp|pypdp|console|mysql|brmsgw|paplp|pdplp] | "
+ echo -n "[--configure base|pap|pdp|pypdp|console|mysql|brmsgw|paplp|pdplp] | "
+function check_java() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+ if [[ -z ${JAVA_HOME} ]]; then
+ echo "error: ${JAVA_HOME} is not set"
+ return 1
+ fi
+ if ! check_x_file "${JAVA_HOME}/bin/java"; then
+ echo "error: ${JAVA_HOME}/bin/java is not accessible"
+ return 1
+ fi
+ INSTALLED_JAVA_VERSION=$("${JAVA_HOME}/bin/java" -version 2>&1 | awk -F '"' '/version/ {print $2}')
+ if [[ -z $INSTALLED_JAVA_VERSION ]]; then
+ echo "error: ${JAVA_HOME}/bin/java is invalid"
+ return 1
+ fi
+ echo "error: java version (${INSTALLED_JAVA_VERSION}) does not"\
+ "march desired version ${TARGET_JAVA_VERSION}"
+ return 1
+ fi
+ echo "OK: java ${INSTALLED_JAVA_VERSION} installed"
+function process_configuration() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+ while read line || [ -n "${line}" ]; do
+ if [[ -n ${line} ]] && [[ ${line} != \#* ]]; then
+ name=$(echo "${line%%=*}")
+ value=$(echo "${line#*=}")
+ # escape ampersand so that sed does not replace it with the search string
+ value=${value//&/\\&}
+ if [[ -z ${name} ]] || [[ -z $value ]]; then
+ echo "WARNING: ${line} missing name or value"
+ fi
+ export ${name}="${value}"
+ eval "${name}" "${value}" 2> /dev/null
+ fi
+ done < "${CONF_FILE}"
+ return 0
+function component_preconfigure() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+ /bin/sed -i -e 's!${{POLICY_HOME}}!'"${POLICY_HOME}!g" \
+ -e 's!${{FQDN}}!'"${FQDN}!g" \
+ *.conf > /dev/null 2>&1
+function tomcat_component() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+ if [[ -d ${TOMCAT_TARGET_INSTALL_DIR} ]]; then
+ echo "error: ${TOMCAT_TARGET_INSTALL_DIR} exists."
+ return 1
+ fi
+ if [[ -d ${TOMCAT_INSTALL_DIR} ]]; then
+ echo "error: ${TOMCAT_INSTALL_DIR} exists."
+ return 1
+ fi
+ tar -C "${POLICY_HOME}/servers" -xf "${POLICY_HOME}/install/3rdparty/${TOMCAT_PACKAGE_NAME}.tar.gz"
+ /bin/cp "${POLICY_HOME}"/install/servers/common/tomcat/bin/* "${POLICY_HOME}/servers/${COMPONENT_TYPE}/bin"
+ /bin/cp "${POLICY_HOME}"/install/servers/common/tomcat/conf/* "${POLICY_HOME}/servers/${COMPONENT_TYPE}/conf"
+ /bin/cp "${POLICY_HOME}/install/servers/common/tomcat/init.d/tomcatd" "${POLICY_HOME}/etc/init.d/${COMPONENT_TYPE}"
+ /bin/sed -i -e "s!\${{COMPONENT_TYPE}}!${COMPONENT_TYPE}!g" "${POLICY_HOME}/etc/init.d/${COMPONENT_TYPE}" >/dev/null 2>&1
+ /bin/cp -fr "${POLICY_HOME}"/install/servers/${COMPONENT_TYPE}/webapps/* "${POLICY_HOME}/servers/${COMPONENT_TYPE}/webapps"
+ /bin/cp -fr "${POLICY_HOME}"/install/servers/${COMPONENT_TYPE}/bin/* "${POLICY_HOME}/servers/${COMPONENT_TYPE}/bin" >/dev/null 2>&1
+ /bin/cp -fr "${POLICY_HOME}"/install/servers/${COMPONENT_TYPE}/conf/* "${POLICY_HOME}/servers/${COMPONENT_TYPE}/conf" >/dev/null 2>&1
+ /bin/rm -fr "${POLICY_HOME}/servers/${COMPONENT_TYPE}/webapps/docs" \
+ "${POLICY_HOME}/servers/${COMPONENT_TYPE}/webapps/examples" \
+ "${POLICY_HOME}/servers/${COMPONENT_TYPE}/webapps/ROOT" \
+ "${POLICY_HOME}/servers/${COMPONENT_TYPE}/webapps/manager" \
+ "${POLICY_HOME}/servers/${COMPONENT_TYPE}/webapps/host-manager"
+ if [[ ${COMPONENT_TYPE} == console ]]; then
+ install_ecomp_portal_settings
+ fi
+ return 0
+function configure_tomcat_component() {
+ configure_component "${COMPONENT_TYPE}.conf" "${POLICY_HOME}/servers/${COMPONENT_TYPE}/"
+function configure_component() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+ if ! process_configuration "${COMPONENT_TYPE}.conf"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: cannot process configuration ${COMPONENT_TYPE}.conf"
+ exit 1
+ fi
+ SED_LINE="sed -i"
+ SED_LINE+=" -e 's!\${{POLICY_HOME}}!${POLICY_HOME}!g' "
+ SED_LINE+=" -e 's!\${{POLICY_USER}}!${POLICY_USER}!g' "
+ SED_LINE+=" -e 's!\${{POLICY_GROUP}}!${POLICY_GROUP}!g' "
+ SED_LINE+=" -e 's!\${{JAVA_HOME}}!${JAVA_HOME}!g' "
+ while read line || [ -n "${line}" ]; do
+ if [[ -n $line ]] && [[ $line != \#* ]]; then
+ name=$(echo "${line%%=*}")
+ value=$(echo "${line#*=}")
+ # escape ampersand so that sed does not replace it with the search string
+ value=${value//&/\\&}
+ if [[ -z ${name} ]] || [[ -z ${value} ]]; then
+ echo "WARNING: ${line} missing name or value"
+ fi
+ SED_LINE+=" -e 's!\${{${name}}}!${value}!g' "
+ fi
+ done < "$CONF_FILE"
+ for sed_file in $(find "${COMPONENT_ROOT_DIR}" -name '*.xml' -o -name '*.sh' -o -name '*.properties' -o -name '*.conf' -o -name '*.cfg' -o -name '*.template' -o -name '*.conf' -o -name '*.cron' -o -name '*.json' | grep -v /backup/); do
+ if fgrep -l '${{' ${sed_file} > /dev/null 2>&1; then
+ SED_FILES+="${sed_file} "
+ fi
+ done
+ if [[ -f $HOME/.m2/settings.xml ]]; then
+ SED_FILES+="$HOME/.m2/settings.xml "
+ fi
+ if [[ -z ${SED_FILES} ]]; then
+ echo "WARNING: no xml, sh, properties, or conf files to perform configuration expansion"
+ else
+ eval "${SED_LINE}"
+ fi
+ list_unexpanded_files ${POLICY_HOME}
+function install_ecomp_portal_settings() {
+ echo "Install ecomp portal settings"
+ # unpack ecomp war file
+ mkdir -p "${POLICY_HOME}"/servers/console/webapps/ecomp
+ cd "${POLICY_HOME}"/servers/console/webapps/ecomp
+ unzip -q ../ecomp.war
+ # copy over the configured settings
+ /bin/cp -fr "${POLICY_HOME}"/install/servers/ecomp/* "${POLICY_HOME}/servers/console/webapps/ecomp"
+function check_r_file() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+ FILE=$1
+ if [[ ! -f ${FILE} || ! -r ${FILE} ]]; then
+ return 1
+ fi
+ return 0
+function check_x_file() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+ FILE=$1
+ if [[ ! -f ${FILE} || ! -x ${FILE} ]]; then
+ return 1
+ fi
+ return 0
+function install_prereqs() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+ if ! check_r_file "${CONF_FILE}"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: ${CONF_FILE} is not accessible"
+ exit 1
+ fi
+ if ! process_configuration "${CONF_FILE}"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: cannot process configuration ${CONF_FILE}"
+ exit 1
+ fi
+# if ! check_java "1.8"; then
+# echo "error: aborting ${COMPONENT_TYPE} installation: invalid java version"
+# exit 1
+# fi
+ if [[ -z ${POLICY_HOME} ]]; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: ${POLICY_HOME} is not set"
+ exit 1
+ fi
+ HOME_OWNER=$(ls -ld "${POLICY_HOME}" | awk '{print $3}')
+ if [[ ${HOME_OWNER} != ${POLICY_USER} ]]; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: ${POLICY_USER} does not own ${POLICY_HOME} directory"
+ exit 1
+ fi
+ echo -n "Starting ${OPERATION} of ${COMPONENT_TYPE} under ${POLICY_USER}:${POLICY_GROUP} "
+ echo "ownership with umask $(umask)."
+function list_unexpanded_files() {
+ SEARCH_LIST=$(find ${ROOT_DIR} -type f -name '*.properties' -o -name '*.sh' -o -name '*.conf' -o -name '*.yml' -o -name '*.template' -o -name '*.xml' -o -name '*.cfg' -o -name '*.json' -o -path "${ROOT_DIR}/etc/init.d/*" | egrep -v '/m2/|/install/|/logs/')
+ NOT_EXPANDED_BASE_FILES=$(grep -l '${{' ${SEARCH_LIST} 2> /dev/null)
+ if [[ -n ${NOT_EXPANDED_BASE_FILES} ]]; then
+ echo "error: component installation has completed but some base files have not been expanded:"
+ return 1
+ fi
+ return 0
+function install_base() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+ install_prereqs "${BASE_CONF}"
+ if [[ -z ${POLICY_HOME} ]]; then
+ echo "error: ${POLICY_HOME} is not set"
+ exit 1
+ fi
+ POLICY_HOME_CONTENTS=$(ls -A "${POLICY_HOME}" 2> /dev/null)
+ if [[ -n ${POLICY_HOME_CONTENTS} ]]; then
+ echo "error: aborting base installation: ${POLICY_HOME} directory is not empty"
+ exit 1
+ fi
+ if [[ ! -d ${POLICY_HOME} ]]; then
+ echo "error: aborting base installation: ${POLICY_HOME} is not a directory."
+ exit 1
+ fi
+ if ! /bin/mkdir -p "${POLICY_HOME}/servers/" > /dev/null 2>&1; then
+ echo "error: aborting base installation: cannot create ${POLICY_HOME}/servers/"
+ exit 1
+ fi
+ if ! /bin/mkdir -p "${POLICY_HOME}/logs/" > /dev/null 2>&1; then
+ echo "error: aborting base installation: cannot create ${POLICY_HOME}/logs/"
+ exit 1
+ fi
+ BASE_TGZ=$(ls base-*.tar.gz)
+ if [ ! -r ${BASE_TGZ} ]; then
+ echo "error: aborting base installation: ${POLICY_USER} cannot access tar file: ${BASE_TGZ}"
+ exit 1
+ fi
+ tar -tzf ${BASE_TGZ} > /dev/null 2>&1
+ if [[ $? != 0 ]]; then
+ echo >&2 "error: aborting base installation: invalid base package tar file: ${BASE_TGZ}"
+ exit 1
+ fi
+ BASH_PROFILE_LINE=". ${POLICY_HOME}/etc/profile.d/env.sh"
+ PROFILE_LINE="ps -p \$\$ | grep -q bash || . ${POLICY_HOME}/etc/profile.d/env.sh"
+ tar -C ${POLICY_HOME} -xf ${BASE_TGZ} --no-same-owner
+ if [[ $? != 0 ]]; then
+ # this should not happened
+ echo "error: aborting base installation: base package cannot be unpacked: ${BASE_TGZ}"
+ exit 1
+ fi
+ /bin/mkdir -p ${POLICY_HOME}/etc/ssl > /dev/null 2>&1
+ /bin/mkdir -p ${POLICY_HOME}/etc/init.d > /dev/null 2>&1
+ /bin/mkdir -p ${POLICY_HOME}/tmp > /dev/null 2>&1
+ /bin/mkdir -p ${POLICY_HOME}/var > /dev/null 2>&1
+ #list_unexpanded_files ${POLICY_HOME}
+function configure_base() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+ # check if fqdn is set in base.conf and use that value if set
+ if [[ -z ${INSTALL_FQDN} ]]
+ then
+ echo "FQDN not set in config...using the default FQDN ${FQDN}"
+ else
+ echo "Using FQDN ${INSTALL_FQDN} from config"
+ fi
+ configure_component "${BASE_CONF}" "${POLICY_HOME}"
+ BASH_PROFILE_LINE=". ${POLICY_HOME}/etc/profile.d/env.sh"
+ PROFILE_LINE="ps -p \$\$ | grep -q bash || . ${POLICY_HOME}/etc/profile.d/env.sh"
+ if ! fgrep -x "${BASH_PROFILE_LINE}" "${HOME}/.bash_profile" >/dev/null 2>&1; then
+ echo "${BASH_PROFILE_LINE}" >> "${HOME}/.bash_profile"
+ fi
+ if ! fgrep -x "${PROFILE_LINE}" "${HOME}/.profile" >/dev/null 2>&1; then
+ echo "${PROFILE_LINE}" >> "${HOME}/.profile"
+ fi
+function install_tomcat_component() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+ install_prereqs "${BASE_CONF}"
+ if ! process_configuration "${COMPONENT_TYPE}.conf"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: cannot process configuration ${COMPONENT_TYPE}.conf"
+ exit 1
+ fi
+ if ! tomcat_component; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: tomcat installation failed."
+ exit 1
+ fi
+# This function installs mysql related shell scripts and sql files in the proper locations
+# under $POLICY_HOME. It also adds the MySQL client bin to the PATH based on configuration.
+function install_mysql() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+ install_prereqs "${BASE_CONF}"
+ if ! process_configuration "${COMPONENT_TYPE}.conf"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: cannot process configuration ${COMPONENT_TYPE}.conf"
+ exit 1
+ fi
+ /bin/mkdir -p ${MYSQL_DATA_PATH} > /dev/null 2>&1
+ /bin/cp -f "${POLICY_HOME}"/install/mysql/data/* "${MYSQL_DATA_PATH}"
+ /bin/chmod 555 "${MYSQL_DATA_PATH}"/*
+ MYSQL_BIN_SOURCE=${POLICY_HOME}/install/mysql/bin
+ /bin/mkdir -p ${POLICY_HOME}/bin > /dev/null 2>&1
+ for script in $(/bin/ls "${MYSQL_BIN_SOURCE}"); do
+ /bin/cp ${MYSQL_BIN_SOURCE}/${script} ${POLICY_HOME}/bin
+ /bin/chmod 555 "${POLICY_HOME}/bin/${script}"
+ done
+function configure_mysql() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+ # nothing to do
+# This function installs brmsgw related shell scripts and config files in the proper
+# locations under $POLICY_HOME.
+function install_brmsgw() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+ install_prereqs "${BASE_CONF}"
+ if ! process_configuration "${COMPONENT_TYPE}.conf"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: cannot process configuration ${COMPONENT_TYPE}.conf"
+ exit 1
+ fi
+ if [ -z "$M2_HOME" ]; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: M2_HOME must be set in brmsgw.conf"
+ exit 1
+ fi
+ echo "export M2_HOME=$M2_HOME" >>$POLICY_HOME/etc/profile.d/env.sh
+ /bin/cp -f "${POLICY_HOME}/install/servers/brmsgw/init.d/brmsgw" "${POLICY_HOME}/etc/init.d/brmsgw"
+ if ! /bin/mkdir -p "${POLICY_HOME}/servers/${COMPONENT_TYPE}" > /dev/null 2>&1; then
+ echo "error: aborting base installation: cannot create ${POLICY_HOME}/servers/${COMPONENT_TYPE}"
+ exit 1
+ fi
+ /bin/cp -fr "${POLICY_HOME}"/install/servers/${COMPONENT_TYPE}/BRMSGateway.jar "${POLICY_HOME}/servers/${COMPONENT_TYPE}"
+ /bin/cp -fr "${POLICY_HOME}"/install/servers/${COMPONENT_TYPE}/*.properties "${POLICY_HOME}/servers/${COMPONENT_TYPE}"
+ /bin/cp -fr "${POLICY_HOME}"/install/servers/${COMPONENT_TYPE}/config "${POLICY_HOME}/servers/${COMPONENT_TYPE}"
+ /bin/mv $POLICY_HOME/m2 $HOME/.m2
+ return 0
+function install_logparser() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+ install_prereqs "${BASE_CONF}"
+ if ! process_configuration "${COMPONENT_TYPE}.conf"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: cannot process configuration ${COMPONENT_TYPE}.conf"
+ exit 1
+ fi
+ /bin/mkdir -p ${LP_TARGET_DIR}/bin > /dev/null 2>&1
+ /bin/mkdir -p ${LP_TARGET_DIR}/logs > /dev/null 2>&1
+ # copy binaries, initialization script and configuration
+ /bin/cp "${POLICY_HOME}"/install/servers/common/logparser/bin/*jar "${LP_TARGET_DIR}/bin"
+ /bin/cp "${POLICY_HOME}/install/servers/common/logparser/init.d/logparserd" "${POLICY_HOME}/etc/init.d/${COMPONENT_TYPE}"
+ /bin/cp "${POLICY_HOME}/install/servers/${COMPONENT_TYPE}/bin/parserlog.properties" "${LP_TARGET_DIR}/bin"
+ /bin/cp -fr "${POLICY_HOME}"/install/servers/${COMPONENT_TYPE}/bin/config "${POLICY_HOME}/servers/${COMPONENT_TYPE}/bin"
+## script execution body
+export POLICY_USER=$(/usr/bin/id -un)
+# command line options parsing
+until [[ -z "$1" ]]; do
+ case $1 in
+ -d|--debug) DEBUG=y
+ set -x
+ ;;
+ -i|--install) OPERATION=install
+ shift
+ ;;
+ -c|--configure) OPERATION=configure
+ shift
+ ;;
+ *) usage
+ exit 1
+ ;;
+ esac
+ shift
+# component-type validation
+ base) ;;
+ pypdp) ;;
+ pdp) ;;
+ pap) ;;
+ console) ;;
+ mysql) ;;
+ brmsgw) ;;
+ paplp) ;;
+ pdplp) ;;
+ skip) ;;
+ *) echo "invalid component type (${COMPONENT_TYPE}): must be in {base|pypdp|pdp|pap|console|mysql|brmsgw|paplp|pdplp}";
+ usage
+ exit 1
+ ;;
+# operation validation
+case $OPERATION in
+ install|configure) ;;
+ *) echo "invalid operation (${OPERATION}): must be in {install|configure}";
+ usage
+ exit 1
+ ;;
+if [[ -n ${POLICY_GROUP} ]]; then
+ groups=$(groups)
+ if ! echo ${groups} | grep -qP "\b${POLICY_GROUP}"; then
+ echo "error: ${POLICY_GROUP} is not a valid group for account ${POLICY_USER}"
+ exit 1
+ fi
+if [[ -z ${POLICY_GROUP} ]]; then
+ numGroups=$(groups | sed "s/^.*: *//g" | wc -w)
+ if [ ${numGroups} -eq 1 ]; then
+ export POLICY_GROUP=$(groups ${POLICY_USER} | sed "s/^.*: *//g")
+ else
+ echo "error: ${POLICY_USER} belongs to multiple groups, one group \
+ must be provided for the installation"
+ usage
+ exit 1
+ fi
+if [[ -z ${POLICY_GROUP} ]]; then
+ echo "error: installation of root section must not provide the \
+ installation group owner argument."
+ usage
+ exit 1
+FQDN=$(hostname -f 2> /dev/null)
+if [[ $? != 0 || -z ${FQDN} ]]; then
+ echo "error: cannot determine the FQDN for this host $(hostname)."
+ exit 1
+if [[ ${OPERATION} == install ]]; then
+ base)
+ install_base
+ ;;
+ pypdp)
+ install_tomcat_component
+ ;;
+ pdp)
+ install_tomcat_component
+ ;;
+ pap)
+ install_tomcat_component
+ ;;
+ console)
+ install_tomcat_component
+ ;;
+ mysql)
+ install_mysql
+ ;;
+ brmsgw)
+ install_brmsgw
+ ;;
+ paplp|pdplp)
+ install_logparser
+ ;;
+ *)
+ echo "invalid component type (${COMPONENT_TYPE}): must be in {base|pypdp|pdp|pap|console|mysql|brmsgw|paplp|pdplp}";
+ usage
+ exit 1
+ ;;
+ esac
+if [[ ${OPERATION} == configure ]]; then
+ install_prereqs "${BASE_CONF}"
+ base)
+ configure_base
+ component_preconfigure
+ ;;
+ pypdp)
+ configure_component "${COMPONENT_TYPE}.conf" "${POLICY_HOME}/servers/${COMPONENT_TYPE}/"
+ ;;
+ pdp)
+ configure_component "${COMPONENT_TYPE}.conf" "${POLICY_HOME}/servers/${COMPONENT_TYPE}/"
+ ;;
+ pap)
+ configure_component "${COMPONENT_TYPE}.conf" "${POLICY_HOME}/servers/${COMPONENT_TYPE}/"
+ ;;
+ console)
+ configure_component "${COMPONENT_TYPE}.conf" "${POLICY_HOME}/servers/${COMPONENT_TYPE}/"
+ ;;
+ mysql)
+ configure_mysql
+ ;;
+ brmsgw)
+ configure_component "${COMPONENT_TYPE}.conf" "${POLICY_HOME}/servers/${COMPONENT_TYPE}/"
+ ;;
+ paplp|pdplp)
+ configure_component "${COMPONENT_TYPE}.conf" "${POLICY_HOME}/servers/${COMPONENT_TYPE}/"
+ ;;
+ *)
+ echo "invalid component type (${COMPONENT_TYPE}): must be in {base|pypdp|pdp|pap|console|mysql|brmsgw|paplp|pdplp}";
+ usage
+ exit 1
+ ;;
+ esac
+echo -n "Successful ${OPERATION} of ${COMPONENT_TYPE} under ${POLICY_USER}:${POLICY_GROUP} "
+echo "ownership with umask $(umask)."
diff --git a/policy-pe/wait-for-port.sh b/policy-pe/wait-for-port.sh
new file mode 100644
index 00000000..10f08ded
--- /dev/null
+++ b/policy-pe/wait-for-port.sh
@@ -0,0 +1,18 @@
+if [[ $# -ne 2 ]]; then
+ echo "Usage: wait-for-port hostname port" >&2
+ exit 1
+echo "Waiting for $host port $port open"
+until telnet $host $port </dev/null 2>/dev/null | grep -q '^Connected'; do
+ sleep 1
+echo "$host port $port is open"
+exit 0