#! /bin/bash # # # Copyright (c) Bull S.A. 2007 All Rights Reserved. # # This program is free software; you can redistribute it and/or modify it # under the terms of version 2 of the GNU General Public License as # published by the Free Software Foundation. # # This program is distributed in the hope that it would be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # # Further, this software is distributed without any warranty that it is # free of the rightful claim of any third person regarding infringement # or the like. Any license provided herein, whether implied or # otherwise, applies only to this software file. Patent licenses, if # any, provided herein do not apply to combinations of this program with # other software, or any other product whatsoever. # # You should have received a copy of the GNU General Public License along # with this program; if not, write the Free Software Foundation, Inc., 59 # Temple Place - Suite 330, Boston MA 02111-1307, USA. # # History: # 5/14/07 : Created by Aime Le Rouzic (Aime.Le-Rouzic@bull.net) # 9/30/07 : Updated by Aime Le Rouzic (Aime.Le-Rouzic@bull.net) # 12/21/07: Updated by Aime Le Rouzic (Aime.Le-Rouzic@bull.net) # # # Purpose: # # This shell command takes care of setting a Kerberos NFS Server # # Written to be run by root on the machine to be the Kerberos NFS Server # # Usage : # # krbnfssv {start | status | reboot} # start: First Kerberized NFS Server initialisation # status: Checks the kerberised NFS Server configuration is still OK # reboot: Starts needed daemons (nfsd,rpc.mountd,rpc.idmapd,rpc.svcgssd) when not already started # # krbnfssv start { -h |{-a kerberos administrator principal} {-b } {-c } {-d } {-D } {-k } {-n } {-r } {-v}} # krbnfssv status { -h | {-b } {-c } {-D } {-k } {-n } {-v}} # krbnfssv reboot { -h | {-D } } # # Description: # The krbnfssv command configures a kerberized NFS Server # It proposes a configuration directly from the existing krb5.conf # # The command does some controls: # start: # - checks Kerberos Client package # - checks REALM is UPPER CASE # - checks the /etc/services file lists the NFS service (port 2049) # - checks KDC and Kerberos Server are reachable # - checks kerberos daemons are unning (krb5kdc, kadmind) on the Kerberos Server # - synchronize time with ntp when possible # - checks time is synchronised (<300s) with the KDC Server machine time # - checks hostname is a fully-qualified domain name # - checks the /etc/hosts file lists the fully-qualified domain name # as the first entry on the line with the machine's IP address, # - checks in /etc/resolv.conf name server is the same as in /etc/resolv.conf # of the KDC Server # - checks nfsd,rpc.mountd NFS Server daemons are running # - checks the rpc.idmapd daemon is running # - starts rpc.svcgssd daemon # status: # - checks KDC and Kerberos Server are reachable # - checks kerberos daemons are running (krb5kdc,kadmind) on the Kerberos Server # - checks the /etc/services file lists the NFS service (port 2049) # - synchronize time with ntp when possible # - checks time is synchronised (<300s) with the KDC Server machine time # - checks hostname is a fully-qualified domain name # - checks the /etc/hosts file lists the fully-qualified domain name # as the first entry on the line with the machine's IP address # - checks in /etc/resolv.conf name server is the same as in /etc/resolv.conf # of the KDC Server # - checks rpc.svcgssd daemon is running # - checks nfsd,rpc.mountd NFS Server daemons are running # - checks the rpc.idmapd daemon is running # reboot: # - checks and starts nfsd,rpc.mountd NFS Server daemons # - checks and starts the rpc.idmapd daemon # - checks and starts rpc.svcgssd daemon # Flags: # -a : kerberos administrator principal # -b : kerberos administration Server name # -c : directory where is located the krb5.conf file # -d : domain name for the Kerberos realm # -D : Linux Distribution among FEDORA, RHEL5.1 # -h : help to display the command syntax # -k : KDC Server name # -n : NTP Server name # -r : realm for which the Kerberos Server is to be configured # -v : verbose mode # - display more messages # - start rpc.svcgssd with verbose mode ( rpc.svcgssd -vvvv -rrrr) UsageStart="krbnfssv start { -h |{-a kerberos administrator principal} {-b } {-c } {-d } {-D } {-k } {-n } {-r } {-v}}" UsageStatus="krbnfssv status { -h | {-b } {-c } {-D } {-k } {-n } {-v}}" UsageReboot="krbnfssv reboot{ -h | {-D } }" # Defaults Environment KRB_CONF="" # Directory where to find the kerberos configuration file REALM="" # REALM : contains the real name DOMAIN="" # Domain name of the Kerberos realm KDC_SERVER="" # KDC_SERVER :KDC Server name KRB_SERVER="" # Admin kerberos Server name KRB_ADMIN="root" # "root" must exit on Client and Server NFS machines to use kadmin # if not "root" but for example "admin" # admin must belong to the "root" group on the Client and Server NFS machines # to use kadmin in order to get the necessary rights to access kerberos NTP_SERVER="" # Ntp Server name NFSSERVERNAME=`/bin/hostname` # The machine running the command is the NFS Server TMP="/tmp" # Working Repertory modverbose=0 # Verbose mode LINUXDISTRIBUTION="FEDORA" # Linux Distribution # # Functions # vm () { # verbose messages print if [ $modverbose != 0 ] then echo "$1" fi } FinalizeStartConfiguration () { # Finalizes the configuration after the command line processing (option start) if [ -z "$KRB_CONF" ]; then KRB_CONF="/etc" fi if [ -z "$KRB_SERVER" ]; then KRB_SERVER=`grep "admin_server" $KRB_CONF/krb5.conf | awk '{ print $3}' | grep 749 | cut -d: -f1 ` >/dev/null fi if [ -z "$KRB_SERVER" ]; then echo "You need to give the Kerberos Server Name:" read KRB_SERVER fi CreateKRB5Conf if [ -z "$REALM" ]; then REALM=`grep default_realm $KRB_CONF/krb5.conf | awk '{ print $3}'` fi CheckREALM if [ -z "$DOMAIN" ]; then DOMAIN=`dnsdomainname` fi if [ -z "$KDC_SERVER" ]; then KDC_SERVER=`grep "kdc =" $KRB_CONF/krb5.conf | awk '{ print $3}' | grep 88 | cut -d: -f1 ` fi if [ -z "$NTP_SERVER" ]; then NTP_SERVER=$KDC_SERVER fi # # list a summary echo echo "Here are the parameters from which the Kerberos NFS Server configuration will be built: " echo " Kerberos REALM: $REALM" echo " Domain Name: $DOMAIN" echo " KDC Server Name: $KDC_SERVER" echo " Kerberos Administration Server Name: $KRB_SERVER" echo " NTP Server Name: $NTP_SERVER" echo " ............................" echo " Kerberos Configuration File: $KRB_CONF/krb5.conf" echo " Kerberos Administrator Name: $KRB_ADMIN" echo # do you agree echo "Do you agree with this Kerberos NFS Server configuration: yes/no[no]" ANSWER="no" read ANSWER case $ANSWER in yes) ;; *) echo echo "You need to restart the command by specifying in the command the parameters you want to change: " echo "krbnfssv start { -h | {-b } {-c } {-d } {-k } {-n } {-r } {-v}}" exit 0 ;; esac } FinalizeStatusConfiguration () { # Finalize the configuration after the command line processing (option status) if [ -z "$KRB_CONF" ]; then KRB_CONF="/etc" fi REALM=`grep default_realm $KRB_CONF/krb5.conf | awk '{ print $3}'` # Domain name of the Kerberos realm DOMAIN=`dnsdomainname` if [ -z "$KDC_SERVER" ]; then KDC_SERVER=`grep "kdc =" $KRB_CONF/krb5.conf | awk '{ print $3}' | grep 88 | cut -d: -f1 ` fi if [ -z "$KRB_SERVER" ]; then KRB_SERVER=`grep "admin_server" $KRB_CONF/krb5.conf | awk '{ print $3}' | grep 749 | cut -d: -f1 ` fi if [ -z "$NTP_SERVER" ]; then NTP_SERVER=$KDC_SERVER fi # list a summary echo "Here are the parameters from which the Kerberos NFS Server configuration is built: " echo " Kerberos REALM: $REALM" echo " Domain Name: $DOMAIN" echo " KDC Server Name: $KDC_SERVER" echo " Kerberos Administration Server Name: $KRB_SERVER" echo " NTP Server Name: $NTP_SERVER" echo " ............................" echo " Kerberos Configuration File: $KRB_CONF/krb5.conf" echo } function TestKerberosInstall () { # Check Kerberos the Client package is installed type kinit >/dev/null 2>&1 RETVAL=$? if [ $RETVAL -ne 0 ] then echo "Kerberos Client Package not installed" echo echo "Kerberos NFS Server Setup not completed" exit 1 fi } CheckRPCGSSMod () { # Ask to load rpcsec_gss_krb5 module if necessary lsmod | grep rpcsec_gss_krb5 > /dev/null RETVAL=$? if [ $RETVAL -ne 0 ] then case $LINUXDISTRIBUTION in RHEL5.1) echo echo "You need to load the rpcsec_gss_krb5 module if not already in the kernel" echo "Do you want to have this command loading it: yes/no[no]" ANSWER="no" read ANSWER case $ANSWER in yes) modprobe rpcsec_gss_krb5 RETVAL=$? if [ $RETVAL -ne 0 ] then echo echo "Kerberos NFS Server Setup not completed" exit 1 fi ;; *) ;; esac ;; *) ;; esac fi } CheckTime () { # Check time is synchronised (<300s) with the KDC Server machine time echo "Nevertheless, let's check time is synchronised (<300s) with the KDC Server machine: $KDC_SERVER time" timeKDC_SERVER=`ssh $KDC_SERVER date +%s` RETVAL=$? if [ $RETVAL -ne 0 ] then echo "Test to check time is synchronised with $KRB_SERVER has failed" echo echo "Kerberos NFS Server Setup not completed" exit 1 fi timeNFSSERVER=`date +%s` if [ $timeKDC_SERVER -ge $timeNFSSERVER ] then gaptime="$(( $timeKDC_SERVER - $timeNFSSERVER)) " else gaptime="$(( $timeNFSSERVER - $timeKDC_SERVER)) " fi if [ $((gaptime)) -gt 300 ] then echo " KDC Server and NFS CLient times differ more than 5 minutes" echo echo "Kerberos NFS Server Setup not completed" exit 1 fi echo "Time is Synchronized with the time of the KDC Server: $KDC_SERVER" vm "Difference time is: $gaptime seconds" echo } NtpCheckTime () { echo echo "ntp searching" ntpdate -d $NTP_SERVER >/dev/null RETVAL=$? if [ $RETVAL -ne 0 ] then sleep 5 ntpdate -d $NTP_SERVER > /dev/null RETVAL=$? if [ $RETVAL -ne 0 ] then echo echo "ntp is not configured" CheckTime fi fi } function CheckFQDN_NFSSERVERNAME () { # Check hostname is a fully-qualified name # Check the /etc/hosts file lists the fully-qualified domain name as the first entry # on the line with the machine's IP address, and the machine's name must not be include # on the localhost line FQDN_NFSSERVERNAME=`/bin/hostname --fqdn` RETVAL=$? if [ $RETVAL -ne 0 ] then echo echo "Kerberos NFS Server Setup not completed" exit 1 fi if [ "$NFSSERVERNAME" != "$FQDN_NFSSERVERNAME" ] then echo "The hostname is not a FQDN name " echo "The hostname is: $NFSSERVERNAME" echo "The Fully-Qualified Name is: $FQDN_NFSSERVERNAME" echo "Do you want to set it: yes/no[yes]" ANSWER="yes" read ANSWER case $ANSWER in yes) NFSSERVERNAME="$FQDN_NFSSERVERNAME" hostname "$NFSSERVERNAME" ;; *) ;; esac fi RETNAME=`awk '{ print $2}' /etc/hosts | grep "$FQDN_NFSSERVERNAME" ` if [ "$RETNAME" != "$FQDN_NFSSERVERNAME" ] then echo "Fully-qualified name: $FQDN_NFSCLIENTNAME should be first after the IP address in the /etc/hosts file" echo echo "Kerberos NFS Server Setup not completed" exit 1 fi grep "127.0.0.1" /etc/hosts | grep "$NFSSERVERNAME" > /dev/null if [ $? == 0 ] then echo "The machine's name "$NFSCLIENTNAME" must not be included" echo "on the localhost line in /etc/hosts" echo echo "Kerberos NFS Server Setup not completed" exit 1 fi } function CheckREALM () { # Check REALM is UPPER CASE REALM_UPPERCASE=`echo $REALM | tr "[a-z]" "[A-Z]"` while test "$REALM_UPPERCASE" != "$REALM" do echo "REALM: $REALM not uppercase, enter it again:"; read REALM ; done } function CheckEtcServices () { # Check the /etc/services file lists the NFS service (port 2049). RETVAL=1 while [ $RETVAL != 0 ] do grep "#nfs" /etc/services | grep tcp |grep 2049 > /dev/null RETVAL=$? if [ $RETVAL == 0 ] then echo "The NFS service (port 2049) is not validated in /etc/services" echo echo "Kerberos NFS Server Setup not completed" exit 1 fi grep nfs /etc/services | grep tcp |grep 2049 > /dev/null RETVAL=$? if [ $RETVAL != 0 ] then echo " /etc/services doesn't list the NFS service (port 2049)" echo echo "Kerberos NFS Server Setup not completed" exit 1 fi done } function CheckDNS () { # Check in /etc/resolv.conf name server is the same as in KDC_SERVER: /etc/resolv.conf if [ -r /etc/resolv.conf ] then NS_KDC_SERVER=`nslookup $KDC_SERVER | grep Server | cut -f3` if [ -z "NS_KDC_SERVER" ] then echo " $KDC_SERVER Name Server can't reached" echo echo "Kerberos NFS Server Setup not completed" exit 1 fi NS_NFSSERVERNAME=`nslookup $NFSSERVERNAME | grep Server | cut -f3` if [ -z "NS_NFSSERVERNAME" ] then echo " $NFSSERVERNAME Name Server can't reached" echo echo "Kerberos NFS Server Setup not completed" exit 1 fi if [ "$NS_KDC_SERVER" != "$NS_NFSSERVERNAME" ] then echo " $NFSSERVERNAME doesn't have the same nameserver as $KDC_SERVER" echo echo "Kerberos NFS Server Setup not completed" exit 1 fi else echo "/etc/resolv.conf not present" echo echo "Kerberos NFS Server Setup not completed" exit 1 fi } function CheckEnv () { CheckRPCGSSMod # Ask to load rpcsec_gss_krb5 module if necessary CheckEtcServices # Check the /etc/services file lists the NFS service (port 2049) CheckDNS # Check in /etc/resolv.conf the name server is the same as in /etc/resolv.conf # of the KDC Server CheckFQDN_NFSSERVERNAME # Check hostname is a fully-qualified domain name # Check the /etc/hosts file lists the fully-qualified domain name # as the first entry on the line with the machine's IP address } function ping_check () { if ping $1 -c 5 > /dev/null; then : else echo "$1 unreachable" echo echo "Kerberos NFS Server Setup not completed" exit 1 fi } function Check_KDC_KRB () { # check $KDC_SERVER reachable ping_check $KDC_SERVER # check necessary daemons are running # check krb5kdc is running echo echo "Let's check the krb5kdc daemon is running on the KDC Server: $KDC_SERVER" if [ "$KDC_SERVER" == "$KRB_SERVER" ] then `ssh $KDC_SERVER "ps -e | grep krb5kdc && ps -e | grep kadmind" >$TMP/krbnfssv.tmp` else `ssh $KDC_SERVER "ps -e | grep krb5kdc" > $TMP/krbnfssv.tmp` fi grep krb5kdc $TMP/krbnfssv.tmp > /dev/null RETVAL=$? if [ $RETVAL -ne 0 ] then echo "Test to check the krb5kdc daemon is running has failed" echo echo "Kerberos NFS Server Setup not completed" rm $TMP/krbnfssv.tmp exit 1 fi echo "krb5kdc is running" echo # check $KRB_SERVER reachable ping_check $KRB_SERVER # check kadmind is running echo "Let's check the kadmind daemon is running on the Kerberos Administration Server: $KRB_SERVER" if [ "$KDC_SERVER" != "$KRB_SERVER" ] then `ssh $KRB_SERVER "ps -e | grep kadmind" > $TMP/krbnfssv.tmp` fi grep kadmind $TMP/krbnfssv.tmp > /dev/null RETVAL=$? if [ $RETVAL -ne 0 ] then echo "Test to check the kadmind daemon is running on $KRB_SERVER has failed" echo echo "Kerberos NFS Server Setup not completed" rm $TMP/krbnfssv.tmp exit 1 fi echo "kadmind is running" echo rm $TMP/krbnfssv.tmp } function Check_NFS () { # check NFS is running echo "Let's check the nfsd daemon is running" ps -e | grep nfsd > /dev/null RETVAL=$? if [ $RETVAL -ne 0 ] then echo "nfsd daemon is not running" echo "Do you want to have this command loading it: yes/no[no]" ANSWER="no" read ANSWER case $ANSWER in yes) service nfs start ;; *) echo echo "Kerberos NFS Server Setup not completed" exit 1 ;; esac fi echo "nfsd daemon is running" # check rpc.mountd is running ps -e | grep rpc.mountd > /dev/null RETVAL=$? if [ $RETVAL -ne 0 ] then echo "rpc.mountd daemon is not running" echo echo "Kerberos NFS Server Setup not completed" exit 1 fi echo # check idmapd is running echo "Let's check the idmapd daemon is running" ps -e | grep idmapd > /dev/null RETVAL=$? if [ $RETVAL -ne 0 ] then echo "rpc.idmapd daemon is not running" echo "Do you want to have this command loading it: yes/no[no]" ANSWER="no" read ANSWER case $ANSWER in yes) service rpcidmapd start ;; *) echo echo "Kerberos NFS Server Setup not completed" exit 1 ;; esac fi echo "rpc.idmapd daemon is running" } function CheckStart_NFS () { # check NFS is running ps -e | grep nfsd > /dev/null RETVAL=$? if [ $RETVAL -ne 0 ] then echo "Let's start nfsd daemon which is not running" service nfs start fi # check rpc.mountd is running ps -e | grep rpc.mountd > /dev/null RETVAL=$? if [ $RETVAL -ne 0 ] then echo "Let's start rpc.mountd daemon which is not running" rpc.mountd fi # check idmapd is running ps -e | grep idmapd > /dev/null RETVAL=$? if [ $RETVAL -ne 0 ] then echo "Let's start the idmapd daemon which is not running" service rpcidmapd start fi } function ResetKRBNFSSv () { # Delete files from the previous configuration rm /tmp/krb5cc* >/dev/null 2>&1 } function CreateKRB5Conf () { # Get the krb5.conf from the Kerberos Administration Server echo echo "Get by scp the $KRB_CONF/krb5.conf file from the Kerberos Server: $KRB_SERVER" scp root@$KRB_SERVER:$KRB_CONF/krb5.conf $KRB_CONF/krb5.conf > /dev/null RETVAL=$? if [ $RETVAL -ne 0 ] then echo "Error when getting krb5.conf file from the Kerberos Server: $KRB_SERVER" echo echo "Kerberos NFS Server Setup not completed" exit 1 fi } function AddPrincipalNFSSv () { # Create credentials for the NFS Server by creating a Kerberos V5 principal/instance name # of the form nfs/dns.name.of.server@REALM echo echo "Create credentials for the NFS Server by creating a Kerberos V5 principal: nfs/$NFSSERVERNAME" echo kadmin -p $KRB_ADMIN/admin -q "addprinc -randkey nfs/$NFSSERVERNAME" } function AddKeyNFSSv () { # Add a key for the nfs principal in /etc/krb5.keytab echo echo "Add a key for the nfs principal nfs/$NFSSERVERNAME" kadmin -p $KRB_ADMIN/admin -q "ktadd -e des-cbc-crc:normal -k $KRB_CONF/krb5.keytab nfs/$NFSSERVERNAME" } function StartRpcSvcGssd () { # Start rpc.svcgssd daemon killall rpc.svcgssd > /dev/null 2>&1 if [ $modverbose != 0 ] then rpc.svcgssd -vvvv -rrrr else rpc.svcgssd fi } function CheckRpcSvcGssd () { # Check rpc.svcgssd daemon is running ps -e | grep rpc.svcgssd > /dev/null RETVAL=$? if [ $RETVAL -ne 0 ] then echo "rpc.svcgssd not started" echo "Do you want to start it: yes/no[yes]" ANSWER="yes" read ANSWER case $ANSWER in yes) if [ $modverbose != 0 ] then rpc.svcgssd -vvvv -rrrr else rpc.svcgssd fi ;; *) ;; esac fi } function CheckStartRpcSvcGssd () { # Check and Starts rpc.svcgssd daemon ps -e | grep rpc.svcgssd > /dev/null RETVAL=$? if [ $RETVAL -ne 0 ] then echo "Let's start rpc.svcgssd which is not running" rpc.svcgssd fi } function DoExport () { exportfs -r } function DisplayExportList { # Display the current export list echo "Let's display the current export list" exportfs -v } start () { FinalizeStartConfiguration # Finalize the configuration after the command line processing TestKerberosInstall # Check Kerberos Client package CheckEnv # Check synchronised times, hostname is FQDN,/etc/resolv.conf,/etc/hosts, /etc/services Check_KDC_KRB # Check on KDC and Kerberos Server krb5kdc and kadmind daemons are running Check_NFS # Check NFS and rpc.idmapd are started on the NFS Server NtpCheckTime # Check time is synchronised (<300s) with the KDC and Kerberos Server time ResetKRBNFSSv # Delete files from the previous configuration AddPrincipalNFSSv # Create credentials for the NFS Server AddKeyNFSSv # Add a key for the nfs principal in /etc/krb5.keytab StartRpcSvcGssd # Start rpc.svcgssd daemon DoExport } status () { FinalizeStatusConfiguration # Finalize the configuration after the command line processing CheckEnv # Check syncronized times, hostname is FQDN,/etc/resolv.conf,/etc/hosts, /etc/services Check_KDC_KRB # Check on KDC and Kerberos Server krb5kdc and kadmind daemons are running Check_NFS # Check nfsd, rpc.mountd,rpc.idmapd are started on the NFS Server CheckRpcSvcGssd # Check rpc.svcgssd is running NtpCheckTime # Check time is synchronised (<300s) with the KDC and Kerberos Server time DisplayExportList # Display the current export list } reboot () { CheckStart_NFS # Check nfsd, rpc.mountd,rpc.idmapd are started on the NFS Server CheckStartRpcSvcGssd # Check rpc.svcgssd is running } # # Main section # # See how we were called. case "$1" in start) # Command Line Processing OPTIND=2 while getopts :hva:b:c:d:D:k:n:r: PARAMS do case $PARAMS in a) # Get the kerberos administrator principal name KRB_ADMIN=$OPTARG ;; b) # Get the kerberos administration Server name KRB_SERVER=$OPTARG ;; c) # Get the directory where is located the krb5.conf file KRB_CONF=$OPTARG ;; d) DOMAIN=$OPTARG # Get the domain name for the Kerberos realm ;; D) # Get Linux Distribution name LINUXDISTRIBUTION=$OPTARG ;; h) # help echo "$UsageStart" exit 0 ;; k) # Get the KDC Server name KDC_SERVER=$OPTARG ;; n) # Get the NTP Server name NTP_SERVER=$OPTARG ;; r) # Get the REALM name REALM=$OPTARG ;; v) # Set Verbose mode echo "Verbose mode set" modverbose=1 ;; *) echo "bad parameter: -$OPTARG" echo "$UsageStart" exit 1 ;; esac done start ;; status) # Command Line Processing OPTIND=2 while getopts :hvb:c:D:k:n: PARAMS do case $PARAMS in b) # Get the kerberos administration Server name KRB_SERVER=$OPTARG ;; c) # Get the directory where is located the krb5.conf file KRB_CONF=$OPTARG ;; D) # Get Linux Distribution name LINUXDISTRIBUTION=$OPTARG ;; h) # help echo "$UsageStatus" exit 0 ;; k) # Get the KDC Server name KDC_SERVER=$OPTARG ;; n) # Get the NTP Server name NTP_SERVER=$OPTARG ;; v) # Set verbose mode echo "Verbose mode set" modverbose=1 ;; *) echo "bad parameter: -$OPTARG" echo "$UsageStatus" exit 1 ;; esac done status ;; reboot) # Command Line Processing OPTIND=2 while getopts :h:D: PARAMS do case $PARAMS in D) # Get Linux Distribution name LINUXDISTRIBUTION=$OPTARG ;; h) # help echo "$UsageReboot" exit 0 ;; *) echo "bad parameter: -$OPTARG" echo "$UsageReboot" exit 1 ;; esac done reboot ;; *) echo "Usage: $0 {start|status|reboot}" exit 1 esac