System Hooks

Trace the Execution Flow

To understand how Entman works, it is vital that you understand how Entman scripts are executed.

Mac OS X has multiple ways for system administrators to run things.  The obvious ones are /Library/StartupItems, launchd (/Library/LaunchDaemons), and the Login Items (set from System Prefs, Acounts pane).  There are other ways:

• /etc/rc.local
• /etc/machinit.d
• LoginHook and LogoutHook
• /Library/Preferences/com.apple.SystemLoginItems.plist

Entman makes use of /etc/rc.local, LoginHook, and LogoutHook, and launchd items.  By default, those are not set.

The presence of /etc/rc.local means it gets executed (by default it doesn't exist).  /etc/rc.local is part of the Entman install.

The LoginHook and LogoutHook are set with a pref file located at: /var/root/Library/Preferences/com.apple.loginwindow.plist.  This pref file is part of the Entman install.

The launchd items (/Library/LaunchDaemons/edu.utah.scl.*) are actually created by Entman scripts that run after maintenance.  This is because they are flexible to some extent, so I'm not deploying default versions of the launchd plist files.

Startup Early, Startup Late, LoginHook, LogoutHook, and Post Maintenance

There are 7 "hooks" that Entman uses to get its scripts executed.  Outside of these hooks, Entman has NO way of doing anything.

I'll discuss 5 of them here because they are very similar and that is that their main purpose is to launch other scripts in /etc/entman/conf/hooks.

In 4 of the following 5 cases, there are 2 scripts that work together.  The second script is called using iHook (for user feedback).  If the script takes longer than 10 seconds, it will display iHook.  This is optional.  With it off, it just displays a blue screen.  With iHook, you at least know something is happening.  It is kinda complex code, Wout Mertens at Cisco wrote it, so I barely understand it myself.

So here are the first 5 hooks.

At startup, before the loginwindow appears, the system executes /etc/rc.local.  /etc/rc.local executes /etc/entman/conf/hooks/startupearly.hook.  That script launches everything at /etc/entman/conf/hooks/SE*.

The LoginHook is set to run /etc/entman/lib/hooks/login.hook.  So at login, immediately after the user authenticates, the system launches /etc/entman/lib/hooks/login.hook.  It launches /etc/entman/lib/hooks/login2.hook.  That script launches everything at /etc/entman/conf/hooks/LI*.

The LogoutHook is set to run /etc/entman/lib/hooks/logout.hook.  So at logout, right after the Finder disappears, the system launches /etc/entman/lib/hooks/logout2.hook.  That script launches everything at /etc/entman/conf/hooks/LO*.

Entman takes advantage of this system of launching scripts for 2 other events: "Startup Late" and "Post Maintenance".

Startup Late is facilitated with a launchd item that runs the script /etc/entman/lib/hooks/startuplate.hook.  It *does not* use iHook because it runs while the login window is already displayed (that is the difference between it and startup early scripts).  It launches everything at /etc/entman/conf/hooks/SL*.

The last entman hook script is post maintenance.  It is kicked off by a startup early script and only runs after Radmind is run.  It launches /etc/entman/lib/hooks/postmaintenance.hook and it launches /etc/entman/lib/hooks/postmaintenance2.hook and it launches everything at /etc/entman/conf/hooks/PM*.

So there should be lots of SE*, SL*, LI*, LO*, and PM* scripts in /etc/entman/conf/hooks.  Actually, those are just links to scripts located in other places.  The links are used because if we put all the scripts there, it would be madness.

The links in /etc/entman/conf/hooks are how scripts are disabled and enabled as well.  If the link exists, then the script will run.  To stop the script from running, delete the link.

One more caveat.  SE* isn't really executed.  SEE* is executed one by one, then SED* is executed all at once, then SEL* is executed one by one at the end.  Why the craziness?

Some of the scripts take a long time.  But it didn't matter when they started or finished.  Those are the **D* scripts ("detached").  Some scripts needed to run before everything else. Those are the **E* scripts ("early").  Some needed to run after everything else.  Those are the **L* scripts ("late").  It was the only way to be able to be as fast as possible and keep dependencies in check.

Nightly and Idlescript

There are 2 last Entman "hooks".  Nightly and Idlescript.  They do not use any of the previously mentioned launching tricks.  They are just self contained scripts that do significant things.  I'm including them here because they are launched by the system.  Both of these scripts are launched by launchd.

/usr/local/bin

There are a number of utilities that Entman installs in /usr/local/bin.  These are for admin use.  They are not used by Entman.  But they use Entman stuff.  Which is why they are part of Entman.

How Entman uses Radmind

If you study the pdf "how Entman uses Radmind", you can visually see these hooks working to control when Radmind is run.