From c0d6dd9ca4a13290b04ed1b47907b59e0b74ba38 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Sat, 29 Sep 2012 20:36:24 +0000
Subject: [PATCH] L&B setup script further development: - EMIR client:   -
 backup emir-serp config file   - prepare certificates for EMIR client   -
 (not using json_dir_location yet due to a bug in emir-serp) - setup fetch-crl
 - add action listing option - return setting of mysql password into yaim -
 install config file with defaults for yaim-less setup, YAIM will remove it as
 needed

---
 org.glite.lb.server/Makefile                       |  2 +
 org.glite.lb.server/config/setup                   | 80 ++++++++++++++++++----
 .../project/debian.glite-lb-server.dirs            |  1 +
 .../project/debian.glite-lb-server.install         |  1 +
 org.glite.lb.server/project/glite-lb-server.spec   |  1 +
 org.glite.lb.yaim/Makefile                         | 10 ++-
 .../config/functions/config_glite_lb.in            |  5 ++
 7 files changed, 84 insertions(+), 16 deletions(-)

diff --git a/org.glite.lb.server/Makefile b/org.glite.lb.server/Makefile
index e74a478..0214c1e 100644
--- a/org.glite.lb.server/Makefile
+++ b/org.glite.lb.server/Makefile
@@ -430,6 +430,7 @@ install:
 	-mkdir -p ${DESTDIR}${PREFIX}${sysconfdir}/logrotate.d
 	-mkdir -p ${DESTDIR}${PREFIX}${sysconfdir}/cron.d
 	-mkdir -p ${DESTDIR}${PREFIX}${sysconfdir}/mysql/conf.d
+	-mkdir -p ${DESTDIR}${PREFIX}${sysdefaultdir}
 	${INSTALL} -m 644 ${top_srcdir}/LICENSE ${DESTDIR}${PREFIX}${prefix}/share/doc/${package}-${version}
 	( cd ${top_srcdir}/project && ${INSTALL} -m 644 ChangeLog package.description package.summary ${DESTDIR}${PREFIX}${prefix}/share/doc/${package}-${version} )
 	${INSTALL} -m 644 ${MAN1_GZ} ${DESTDIR}${PREFIX}${prefix}/share/man/man1
@@ -459,6 +460,7 @@ install:
 	${INSTALL} -m 644 ${top_srcdir}/config/glite-lb-server.logrotate ${DESTDIR}${PREFIX}${sysconfdir}/logrotate.d/glite-lb-server
 	${INSTALL} -m 644 ${top_srcdir}/config/my.cnf ${DESTDIR}${PREFIX}${sysconfdir}/mysql/conf.d/glite-lb-server.cnf
 	${INSTALL} -m 644 glite-lb ${DESTDIR}${PREFIX}${prefix}/share/doc/${package}-${version}/glite-lb
+	${INSTALL} -m 644 glite-lb ${DESTDIR}${PREFIX}${sysdefaultdir}
 
 	install -m 644 ${STATIC_LIB_BK} ${DESTDIR}${PREFIX}${prefix}/${libdir}
 ifdef LB_PERF
diff --git a/org.glite.lb.server/config/setup b/org.glite.lb.server/config/setup
index b25c355..3820655 100755
--- a/org.glite.lb.server/config/setup
+++ b/org.glite.lb.server/config/setup
@@ -19,6 +19,7 @@ GLITE_LB_AUTHZ_LOG_GENERAL_EVENTS=${GLITE_LB_AUTHZ_LOG_GENERAL_EVENTS:-'.*'}
 
 GLITE_HOME_DIR=`getent passwd ${GLITE_USER} | cut -d: -f6`
 
+ACTIONS="db certs msg authz harvester bdii emir upgrade crl startup krb krbgsi"
 
 qecho() {
 	if test "$quiet" != "1"; then
@@ -114,6 +115,7 @@ setup_all() {
 	setup_bdii=1
 	setup_emir=1
 	setup_upgrade=1
+	setup_crl=1
 	setup_startup=1
 }
 
@@ -127,12 +129,14 @@ Usage: glite-lb-setup [OPTIONS] [ACTIONS]
 OPTIONS are:
 	-q,--quiet ... print only errors
 	-c,--check ... check the availability of DB
+	-l,--list .... list actions to be executed and exit
 	-h,--help .... usage
 
 ACTIONS are:
-	db certs msg authz harvester bdii emir upgrade startup
+	db certs msg authz harvester bdii emir upgrade crl startup
 	krb    .... setup Kerberos
 	krbgsi .... setup Kerberos and enable GSI autentization
+
 	all ....... all actions (default)
 	none ...... no actions (default for check)
 	yaim ...... actions for yaim
@@ -146,6 +150,9 @@ EOF
 	-c|--check)
 		setup_check=1
 		;;
+	-l|--list)
+		setup_list=1
+		;;
 	all)
 		setup_all=1
 		setup_all
@@ -154,6 +161,7 @@ EOF
 	yaim)
 		setup_all
 		setup_bdii=0
+		setup_crl=0
 		;;
 	logger)
 		setup_certs=1
@@ -168,16 +176,18 @@ EOF
 	bdii)	setup_bdii=1 ;;
 	emir)   setup_emir=1 ;;
 	upgrade) setup_upgrade=1 ;;
+	crl)	setup_crl=1 ;;
 	startup) setup_startup=1 ;;
-	krb)	setup_kerberos=1 ;;
-	krbgsi)	setup_kerberos=1; setup_kerberos_gsi=1 ;;
+	krb)	setup_krb=1 ;;
+	krbgsi)	setup_krb=1; setup_krbgsi=1 ;;
 	*)
 		echo "glite-lb-setup: ERROR: unknown argument '$1'"
+		exit 1
 		;;
 	esac
 	shift
 done
-for action in db certs msg authz harvester bdii emir upgrade startup kerberos kerberos_gsi all none yaim logger; do
+for action in $ACTIONS all none yaim logger; do
 	eval value=\"$`echo setup_$action`\"
 	if test "$value" = "1"; then
 		setup=1;
@@ -201,6 +211,17 @@ if test "$setup_check" = "1"; then
 	fi
 fi
 
+if test "$setup_list" = "1"; then
+	for action in $ACTIONS; do
+		eval value=\"$`echo setup_$action`\"
+		if test "$value" = "1"; then
+			echo -n "$action "
+		fi
+	done
+	echo
+	exit 0
+fi
+
 if test -z "$GLITE_HOME_DIR"; then
 	echo "glite-lb-setup: ERROR: The home directory of ${GLITE_USER} doesn't exist. Check whether the user ${GLITE_USER} was properly created"
 	exit 2
@@ -321,7 +342,7 @@ if test "$setup_certs" = "1"; then
 		mkdir -p $GLITE_HOME_DIR/.certs
 		chown $GLITE_USER:$GLITE_USER $GLITE_HOME_DIR/.certs
 	fi
-	cp -f /etc/grid-security/hostcert.pem /etc/grid-security/hostkey.pem $GLITE_HOME_DIR/.certs/
+	cp -fp /etc/grid-security/hostcert.pem /etc/grid-security/hostkey.pem $GLITE_HOME_DIR/.certs/
 	if test $? -eq 0; then
 		chown $GLITE_USER:$GLITE_USER $GLITE_HOME_DIR/.certs/hostcert.pem $GLITE_HOME_DIR/.certs/hostkey.pem
 		chmod 0644 $GLITE_HOME_DIR/.certs/hostcert.pem
@@ -450,6 +471,17 @@ if test "$setup_emir" = "1"; then
 	fi
 fi
 if test "$setup_emir" = "1" -a "$emir" != "0"; then
+	cp -fp /etc/grid-security/hostcert.pem /etc/grid-security/emi-hostcert.pem && \
+	cp -fp /etc/grid-security/hostkey.pem /etc/grid-security/emi-hostkey.pem
+	if test $? -eq 0; then
+		chown emi:emi /etc/grid-security/emi-hostcert.pem /etc/grid-security/emi-hostkey.pem
+		chmod 0644 /etc/grid-security/emi-hostcert.pem
+		chmod 0400 /etc/grid-security/emi-hostkey.pem
+		qecho "Certificates copied to /etc/grid-security/emi-host*.pem"
+	else
+		echo "glite-lb-setup: WARNING: copying certificates for EMIR failed"
+	fi
+
 	# interface version
 	if egrep -i "Debian|Ubuntu" /etc/issue >/dev/null; then
 		out=`dpkg-query -W glite-lb-ws-interface 2>/dev/null | cut -f2 | cut -d- -f1`
@@ -475,8 +507,8 @@ if test "$setup_emir" = "1" -a "$emir" != "0"; then
 	done
 
 	# L&B service info
-	mkdir -p /var/cache/$emir_daemon 2>/dev/null
-	cat > /var/cache/$emir_daemon/glite-lb-bkserver.json <<EOF
+	mkdir -p /var/cache/$emir_daemon/services/ 2>/dev/null
+	cat > /var/cache/$emir_daemon/services/glite-lb-bkserverd.json <<EOF
 {
 $json	"Service_ID": "`hostname -f`_lbserver",
 	"Service_Name": "${SITE_NAME:-site}-Server",
@@ -497,23 +529,27 @@ EOF
 
 	period=$((4*$emir_mult))
 	validity=$((24*$emir_mult))
+	inifile=/etc/emi/$emir_daemon/$emir_daemon.ini
+	if test ! -f $inifile.orig -a -f $inifile; then
+		cp $inifile $inifile.orig
+	fi
 	cat > /etc/emi/$emir_daemon/$emir_daemon.ini << EOF
 [$emir_conf]
 url = $EMIR_URL
 period = $period
 validity = $validity
 
-#cert = /etc/grid-security/emi/hostcert.pem
-#key = /etc/grid-security/emi/hostkey.pem
-#cadir = /etc/grid-security/certificates
+cert = /etc/grid-security/emi-hostcert.pem
+key = /etc/grid-security/emi-hostkey.pem
+cadir = /etc/grid-security/certificates
 
 verbosity = debug
 
 [advancedService]
-json_file_location = /var/cache/$emir_daemon/glite-lb-bkserver.json
+json_file_location = /var/cache/$emir_daemon/services/glite-lb-bkserverd.json
 EOF
 
-	# enable (for Debain) after configuring
+	# enable (for Debian) after configuring
 	if test -d /etc/default -a -f /etc/default/$emir_daemon; then
 		sed -i 's/.*ENABLED.*=.*/ENABLED=yes/' /etc/default/$emir_daemon
 	fi
@@ -555,9 +591,25 @@ if test "$setup_upgrade" = "1"; then
 fi
 
 
+# ==== fetch CRL ====
+
+if test "$setup_crl" = "1"; then
+	if test -x /usr/sbin/fetch-crl; then
+		if egrep -i "Debian|Ubuntu" /etc/issue >/dev/null; then
+			:
+		else
+			/sbin/service fetch-crl-cron start
+			/sbin/chkconfig fetch-crl-cron on
+		fi
+	else
+		echo "glite-lb-setup: WARNING: fetch-crl not found, fetching won't be configured"
+	fi
+fi
+
+
 # ==== kerberos (experimental) ====
 
-if test "$setup_kerberos" = "1"; then
+if test "$setup_krb" = "1"; then
 	if test ! -f /etc/krb5.keytab; then
 		echo "glite-lb-setup: ERROR: keytab not found"
 		kerberos=0
@@ -601,7 +653,7 @@ EOF
 	fi
 fi
 
-if test "$setup_kerberos_gsi" = "1"; then
+if test "$setup_krbgsi" = "1"; then
 	if ! ldd $GLITE_LOCATION/bin/glite-lb-bkserverd | grep libheim >/dev/null 2>&1; then
 		echo "glite-lb-setup: ERROR: GSI mode with kerberos requires L&B built in Heimdal Kerberos implementation"
 		error="$error krbgsi"
diff --git a/org.glite.lb.server/project/debian.glite-lb-server.dirs b/org.glite.lb.server/project/debian.glite-lb-server.dirs
index 23445f6..1d42766 100644
--- a/org.glite.lb.server/project/debian.glite-lb-server.dirs
+++ b/org.glite.lb.server/project/debian.glite-lb-server.dirs
@@ -1,4 +1,5 @@
 etc/cron.d
+etc/default
 etc/glite-lb
 etc/init.d
 etc/logrotate.d
diff --git a/org.glite.lb.server/project/debian.glite-lb-server.install b/org.glite.lb.server/project/debian.glite-lb-server.install
index 4d9d04d..6878934 100644
--- a/org.glite.lb.server/project/debian.glite-lb-server.install
+++ b/org.glite.lb.server/project/debian.glite-lb-server.install
@@ -1,4 +1,5 @@
 etc/cron.d/*
+etc/default/*
 etc/glite-lb/*
 etc/init.d/*
 etc/logrotate.d/*
diff --git a/org.glite.lb.server/project/glite-lb-server.spec b/org.glite.lb.server/project/glite-lb-server.spec
index 44655e4..aa7171a 100644
--- a/org.glite.lb.server/project/glite-lb-server.spec
+++ b/org.glite.lb.server/project/glite-lb-server.spec
@@ -121,6 +121,7 @@ fi
 %config(noreplace) /etc/logrotate.d/glite-lb-server
 %config(noreplace) /etc/mysql/conf.d/glite-lb-server.cnf
 %config(noreplace) /etc/glite-lb/*
+%config(noreplace missingok) /etc/sysconfig/glite-lb
 /etc/cron.d/*
 /etc/init.d/glite-lb-bkserverd
 /usr/bin/*
diff --git a/org.glite.lb.yaim/Makefile b/org.glite.lb.yaim/Makefile
index fe93d9c..d92a687 100644
--- a/org.glite.lb.yaim/Makefile
+++ b/org.glite.lb.yaim/Makefile
@@ -24,13 +24,19 @@ SOURCES=\
 	Makefile
 FILES=glite-lb.pre config_glite_lb LICENSE COPYRIGHT node-version arch service update
 
+ifeq ($(os_type),debian)
+sysdefaultdir=${sysconfdir}/default
+else
+sysdefaultdir=${sysconfdir}/sysconfig
+endif
+
 all ${FILES}:
 	glite_var="${localstatedir}/glite"; \
 	if echo "${localstatedir}" | grep 'glite'>/dev/null; then \
 		glite_var="${localstatedir}"; \
 	fi; \
-	sed -e 's:@glite_prefix@:${sysroot}${prefix}:' -e 's:@glite_etc@:${sysconfdir}:' -e "s:@glite_var@:$$glite_var:" $(top_srcdir)/config/defaults/glite-lb.pre > glite-lb.pre; \
-	sed -e 's:@glite_prefix@:${sysroot}${prefix}:' -e 's:@glite_etc@:${sysconfdir}:' -e "s:@glite_var@:$$glite_var:" $(top_srcdir)/config/functions/config_glite_lb.in > config_glite_lb
+	sed -e 's:@glite_prefix@:${sysroot}${prefix}:g' -e 's:@glite_etc@:${sysconfdir}:g' -e "s:@glite_var@:$$glite_var:g" $(top_srcdir)/config/defaults/glite-lb.pre > glite-lb.pre; \
+	sed -e 's:@glite_prefix@:${sysroot}${prefix}:g' -e 's:@glite_etc@:${sysconfdir}:g' -e "s:@glite_var@:$$glite_var:g" -e 's:@defaultdir@:${sysdefaultdir}:g' $(top_srcdir)/config/functions/config_glite_lb.in > config_glite_lb
 
 	# metapackage info
 	echo -e "${gLiteCopyrightText}\n\n${gLiteLicenseText}" > LICENSE
diff --git a/org.glite.lb.yaim/config/functions/config_glite_lb.in b/org.glite.lb.yaim/config/functions/config_glite_lb.in
index 1073968..0cbb223 100644
--- a/org.glite.lb.yaim/config/functions/config_glite_lb.in
+++ b/org.glite.lb.yaim/config/functions/config_glite_lb.in
@@ -138,6 +138,8 @@ function config_glite_lb() {
   lcas_plugin="$GLITE_LB_LOCATION/$lcas_libarch/modules/lcas_lb.mod"
   echo "pluginname=\"$lcas_plugin\"" > ${GLITE_LOCATION_ETC}/glite-lb/lcas.db
 
+  # remove config file with defaults for yaim-less setup
+  rm -f @defaultdir@/glite-lb
   # main L&B setup
   . ${GLITE_LOCATION}/sbin/glite-lb-setup yaim
   if [ $? != 0 ]; then
@@ -145,5 +147,8 @@ function config_glite_lb() {
     return 1
   fi
 
+  # set mysql password
+  set_mysql_passwd || return 1 # the function uses $MYSQL_PASSWORD
+
   return 0
 }
-- 
1.8.2.3