#!/bin/sh

[ -f /etc/profile.d/grid-env.sh ] && . /etc/profile.d/grid-env.sh
[ -f @defaultdir@/glite-lb ] && . @defaultdir@/glite-lb

GLITE_LOCATION=${GLITE_LOCATION:-'@glite_prefix@'}
GLITE_LOCATION_ETC=${GLITE_LOCATION_ETC:-'@glite_etc@'}
GLITE_USER=${GLITE_USER:-'glite'}
GLITE_GROUP=${GLITE_GROUP:-'glite'}
MYSQL_USER=${MYSQL_USER:-'root'}
#MYSQL_PASSWORD=
GLITE_LB_MSG_BROKER=${GLITE_LB_MSG_BROKER:-'true'}
GLITE_LB_MSG_NETWORK=${GLITE_LB_MSG_NETWORK:-'PROD'}
LCG_GFAL_INFOSYS=${LCG_GFAL_INFOSYS:-'lcg-bdii.cern.ch:2170'}
GLITE_LB_RTM_DN=${GLITE_LB_RTM_DN:-'/C=UK/O=eScience/OU=Imperial/L=Physics/CN=rtmsrv00.hep.ph.ic.ac.uk'}
GLITE_LB_AUTHZ_REGISTER_JOBS=${GLITE_LB_AUTHZ_REGISTER_JOBS:-'.*'}
GLITE_LB_AUTHZ_LOG_WMS_EVENTS=${GLITE_LB_AUTHZ_LOG_WMS_EVENTS:-'.*'}
GLITE_LB_AUTHZ_LOG_CE_EVENTS=${GLITE_LB_AUTHZ_LOG_CE_EVENTS:-'.*'}
GLITE_LB_AUTHZ_LOG_GENERAL_EVENTS=${GLITE_LB_AUTHZ_LOG_GENERAL_EVENTS:-'.*'}

GLITE_HOME=`getent passwd ${GLITE_USER} | cut -d: -f6`
GLITE_HOST_CERT=${GLITE_HOST_CERT:-"$GLITE_HOME/.certs/hostcert.pem"}
GLITE_HOST_KEY=${GLITE_HOST_KEY:-"$GLITE_HOME/.certs/hostkey.pem"}


ACTIONS="db certs msg authz harvester bdii emir_info emir_daemon upgrade_files upgrade_logger upgrade_notif upgrade_proxy upgrade_log4c crl startup krb krbgsi"
GROUP_ACTIONS="all none yaim logger upgrade emir"

qecho() {
	if test "$quiet" != "1"; then
		echo "glite-lb-setup: $@"
	fi
}


check_mysql_connection() {
	# check the mysql connection
	MYSQL_ARGS="-u $MYSQL_USER"
	if ! echo | mysql $MYSQL_ARGS >/tmp/glite-setup.$$ 2>&1; then
		if test -n "$MYSQL_PASSWORD" && echo | mysql $MYSQL_ARGS -p$MYSQL_PASSWORD 2>/tmp/glite-setup.$$ 2>&1; then
			MYSQL_ARGS="$MYSQL_ARGS -p$MYSQL_PASSWORD"
		else
			return 1
		fi
	fi
	rm -f /tmp/glite-setup.$$
}


check_mysql_table() {
	local db=$1
	local table=$2
	mysqlshow $MYSQL_ARGS $db 2>/dev/null | tail -n +5 | grep "\<$table\>" > /dev/null 2>&1
}


config_glite_lb_authz() {
	superusers="$1"
	rtm="$2"
	wms="$GLITE_LB_WMS_DN"

	authconf="$GLITE_LOCATION_ETC/glite-lb/glite-lb-authz.conf"

	cat <<EOF > "$authconf".new
resource "LB" {
EOF
	for section in ADMIN_ACCESS STATUS_FOR_MONITORING GET_STATISTICS REGISTER_JOBS READ_ALL PURGE GRANT_OWNERSHIP LOG_WMS_EVENTS LOG_CE_EVENTS LOG_GENERAL_EVENTS; do
		eval value=\"$`echo GLITE_LB_AUTHZ_$section`\"
		eval value_fqan=\"$`echo GLITE_LB_AUTHZ_${section}_FQAN`\"
		case "$section" in
		ADMIN_ACCESS) value="$value,$superusers" ;;
		GET_STATISTICS) value="$value,$wms" ;;
		READ_ALL) value="$value,$wms,$rtm" ;;
		PURGE) value="$value,$wms" ;;
		LOG_WMS_EVENTS) value="$value,$wms" ;;
		esac
		value="`echo \"$value\" | tr ',' '\n' | grep -v ^$ | sed 's/\(.*\)/\trule permit {\n\t\tsubject = \"\1\"\n\t}/'`"
		value_fqan="`echo \"$value_fqan\" | tr ',' '\n' | grep -v ^$ | sed 's/\(.*\)/\trule permit {\n\t\tfqan = \"\1\"\n\t}/'`"
		if test -n "$value"; then value="$value
"; fi
		if test -n "$value_fqan"; then value_fqan="$value_fqan
"; fi
		cat <<EOF >> "$authconf".new

action "$section" {
$value$value_fqan}
EOF
	done
	cat <<EOF >> "$authconf".new

}
EOF

	# something changed
	if test -f "$authconf"; then
		diff -w "$authconf" "$authconf".new >/dev/null
		if test $? -eq "0"; then
			qecho "Authorizations not changed"
		else
			mv "$authconf" "$authconf".yaimorig
			mv "$authconf".new "$authconf"
			qecho "Authorizations changed, original authz configuration moved to '$authconf.yaimorig'"
		fi
	else
		mv "$authconf".new "$authconf"
		qecho "Authorizations generated ('$authconf')."
	fi

	# superusers file deprecated
	if test -s "${GLITE_LOCATION_ETC}/LB-super-users"; then
		echo "glite-lb-setup: WARNING: found old superusers file '${GLITE_LOCATION_ETC}/LB-super-users', check 'ADMIN_ACCESS' section in glite-lb-authz.conf"
		echo "# deprecated file, replaced by ADMIN_ACCESS action in glite-lb-authz.conf" > "${GLITE_LOCATION_ETC}/LB-super-users.old"
		cat "${GLITE_LOCATION_ETC}/LB-super-users" >> "${GLITE_LOCATION_ETC}/LB-super-users.old"
		rm "${GLITE_LOCATION_ETC}/LB-super-users"
	fi
}


setup_daemon() {
	local name=$1
	local id=$2
	local enabled=$3

@debian@	update-rc.d glite-lb-$name defaults >/dev/null
@debian@	update-rc.d glite-lb-$name enable >/dev/null
@debian@	grep -v ^RUN_ @defaultdir@/glite-lb-$name > /tmp/glite-lb-$name.$$
@debian@	mv /tmp/glite-lb-$name.$$ @defaultdir@/glite-lb-$name
	if test x"$enabled" = x"true"; then
@fedora@		systemctl enable glite-lb-$name.service
@fedora@		systemctl stop glite-lb-$name.service >/dev/null 2>&1 || :
@fedora@		killall -9 glite-lb-$name >/dev/null 2>&1 || :
@fedora@		systemctl start glite-lb-$name.service || startup_error=1
@debian@		echo "RUN_$id=yes" >> @defaultdir@/glite-lb-$name
@debian@		/etc/init.d/glite-lb-$name stop >/dev/null 2>&1 || :
@debian@		killall -9 glite-lb-$name >/dev/null 2>&1 || :
@debian@		/etc/init.d/glite-lb-$name start || startup_error=1
@redhat@		/sbin/chkconfig glite-lb-$name on
@redhat@		/sbin/service glite-lb-$name stop >/dev/null 2>&1 || :
@redhat@		killall -9 glite-lb-$name >/dev/null 2>&1 || :
@redhat@		/sbin/service glite-lb-$name start || startup_error=1
	else
@fedora@		systemctl disable glite-lb-$name.service
@fedora@		systemctl stop glite-lb-$name.service >/dev/null 2>&1 || :
@fedora@		killall -9 glite-lb-$name >/dev/null 2>&1 || :
@debian@		/etc/init.d/glite-lb-$name stop >/dev/null 2>&1 || :
@debian@		killall -9 glite-lb-$name >/dev/null 2>&1 || :
@debian@		echo "RUN_$id=no" >> @defaultdir@/glite-lb-$name
@redhat@		/sbin/chkconfig glite-lb-$name off
@redhat@		/sbin/service glite-lb-$name stop >/dev/null 2>&1 || :
@redhat@		killall -9 glite-lb-$name >/dev/null 2>&1 || :
	fi
}


setup_all() {
	setup_db=1
	setup_certs=1
	setup_msg=1
	setup_authz=1
	setup_harvester=1
	setup_bdii=1
	setup_emir_info=1
	setup_emir_daemon=1
	setup_upgrade_files=1
	setup_upgrade_logger=1
	setup_upgrade_notif=1
	setup_upgrade_proxy=1
	setup_upgrade_log4c=1
	setup_crl=1
	test x"$GLITE_GSS_MECH" = x"krb5" && setup_krb=1
	setup_startup=1
}


while test -n "$1"; do
	case "$1" in
	-h|--help|help)
		cat <<EOF
Usage: glite-lb-setup [OPTIONS] [ACTIONS]

OPTIONS are:
	-q,--quiet ... print only errors
	-c,--check ... check the availability of DB
	-l,--list .... list actions to be executed and exit
	-h,--help .... usage

ACTIONS are:
	db certs msg authz harvester bdii
	emir_info .... prepare service info file
	emir_daemon .. configure EMIR client daemon
	upgrade_files upgrade_logger upgrade_notif upgrade_proxy upgrade_log4rc
	crl startup
	krb    ....... setup Kerberos
	krbgsi ....... setup Kerberos and enable GSI autentization

	all .......... all actions (default)
	none ......... no actions (default for check)
	yaim ......... actions for yaim
	logger ....... actions for glite-lb-logger
	upgrade ...... all upgrade actions
	emir ......... emir_info + emir_daemon
EOF
		exit 0
		;;
	-q|--quiet)
		quiet=1
		;;
	-c|--check)
		setup_check=1
		;;
	-l|--list)
		setup_list=1
		;;
	all)
		setup_all=1
		setup_all
		;;
	none)	setup_none=1 ;;
	yaim)
		setup_all
		setup_bdii=0
		setup_crl=0
		;;
	logger)
		setup_certs=1
		setup_msg=1
		setup_upgrade_logger=1
		;;
	upgrade) setup_upgrade_files=1;
		setup_upgrade_logger=1;
		setup_upgrade_notif=1;
		setup_upgrade_proxy=1
		setup_upgrade_log4c=1
		;;
	emir)
		setup_emir_info=1
		setup_emir_daemon=1
		;;
	db)	setup_db=1 ;;
	certs)	setup_certs=1 ;;
	msg)	setup_msg=1 ;;
	authz)	setup_authz=1 ;;
	harvester) setup_harvester=1 ;;
	bdii)	setup_bdii=1 ;;
	emir_info) setup_emir_info=1 ;;
	emir_daemon) setup_emir_daemon=1 ;;
	upgrade_files) setup_upgrade_files=1 ;;
	upgrade_logger) setup_upgrade_logger=1 ;;
	upgrade_notif) setup_upgrade_notif=1 ;;
	upgrade_proxy) setup_upgrade_proxy=1 ;;
	upgrade_log4c) setup_upgrade_log4c=1 ;;
	crl)	setup_crl=1 ;;
	startup) setup_startup=1 ;;
	krb)	setup_krb=1 ;;
	krbgsi)	setup_krb=1; setup_krbgsi=1 ;;
	*)
		echo "glite-lb-setup: ERROR: unknown argument '$1'"
		exit 1
		;;
	esac
	shift
done
for action in $ACTIONS $GROUP_ACTIONS; do
	eval value=\"$`echo setup_$action`\"
	if test "$value" = "1"; then
		setup=1;
	fi
done
if test "$setup" != "1" -a "$setup_check" != "1"; then
	setup_all
fi

if test "$setup_check" = "1"; then
	if check_mysql_connection && \
	   mysqlshow $MYSQL_ARGS 2>/dev/null | grep "\<lbserver20\>" > /dev/null 2>&1 && \
	   check_mysql_table lbserver20 job_connections; then
		qecho "database lbserver20 already exists."
		exit 0
	fi
	rm -f /tmp/glite-setup.$$

	if test "$setup" != "1"; then
		exit 1
	fi
fi

if test "$setup_list" = "1"; then
	for action in $ACTIONS; do
		eval value=\"$`echo setup_$action`\"
		if test "$value" = "1"; then
			echo -n "$action "
		fi
	done
	echo
	exit 0
fi

if test -z "$GLITE_HOME"; then
	echo "glite-lb-setup: ERROR: The home directory of ${GLITE_USER} doesn't exist. Check whether the user ${GLITE_USER} was properly created"
	exit 2
fi


# ==== MySQL ====

if test "$setup_db" = 1; then
	# include MySQL options for L&B server
	my_cnf=/etc/mysql/my.cnf
	if test ! -f "$my_cnf"; then
		my_cnf=/etc/my.cnf
	fi
	if test -f "$my_cnf"; then
		egrep '^!includedir[[:space:]]+/etc/mysql/conf.d/?' "$my_cnf" >/dev/null
		if ! test $? -eq 0; then
			echo '!includedir /etc/mysql/conf.d/' >> "$my_cnf"
		fi
	else
		echo "glite-lb-setup: WARNING: $my_cnf not found, check/add following line into MySQL configuration:"
		echo "!includedir /etc/mysql/conf.d/"
	fi

	# restart for the new options
@fedora@	out="`systemctl restart mysqld.service 2>&1`"
@redhat@	out="`/sbin/service mysqld restart 2>&1`"
@debian@	out="`/etc/init.d/mysql restart 2>&1`"
	if test $? -ne 0; then
		echo "$out"
		echo "glite-lb-setup: ERROR: starting MySQL failed"
		exit 1
	fi

	if ! check_mysql_connection; then
		cat /tmp/glite-setup.$$
		rm -f /tmp/glite-setup.$$
		echo "glite-lb-setup: ERROR: Can't access MySQL database. You may need to set MYSQL_USER and MYSQL_PASSWORD variables."
		rm -f /tmp/glite-setup.$$
		error="$error db"
		exit 1
	fi
	rm -f /tmp/glite-setup.$$

	if test ! -f $GLITE_LOCATION/share/glite/glite-lb-dbsetup.sql; then
		echo "glite-lb-setup: ERROR: glite-lb-dbsetup.sql not found (glite-lb-server not installed?)"
		error="$error db"
		exit 1
	fi

	# check if database exist and setup if necessary
	if ! mysqlshow $MYSQL_ARGS 2>/dev/null | grep "\<lbserver20\>" > /dev/null 2>&1 || \
	   ! check_mysql_table lbserver20 jobs; then
		mysql $MYSQL_ARGS -e "CREATE DATABASE lbserver20"
		mysql $MYSQL_ARGS -e "GRANT ALL PRIVILEGES on lbserver20.* to lbserver IDENTIFIED BY '' WITH GRANT OPTION;"
		mysql $MYSQL_ARGS -e "GRANT ALL PRIVILEGES on lbserver20.* to lbserver@'$HOSTNAME' IDENTIFIED BY '' WITH GRANT OPTION;"
		mysql $MYSQL_ARGS -e "GRANT ALL PRIVILEGES on lbserver20.* to lbserver@localhost IDENTIFIED BY '' WITH GRANT OPTION;"

		mysql -u lbserver lbserver20 < $GLITE_LOCATION/share/glite/glite-lb-dbsetup.sql
		mysql -u lbserver -e "ALTER TABLE short_fields MAX_ROWS=1000000000;" lbserver20
		mysql -u lbserver -e "ALTER TABLE long_fields MAX_ROWS=55000000;" lbserver20
		mysql -u lbserver -e "ALTER TABLE states MAX_ROWS=9500000;" lbserver20
		mysql -u lbserver -e "ALTER TABLE events MAX_ROWS=175000000;" lbserver20

		qecho "Database lbserver20 created."
	else
		qecho "Database lbserver20 exists."
	fi

	# adjust indexes
	# 1) if L&B with local harvester or L&B for Real Time Monitoring ==> lastUpdateTime needed
	# 2) if GLITE_LB_INDEX_OWNER specified ==> create owner index
	need_reindex=0
	$GLITE_LOCATION/bin/glite-lb-bkindex -d 2>/dev/null | tail -n +3 | head -n -2 | sed 's/\([^,]\)$/\1,/' > /tmp/glite-lb-bkindex.$$
	if test x"$GLITE_LB_RTM_ENABLED" = x"true" -o x"$GLITE_LB_HARVESTER_ENABLED" = x"true"; then
		if ! grep 'name = "lastUpdateTime"' /tmp/glite-lb-bkindex.$$ >/dev/null; then
			echo '[ type = "system"; name = "lastUpdateTime" ],' >> /tmp/glite-lb-bkindex.$$
			need_reindex=1
		fi
	fi
	if test x"$GLITE_LB_INDEX_OWNER" = x"true"; then
		if ! grep 'name = "owner"' /tmp/glite-lb-bkindex.$$ >/dev/null; then
			echo '[ type = "system"; name = "owner" ],' >> /tmp/glite-lb-bkindex.$$
			need_reindex=1
		fi
	fi
	if test $need_reindex -eq 1; then
		$GLITE_LOCATION/bin/glite-lb-bkindex -rv <<EOF
[
	JobIndices = {
`cat /tmp/glite-lb-bkindex.$$`
	}
]
EOF
	fi
	rm /tmp/glite-lb-bkindex.$$

	# migrate L&B 3.x to L&B 4.0
	if test -f $GLITE_LOCATION/sbin/glite-lb-migrate_db2version40; then
		if ! check_mysql_table lbserver20 job_connections; then
			sh $GLITE_LOCATION/sbin/glite-lb-migrate_db2version40
			if test $? -eq 0; then
				qecho "Database migrated to L&B 4.x"
			else
				error="$error db"
			fi
		fi
	fi
fi


# ==== certificates ====

if test "$setup_certs" = "1"; then
	if test ! -d $GLITE_HOME/.certs; then
		mkdir -p $GLITE_HOME/.certs
		chown $GLITE_USER:$GLITE_USER $GLITE_HOME/.certs
	fi
	cp -fp /etc/grid-security/hostcert.pem /etc/grid-security/hostkey.pem $GLITE_HOME/.certs/
	if test $? -eq 0; then
		chown $GLITE_USER:$GLITE_USER $GLITE_HOME/.certs/hostcert.pem $GLITE_HOME/.certs/hostkey.pem
		chmod 0644 $GLITE_HOME/.certs/hostcert.pem
		chmod 0400 $GLITE_HOME/.certs/hostkey.pem
		qecho "Certificates copied to $GLITE_HOME/.certs/"
	else
		echo "glite-lb-setup: ERROR: Please copy host certificate and key into /etc/grid-security and"
		echo "  $GLITE_HOME/.certs/, change the owner of the ones in"
		echo "  $GLITE_HOME/.certs/ to $GLITE_USER"
		error="$error certs"
	fi
fi


# ==== messaging ====

if test "$setup_msg" = "1"; then
	if test -x $GLITE_LOCATION/sbin/glite-lb-msg-config; then
		out=`$GLITE_LOCATION/sbin/glite-lb-msg-config $GLITE_LOCATION_ETC/glite-lb/msg.conf 2>&1`
		if test $? -eq 0; then
			if test -z "$out"; then
				out="(no changes)"
			fi
			qecho "Messaging brokers: $out"
		else
			echo "glite-lb-setup: ERROR: $out"
			error_ok="$error_ok msg"
		fi
	else
		echo "glite-lb-setup: WARNING: MSG plugin for glite-lb-logger not installed (package glite-lb-logger-msg)"
	fi
fi


# ==== authorizations ====
if test "$setup_authz" = "1"; then
	if test x"$GLITE_LB_RTM_ENABLED" = x"true"; then
		config_glite_lb_authz "$GLITE_LB_SUPER_USERS" "$GLITE_LB_RTM_DN"
	else
		config_glite_lb_authz "$GLITE_LB_SUPER_USERS" ""
	fi
fi


# ==== harvester ====

if test "$setup_harvester" = "1"; then
	if test x"$GLITE_LB_HARVESTER_ENABLED" = x"true"; then
		if test ! -f $GLITE_LOCATION_ETC/glite-lb/glite-lb-harvester.conf; then
			echo $HOSTNAME > $GLITE_LOCATION_ETC/glite-lb/glite-lb-harvester.conf
			qecho "Harvester configured"
		fi
	fi
fi


# ==== BDII ====

if test "$setup_bdii" = "1"; then
	export INFO_SERVICE_CONFIG='/etc/glite/info/service'
@fedora@	if systemctl --all | grep bdii.service >/dev/null 2>&1; then
@redhat@	if test -x /etc/init.d/bdii; then
@debian@	if test -x /etc/init.d/bdii; then
		if test -f  ${INFO_SERVICE_CONFIG}/glite-info-service-lbserver.conf.template -a -f  ${INFO_SERVICE_CONFIG}/glite-info-glue2-lbserver.conf.template; then
			if test -n "`which sudo 2>/dev/null`"; then
				bdii=1
			else
				echo "glite-lb-setup: WARNING: sudo not found, BDII won't be configured"
			fi
		else
			echo "glite-lb-setup: WARNING: glite-info-provider-service not installed, BDII won't be configured"
		fi
	else
		echo "glite-lb-setup: WARNING: BDII not installed, it won't be configured"
	fi
	if test "$bdii" = "1"; then
		cp ${INFO_SERVICE_CONFIG}/glite-info-service-lbserver.conf.template ${INFO_SERVICE_CONFIG}/glite-info-service-lbserver.conf
		cp ${INFO_SERVICE_CONFIG}/glite-info-glue2-lbserver.conf.template ${INFO_SERVICE_CONFIG}/glite-info-glue2-lbserver.conf
		cat <<EOF >/var/lib/bdii/gip/provider/glite-info-provider-service-lbserver-wrapper
#!/bin/sh
export LBSERVER_PID_FILE=/var/run/glite/glite-lb-bkserverd.pid 
/usr/bin/glite-info-service ${INFO_SERVICE_CONFIG}/glite-info-service-lbserver.conf $SITE_NAME
/usr/bin/glite-info-glue2-simple ${INFO_SERVICE_CONFIG}/glite-info-glue2-lbserver.conf $SITE_NAME
EOF
		chmod +x /var/lib/bdii/gip/provider/glite-info-provider-service-lbserver-wrapper
		BDII_PASSWD=`dd if=/dev/random bs=1 count=10 2>/dev/null | base64`
		SLAPD=
		# newer slapd with rwm backend required for SL5
		[ -x /usr/sbin/slapd2.4 ] && SLAPD="/usr/sbin/slapd2.4"
		cat << EOF > @defaultdir@/bdii
RUN=yes
SLAPD_CONF=
SLAPD=$SLAPD
BDII_RAM_DISK=
EOF
		sed -i  "s#.*rootpw.*#rootpw	${BDII_PASSWD}#" /etc/bdii/bdii-slapd.conf

@fedora@		systemctl enable bdii.service
@fedora@		out="`systemctl restart bdii.service 2>&1`"
@redhat@		/sbin/chkconfig bdii on
@redhat@		out="`/sbin/service bdii restart 2>&1`"
@debian@		out="`/etc/init.d/bdii restart 2>&1`"
		if test $? -eq 0; then
			qecho "BDII configured"
		else
			echo "$out"
			error_ok="$error_ok bdii"
		fi
	fi
fi

# ==== emir (info, daemon) ====

if test "$setup_emir_daemon" = "1"; then
	if test x"$BDII_EMIR_ENABLE" = x"yes"; then
		emir=0
		qecho "skipping native publishing to EMIR (BDII_EMIR_ENABLE is $BDII_EMIR_ENABLE)"
	fi
	if test "$emir" != "0" -a -z "$EMIR_URL"; then
		echo "glite-lb-setup: WARNING: EMIR_URL not set, EMIR won't be configured"
		emir=0
	fi
fi
if test "$setup_emir_info" = "1" -o "$setup_emir_daemon" = "1"; then
	if test -n "`which emir-serp 2>/dev/null`"; then
		emir_daemon=emir-serp
	fi
	if test "$emir" != "0" -a -z "$emir_daemon"; then
		echo "glite-lb-setup: WARNING: emir-serp not installed, EMIR won't be configured"
		emir=0
	fi
fi

if test "$setup_emir_info" = "1" -a "$emir" != "0"; then
	# interface version
	if egrep -i "Debian|Ubuntu" /etc/issue >/dev/null; then
		out=`dpkg-query -W glite-lb-ws-interface 2>/dev/null | cut -f2 | cut -d- -f1`
	else
		out=`rpm -q glite-lb-ws-interface 2>/dev/null | cut -d- -f5`
	fi
	if test -z  "$out"; then
		out=`cat $GLITE_LOCATION/include/glite/lb/ws_interface_version.h 2>/dev/null | sed 's/.*"\(.*\)"/\1/'`
	fi
	GLITE_LB_INTERFACE_VERSION=${out:-'?.?.?'}

	# some GLUE2 Service Location parameters
	SITE_LONGITUDE=${SITE_LONGITUDE:-$SITE_LONG}
	SITE_LATITUDE=${SITE_LATITUDE:-$SITE_LAT}
	for i in Longitude Latitude Address Place Country PostCode; do
		key=SITE_`echo $i | tr '[:lower:]' '[:upper:]'`
		eval value="\$$key"
		if test -n "$value"; then
			if ! echo $i | grep ^L >/dev/null 2>&1; then value="\"$value\""; fi
			json="$json	\"Service_Location_$i\": $value,
"
		fi
	done

	# L&B service info
	mkdir -p /var/cache/$emir_daemon/services/ 2>/dev/null || :
	cat > /var/cache/$emir_daemon/services/glite-lb-bkserverd.json <<EOF
{
$json	"Service_ID": "`hostname -f`_lbserver",
	"Service_Name": "${SITE_NAME:-site}-Server",
	"Service_Type": "org.glite.lb.Server",
	"Service_QualityLevel": "production",
	"Service_CreationTime": { "\$date": "`TZ=C date +%FT%TZ`" },
	"Service_Endpoint_ID": "`hostname -f`_lbserver_org.glite.lb.Server",
	"Service_Endpoint_URL": "https://`hostname -f`:9003",
	"Service_Endpoint_Capability": [ "information.logging" ],
	"Service_Endpoint_Technology": "webservice",
	"Service_Endpoint_InterfaceName": "org.glite.lb.Server",
	"Service_Endpoint_InterfaceVersion": [ "$GLITE_LB_INTERFACE_VERSION" ],
	"Service_Endpoint_ServingState": "production",
	"Service_Endpoint_QualityLevel": "production",
	"Service_Endpoint_WSDL": "http://egee.cesnet.cz/cms/export/sites/egee/en/WSDL/3.1/LB.wsdl"
}
EOF
fi

if test "$setup_emir_daemon" = "1" -a "$emir" != "0"; then
	cp -fp /etc/grid-security/hostcert.pem /etc/grid-security/emi-hostcert.pem && \
	cp -fp /etc/grid-security/hostkey.pem /etc/grid-security/emi-hostkey.pem
	if test $? -eq 0; then
		chown emi:emi /etc/grid-security/emi-hostcert.pem /etc/grid-security/emi-hostkey.pem
		chmod 0644 /etc/grid-security/emi-hostcert.pem
		chmod 0400 /etc/grid-security/emi-hostkey.pem
		qecho "Certificates copied to /etc/grid-security/emi-host*.pem"
	else
		echo "glite-lb-setup: WARNING: copying certificates for EMIR failed"
	fi

	period=4
	validity=24
	inifile=/etc/emi/$emir_daemon/$emir_daemon.ini
	if test ! -f $inifile.orig -a -f $inifile; then
		cp $inifile $inifile.orig
	fi
	cat > /etc/emi/$emir_daemon/$emir_daemon.ini << EOF
[$emir_daemon]
url = $EMIR_URL
period = $period
validity = $validity

cert = /etc/grid-security/emi-hostcert.pem
key = /etc/grid-security/emi-hostkey.pem
cadir = /etc/grid-security/certificates

verbosity = debug

[advancedService]
json_dir_location = /var/cache/$emir_daemon/services/
EOF

	# enable (for Debian) after configuring
	if test -d /etc/default -a -f /etc/default/$emir_daemon; then
		sed -i 's/.*ENABLED.*=.*/ENABLED=yes/' /etc/default/$emir_daemon
	fi

	# start the beast
@fedora@	systemctl enable ${emir_daemon}.service
@fedora@	out="`systemctl restart ${emir_daemon}.service 2>&1`"
@redhat@	/sbin/chkconfig $emir_daemon on 2>/dev/null
@redhat@	out="`/sbin/service $emir_daemon restart 2>&1`"
@debian@	out="`/etc/init.d/$emir_daemon restart 2>&1`"
	if test $? -eq 0; then
		qecho "EMIR configured"
	else
		echo "$out"
		error_ok="$error_ok emir_daemon"
	fi
fi


# ==== upgrade ====

if test "$setup_upgrade_files" = "1"; then
	# upgrade from L&B <= 3.1.1
	# (legacy start-up stuff)
	if test -f @glite_etc@/gLiteservices; then
		grep -v 'glite-lb-' @glite_etc@/gLiteservices > /tmp/gLiteservices
		mv /tmp/gLiteservices @glite_etc@/gLiteservices
		if ! test -s @glite_etc@/gLiteservices; then
			rm -f @glite_etc@/gLiteservices
		fi
	fi
	# (old crons)
	rm -fv /etc/cron.d/glite-lb-purge.cron /etc/logrotate.d/lb-purger /etc/logrotate.d/lb-lcas
	# old crons in L&B <= 4.0.9 (L&B server <= 3.0.13)
	rm -fv /etc/cron.d/glite-lb-proxy-purge /etc/cron.d/glite-lb-notif-keeper
fi

if test "$setup_upgrade_logger" = "1"; then
	# upgrade from L&B <= 4.0.1
	rm -f /tmp/interlogger.sock
	if test -d /var/glite/log -a -d /var/spool/glite/lb-locallogger; then
		find /var/glite/log -type f -name dglogd.log.\* -exec mv {} /var/spool/glite/lb-locallogger \;
	fi
fi

if test "$setup_upgrade_notif" = "1"; then
	# upgrade from L&B <= 4.0.1
	rm -f /tmp/glite-lb-notif.sock
	if test -d /var/spool/glite/lb-notif; then
		find /var/tmp -type f -name glite-lb-notif.\* -exec mv {} /var/spool/glite/lb-notif \;
	fi
fi

if test "$setup_upgrade_proxy" = "1"; then
	# upgrade from L&B <= 4.0.1
	rm -f /tmp/glite-lbproxy-ilog.sock
	if test -d /var/spool/lb-proxy; then
		find /tmp -type f -name glite-lbproxy-ilog_events.\* -exec mv {} /var/spool/lb-proxy \;
	fi
fi

if test "$setup_upgrade_log4c" = "1"; then
	# check/fix log4c config file (if not updated from package) - remove log4c version
	if grep 'log4c\s\+version' $GLITE_LOCATION_ETC/glite-lb/log4crc >/dev/null 2>&1; then
		sed -i 's/\(log4c\).*version.*>/\1>/' $GLITE_LOCATION_ETC/glite-lb/log4crc
		if test $? -eq 0; then
			qecho "log4crc fixed"
		else
			error="$error upgrade_log4c"
		fi
	fi
fi

# ==== fetch CRL ====

if test "$setup_crl" = "1"; then
	if test -x /usr/sbin/fetch-crl; then
@debian@		# additional fetch-crl setup not needed
@debian@		:
@redhat@		/sbin/chkconfig fetch-crl-cron on
@redhat@		/sbin/chkconfig fetch-crl-boot on
@redhat@		/sbin/service fetch-crl-cron start
@redhat@		/sbin/service fetch-crl-boot start
@fedora@		systemctl enable fetch-crl-cron.service
@fedora@		systemctl enable fetch-crl-boot.service
@fedora@		systemctl start fetch-crl-cron.service
@fedora@		qecho "Fetching CRL..."
@fedora@		systemctl start fetch-crl-boot.service
	else
		echo "glite-lb-setup: WARNING: fetch-crl not found, fetching won't be configured"
	fi
fi


# ==== kerberos (experimental) ====

if test "$setup_krb" = "1"; then
	if test ! -f /etc/krb5.keytab; then
		echo "glite-lb-setup: ERROR: keytab not found"
		kerberos=0
	fi
	if ! test -n "`which klist 2>/dev/null`"; then
		echo "glite-lb-setup: ERROR: kerberos clients not found"
		kerberos=0
	fi
	if ldd $GLITE_LOCATION/bin/glite-lb-bkserverd | grep libglobus_gssapi_gsi >/dev/null 2>&1; then
		echo "glite-lb-setup: ERROR: Kerberos support requires L&B built with Kerberos libraries"
		kerberos=0
	fi

	if test "$kerberos" != "0"; then
		cp /etc/krb5.keytab $GLITE_HOME/krb5kt_lb || kerberos=0
		chown $GLITE_USER:$GLITE_GROUP $GLITE_HOME/krb5kt_lb

		/usr/share/glite-lb-logger/lb_krb_ticket.sh || kerberos=0

		# not needed anymore
		rm -vf /etc/cron.d/glite-lb-ticket
	fi
	if test "$kerberos" != "0"; then
		qecho "Kerberos configured"
	else
		error="$error krb"
	fi
fi

if test "$setup_krbgsi" = "1"; then
	if ! ldd $GLITE_LOCATION/bin/glite-lb-bkserverd | grep libheim >/dev/null 2>&1; then
		echo "glite-lb-setup: ERROR: GSI mode with kerberos requires L&B built in Heimdal Kerberos implementation"
		error="$error krbgsi"
		kerberos=0
	fi
	if test "$kerberos" != "0"; then
		libfile=`ldconfig -p | grep libglobus_gssapi_gsi.so | sed 's/.*=>\s*//'`
		if test -z "$libfile"; then
			echo "glite-lb-setup: ERROR: libglobus_gssapi_gsi.so not found, GSI mode not configured"
			error="$error krbgsi"
			kerberos=0
		fi
	fi
	if test "$kerberos" != "0"; then
		mkdir /etc/gss >/dev/null 2>&1
		echo "gsi	1.3.6.1.4.1.3536.1.1	$libfile" > /etc/gss/mech

		qecho "GSI mode with Kerberos configured"
		echo "glite-lb-setup: NOTE: tuned Globus and Heimdal Kerberos libraries required for support GSI with Kerberos"
	fi
fi


# ==== startup ====

if test "$setup_startup" = "1"; then
	if test ! -x $GLITE_LOCATION/bin/glite-lb-bkserverd; then
		echo "glite-lb-setup: ERROR: glite-lb-server not installed"
		startup_error=1
	fi
	if test ! -x $GLITE_LOCATION/bin/glite-lb-logd; then
		echo "glite-lb-setup: ERROR: glite-lb-logger not installed"
		startup_error=1
	fi
	if test x"$GLITE_LB_HARVESTER_ENABLED" = x"true"; then
		if test ! -x $GLITE_LOCATION/bin/glite-lb-harvester; then
			echo "glite-lb-setup: ERROR: glite-lb-harvester not installed"
			startup_error=1
		fi
	fi
	if test "$startup_error" = "1"; then
		error="$error startup"
	fi
fi
if test "$setup_startup" = "1" -a "$startup_error" != "1"; then
	[  -d $GLITE_HOME/dump ] || mkdir $GLITE_HOME/dump && chown $GLITE_USER:$GLITE_GROUP $GLITE_HOME/dump
	[  -d $GLITE_HOME/purge ] || mkdir $GLITE_HOME/purge && chown $GLITE_USER:$GLITE_GROUP $GLITE_HOME/purge

	startup_error=0
@fedora@
@fedora@	case "$GLITE_LB_TYPE" in
@fedora@	proxy)
@fedora@		GLITE_LB_SERVER_PROXY_OPTIONS="-P "
@fedora@		;;
@fedora@	both)
@fedora@		GLITE_LB_SERVER_PROXY_OPTIONS="-B "
@fedora@		;;
@fedora@	*)
@fedora@		GLITE_LB_SERVER_PROXY_OPTIONS=""
@fedora@		;;
@fedora@	esac
@fedora@
@fedora@	systemd_unitdir=`pkg-config systemd --variable=systemdsystemunitdir`
@fedora@	systemd_confdir=`pkg-config systemd --variable=systemdsystemconfdir`
@fedora@	for i in bkserverd logd interlogd notif-interlogd proxy-interlogd harvester; do
@fedora@		sed -e "s|\(X509_USER_CERT\).*|\1=$GLITE_HOST_CERT|" \
@fedora@		    -e "s|\(X509_USER_KEY\).*|\1=$GLITE_HOST_KEY|" \
@fedora@		    -e "s|\(KRB5_KTNAME\).*|\1=FILE:$GLITE_HOME/krb5kt_lb|" \
@fedora@		    -e "s|\(KRB5CCNAME\).*|\1=FILE:$GLITE_HOME/krb5cc_lb|" \
@fedora@		    -e "s|\(--dump-prefix\)=[^ \t]*|\1=$GLITE_HOME/dump |" \
@fedora@		    -e "s|\(--purge-prefix\)=[^ \t]*|\1=$GLITE_HOME/purge |" \
@fedora@		    $systemd_unitdir/glite-lb-$i.service > $systemd_confdir/glite-lb-$i.service
@fedora@	done
@fedora@	sed -i -e "s|\$GLITE_LB_SERVER_PROXY_OPTIONS |$GLITE_LB_SERVER_PROXY_OPTIONS|" $systemd_confdir/glite-lb-bkserverd.service
@fedora@	systemctl --system daemon-reload
@fedora@
@fedora@	systemctl enable mysqld.service
@debian@	grep -v ^RUN_ @defaultdir@/glite-lb > /tmp/glite-lb.$$
@debian@	mv /tmp/glite-lb.$$ @defaultdir@/glite-lb
@debian@
@debian@	# legacy startup script
@debian@	update-rc.d glite-lb-locallogger defaults >/dev/null 2>&1 || :
@debian@	update-rc.d glite-lb-locallogger disable >/dev/null 2>&1 || :
@debian@
@redhat@	/sbin/chkconfig mysqld on
@redhat@
@redhat@	# legacy startup script
@redhat@	/sbin/chkconfig glite-lb-locallogger off >/dev/null 2>&1 || :
@redhat@
	setup_daemon bkserverd SERVER true
	setup_daemon notif-interlogd NOTIF_IL true
	case "$GLITE_LB_TYPE" in
	proxy)
		setup_daemon logd LOGD false
		setup_daemon interlogd IL false
		setup_daemon proxy-interlogd PROXY_IL true
		;;
	both)
		setup_daemon logd LOGD true
		setup_daemon interlogd IL true
		setup_daemon proxy-interlogd PROXY_IL true
		;;
	*)
		setup_daemon logd LOGD true
		setup_daemon interlogd IL true
		setup_daemon proxy-interlogd PROXY_IL false
		;;
	esac
	setup_daemon harvester HARVESTER "$GLITE_LB_HARVESTER_ENABLED"

	if test "$startup_error" = "0"; then
		qecho "Services started successfully"
	else
		echo "glite-lb-setup: ERROR: Some services failed to start"
		error="$error startup"
	fi
fi


# ==== the end ====

if test -n "$error" -o -n "$error_ok"; then
	echo "glite-lb-setup: ERROR:$error$error_ok"
fi

if test -z "$error"; then
	true
else
	false
fi
