#!/bin/bash
##############################################################################
# Copyright (c) Members of the EGEE Collaboration. 2004.
# See http://www.eu-egee.org/partners/ for details on the copyright
# holders.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS
# OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##############################################################################
#
# NAME :        config_DPM_info
#
# DESCRIPTION : This function configures the access for the info user
#
# AUTHORS :     David.Smith@cern.ch, Gergely.Debreczeni@cern.ch
#
# YAIM MODULE:  glite-yaim-dpm
#
##############################################################################

function config_DPM_info_check() {

requires $1 MYSQL_PASSWORD DPM_DB_HOST DPM_INFO_USER DPM_INFO_PASS INSTALL_ROOT DPNS_DB
retcode=$?
return $retcode
}

function config_DPM_info() {

# If values are unset here then assume 'dpminfo' and generate a random password

LCG_LOCATION_ETC=${LCG_LOCATION_ETC:-${LCG_LOCATION}/etc}
DPM_INFO_CONFIG=${LCG_LOCATION_ETC}/DPMINFO

yaimlog INFO "Setting up monitoring access for $DPM_INFO_USER on $DPM_DB_HOST"

hostname=`hostname -f`

####@ Sets up the DPM_INFO_USER's mysql account and adjust it's privileges.

mysql --user=root --pass="$MYSQL_PASSWORD" --host=$DPM_DB_HOST <<EOF
grant select on $DPNS_DB.* to '$DPM_INFO_USER'@'$hostname' identified by '$DPM_INFO_PASS';
grant select on $DPNS_DB.* to '$DPM_INFO_USER'@'localhost' identified by '$DPM_INFO_PASS';
grant select on $DPNS_DB.* to '$DPM_INFO_USER'@'${DPM_DB_HOST}' identified by '$DPM_INFO_PASS';
flush privileges;
EOF
if [ $? != "0" ]; then
    yaimlog ERROR "YAIM function config_DPM_info failed to add the dpm information user to the\n $DPNS_DB database on $DPM_DB_HOST.\n This probably means information monitoring is now broken for DPM." | tee -a $YAIM_LOG
    yaimlog ERROR "Were the database host/password values correct?" | tee -a $YAIM_LOG
    return 1
fi

# Setting the old style password.

mysql -u root -h ${DPM_DB_HOST} -p${MYSQL_PASSWORD} --exec "set password for '$DPM_INFO_USER'@'${hostname}'=OLD_PASSWORD('$DPM_INFO_PASS')"
mysql -u root -h ${DPM_DB_HOST} -p${MYSQL_PASSWORD} --exec "set password for '$DPM_INFO_USER'@'localhost'=OLD_PASSWORD('$DPM_INFO_PASS')"
mysql -u root -h ${DPM_DB_HOST} -p${MYSQL_PASSWORD} --exec "set password for '$DPM_INFO_USER'@'${DPM_DB_HOST}'=OLD_PASSWORD('$DPM_INFO_PASS')"


####@ Writes the access configuration file ($DPM_INFO_CONFIG), and sets it's permission.

cat > $DPM_INFO_CONFIG <<EOF
$DPM_INFO_USER/$DPM_INFO_PASS@$DPM_DB_HOST/${DPNS_DB}
EOF

chmod 440 ${DPM_INFO_CONFIG}
chown ${EDG_USER}:${INFOSYS_GROUP} ${DPM_INFO_CONFIG}

## This is required to allow special user edginfo 
## to get a host cert (to be authenticated
## to allow it to use the dpm-qryconf command to fetch
## storage global info from the DPM server itself)
eval EDGINFO_USER_HOME=~${EDGINFO_USER}
mkdir -p ${EDGINFO_USER_HOME}/.globus
chown ${EDGINFO_USER}:${EDGINFO_GROUP} ${EDGINFO_USER_HOME}/.globus
if [ -f /etc/grid-security/hostkey.pem ]; then
    cp -p /etc/grid-security/hos* ${EDGINFO_USER_HOME}/.globus/
    cd ${EDGINFO_USER_HOME}/.globus
    mv hostcert.pem usercert.pem
    mv hostkey.pem  userkey.pem
    chown ${EDGINFO_USER}:${EDGINFO_GROUP} user*
fi

## This is the same as above but for edguser
eval EDGUSER_HOME=~${EDG_USER}
mkdir -p ${EDGUSER_HOME}/.globus
chown ${EDG_USER}:${EDG_GROUP} ${EDGUSER_HOME}/.globus
if [ -f /etc/grid-security/hostkey.pem ]; then
    cp -p /etc/grid-security/hos* ${EDGUSER_HOME}/.globus/
    cd ${EDGUSER_HOME}/.globus
    mv hostcert.pem usercert.pem
    mv hostkey.pem  userkey.pem
    chown ${EDG_USER}:${EDG_GROUP} user*
fi

## Again the same the BDII user, which is ldap
eval BDII_HOME=~ldap
mkdir -p ${BDII_HOME}/.globus
chown ldap:ldap ${BDII_HOME}/.globus
if [ -f /etc/grid-security/hostkey.pem ]; then
    cp -p /etc/grid-security/hos* ${BDII_HOME}/.globus/
    cd ${BDII_HOME}/.globus
    mv hostcert.pem usercert.pem
    mv hostkey.pem  userkey.pem
    chown ldap:ldap user*
fi


return 0
}
 
