##############################################################################
# Copyright (c) Members of the EGEE Collaboration. 2004. 
# See http://www.eu-egee.org/partners/ for details on the copyright 
# holders.  
#
# Licensed under the Apache License, Version 2.0 (the "License"); 
# you may not use this file except in compliance with the License. 
# You may obtain a copy of the License at 
#
#    http://www.apache.org/licenses/LICENSE-2.0 
#
# Unless required by applicable law or agreed to in writing, software 
# distributed under the License is distributed on an "AS IS" BASIS, 
# WITHOUT WARRANTIES OR CONDITIONS 
# OF ANY KIND, either express or implied. 
# See the License for the specific language governing permissions and 
# limitations under the License.
##############################################################################
#
# NAME :        glite-wms
#
# DESCRIPTION : This file contains the function to configure the WMS.
#
# AUTHORS :     grid-release@infn.it 
#
# NOTES :       -
#
# YAIM MODULE:  glite.yaim.wms
#                 
##############################################################################

function config_glite_wms_check(){
  requires $1 BDII_HOST LB_HOST VOS GROUPS_CONF WMS_LOCATION_TMP WMS_LOCATION_SBIN\
           WMS_LOCATION_LIBEXEC WMS_LOCATION_ETC GLITE_WMS_CONFIG_DIR WMS_JOBWRAPPER_TEMPLATE WMS_LOCATION_USR\
           WMS_CONF_FILE_OVERWRITE X509_VOMS_DIR GLOBUS_TCP_PORT_RANGE GLITE_WMS_WMPROXY_MAX_SERVED_REQUESTS GLOBUS_TCP_PORT_RANGE \
           GLITE_WMS_USER  WMS_MATCH_RETRY_PERIOD WMS_EXPIRY_PERIOD GLITE_HOST_CERT GLITE_HOST_KEY \
           OS_ARCH INSTALL_ROOT GLITE_USER SITE_EMAIL USE_ARGUS
   ret_cod1=$?
   if [ x${USE_ARGUS} = xyes ]; then
    requires $1 ARGUS_PEPD_ENDPOINTS
    ret_cod2=$?
   fi
   if  [ ! $ret_cod1 == 0 ] || [ ! $ret_cod2 == 0 ]; then
     return 1
   else
    return 0
   fi

}

function config_glite_wms_setenv(){

  yaimgridenv_set WMS_LOCATION_LOG /var/log/wms
  yaimgridenv_set WMS_LOCATION_VAR /var
  yaimgridenv_set WMS_LOCATION_TMP ${WMS_LOCATION_TMP:-/tmp}
  yaimgridenv_set WMS_LOCATION_LIBEXEC ${WMS_LOCATION_LIBEXEC:-/usr/libexec}
  yaimgridenv_set WMS_LOCATION_USR ${WMS_LOCATION_USR:-/usr} 
  yaimgridenv_set WMS_LOCATION_ETC ${WMS_LOCATION_ETC:-/etc} 
  yaimgridenv_set WMS_LOCATION_SBIN ${WMS_LOCATION_SBIN:-/usr/sbin} 
  yaimgridenv_set WMS_JOBWRAPPER_TEMPLATE ${WMS_JOBWRAPPER_TEMPLATE} 

  # Redefine GLITE_HOME_DIR (fix bug #52617)
  GLITE_HOME_DIR=`getent passwd ${GLITE_USER} | cut -d: -f6`
  if [ "x${GLITE_HOME_DIR}" = "x" ]; then
    yaimlog ERROR "The home directory of ${GLITE_HOME_DIR} doesn't exist. Check whether the user ${GLITE_USER} was properly created"
    exit ${YEX_NOSUCHFILE}
  fi
  yaimgridenv_set GLITE_WMS_TMP ${WMS_LOCATION_TMP}
  yaimgridenv_set GLITE_WMS_LOCATION_VAR /var
  yaimgridenv_set GLITE_SD_PLUGIN "bdii"
  yaimgridenv_set GLITE_WMS_GROUP ${GLITE_WMS_GROUP}
  yaimgridenv_set GLITE_WMS_USER ${GLITE_WMS_USER}
  yaimgridenv_set GLITE_USER ${GLITE_USER}
  yaimgridenv_set GLITE_WMS_QUERY_TIMEOUT ${GLITE_WMS_QUERY_TIMEOUT}
  yaimgridenv_set GLITE_PR_TIMEOUT ${GLITE_PR_TIMEOUT}
  yaimgridenv_set GLITE_HOST_CERT ${GLITE_HOME_DIR:-/home/glite}/.certs/hostcert.pem
  yaimgridenv_set GLITE_HOST_KEY ${GLITE_HOME_DIR:-/home/glite}/.certs/hostkey.pem
  yaimgridenv_set X509_CERT_DIR ${X509_CERT_DIR:-/etc/grid-security}
  yaimgridenv_set X509_VOMS_DIR ${X509_VOMS_DIR}

  yaimgridenv_set GRIDMAPDIR ${GRIDMAPDIR:-/etc/grid-security/gridmapdir}
  #yaimgridenv_set GRIDMAP /etc/grid-security/grid-mapfile
  yaimgridenv_set GRIDMAPFILE ${GRIDMAPFILE:-/etc/grid-security/grid-mapfile}
  yaimgridenv_set GLOBUS_TCP_PORT_RANGE "${GLOBUS_TCP_PORT_RANGE}"
  yaimgridenv_set MYPROXY_TCP_PORT_RANGE "${GLOBUS_TCP_PORT_RANGE/ /,}"
  yaimgridenv_set GLITE_WMS_WMPROXY_MAX_SERVED_REQUESTS ${GLITE_WMS_WMPROXY_MAX_SERVED_REQUESTS}

  # Setting condor
  yaimgridenv_set CONDORG_INSTALL_PATH /usr

  # Setting LCMAPS related parameters to the default values (just for avoid undefined messages)
  yaimgridenv_set LCMAPS_LOG_LEVEL ${LCMAPS_LOG_LEVEL:-5}
  yaimgridenv_set LCMAPS_DEBUG_LEVEL ${LCMAPS_DEBUG_LEVEL:-0}

  # For glite compatibility [begin]:
  #glite_prefix=${GLITE_LOCATION:-/opt/glite}
  #classads_prefix=${INSTALL_ROOT:-/opt}/classads
  #if [ x`uname -m` = xx86_64 ]; then
  #  if [ -d "$glite_prefix/lib64" ]; then
  #    glite_libarch=lib64
  #  fi
  #  if [ -d "$classads_prefix/lib64" ]; then
  #      classads_libarch=lib64
  #  fi
  #fi
  # 
  #yaimgridpath_append LD_LIBRARY_PATH ${INSTALL_ROOT:-/opt}/globus/lib
  #yaimgridpath_append LD_LIBRARY_PATH ${INSTALL_ROOT:-/opt}/fcgi/lib
  #yaimgridpath_append LD_LIBRARY_PATH $glite_prefix/${glite_libarch:-lib}
  #yaimgridpath_append LD_LIBRARY_PATH $classads_prefix/${classads_libarch:-lib}
  # For glite compatibility [end]

  #For EMI
  yaimgridpath_append LD_LIBRARY_PATH ${WMS_LOCATION_USR}/lib64
  
}

function config_glite_wms() {

  HOSTNAME=`hostname -f`

  ####################################
  #   glite_wms.conf                 #
  ####################################

  # LB_HOST has to be defined it in site-info.def as 
  # LB_HOST='"host1:port1","host2:port2"'
  for k in $LB_HOST ; do
    echo $k | grep ":[0-9]" > /dev/null
    if [ $? -eq 0 ]; then
      k1="$k"
    else
      k1="$k:9000"
    fi
    LB_HOSTS="\"$k1\",$LB_HOSTS"
  done

  LB_HOST=`echo $LB_HOSTS | sed -e 's/,$//g'`

yaimlog INFO "${FUNCTION}: Configuration file"
  CONF_FILE="${GLITE_WMS_CONFIG_DIR}/glite_wms.conf"        # Configuration filename
  CONF_FILE_T="${CONF_FILE}.template"                       # Template configuration filename
  CONF_FILE_B="${CONF_FILE}.bkp_`date +%Y%m%d_%H%M%S`"      # Backup configuration filename (if needed)
  CONF_FILE_N="${CONF_FILE}.yaimnew_`date +%Y%m%d_%H%M%S`"  # New configuration filename (if needed)

  # Configuration file management
  WMS_CONF_FILE_OVERWRITE=`echo ${WMS_CONF_FILE_OVERWRITE} | tr '[:upper:]' '[:lower:]'`   # convert in lowercase
  # If not exists, create it from template (can it be possible?)
  if [ ! -f ${CONF_FILE} ]; then
    yaimlog DEBUG "${FUNCTION}: First configuration, ${CONF_FILE} does not exist, create it"
    #yaimlog DEBUG "${FUNCTION}: First configuration, create ${CONF_FILE} from template ${CONF_FILE_T}"
    #cp ${CONF_FILE_T} ${CONF_FILE}
  # Else if overwrite is enabled, create backup
  elif [ "${WMS_CONF_FILE_OVERWRITE}" = "true" ]; then
    yaimlog DEBUG "${FUNCTION}: Overwrite old configuration file ${CONF_FILE}"
    yaimlog DEBUG "${FUNCTION}: Backup old configuration file in ${CONF_FILE_B}."
    cp ${CONF_FILE} ${CONF_FILE_B}
  # Else if overwrite is disabled, create yaimnew
  else
    yaimlog DEBUG "${FUNCTION}: Not overwrite old configuration file ${CONF_FILE}"
    yaimlog DEBUG "${FUNCTION}: Create new configuration file in ${CONF_FILE_N}"
    CONF_FILE="${CONF_FILE_N}"
    touch ${CONF_FILE}
  fi

  # Remove oldest backup file
  yaimlog DEBUG "${FUNCTION}: Removing old backup files"
  find `dirname "${CONF_FILE}"` -ctime +2 -name 'glite_wms.conf.bkp*' -exec rm {} \;

  #Select RuntimeMalloc
  yaimlog DEBUG "OS_ARCH = ${OS_ARCH}"
  runtime_malloc=""
  if [ "x${OS_ARCH}" = "x64BIT" ]; then
    #runtime_malloc=/usr/lib64/libtcmalloc_minimal.so
    runtime_malloc=/usr/lib64/libjemalloc.so.1
  fi

  # Calculate IsmIiLDAPCEFilterExt
  my_IsmIiLDAPCEFilterExt=""
  for vo in $VOS; do
    my_IsmIiLDAPCEFilterExt="$my_IsmIiLDAPCEFilterExt(GlueCEAccessControlBaseRule=VO:${vo})(GlueCEAccessControlBaseRule=VOMS:/${vo}/*)"
  done

if [ x${USE_ARGUS} = xyes ]; then
  UseArgus=true
  endpoints=""
  for j in ${ARGUS_PEPD_ENDPOINTS}; do
      endpoints="${endpoints} \"${j}\", "
  done 
  endpoints=`echo $endpoints | sed -e "s/,$//g"`
else 
   UseArgus=false
fi



  yaimlog INFO "${FUNCTION}: Creating ${CONF_FILE} ..."

  ClassAdsHelper_file=ClassAdsHelper.conf
  cat << EOF >$ClassAdsHelper_file
ClassAdsHelper:file=${CONF_FILE}
Common/DGUser = "\${GLITE_WMS_USER}"
Common/HostProxyFile = "\${WMS_LOCATION_VAR}/glite/wms.proxy"
Common/LBProxy = true
JobController/CondorSubmit = "\${CONDORG_INSTALL_PATH}/bin/condor_submit"
JobController/CondorRemove = "\${CONDORG_INSTALL_PATH}/bin/condor_rm"
JobController/CondorQuery = "\${CONDORG_INSTALL_PATH}/bin/condor_q"
JobController/CondorRelease = "\${CONDORG_INSTALL_PATH}/bin/condor_release"
JobController/SubmitFileDir = "\${WMS_LOCATION_VAR}/jobcontrol/submit"
JobController/OutputFileDir = "\${WMS_LOCATION_VAR}/jobcontrol/condorio"
JobController/Input = "\${WMS_LOCATION_VAR}/jobcontrol/jobdir/"
JobController/LockFile = "\${WMS_LOCATION_VAR}/jobcontrol/lock"
JobController/LogFile = "\${WMS_LOCATION_LOG}/jobcontroller_events.log"
JobController/LogLevel = 5
JobController/MaximumTimeAllowedForCondorMatch = 1800
JobController/ContainerRefreshThreshold = 1000
NetworkServer/II_Port  = 2170
NetworkServer/Gris_Port = 2170
NetworkServer/II_Timeout = 100
NetworkServer/Gris_Timeout = 20
NetworkServer/II_DN = "mds-vo-name=local, o=grid"
NetworkServer/Gris_DN = "mds-vo-name=local, o=grid"
NetworkServer/II_Contact = "$BDII_HOST"
NetworkServer/BacklogSize = 64
NetworkServer/ListeningPort = 7772
NetworkServer/MasterThreads = 8
NetworkServer/DispatcherThreads = 10
NetworkServer/SandboxStagingPath = "\${WMS_LOCATION_VAR}/SandboxDir"
NetworkServer/LogFile = "\${WMS_LOCATION_LOG}/networkserver_events.log"
NetworkServer/LogLevel = 5
NetworkServer/EnableQuotaManagement = false
NetworkServer/MaxInputSandboxSize = 10000000
NetworkServer/EnableDynamicQuotaAdjustment = false
NetworkServer/QuotaAdjustmentAmount = 10000
NetworkServer/QuotaInsensibleDiskPortion = 2.0
NetworkServer/DLI_SI_CatalogTimeout = 60
NetworkServer/ConnectionTimeout = 300
NetworkServer/ListMatchParadise = "\${WMS_LOCATION_TMP}/MatchArea"
LogMonitor/JobsPerCondorLog = 1000
LogMonitor/LockFile = "\${WMS_LOCATION_VAR}/logmonitor/lock"
LogMonitor/LogFile = "\${WMS_LOCATION_LOG}/logmonitor_events.log"
LogMonitor/LogLevel = 5
LogMonitor/ExternalLogFile = "\${WMS_LOCATION_LOG}/logmonitor_external.log"
LogMonitor/MainLoopDuration = 5
LogMonitor/CondorLogDir = "\${WMS_LOCATION_VAR}/logmonitor/CondorG.log"
LogMonitor/CondorLogRecycleDir = "\${WMS_LOCATION_VAR}/logmonitor/CondorG.log/recycle"
LogMonitor/MonitorInternalDir = "\${WMS_LOCATION_VAR}/logmonitor/internal"
LogMonitor/IdRepositoryName = "irepository.dat"
LogMonitor/AbortedJobsTimeout = 600
LogMonitor/GlobusDownTimeout = 7200
LogMonitor/RemoveJobFiles = true
LogMonitor/ForceCancellationRetries = 2
WorkloadManager/WorkerThreads = 5
WorkloadManager/Input = "\${WMS_LOCATION_VAR}/workload_manager/jobdir"
WorkloadManager/LogLevel = 5
WorkloadManager/LogFile  = "\${WMS_LOCATION_LOG}/workload_manager_events.log"
WorkloadManager/MaxRetryCount = 10
WorkloadManager/CeMonitorServices = {}
WorkloadManager/CeMonitorAsynchPort = 0
WorkloadManager/IsmBlackList = {}
WorkloadManager/IsmUpdateRate = 600
WorkloadManager/IsmIiPurchasingRate = 480
WorkloadManager/JobWrapperTemplateDir = "\${WMS_JOBWRAPPER_TEMPLATE}"
WorkloadManager/IsmThreads = true
WorkloadManager/IsmDump = "\${WMS_LOCATION_VAR}/workload_manager/ismdump.fl"
WorkloadManager/MatchRetryPeriod = ${WMS_MATCH_RETRY_PERIOD}
WorkloadManager/ExpiryPeriod = ${WMS_EXPIRY_PERIOD}
WorkloadManager/SiServiceName = "org.glite.SEIndex"
WorkloadManager/DliServiceName = "data-location-interface"
WorkloadManager/MaxRetryCount = 10
WorkloadManager/DisablePurchasingFromGris = true
WorkloadManager/EnableBulkMM = true
WorkloadManager/CeForwardParameters = {"GlueHostMainMemoryVirtualSize","GlueHostMainMemoryRAMSize","GlueCEPolicyMaxCPUTime", "GlueCEPolicyMaxObtainableCPUTime", "GlueCEPolicyMaxObtainableWallClockTime", "GlueCEPolicyMaxWallClockTime" }
WorkloadManager/MaxOutputSandboxSize = -1
WorkloadManager/EnableRecovery = true
WorkloadManager/QueueSize = 1000
WorkloadManager/RuntimeMalloc = "${runtime_malloc}"
WorkloadManager/ReplanGracePeriod = 3600
WorkloadManager/MaxReplansCount = 5
WorkloadManager/SbRetryDifferentProtocols = true
WorkloadManager/WmsRequirements  = ((ShortDeadlineJob =?= TRUE ? RegExp(".*sdj$", other.GlueCEUniqueID) : !RegExp(".*sdj$", other.GlueCEUniqueID)) && (other.GlueCEPolicyMaxTotalJobs == 0 || other.GlueCEStateTotalJobs < other.GlueCEPolicyMaxTotalJobs) && (EnableWmsFeedback =?= TRUE ? RegExp("cream", other.GlueCEImplementationName, "i") : true) && (member(CertificateSubject,other.GlueCEAccessControlBaseRule) || member(strcat("VO:",VirtualOrganisation),other.GlueCEAccessControlBaseRule) || FQANmember(strcat("VOMS:", VOMS_FQAN), other.GlueCEAccessControlBaseRule)) is true && FQANmember(strcat("DENY:",VOMS_FQAN), other.GlueCEAccessControlBaseRule) isnt true && (IsUndefined(other.OutputSE) || member(other.OutputSE, other.GlueCESEBindGroupSEUniqueID)))
WorkloadManager/IsmIiLDAPCEFilterExt = "(|${my_IsmIiLDAPCEFilterExt})"
WorkloadManager/IsmIiG2LDAPCEFilterExt = "(|(&(objectclass=GLUE2ComputingService)(|(GLUE2ServiceType=org.glite.ce.ARC)(GLUE2ServiceType=org.glite.ce.CREAM)))(|(objectclass=GLUE2ComputingManager)(|(objectclass=GLUE2ComputingShare)(|(&(objectclass=GLUE2ComputingEndPoint)(GLUE2EndpointInterfaceName=org.glite.ce.CREAM))(|(objectclass=GLUE2ToStorageService)(|(&(objectclass=GLUE2MappingPolicy)(GLUE2PolicyScheme=org.glite.standard))(|(&(objectclass=GLUE2AccessPolicy)(GLUE2PolicyScheme=org.glite.standard))(|(objectclass=GLUE2ExecutionEnvironment)(|(objectclass=GLUE2ApplicationEnvironment)(|(objectclass=GLUE2Benchmark)))))))))))" 
WorkloadManager/IsmIiG2LDAPSEFilterExt  = "(|(objectclass=GLUE2StorageService)(|(objectclass=GLUE2StorageManager)(|(objectclass=GLUE2StorageShare)(|(objectclass=GLUE2StorageEndPoint)(|(objectclass=GLUE2MappingPolicy)(|(objectclass=GLUE2AccessPolicy)(|(objectclass=GLUE2DataStore)(|(objectclass=GLUE2StorageServiceCapacity)(|(objectclass=GLUE2StorageShareCapacity))))))))))";
WorkloadManager/EnableIsmIiGlue13Purchasing = true
WorkloadManager/EnableIsmIiGlue20Purchasing = false
WorkloadManager/BrokerLib = "libglite_wms_helper_broker_ism.so.0"
WorkloadManager/IiGlueLib = "libglite_wms_ism_ii_purchaser.so.0"
WorkloadManagerProxy/ArgusAuthz = ${UseArgus} 
WorkloadManagerProxy/ArgusPepdEndpoints = {${endpoints}}
WorkloadManagerProxy/SandboxStagingPath = "\${WMS_LOCATION_VAR}/SandboxDir"
WorkloadManagerProxy/LogFile = "\${WMS_LOCATION_LOG}/wmproxy.log"
WorkloadManagerProxy/LogLevel = 5
WorkloadManagerProxy/MaxInputSandboxSize = 100000000
WorkloadManagerProxy/ListMatchRootPath = "/tmp"
WorkloadManagerProxy/GridFTPPort = 2811
WorkloadManagerProxy/LBServer = {$LB_HOST}
WorkloadManagerProxy/MinPerusalTimeInterval = 1000
WorkloadManagerProxy/AsyncJobStart = false
WorkloadManagerProxy/EnableServiceDiscovery = false
WorkloadManagerProxy/LBServiceDiscoveryType = "org.glite.lb.server"
WorkloadManagerProxy/ServiceDiscoveryInfoValidity = 3600
WorkloadManagerProxy/WeightsCacheValidity = 86400
WorkloadManagerProxy/MaxServedRequests = 50
WorkloadManagerProxy/OperationLoadScripts/jobRegister = "\${WMS_LOCATION_SBIN}/glite_wms_wmproxy_load_monitor --oper jobRegister --load1 22 --load5 20 --load15 18 --memusage 99 --diskusage 95 --fdnum 1000 --jdnum 1500 --ftpconn 300"
WorkloadManagerProxy/OperationLoadScripts/jobSubmit = "\${WMS_LOCATION_SBIN}/glite_wms_wmproxy_load_monitor --oper jobSubmit --load1 22 --load5 20 --load15 18 --memusage 99 --diskusage 95 --fdnum 1000 --jdnum 1500  --ftpconn 300"
WmsClient/dummy=dummy
ICE/start_listener  =  false
ICE/start_lease_updater  =  false
ICE/logfile  =  "\${WMS_LOCATION_LOG}/ice.log"
ICE/log_on_file = true
ICE/creamdelegation_url_prefix  =  "https://"
ICE/listener_enable_authz  =  true
ICE/poller_status_threshold_time  =  30*60
ICE/ice_topic  =  "CREAM_JOBS"
ICE/subscription_update_threshold_time  =  3600
ICE/lease_delta_time  =  0
ICE/notification_frequency  =  3*60
ICE/start_proxy_renewer  =  true
ICE/max_logfile_size  =  100*1024*1024
ICE/ice_host_cert  =  "\${GLITE_HOST_CERT}"
ICE/Input  =  "\${WMS_LOCATION_VAR}/ice/jobdir"
ICE/job_cancellation_threshold_time  =  300
ICE/poller_delay  =  2*60
ICE/persist_dir  =  "\${WMS_LOCATION_VAR}/ice/persist_dir"
ICE/lease_update_frequency  =  20*60
ICE/log_on_console = false
ICE/cream_url_postfix  =  "/ce-cream/services/CREAM2"
ICE/subscription_duration  =  86400
ICE/bulk_query_size  =  100
ICE/purge_jobs  =  false
ICE/listener_port  =  7010
ICE/listener_enable_authn  =  true
ICE/ice_host_key  =  "\${GLITE_HOST_KEY}"
ICE/start_poller  =  true
ICE/creamdelegation_url_postfix  =  "/ce-cream/services/gridsite-delegation"
ICE/cream_url_prefix  =  "https://"
ICE/max_ice_threads  =  10
ICE/cemon_url_prefix  =  "https://"
ICE/start_subscription_updater  =  true
ICE/proxy_renewal_frequency  =  600
ICE/ice_log_level  =  500
ICE/proxy_renewal_timeout = 120
ICE/soap_timeout  =  60
ICE/max_logfile_rotations  =  10
ICE/cemon_url_postfix  =  "/ce-monitor/services/CEMonitor"
ICE/max_ice_mem = 2096000
ICE/ice_empty_threshold = 600
EOF
  python $FUNCTIONS_DIR/../libexec/ClassAdsHelper.py
  rm -f $ClassAdsHelper_file

  ####################################
  #   limiter script                #
  ####################################

  if [ -f ${WMS_LOCATION_SBIN}/glite_wms_wmproxy_load_monitor ]; then
    yaimlog WARNING "${WMS_LOCATION_SBIN}/glite_wms_wmproxy_load_monitor found"
    chmod a+x ${WMS_LOCATION_SBIN}/glite_wms_wmproxy_load_monitor
  else
    if [ -f ${{WMS_LOCATION_SBIN}}/glite_wms_wmproxy_load_monitor.template ]; then
      yaimlog ERROR "${{WMS_LOCATION_SBIN}}/glite_wms_wmproxy_load_monitor does not exist"
      exit 1
    fi
  fi
  

  ####################################
  #   wmproxy                        #
  ####################################

  cat ${GLITE_WMS_CONFIG_DIR}/wmproxy_httpd.conf.template | sed  \
   -e "s/^ServerName.*/ServerName ${HOSTNAME}:7443/"  \
   -e "s/^.*SSLCARevocationPath.*/SSLCARevocationPath    \${X509_CERT_DIR}/" \
   -e "s/^LogLevel.*/LogLevel error/" \
> ${GLITE_WMS_CONFIG_DIR}/glite_wms_wmproxy_httpd.conf

  # where to look for modules
  yaimlog DEBUG "OS_ARCH = ${OS_ARCH}"
  moddir=${WMS_LOCATION_USR}/lib/httpd/modules
  if [ "x${OS_ARCH}" = "x64BIT" ]; then
    moddir=${WMS_LOCATION_USR}/lib64/httpd/modules
  fi
  cp ${GLITE_WMS_CONFIG_DIR}/glite_wms_wmproxy_httpd.conf /tmp/glite_wms_wmproxy_httpd.conf.tmp
  cat /tmp/glite_wms_wmproxy_httpd.conf.tmp | sed  \
  -e "s/\/usr\/lib\/httpd\/modules/\/usr\/lib64\/httpd\/modules/" \
> ${GLITE_WMS_CONFIG_DIR}/glite_wms_wmproxy_httpd.conf

  #This is a temporary solution, we need to add role as well
  if [ ! -e $GROUPS_CONF ]; then
    yaimlog ABORT "$GROUPS_CONF not found."
    return 1
  fi
  wmproxy_gacl=${GLITE_WMS_CONFIG_DIR}/glite_wms_wmproxy.gacl
  echo '<gacl version="0.0.1">' > $wmproxy_gacl
  for line in `cat $GROUPS_CONF`
  do
    for vo in `echo $VOS`
    do
      entry=`echo $line | grep $vo`
      if [ $? = 0 ] ; then
        echo $entry | grep "GROUP=/" > /dev/null 2>&1
        if [ $? = 0 ] ; then
          real=`echo $entry | sed -e "s/\":.*//" | awk -F"GROUP=" '{print $2}'`
          echo "  <entry>" >> $wmproxy_gacl
          echo "    <voms>" >> $wmproxy_gacl
          echo "      <fqan>$real</fqan>" >> $wmproxy_gacl
          echo "    </voms>" >> $wmproxy_gacl
          echo "    <allow>" >> $wmproxy_gacl
          echo "      <exec/>" >> $wmproxy_gacl
          echo "    </allow>" >> $wmproxy_gacl
          echo "  </entry>" >> $wmproxy_gacl
        else
          real=`echo $entry | sed -e "s/\":.*//" | sed -e "s/^\"\//\//"`
          echo "  <entry>" >> $wmproxy_gacl
          echo "    <voms>" >> $wmproxy_gacl
          echo "      <fqan>$real</fqan>" >> $wmproxy_gacl
          echo "    </voms>" >> $wmproxy_gacl
          echo "    <allow>" >> $wmproxy_gacl
          echo "      <exec/>" >> $wmproxy_gacl
          echo "    </allow>" >> $wmproxy_gacl
          echo "  </entry>" >> $wmproxy_gacl
          echo $real | grep "ROLE=" > /dev/null 2>&1
          # $?=0 se trova ROLE= altrimenti vale 1
          if [ ! $? = 0 ] ; then
            echo $real | grep "\*" > /dev/null 2>&1
            echo "  <entry>" >> $wmproxy_gacl
            echo "    <voms>" >> $wmproxy_gacl
            echo $real | grep "\*" > /dev/null 2>&1
            if [ ! $? = 0 ] ; then
              echo "      <fqan>$real/Role=NULL/Capability=NULL</fqan>" >> $wmproxy_gacl
            else
              echo "      <fqan>$real/Capability=NULL</fqan>" >> $wmproxy_gacl
            fi
            echo "    </voms>" >> $wmproxy_gacl
            echo "    <allow>" >> $wmproxy_gacl
            echo "      <exec/>" >> $wmproxy_gacl
            echo "    </allow>" >> $wmproxy_gacl
            echo "  </entry>" >> $wmproxy_gacl
          else
            real=`echo $real | sed -e 's/ROLE/Role/'`
            echo $real | grep "CAPABILITY=" > /dev/null 2>&1
            if [ ! $? = 0 ] ; then
              echo "  <entry>" >> $wmproxy_gacl
              echo "    <voms>" >> $wmproxy_gacl
              echo "      <fqan>$real/Capability=NULL</fqan>" >> $wmproxy_gacl
              echo "    </voms>" >> $wmproxy_gacl
              echo "    <allow>" >> $wmproxy_gacl
              echo "      <exec/>" >> $wmproxy_gacl
              echo "    </allow>" >> $wmproxy_gacl
              echo "  </entry>" >> $wmproxy_gacl
            fi
          fi
        fi
      fi
    done
  done

  # Dirty fix (temporary)
  mkdir -p /var/glite/wmproxy
  chown glite.glite /var/glite/wmproxy
  chown glite.glite /var/glite

  # For bug 30672, admin can define a list of DN of users in USERS_DN_WMS 
  # in site-info.def or glite-wms.pre
  if [ "x$USERS_DN_WMS" != "x" ]; then
    split_quoted_variable $USERS_DN_WMS | while read userdn
    do
      echo "  <entry>" >> $wmproxy_gacl
      echo "    <person>" >> $wmproxy_gacl
      echo "       <dn>$userdn</dn>" >> $wmproxy_gacl
      echo "    </person>" >> $wmproxy_gacl
      echo "    <allow>" >> $wmproxy_gacl
      echo "      <exec/>" >> $wmproxy_gacl
      echo "    </allow>" >> $wmproxy_gacl
      echo "  </entry>" >> $wmproxy_gacl
    done
  fi  
  echo "</gacl>" >> $wmproxy_gacl

  cat ${wmproxy_gacl} | sed  \
   -e "s/ROLE/Role/"  \
> ${wmproxy_gacl}.tmp

  mv ${wmproxy_gacl}.tmp ${wmproxy_gacl}

  if [ ! -f ${WMS_LOCATION_ETC}/lcmaps/lcmaps.db ]; then
    cp ${WMS_LOCATION_ETC}/lcmaps/lcmaps.db.template ${WMS_LOCATION_ETC}/lcmaps/lcmaps.db
  fi

  # where to look for modules 	 
  moddir=${WMS_LOCATION_USR}/lib64/lcmaps 	 
  sed -i -e "s|path =.*|path = ${moddir}|" ${WMS_LOCATION_ETC}/lcmaps/lcmaps.db

  mkdir -p $GLITE_HOME_DIR/.certs
  chown $GLITE_USER:$GLITE_USER $GLITE_HOME_DIR/.certs
  chmod 0755 $GLITE_HOME_DIR/.certs
  cp -f /etc/grid-security/hostcert.pem /etc/grid-security/hostkey.pem $GLITE_HOME_DIR/.certs/

  if [ ! $? = 0 ] ; then
    yaimlog ERROR "Please copy host certificate and key into /etc/grid-security and"
    yaimlog ERROR "  $GLITE_HOME_DIR/.certs/, change the owner of the ones in "
    yaimlog ERROR "  $GLITE_HOME_DIR/.certs/ to $GLITE_USER"
  fi

  chown $GLITE_USER:$GLITE_USER $GLITE_HOME_DIR/.certs/hostcert.pem $GLITE_HOME_DIR/.certs/hostkey.pem
  chmod 0644 $GLITE_HOME_DIR/.certs/hostcert.pem
  chmod 0400 $GLITE_HOME_DIR/.certs/hostkey.pem

  for j in ${WMS_LOCATION_VAR}/fastcgi \
           ${WMS_LOCATION_VAR}/ice \
           ${WMS_LOCATION_VAR}/jobcontrol \
           ${WMS_LOCATION_LOG} \
           ${WMS_LOCATION_VAR}/logging \
           ${WMS_LOCATION_VAR}/logmonitor \
           ${WMS_LOCATION_VAR}/proxycache \
           ${WMS_LOCATION_VAR}/workload_manager \
           ${WMS_LOCATION_VAR}/SandboxDir \
           ${WMS_LOCATION_VAR}/jobcontrol/submit \
           ${WMS_LOCATION_VAR}/jobcontrol/condorio \
           ${WMS_LOCATION_VAR}/logmonitor/CondorG.log \
           ${WMS_LOCATION_VAR}/logmonitor/CondorG.log/recycle \
           ${WMS_LOCATION_VAR}/logmonitor/internal \
           ${WMS_LOCATION_VAR}/spool/glite-renewd
  do
    mkdir -p $j
    chown $GLITE_USER:$GLITE_USER $j
    chmod 0755 $j
  done

  #The following dirs have special permission
  chmod 0773 ${WMS_LOCATION_VAR}/SandboxDir
  chmod 0771 ${WMS_LOCATION_VAR}/proxycache
  chmod 0773 ${WMS_LOCATION_VAR}/spool/glite-renewd

  chmod a+t ${WMS_LOCATION_VAR}/SandboxDir 

  # Creat the proxy for WMS first time
  su - $GLITE_USER -c "/usr/bin/grid-proxy-init -cert $GLITE_HOME_DIR/.certs/hostcert.pem -key $GLITE_HOME_DIR/.certs/hostkey.pem -valid 24:00 -out ${WMS_LOCATION_VAR}/glite/wms.proxy"  

  #Temporary solution, need to check and fix config_vomsmap
  chown root.$GLITE_USER /etc/grid-security/gridmapdir

  # Create /etc/sysconfig/globus for gridftp to use different LCMAPS_DB_FILE
  if [ -f /etc/sysconfig/globus ]; then
    grep "export LCMAPS_DB_FILE=${WMS_LOCATION_ETC}/lcmaps/lcmaps.db.gridftp" /etc/sysconfig/globus  > /dev/null 2>&1
    if [ $? != 0 ]; then
      echo "export LCMAPS_DB_FILE=${WMS_LOCATION_ETC}/lcmaps/lcmaps.db.gridftp" >> /etc/sysconfig/globus
    fi
  else
    echo "export LCMAPS_DB_FILE=${WMS_LOCATION_ETC}/lcmaps/lcmaps.db.gridftp" > /etc/sysconfig/globus
  fi

  return 0;
}
