#!/bin/bash
#
# sccl_create_cluster
#
# CA fuer das SCCL-Cluster anlegen
# und u2w-Admin-Kennwort festlegen
#######################################################
#
if [[ -d /var/lock/subsys ]]; then
  lockfile=/var/lock/subsys/sccl_cluster
else
  lockfile=''
fi
#
cd ${0%/*}
if [[ $PWD != */bin ]]; then
  cd bin
fi
#
MYPRG="sccl ${0##*/sccl_}"
#
unset CAPWD FORCE GENPWD CLUSTER FQDN
HNFLAG='-s'
while getopts c:lFp:P-: op; do
  case "$op" in
   c) CLUSTER="$OPTARG";;
   F) FQDN='-F'
      HNFLAG='-f';;
   p) CAPWD="$OPTARG";;
   P) GENPWD=1;;
   -) case "$OPTARG" in
       force) FORCE=1;;
        *) echo "usage: $MYPRG [--force] [-F] [-p <CA-KEY-PWD>|-P] [-c <Cluster Name> | <Cluster Name>]"
           exit 1;;
      esac;;
   *) echo "usage: $MYPRG [--force] [-F] [-p <CA-KEY-PWD>|-P] [-c <Cluster Name> | <Cluster Name>]"
      exit 1;;
  esac
done
#
shift $(( $OPTIND - 1))
#
#
if [[ -f /etc/sccl/sccl.conf ]]; then
  if [[ -z "$FORCE" ]]; then
    echo "Das Cluster ist schon konfiguriert."
    echo "Zur Neuinitialisierung"
    echo "$0 --force $*"
    exit 1
  fi
  BASEDIR='/etc/sccl'
  mkdir -p $BASEDIR/old
  rm -r $BASEDIR/old/* 2>/dev/null
  mv $BASEDIR/sccl.conf $BASEDIR/certs $BASEDIR/old
  [[ -f $BASEDIR/capwd.dat ]] && mv $BASEDIR/capwd.dat $BASEDIR/old
fi
#
if [[ -z "${CLUSTER=$1}" ]]; then
  echo -n "Name des Clusters? "
  read CLUSTER
  echo
fi
#
THISNODE=`hostname $HNFLAG | tr '[:upper:]' '[:lower:]'`
#
if [[ -z "$CLUSTER" || -z "$THISNODE" ]]; then
  echo "Kein Clustername eingegeben oder der Hostname kann nicht bestimmt werden."
  exit 1
fi
#
sed "s/SETCLUSTER/$CLUSTER/;s/SETNODES/\"$THISNODE\"/" /etc/sccl/sccl.conf.template >/etc/sccl/sccl.conf
#
U2WPWDDAT=`awk -F ' *= *' '$1 == "U2WPWDDAT" {print $2}' /etc/sccl/sccl.conf`
#
tr -dc '0-9!@%a-zA-Z_,.;:+-' </dev/urandom 2>/dev/null | head -c20 >/etc/sccl/adminpwd.dat
chgrp sccl /etc/sccl/adminpwd.dat
tr -dc '0-9!@%a-zA-Z_,.;:+-' </dev/urandom 2>/dev/null | head -c20 >/etc/sccl/localadminpwd.dat
chgrp sccl /etc/sccl/localadminpwd.dat
chmod 640 /etc/sccl/adminpwd.dat /etc/sccl/localadminpwd.dat
tr -dc '0-9!@%a-zA-Z_,.;:+-' </dev/urandom 2>/dev/null | head -c20 >/etc/sccl/userpwd.dat
chmod og+r /etc/sccl/userpwd.dat
u2w_passwd -p "$(</etc/sccl/adminpwd.dat)" $U2WPWDDAT admin
u2w_passwd -p "$(</etc/sccl/localadminpwd.dat)" $U2WPWDDAT localadmin
u2w_passwd -p "$(</etc/sccl/userpwd.dat)" $U2WPWDDAT user
[[ -d /etc/sccl/certs ]] || mkdir -m 755 /etc/sccl/certs
if [[ ! -d /etc/sccl/certs/private ]]; then
  mkdir -m 750 /etc/sccl/certs/private
else
  rm /etc/sccl/certs/private/* 2>/dev/null
fi
#
if [[ ! -d /etc/sccl/certs/certs ]]; then
  mkdir -m 755 /etc/sccl/certs/certs
else
  rm /etc/sccl/certs/certs/* 2>/dev/null
fi
#
#
. /etc/sccl/certs.conf
. /etc/sccl/sccl.conf
#
if [[ -n "$GENPWD" ]]; then
  tr -dc '0-9!@%a-zA-Z_,.;:+-' </dev/urandom 2>/dev/null | head -c20 >/etc/sccl/capwd.dat
  chmod og-rwx /etc/sccl/capwd.dat
  CAPWD="$(</etc/sccl/capwd.dat)"
  PWDDAT="/etc/sccl/capwd.dat"
else
  [[ -f /etc/sccl/capwd.dat ]] && rm /etc/sccl/capwd.dat
  echo "Private-Key fuer die CA-Erstellung. Wichtig: Kennwort merken!"
fi
#
if [[ -n "$CAPWD" ]]; then
  openssl genrsa -aes256 -passout "pass:$CAPWD" -out /etc/sccl/certs/private/${CLUSTER}-cakey.pem 2048
else
  openssl genrsa -aes256 -out /etc/sccl/certs/private/${CLUSTER}-cakey.pem 2048
fi
#
echo
echo
echo "Selbstcertifizierte CA anlegen."
echo
if [[ -n "$CAPWD" ]]; then
  openssl req -new -x509 -days 3650 -batch -subj "/C=$DE/ST=$STATE/L=$CITY/O=$COMPANY/OU=$OU/CN=CA-$CLUSTER/emailAddress=$EMAIL" -passin "pass:$CAPWD" -key /etc/sccl/certs/private/${CLUSTER}-cakey.pem -out /etc/sccl/certs/${CLUSTER}-ca.pem -set_serial 1
else
  openssl req -new -x509 -days 3650 -batch -subj "/C=$DE/ST=$STATE/L=$CITY/O=$COMPANY/OU=$OU/CN=CA-$CLUSTER/emailAddress=$EMAIL" -key /etc/sccl/certs/private/${CLUSTER}-cakey.pem -out /etc/sccl/certs/${CLUSTER}-ca.pem -set_serial 1
fi
chmod 444 /etc/sccl/certs/${CLUSTER}-ca.pem
#
touch /etc/sccl/certs/index.txt
echo 01 >/etc/sccl/certs/serial
#
echo
#
if [[ -n "$PWDDAT" ]]; then
  ./sccl_add_node -P $PWDDAT -l $THISNODE
elif [[ -n "$CAPWD" ]]; then
  ./sccl_add_node -p "$CAPWD" -l $THISNODE
else
  ./sccl_add_node -l $THISNODE
fi
#
[[ -x /etc/init.d/unix2web ]] && /etc/init.d/unix2web restart /etc/unix2web/sccl.conf.service
[[ -z "$lockfile" ]] || touch "$lockfile"
