#!/bin/bash

### Include ymclibnettools
. /usr/lib/lib-fliwi/ymc-networktools.bash

if [ $(ymc_is_chroot) -ne 0 ]; then
  echo "WARNING: $0 can not be run inside a chroot..."
  exit 0
fi

ymc_tool_name=$(basename $0)
svn_storage_dir="/data/ymc-cluster-ymc-config-server"
short_hostname=$(ymc_get_local_short_hostname)

if [ "$1" == '--deconfigure' ]; then
  echo "WARNING: Option --deconfigure is deprecated - doing nothing..."
  exit 0
elif [ "$1" == '--init' ]; then
  if [ ! -d "$svn_storage_dir" ]; then
    echo "ERROR: The svn-config-mountpoint $svn_storage_dir does not exists!" 1>&2
    exit 1
  fi

  ### Check if we already have a repository
  if [ ! -d "$svn_storage_dir/ymccluster" ]; then
    svnadmin create $svn_storage_dir/ymccluster

    ### Create a proper svnserve.conf
    echo "# Dynamic svnserve.conf (5)file for svnserve(8) generated by $ymc_tool_name" > $svn_storage_dir/ymccluster/conf/svnserve.conf
    echo "#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN" >> $svn_storage_dir/ymccluster/conf/svnserve.conf

    echo "[general]" >> $svn_storage_dir/ymccluster/conf/svnserve.conf
    echo "anon-access = none" >> $svn_storage_dir/ymccluster/conf/svnserve.conf
    echo "realm = ymc-config.cluster" >> $svn_storage_dir/ymccluster/conf/svnserve.conf
    echo "authz-db = authz" >> $svn_storage_dir/ymccluster/conf/svnserve.conf

    echo "" >> $svn_storage_dir/ymccluster/conf/svnserve.conf
    echo "[sasl]" >> $svn_storage_dir/ymccluster/conf/svnserve.conf
    echo "use-sasl = true" >> $svn_storage_dir/ymccluster/conf/svnserve.conf
    echo "min-encryption = 128" >> $svn_storage_dir/ymccluster/conf/svnserve.conf
    echo "max-encryption = 256" >> $svn_storage_dir/ymccluster/conf/svnserve.conf

    ### Empty passwd (we use sasl2 and therefor do not need it)
    echo -n "" > $svn_storage_dir/ymccluster/conf/passwd

    ### Generate a "allow anyone"-authz (we will set proper entries later on)
    echo '[/]' > $svn_storage_dir/ymccluster/conf/authz
    echo '* = rw' >> $svn_storage_dir/ymccluster/conf/authz

    ### Make a temporary checkout of the svn
    svn co file://$svn_storage_dir/ymccluster /tmp/ymccluster_temp_svn_checkout

    ### Generate a basic dir-structure
    mkdir /tmp/ymccluster_temp_svn_checkout/machines
    svn add /tmp/ymccluster_temp_svn_checkout/machines
    mkdir /tmp/ymccluster_temp_svn_checkout/shared
    svn add /tmp/ymccluster_temp_svn_checkout/shared

    ### Checkin the basic dir-structure
    svn ci -m "Basic directory-structure generated by '$ymc_tool_name'." /tmp/ymccluster_temp_svn_checkout

    ### Delete the temporary checkout
    rm -rf /tmp/ymccluster_temp_svn_checkout

    ### Now generate an initial "allow anyone"-authz
    echo '[/]' > $svn_storage_dir/ymccluster/conf/authz
    echo '* = rw' >> $svn_storage_dir/ymccluster/conf/authz

    if [ ! -d "$svn_storage_dir/auth" ]; then
      mkdir $svn_storage_dir/auth
    fi

    echo "Initialized repository at '$svn_storage_dir/ymccluster'"
    exit 0
  else
    echo "ERROR: There already seems to be a repository at '$svn_storage_dir/ymccluster'..."
    exit 1
  fi
else
  if [ ! -d "$svn_storage_dir/auth" ]; then
    echo "WARNING: Directory '$svn_storage_dir/auth' not present..."
    exit 0
  fi

  if [ ! -d "$svn_storage_dir/ymccluster" ]; then
    echo "WARNING: Directory '$svn_storage_dir/ymccluster' not present..."
    exit 0
  fi


  ### Check if we have a conf-dir
  if [ ! -d "$svn_storage_dir/ymccluster/conf" ]; then
    echo "ERROR: $svn_storage_dir/ymccluster/conf does not exists - is the repository valid?" 1>&2
    exit 1
  fi

  ### Get our password
  host_password=$(ymc_get_host_password)
  if [ $? -ne 0 ] || [ "$host_password" == '' ]; then
    ### Generate our password (we can do this easily in this package, as we are able to update svn's sasl-db)
    host_password=$(ymc_generate_new_host_password)
  fi

  ### Set our password in svn's sasl-db (overriding a possibly old one)
  echo "$host_password" | /usr/sbin/saslpasswd2 -c -f $svn_storage_dir/auth/ymc-cluster-sasl.db -u "ymc-config.cluster" $short_hostname
  if [ $? -ne 0 ]; then
    echo "ERROR: Failed to update the sasl-db at: $svn_storage_dir/auth/ymc-cluster-sasl.db" 1>&2
    exit 1
  fi

  ### Check if we have an authz-file
  ### @ToDo: Do we still need this test?
  if [ ! -f "$svn_storage_dir/ymccluster/conf/authz" ]; then
    echo "ERROR: $svn_storage_dir/ymccluster/conf/authz does not exists - is the repository valid?" 1>&2
    exit 1
  fi

  ### Update local config repository
  fliwi-config-update --service ymc-config

  ### Check if there is an authz configuration generated by the mgm host
  if [ ! -f "/ymc_config/service-ymc-config/svnserve/ymc-config.authz" ]; then
    echo "ERROR: /ymc_config/service-ymc-config/svnserve/ymc-config.authz does not exists - was it generated by the mgm host?" 1>&2
    exit 1
  fi

  ### Update local authz configuration (if needed)
  if [ "$(cat /ymc_config/service-ymc-config/svnserve/ymc-config.authz | sha1sum -)" != "$(cat $svn_storage_dir/ymccluster/conf/authz | sha1sum -)" ]; then
    cp /ymc_config/service-ymc-config/svnserve/ymc-config.authz $svn_storage_dir/ymccluster/conf/authz
  fi
fi

exit 0

