#!/bin/bash
#
# sccl_create_cluster
#
# CA fuer das SCCL-Cluster anlegen
# und u2w-Admin-Kennwort festlegen
#######################################################
#
if [ -d /var/lock/subsys ]
 then
  lockfile=/var/lock/subsys/sccl_cluster
else
  lockfile=''
fi
#
cd ${0%/*}
if [[ $PWD != */bin ]]
 then
  cd bin
fi
#
unset PASSWORD FORCE GENPWD CLUSTER PWDCMD FQDN
HNFLAG='-s'
while getopts c:lFp:P-: op
 do
  case "$op" in
   c) CLUSTER="$OPTARG";;
   F) FQDN='-F'
      HNFLAG='-f';;
   p) PASSWORD="-passin pass:$OPTARG"
      PASSWORDOUT="-passout pass:$OPTARG"
      PWDCMD="-p $OPTARG";;
   P) GENPWD=1;;
   -) case "$OPTARG" in
       force) FORCE=1;;
        *) echo "usage: $0 [--force] [-F] [-p <CA-KEY-PWD>|-P] [-c <Cluster Name>]"
           exit 1;;
      esac;;
   *) echo "usage: $0 [--force] [-F] [-p <CA-KEY-PWD>|-P] [-c <Cluster Name>]"
      exit 1;;
  esac
done
#
shift $(( $OPTIND - 1))
#
#
if [[ -f /etc/sccl/sccl.conf && -z "$FORCE" ]]
 then
  echo "Das Cluster ist schon konfiguriert."
  echo "Zur Neuinitialisierung"
  echo "$0 --force $*"
  exit 1
fi
#
if [[ -z "$CLUSTER" ]]
 then
  echo -n "Name des Clusters? "
  read CLUSTER
  echo
fi
#
THISNODE=`hostname $HNFLAG | tr '[:upper:]' '[:lower:]'`
#
if [[ -z "$CLUSTER" || -z "$THISNODE" ]]
 then
  echo "Kein Clustername eingegeben oder der Hostname kann nicht bestimmt werden."
  exit 1
fi
#
sed "s/SETCLUSTER/$CLUSTER/;s/SETNODES/\"$THISNODE\"/" /etc/sccl/sccl.conf.template >/etc/sccl/sccl.conf
#
U2WPWDDAT=`awk -F ' *= *' '$1 == "U2WPWDDAT" {print $2}' /etc/sccl/sccl.conf`
#
tr -dc '0-9!@#%a-zA-Z_' </dev/urandom | head -c20 >/etc/sccl/adminpwd.dat
chgrp sccl /etc/sccl/adminpwd.dat
chmod 640 /etc/sccl/adminpwd.dat
tr -dc '0-9!@#%a-zA-Z_' </dev/urandom | head -c20 >/etc/sccl/userpwd.dat
chmod og+r /etc/sccl/userpwd.dat
u2w_passwd -p "$(</etc/sccl/adminpwd.dat)" $U2WPWDDAT admin
u2w_passwd -p "$(</etc/sccl/userpwd.dat)" $U2WPWDDAT user
if [[ ! -d /etc/sccl/certs/private ]]
 then
  mkdir -pm 755 /etc/sccl/certs/private
else
  rm /etc/sccl/certs/private/* 2>/dev/null
fi
#
if [[ ! -d /etc/sccl/certs/certs ]]
 then
  mkdir -m 755 /etc/sccl/certs/certs
else
  rm /etc/sccl/certs/certs/* 2>/dev/null
fi
#
#
. /etc/sccl/certs.conf
. /etc/sccl/sccl.conf
#
if [[ -n "$GENPWD" ]]
 then
  tr -dc '0-9!@#%a-zA-Z_' </dev/urandom | head -c20 >/etc/sccl/capwd.dat
  chmod og-rwx /etc/sccl/capwd.dat
  PASSWORD="-passin pass:$(</etc/sccl/capwd.dat)"
  PASSWORDOUT="-passout pass:$(</etc/sccl/capwd.dat)"
  PWDCMD="-P /etc/sccl/capwd.dat"
else
  echo "Private-Key fuer die CA-Erstellung. Wichtig: Kennwort merken!"
fi
#
openssl genrsa -aes256 $PASSWORDOUT -out /etc/sccl/certs/private/${CLUSTER}-cakey.pem 2048
#
echo
echo
echo "Selbstcertifizierte CA anlegen."
echo
openssl req -new -x509 -days 3650 -batch -subj "/C=$DE/ST=$STATE/L=$CITY/O=$COMPANY/OU=$OU/CN=CA-$CLUSTER/emailAddress=$EMAIL" $PASSWORD -key /etc/sccl/certs/private/${CLUSTER}-cakey.pem -out /etc/sccl/certs/${CLUSTER}-ca.pem -set_serial 1
#
touch /etc/sccl/certs/index.txt
echo 01 >/etc/sccl/certs/serial
#
echo
echo
echo "Nun koennen die Zertikikate fuer die Clusterknoten angelegt werden."
echo "Fuer die Zertifikate wird das Kennwort benoetigt. Bitte notieren."
#
`dirname $0`/sccl_add_node $PWDCMD -l $THISNODE
#
[[ -x /etc/init.d/unix2web ]] && /etc/init.d/unix2web restart sccl
[[ -z "$lockfile" ]] || touch "$lockfile"
