#!/bin/sh
#
# Author: Alf Wachsmann <alfw@SLAC.Stanford.edu>
# Last modified: Apr 26, 2001
#                Jun 08, 2001, <alfw>: adapted to RedHat7.1
#                Jun 11, 2001, <alfw>: sshd stopping; /usr/local
#                Jun 12, 2001, <alfw>: added the tty stuff for "lynx ...| sh"
#                Aug 22, 2001, <alfw>: added "" (= CR) as valid YES answer
#                Mar 10, 2009, <ksa and dgs>: RHEL5 support
#
# Purpose: make Unix post-install easy by just typing
#          elinks -source http://www/comp/unix/linux/go-taylor | sh
#

PATH="/bin:/usr/bin:/sbin:/usr/sbin"; export PATH

# if the system has a badly skewed clock; we cannot configure it
# due to various security and network protocols which require an
# accurate clock.   --ksa, Oct 27, 2011.
rdate -s ntp1
hwclock --systohc

# for taylor log and diffs files:
mkdir -p /var/adm/taylor/logs
mkdir -p /var/adm/taylor/diffs

# Set up log file
# Protect against things started by this script or taylor that keep the
# pipe to stdout open.  A tee would hang.
logfile=/var/adm/taylor/logs/install
if [ -e "$logfile" ]; then
    mv $logfile ${logfile}.orig.$$
    touch "$logfile"
else
    printf "\n\n\n\n\n\n\n\n\n\n" >> "$logfile"
fi

# tail the logfile in the background so we can see what's going on
# (and arrange to kill the tail when we're done)
tail -f "$logfile" &
pid=$!
kill_tail() {
    kill $pid > /dev/null 2>&1
    return
}
trap kill_tail EXIT INT QUIT TERM

# Redirect STDOUT and STDERR to our logfile
exec >> "$logfile" 2>&1
printf "=== Begin go-taylor run - `/bin/date` ===\n"

# For debugging
#set -x

if [ "`uname -s`" != "Linux" ] ; then
  echo 'This can only be run on Linux!'
  exit 1
fi

# create /etc/taylor.opts if it does not already exist
if ! test -f /etc/taylor.opts; then
	echo usrlocal=scs > /etc/taylor.opts
fi

if grep -q usrlocal=local /etc/taylor.opts 2>/dev/null; then
     echo "usrlocal=local"
else
     mv /usr/local `mktemp -d /usr/local.XXXXXXXXXX` 2>/dev/null
fi

#if [ -d /usr/local ] ; then
#   printf "Do you want to use the SCS centrally maintained /usr/local? [y/n]: "
#   # Our STDIN is from a pipe, so must read from parent's STDIN:
#   read USRLOCAL < /proc/$PPID/fd/0
#   if [ "$USRLOCAL" = "y" -o "$USRLOCAL" = "Y" -o "$USRLOCAL" = "" ] ; then
#     # mv /usr/local /usr/local.orig.$$
#     mv /usr/local `mktemp -d /usr/local.XXXXXXXXXX`
#     echo 'usrlocal=scs' >> /etc/taylor.opts
#   fi
#fi


# Construct base AFS sysname
kernversion=`uname -r | cut -d- -f1 | cut -d. -f1,2 | tr -d .`
platform=`uname -i`
[ "$platform" = "x86_64" ] && platform="amd64"
sys="${platform}_linux${kernversion}"


# Change this to your checked out taylor for testing:
taylordir='/afs/slac.stanford.edu/package/taylor/prod'

# get around some RedHat7.1 problems:
for i in ipchains iptables; do
  [ -f /etc/rc.d/init.d/$i ] && /etc/rc.d/init.d/$i stop
done
if ! ypwhich 2> /dev/null ; then
  /etc/rc.d/init.d/ypbind stop

  # make sure rpcbind (portmapper) is running
  if grep 'release 6' /etc/redhat-release >/dev/null; then
     /sbin/service rpcbind restart
  fi

  if ! grep -q slac /etc/yp.conf ; then
    [ -e /etc/yp.conf.ORIG ] || mv /etc/yp.conf /etc/yp.conf.ORIG
    cat > /etc/yp.conf <<EOF
ypserver nis1.slac.stanford.edu
ypserver nis2.slac.stanford.edu
ypserver nis3.slac.stanford.edu
ypserver nis4.slac.stanford.edu
EOF
  fi
  domainname slac.slac.stanford.edu
  /etc/rc.d/init.d/ypbind start
  sleep 1; ypwhich
fi

# make sure /etc/resolv.conf is correct.
#  -- does this config work on all subnets
#     where RH is built??
cp /etc/resolv.conf /etc/resolv.conf.save.$$
cat > /etc/resolv.conf <<EOF
domain		slac.stanford.edu
search		slac.stanford.edu
 
nameserver  134.79.110.9
nameserver  134.79.110.73
EOF
chmod 0644 /etc/resolv.conf


# taylor cannot handle all cases where an sshd is running
# /etc/rc.d/init.d/sshd stop


# ---------------------------
# if grep 'release 5' /etc/redhat-release >/dev/null; then
# if grep 'release 6' /etc/redhat-release >/dev/null; then

# disable selinux and iptables by default.
#
# disable libvirtd by default.  libvirtd (if enabled) will start some
# iptables rules, which may be unexpected and unwanted...  --ksa 1/18/12
setenforce 0
sed -i -e 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
/sbin/service iptables stop
/sbin/chkconfig iptables off
/sbin/service libvirtd stop
/sbin/chkconfig libvirtd off

if grep 'release 6' /etc/redhat-release >/dev/null; then
# define packages that can be installed next to each other with multiple versions.
# this is needed in order to have multiple kernels and kmod-openafs RPMs installed
# side by side.
cat >> /etc/yum.conf << eof
#
installonlypkgs=kernel,kernel-bigmem,kernel-enterprise,kernel-smp,kernel-debug,kernel-unsupported,kernel-source,kernel-devel,kernel-PAE,kernel-PAE-debug,kmod-openafs
eof
fi

# Install taylor root ssh key
mkdir -p /root/.ssh
chmod 700 /root/.ssh
cat << EOF >> /root/.ssh/authorized_keys
from="*.slac.stanford.edu" ssh-dss AAAAB3NzaC1kc3MAAACBALJJPYxvu27p1CrPEP3GmD2tjZ3HUbByP4W4n2taUVs01ODYBzyc9RvnW9ONtaEzomoRbtmrw217sDPxTYytyaSa+lyPZLCVs6oXb8mvpoisKe/ipq+B1fRcUNLiOJMiElBwLec4F+6cB/CspcdHRSS/iIlHAONYX+qLvA+zPXFBAAAAFQD6Qsaf7kKGeCHa2mtiZKtJGQSFdQAAAIAdgc3E6eWyQSgCkd9shFih3mWsEz1Xwfu2SAyU48KreYu7b+82MCZsvlhn4725C5CfkLW8t2/e4gKUDQ/b1W0Umyo6lJVayn7O5GeRmQeEG0pdUkli5pgOQ/mI1B3HsZ4YqlGzBb7r6adF1UNOgxf7lDMnwexllfxf76xDg7i9IwAAAIEAk1A3gun7OHgqSKtQ31nw5xZ4xaU0gm9zmYV7TKJYOmhmQkcvB/ZfdAI+gT/ge2cyRsrBe6AMb1yJ8zjYx+WyULqE6vVXYp8JL6+PkFo8NKxjko+hKkwWmhQtPKeusBo4DrmaCitMo2YwJlb3d7oYN2XQcORlfTMHZwlaNdtxw1U= Taylor Root SSH Key
EOF
chmod 600 /root/.ssh/authorized_keys

mkdir -p /usr/vice/etc/
echo "slac.stanford.edu slac" > /usr/vice/etc/CellAlias
echo "slac.stanford.edu"      > /usr/vice/etc/ThisCell

# elinks -source https://rhupdate1.slac.stanford.edu/pub/bootstrap/bootstrap-rhn-slac.sh | sh
# elinks -source https://satellite1.slac.stanford.edu/pub/bootstrap/bootstrap.sh | sh

# RHN registration  fails with dbus_bindings.DBusException in
# RHEL5.4 and Satellite server >= 5.3 
# https://access.redhat.com/kb/docs/DOC-22592
if grep 'release 5.4' /etc/redhat-release  >/dev/null; then
	service messagebus start
	service haldaemon start
fi


wget --no-check-certificate -O- https://satellite1.slac.stanford.edu/pub/bootstrap/bootstrap.sh | sh

yum -y install ypbind yp-tools bind telnet ntp

if grep 'release 6' /etc/redhat-release >/dev/null; then

	yum -y install ntpdate yum-utils

	# taylor requires 32 bit glibc. RT 399111
  	yum -y install glibc.i686  

	# 2.6.32-131.17.1.el6 kernel is needed for current version of kmod-openafs.
	# RHEL6.2 install kernel is newer than this version, so we have to forcefully
	# install this older kernel just for the RPM dependency for kmod-openafs.
	# use '--noscripts' so it cannot become the default boot kernel, even though
	# it shouldn't if there are any kernel updates since the boot kernel.
	# appropriate arch will be picked automatically.
#	mkdir /tmp/kernel
#       yumdownloader --destdir /tmp/kernel kernel-2.6.32-131.17.1.el6
#	rpm -ivh --oldpackage --noscripts /tmp/kernel/kernel-2.6.32-131.17.1.el6*rpm
fi

if grep 'release 5' /etc/redhat-release >/dev/null; then
# Don't use <<- with tabs because then cut and paste will not work.
cat > /etc/yum.repos.d/openafs-stanford.repo << EOF
[openafs-stanford]
name=openafs stanford
enabled=1
gpgcheck=1
baseurl=http://yum.slac.stanford.edu/mrepo/stanford-EL5-openafs-1.6.1-\$basearch/RPMS.updates
gpgkey=http://yum.slac.stanford.edu/mrepo/RPM-GPG-KEY.stanford.txt
EOF
fi

if grep 'release 6' /etc/redhat-release >/dev/null; then
# Don't use <<- with tabs because then cut and paste will not work.
cat > /etc/yum.repos.d/openafs-stanford.repo << EOF
[openafs-stanford]
name=openafs stanford
enabled=1
gpgcheck=1
baseurl=http://yum.slac.stanford.edu/mrepo/stanford-EL6-openafs-1.6.1-\$basearch/RPMS.updates
gpgkey=http://yum.slac.stanford.edu/mrepo/RPM-GPG-KEY.stanford.txt
EOF
fi


list="kmod-openafs openafs openafs-client openafs-krb5 openafs-compat"
uname -r | grep PAE  &&  list="kmod-openafs-PAE openafs openafs-client openafs-krb5 openafs-compat"
# yum clean all required in some situations
yum clean all

# Need to install kmod-openafs specific to RHEL6.3 install kernel,
# because the latest module in kmod-openafs will not load.  ksa 17 Jan 2013.
if grep 'release 6' /etc/redhat-release >/dev/null; then
   yum -y install kmod-openafs-1.6.1-1.2.6.32_`uname -r | sed -e 's/^.*-//'`
fi

yum -y install $list

if grep 'release 5' /etc/redhat-release >/dev/null; then
	if [ $? -ne 0 ]
	then
		tmpd=$(mktemp -d -p /var/tmp afs.XXXXXX)
		#echo $tmpd
		hp=$(uname -i)
	#	for p in kmod-openafs openafs openafs-client openafs-krb5 openafs-compat
		for p in $list
		do
			pinfo=$(mktemp -p $tmpd $p.XXXXXX)
			yum info $p > $pinfo
			arch=$(awk '/^Arch/ {print $NF}' < $pinfo)
			vers=$(awk '/^Version/ {print $NF}' < $pinfo)
			rel=$(awk '/^Release/ {print $NF}' < $pinfo)
			pkg="$p-$vers-$rel.$arch.rpm"
			#echo $pkg
			curl http://dl.openafs.org/dl/openafs/1.4.11/rhel5/$hp/$pkg -o $tmpd/$pkg
		done
		rpm -ivh --nodeps $tmpd/*.rpm
	fi
fi

kmod=$(rpm -ql kmod-openafs | awk '/openafs\.ko$/ {print $0}')
uname -r | grep PAE  &&  kmod=$(rpm -ql kmod-openafs-PAE | awk '/openafs\.ko$/ {print $0}')

for d in $(echo /lib/modules/*)
do
	if [ ! -f $d/extra/openafs/openafs.ko ]
	then
		mkdir -p $d/extra/openafs
		cp -v $kmod $d/extra/openafs/.
		echo depmod $(basename $d)
		depmod $(basename $d)
	fi
done


# for backwards compatibility with taylor's perl
# 32 bit RHEL5 are i386, RHEL6 is i686
if grep 'release 5' /etc/redhat-release >/dev/null; then
	yum -y install 'compat*' 'compat*i386' pam_krb5
else
	yum -y install 'compat*' 'compat*i686' pam_krb5
fi

# install openafs rpms before upgrading the kernel
# to avoid getting a "too new" kernel installed
if grep 'release 6' /etc/redhat-release >/dev/null; then
	yum -y upgrade
fi

/etc/rc.d/init.d/openafs-client start

# this does not play well with taylor
chkconfig NetworkManager off

# Tell taylor that it's OK to adjust/fix the afs cache size
# see taylor's base/PARTS/afs_cache PART.
[ -d '/usr/vice/etc' ] || mkdir -p /usr/vice/etc/
touch /usr/vice/etc/.fix.cache.size

# ---------------------------
# old RHEL4 stuff no longer relevent
# ---------------------------
# else
# 	# is AFS already available?
# 	if [ ! -d $taylordir ] ; then
# 	  # is the mountpoint already there?
# 	  if [ ! -d /mnt/afs/slac.stanford.edu ] ; then
# 	    mkdir -p /mnt/afs/slac.stanford.edu
# 	  fi
# 	  # is the "slac" symlink already there?
# 	  if [ ! -e /mnt/afs/slac ] ; then
# 	    ln -s /mnt/afs/slac.stanford.edu /mnt/afs/slac
# 	  fi
# 	  # is AFS-NFS translator already mounted?
# 	  if ! /bin/mount | grep -q afsnfs ; then
# 	    mount afsnfs2:/afs/slac.stanford.edu /mnt/afs/slac.stanford.edu
# 	  fi
# 	  # whatever /afs is, move it
# 	  if [ -e /afs ] ; then
# 	    mv /afs /afs.orig.$$
# 	  fi
# 	  # and make it a link to NFS mounted AFS
# 	  ln -s /mnt/afs /afs
# 	  # set @sys so "/afs/slac.stanford.edu/local > @sys/usr/local" works
# 	  echo afsnfs2 > /.AFSSERVER
# 	  /afs/slac.stanford.edu/$sys/usr/afsws/bin/fs sysname -newsys $sys
# 	fi
# fi

# run taylor
cd "$taylordir"
taylorcmd="./taylor"
perlcmd="/afs/slac.stanford.edu/package/perl/5.8.8/i386_linux24/bin/perl5.8.8"

printf "\n=== Begin taylor everything) ===\n"

# fix afs sysname, then run taylor everything
$taylorcmd -sys $sys afs-config
$taylorcmd everything


# Return to home directory so we can unmount afsnfs2
cd

[ -f /.AFSSERVER ] && rm /.AFSSERVER

printf "\n=== End of go-taylor run ===\n"

# ask for a clean-up reboot
printf "\n\n\n"
printf "  +--------------------------------------------------------------+\n"
printf "  | If the go-taylor run produced any serious errors             |\n"
printf "  | (usually printed in red) you might want to investigate them. |\n"
printf "  |                                                              |\n"
printf "  | When you are done, please reboot the system one more time.   |\n"
printf "  +--------------------------------------------------------------+\n"


sleep 1 && kill_tail
trap - EXIT INT QUIT TERM

# unmount AFS-NFS translator
/bin/umount /mnt/afs/slac.stanford.edu 2>/dev/null