#!/usr/bin/perl -w
# Copyright (C) 2000 by Sam Hartman
# This file may be copied either under the terms of the GNU GPL or the IBM Public License
# either version 2 or later of the GPL or version 1.0 or later of the IPL.

use Term::ReadLine;
use strict;
use Debian::OpenAFS::ConfigUtils;
use Getopt::Long;
use vars qw($admin $server
	   $requirements_met  $shutdown_needed);
my $rl = new Term::ReadLine('afs-newcell');

=head1  NAME

   afs-newcell - Set up initial database server for AFS cell.

=head1 SYNOPSIS

B<afs-newcell> [B<--requirements-met>] [B<--admin> admin_user]

=head1 DESCRIPTION


This script sets up the initial AFS database and configures the first
database/file server.

The B<requirements-met> option specifies that the initial requirements
have been met and that the script can proceed without displaying the
initial banner or asking for confirmation.

The B<admin> option specifies the name of the administrative user.
This user will be given system:administrators and susers permission in
the cell.

=head1 AUTHOR

Sam Hartman <hartmans@debian.org>

=cut

# main script

GetOptions (
	    "requirements-met" => \$requirements_met, 
	    "admin=s" => \$admin);

unless ($requirements_met) {
  print <<eoreqs;
			    Prerequisites

In order to set up a new AFS cell, you must meet the following:

1) You need a working Kerberos realm with Kerberos4 support.  You
   should install Heimdal with Kth-kerberos compatibility or MIT
   Kerberos5.

2) You need to create the single-DES AFS key and load it into
   /etc/openafs/server/KeyFile.  If your cell's name is the same as
   your Kerberos realm then create a principal called afs.  Otherwise,
   create a principal called afs/cellname in your realm.  The cell
   name should be all lower case, unlike Kerberos realms which are all
   upper case.  You can use asetkey from the openafs-krb5 package, or
   if you used AFS3 salt to create the key, the bos addkey command.

3) This machine should have a filesystem mounted on /vicepa.  If you
   do not have a free partition, then create a large file by using dd
   to extract bytes from /dev/zero.  Create a filesystem on this file
   and mount it using -oloop.  

4) You will need an administrative principal created in a Kerberos
realm.  This principal will be added to susers and
system:administrators and thus will be able to run administrative
commands.  Generally the user is a root instance of some administravie
user.  For example if jruser is an administrator then it would be
reasonable to create jruser/root and specify jruser/root as the user
to be added in this script.

5) The AFS client must not be running on this workstation.  It will be
at the end of this script.

eoreqs

  $_ = $rl->readline("Do you meet these requirements? [y/n] ");
  unless (/^y/i ) {
    print "Run this script again when you meet the requirements\n";
    exit(1);
  }
	
		if ($> != 0) {
die "This script should almost always be run as root.  Use the --requirements-met option to run as non-root.\n";
}
}
open(MOUNT, "mount |") or die "Failed to run mount: $!\n";
while(<MOUNT>) {
if(m:^AFS:) {
print "The AFS client is currently running on this workstation.\n";
print "Please restart this script after running /etc/init.d/openafs-client stop\n";
exit(1);
}
}
close MOUNT;

unless ( -f "/etc/openafs/server/KeyFile") {
  print "You do not have an AFS keyfile.  Please create this using asetkey from openafs-krb5 or 
the bos addkey command";
  exit(1);
}

print "If the fileserver is not running, this may hang for 30 seconds.\n";
run("/etc/init.d/openafs-fileserver stop");
$server = `hostname`;
chomp $server;
$admin = $rl->readline("What administrative principal should be used? ") unless $admin;
 die "Please specify an administrative user\n" unless $admin;
$admin =~ s:/:.:g;
if($admin =~ /@/) {
die "The administrative user must be in the same realm as the cell and no realm may be specified.\n";
}
open(CELL, "/etc/openafs/server/ThisCell") 
  or die "Cannot open /etc/openafs/server/ThisCell: $!\n";
my $cell = <CELL>;
chomp $cell;

run( "echo \\>$cell >/etc/openafs/server/CellServDB");
run("/etc/init.d/openafs-fileserver start");
$shutdown_needed = 1;
run ("bos addhost $server $server -localauth ||true");
run("bos adduser $server $admin -localauth");
unwind("bos removeuser $server $admin -localauth");
if ( -f "/var/lib/openafs/db/prdb.DB0" ) {
  die "Protection database already exists; cell already partially created\n";
 }
open(PRDB, "|pt_util -p /var/lib/openafs/db/prdb.DB0 -w ")
or die "Unable to start pt_util: $!\n";
print PRDB "$admin 128/20 1 -204 -204\n";
print PRDB "system:administrators 130/20 -204 -204 -204\n";
print PRDB" $admin 1\n";
close PRDB;
unwind( "rm /var/lib/openafs/db/prdb* ");
# Start up ptserver and vlserver
run("bos create $server ptserver simple /usr/lib/openafs/ptserver -localauth");
unwind("bos delete $server ptserver -localauth");

run("bos create $server vlserver simple /usr/lib/openafs/vlserver -localauth");
unwind("bos delete $server vlserver -localauth");

run( "bos create $server fs fs ".
     "-cmd /usr/lib/openafs/fileserver ".
     "-cmd /usr/lib/openafs/volserver ".
     "-cmd /usr/lib/openafs/salvager -localauth");
unwind( "bos delete $server fs -localauth ");

print "Waiting for database elections: ";
sleep(30);
print "done.\n";
# Past this point we want to control when bos shutdown happens
$shutdown_needed = 0;
unwind( "bos shutdown $server -localauth ");
run("vos create $server a root.afs -localauth");
# bring up client
run("echo $cell >/etc/openafs/ThisCell");
run("/etc/init.d/openafs-client force-start");
my $afs_running = 0;
open(MOUNT, "mount |") or die "Failed to run mount: $!\n";
while(<MOUNT>) {
if(m:^AFS:) {
	$afs_running = 1;
}
	}
unless ($afs_running) {
print "*** The AFS client failed to start.\n";
print  "Please fix whatever problem kept it from running.\n";
	exit(1);
}

print <<eomsg; 
Now, get tokens as $admin in the $cell cell.  Then, run
afs-rootvol.
eomsg




@unwinds = ();
END {
# If we fail before all the instances are created, we need to perform 
# our own bos shutdown
    system("bos shutdown $server -localauth") if $shutdown_needed;
  run(pop @unwinds) while @unwinds;
  }
