#!bin/bash
#Refs:
#https://twiki.grid.iu.edu/bin/view/Documentation/Release3/InstallGums
#http://home.fnal.gov/~weigand/weigand/www/gums/upgrade.html

#steps 3, 4, 9 and 11 are for setting on/off a temporary gums automatically while replacing gums
GUMSSERVER=my-prod-gums
TEMPGUMS=my-temp-gums
CESERVER=my-ce-gatekeeper
SESERVER=my-se-bestman
#make sure TABLEFROMPACMAN,GUMSCONFIGPACMAN are the same as in UpgradeGumsFromPacman.sh/UpgradeGumsFromPacman2.sh
TABLEFROMPACMAN=/path/to/pacman/backup/gums/gums_1_3.sql
GUMSCONFIGPACMAN=/path/to/pacman/backup/gums/gums.config_pacman
GUMSOLDHOME=/vdt/path/install/gums
UPGRADESCRIPT=/path/to/pacman/backup/gums/UpgradeGumsFromPacman2.sh

#1.Backup database from pacman gums
ssh $GUMSSERVER "source $GUMSOLDHOME/setup.sh; mysqldump GUMS_1_3 > $TABLEFROMPACMAN"

#2.Backup gums.config from pacman gums
ssh $GUMSSERVER "cp -p $GUMSOLDHOME/vdt-app-data/gums/config/gums.config $GUMSCONFIGPACMAN"

#3. Set temporary gums (already has installed certs in /etc/grid-security/http belong to tomcat)
#3.1 Make sure mysql and tomcat users exist ahead of time (save troubles mainly rocks 5.5)
ssh $TEMPGUMS "/usr/sbin/groupadd -g 91 tomcat"
ssh $TEMPGUMS "/usr/sbin/useradd -u 91 -g 91 -c \"Tomcat\" -s /bin/sh -d -m /usr/share/tomcat5"
ssh $TEMPGUMS "/usr/sbin/groupadd -g 27 mysql"
ssh $TEMPGUMS "/usr/sbin/useradd -u 27 -g 27 -c \"MySQL Server\" -s /bin/bash -d -m /usr/lib/mysql"
#3.1 install gums (repo is already installed)
ssh $TEMPGUMS "$UPGRADESCRIPT"
ssh $TEMPGUMS "/etc/init.d/tomcat5 start"

#4.Set gatekeeper and bestman to point to temporary gums.
ssh $CESERVER "sed -i -e \"s@$GUMSSERVER@$TEMPGUMS@\" /etc/gums/gums-client.properties"
ssh $CESERVER "sed -i -e \"s@$GUMSSERVER@$TEMPGUMS@\" /etc/lcmaps.db"
ssh $SESERVER "sed -i -e \"s@$GUMSSERVER@$TEMPGUMS@\" /etc/lcmaps.db"

#5.Turn off pacman gums
#ssh $GUMSSERVER "source $GUMSOLDHOME/setup.sh; vdt-control --off"
#5.1 In case want to deal with certs first
ssh $GUMSSERVER "source $GUMSOLDHOME/setup.sh; vdt-control --off fetch-crl"
ssh $GUMSSERVER "source $GUMSOLDHOME/setup.sh; vdt-control --off vdt-update-certs"

#6.Break certificate link used for pacman
ssh $GUMSSERVER "mv /etc/grid-security/certificates /etc/grid-security/certificates-pacman"

#7.Install certificates rpm
ssh $GUMSSERVER "yum install osg-ca-certs"
ssh $GUMSSERVER "yum install fetch-crl"
ssh $GUMSSERVER "yum install osg-ca-certs-updater"
ssh $GUMSSERVER "/sbin/service fetch-crl-cron start"
ssh $GUMSSERVER "/sbin/service fetch-crl-boot start"
ssh $GUMSSERVER "/sbin/service osg-ca-certs-updater-cron start"
ssh $GUMSSERVER "chkconfig fetch-crl-cron on"
ssh $GUMSSERVER "chkconfig fetch-crl-boot on"
ssh $GUMSSERVER "chkconfig osg-ca-certs-updater-cron on"


#7.1 in case not turned off completely already (if skipped 5)
ssh $GUMSSERVER "source $GUMSOLDHOME/setup.sh; vdt-control --off"

#8.Install gums rpm (permanent location)
ssh $GUMSSERVER "$UPGRADESCRIPT"
ssh $GUMSSERVER "/var/lib/trustmanager-tomcat/configure.sh"
ssh $GUMSSERVER "chown -R tomcat /etc/grid-security/http"
ssh $GUMSSERVER "chkconfig mysqld  on"
ssh $GUMSSERVER "chkconfig tomcat5  on"
ssh $GUMSSERVER "/etc/init.d/tomcat5 start"

#9.Set gatekeeper and bestman to point back to gums server.
ssh $CESERVER "sed -i -e \"s@$TEMPGUMS@$GUMSSERVER@\" /etc/gums/gums-client.properties"
ssh $CESERVER "sed -i -e \"s@$TEMPGUMS@$GUMSSERVER@\" /etc/lcmaps.db"
ssh $SESERVER "sed -i -e \"s@$TEMPGUMS@$GUMSSERVER@\" /etc/lcmaps.db"

#10.Configure secure mysql interactively
#ssh $GUMSSERVER
#/usr/bin/mysql_secure_installation
#exit

#11.turn of temp server
ssh $TEMPGUMS "/etc/init.d/tomcat5 stop"