#!/bin/bash
#
# luci - Luci high availability management application init script
#
# chkconfig: - 25 78
# description: Starts and stops luci
#
#
### BEGIN INIT INFO
# Provides:     luci
# Required-Start:   $network $time
# Required-Stop:    $network $time
# Default-Start:
# Default-Stop:
# Short-Description:    Starts and stops luci
# Description:      Starts and stops the luci high availability management application
### END INIT INFO

PATH="/bin:/usr/bin:/sbin:/usr/sbin:/usr/sbin"

# Defaults for luci. These can be overridden by the contents of 
# /etc/sysconfig/luci (or /etc/default/luci on deb-based distributions)
LUCI_USER=luci
LUCI_GROUP=luci

LUCI_HTTPS_PORT=8084

LUCI_DATA_DIR="/var/lib/luci"
LUCI_CONF_DIR="/var/lib/luci/etc"
LUCI_LOG_DIR="/var/log/luci"
LUCI_CERT_DIR="$LUCI_DATA_DIR/certs"

LUCI_CONFIG_FILE="$LUCI_CONF_DIR/luci.ini"
LUCI_DB_FILE="$LUCI_DATA_DIR/data/luci.db"
LUCI_PID_FILE="$LUCI_DATA_DIR/data/luci.pid"
LUCI_PASTER_LOG="$LUCI_LOG_DIR/luci.log"

LUCI_CERT_CONFIG="$LUCI_CONF_DIR/cacert.config"
LUCI_CERT_PRIV="$LUCI_CERT_DIR/privkey.pem"
LUCI_CERT_PUB="$LUCI_CERT_DIR/cacert.pem"
LUCI_CERT_PEM="$LUCI_CERT_DIR/host.pem"
LUCI_CERT_KEY_LIFE_DAYS='1825'
LUCI_CERT_KEY_BITS='2048'


LUCI_MAX_WAIT=30

if [ -d /etc/sysconfig ]; then
    [ -f /etc/sysconfig/luci ] && . /etc/sysconfig/luci
elif [ -d /etc/default ]; then
    [ -f /etc/default/luci ] && . /etc/default/luci
fi

# Must be either root or the luci user to run this
[ -w /var/lib/luci ] || exit 4

# Create the luci database if luci has not previously run (or the database
# has disappeared).
luci_init() {
    if [ ! -f "$LUCI_CERT_PRIV" ]; then
        /usr/bin/openssl genrsa -out "$LUCI_CERT_PRIV" "$LUCI_CERT_KEY_BITS" >&/dev/null
        if [ $? -ne 0 ] ; then
            rm -f -- "$LUCI_CERT_PRIV" >& /dev/null
            echo "Unable to generate the luci private certificate file."
            return 1
        fi
        chmod 600 "$LUCI_CERT_PRIV"
        chown $LUCI_USER:$LUCI_GROUP "$LUCI_CERT_PRIV"
        if [ $? -ne 0 ]; then
            echo "Unable to change ownership of the luci private certificate file."
            rm -f -- "$LUCI_CERT_PRIV" >& /dev/null
            return 1
        fi
    fi

    if [ ! -f "$LUCI_CERT_PUB" ]; then
        /usr/bin/openssl req -new -x509 -key "$LUCI_CERT_PRIV" -out "$LUCI_CERT_PUB" -days "$LUCI_CERT_KEY_LIFE_DAYS" -set_serial "$(/bin/date +%s)" -config "$LUCI_CERT_CONFIG"
        if [ $? -ne 0 ]; then
            rm -f -- "$LUCI_CERT_PUB" >& /dev/null
            echo "Unable to generate the luci public certificate file."
            return 1
        fi

        chmod 600 "$LUCI_CERT_PUB"
        chown $LUCI_USER:$LUCI_GROUP "$LUCI_CERT_PUB"
        if [ $? -ne 0 ]; then
            rm -f -- "$LUCI_CERT_PUB" >& /dev/null
            echo "Unable to change ownership of the luci public certificate file."
            return 1
        fi
    fi

    if [ ! -f "$LUCI_CERT_PEM" ]; then
      	cat $LUCI_CERT_PRIV $LUCI_CERT_PUB > $LUCI_CERT_PEM
        if [ $? -ne 0 ]; then
            rm -f -- "$LUCI_CERT_PEM" >& /dev/null
            echo "Unable to generate the luci host certificate file."
            return 1
        fi

        chmod 600 "$LUCI_CERT_PEM"
        chown $LUCI_USER:$LUCI_GROUP "$LUCI_CERT_PEM"
        if [ $? -ne 0 ]; then
            rm -f -- "$LUCI_CERT_PEM" >& /dev/null
            echo "Unable to change ownership of the luci host certificate file."
            return 1
        fi
    fi

    if [ ! -f "$LUCI_DB_FILE" ]; then
        /usr/bin/paster setup-app "$LUCI_CONFIG_FILE" >& /dev/null
        if [ $? -ne 0 ]; then
            echo "Unable to create the luci database file."
            return 1
        fi

        chown $LUCI_USER:$LUCI_GROUP "$LUCI_DB_FILE"
        if [ $? -ne 0 ]; then
            echo "Unable to change ownership of the luci database file."
            return 1
        fi
    fi
    return 0
}

luci_start_server() {
    service saslauthd start >&/dev/null

    luci_status >& /dev/null
    if [ $? -eq 0 ]; then
        # echo already started
        return 0
    fi

    /usr/bin/paster serve --daemon --user "$LUCI_USER" --group "$LUCI_GROUP" "$LUCI_CONFIG_FILE" --log-file="$LUCI_PASTER_LOG" --pid-file="$LUCI_PID_FILE" >/dev/null
    return $?
}

luci_stop() {
    luci_status >& /dev/null
    if [ $? -ne 0 ]; then
        # already stopped
        return 0
    else
        /usr/bin/paster serve --stop-daemon --daemon --user "$LUCI_USER" --group "$LUCI_GROUP" "$LUCI_CONFIG_FILE" --log-file="$LUCI_PASTER_LOG" --pid-file="$LUCI_PID_FILE" >/dev/null
        return $?
    fi
}

luci_restart() {
    luci_status >& /dev/null
    if [ $? -eq 0 ]; then
        luci_stop || return 1
    fi
    luci_start
    return $?
}

luci_status() {
    out=`/usr/bin/paster serve --status --daemon --user "$LUCI_USER" --group "$LUCI_GROUP" "$LUCI_CONFIG_FILE" --log-file="$LUCI_PASTER_LOG" --pid-file="$LUCI_PID_FILE"`
    ret=$?
    echo "$out" | tail -1
    return $ret
}

luci_start() {
    luci_init
    if [ $? -ne 0 ]; then
        return $?
    fi
    luci_start_server
    if [ $? -ne 0 ]; then
        return $?
    fi
	echo "Point your web browser to https://$(/bin/hostname):$LUCI_HTTPS_PORT to access luci"

    return 0
}

ret=0

case "$1" in
start)
    luci_start
    ret=$?
;;
stop)
    luci_stop
    ret=$?
;;
restart|reload|force-reload)
    luci_restart
    ret=$?
;;
condrestart)
    luci_status >& /dev/null
    if [ $? -eq 0 ]; then
        luci_restart
        ret=$?
    fi
;;

status)
    luci_status
    ret=$?
;;
*)
    echo "Usage: $0 {start|stop|reload|restart|status}"
    ret=3
;;
esac

exit $ret
