#!/bin/bash
# https://st.yandex-team.ru/CAUTH-2599

printf "\n\n*** CAuth LDAP slave bootstrap script***\n\n"
printf "Please provide some data.\n"

printf "\n* Your Yandex login (only your username, without '@yandex-team.ru'):\n"
read YANDEX_LOGIN

printf "\n* Current LDAP replication master FQDN, one of https://c.yandex-team.ru/groups/vs_cauthmaster-stable ( vs-cauth01hm.yandex.ru or cauth-master-m1.passport.yandex.net ):\n"
read LDAP_REPLICATION_MASTER

printf "\n* CAuth slave host to copy LDAP database from, one of https://c.yandex-team.ru/groups/cs_caslave :\n"
read LDAP_DATABASE_COPY_HOST

printf "\n\nPress any key to set the timezone, please choose 'Europe/Moscow':\n"
read

# Set timezone
dpkg-reconfigure tzdata

printf "\n\nPress any key to install packages, copy LDAP database and set up replication.\n"
printf "You will be prompted with your Yandex login several times more in packages' postinstall scripts.\n"
read

# Set up dns64
apt-get -qq update
apt-get install -y yandex-config-dns64

# Install HBF agent.
apt-get install -y yandex-hbf-agent-static yandex-hbf-agent-init

# Set up Symas and CAuth repos
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys DA26A148887DCBEB
echo 'Acquire::https::repo.symas.com::Verify-Peer "false";' > /etc/apt/apt.conf.d/99reposymascom
echo 'deb [arch=amd64] https://repo.symas.com/repo/deb/main/release26 bionic main' > /etc/apt/sources.list.d/symas-openldap.list
echo 'deb http://cauth.dist.yandex.ru/cauth stable/amd64/' > /etc/apt/sources.list.d/cauth-stable.list
echo 'deb http://cauth.dist.yandex.ru/cauth unstable/amd64/' > /etc/apt/sources.list.d/cauth-unstable.list
apt-get update

# Install LDAP and saslauthd packages
apt-get install -y yandex-environment-production
apt-get install -y symas-openldap-clients symas-openldap-server
apt-get install -y cauth-ldap-certs
apt-get install -y cauth-ldap-slave-slapd-config
apt-get install -y sasl2-bin
apt-get install -y cauth-ldap-saslauthd-config

# Download LDAP database
cauth-ldap-replication-manager get-ldap-replication-password --yandex-vault-username "${YANDEX_LOGIN}"
cauth-ldap-replication-manager setup-ldap-replication --replication-master-host "${LDAP_REPLICATION_MASTER}"
cauth-ldap-replication-manager copy-database --database-source-host "${LDAP_DATABASE_COPY_HOST}"

# Install HAproxy
apt-get install -y haproxy
apt-get install -y cauth-ldap-slave-haproxy-config

# Install Juggler monitoring
apt-get install -y cauth-ldap-slave-monitoring
apt-get install -y config-monitoring-common

# Installing Graphite monitoring
apt-get install -y ps-graphite-client-conf yabs-graphite-client yabs-graphite-sender yandex-graphite-checks-system

# (Re)start services
service juggler-client restart
service saslauthd restart
service slapd-instances restart
service haproxy restart

printf "\n\nWe are done! Now reboot the server and log in to see if everything is Ok.\n"
printf "\n*** HAproxy answers 401 to SLB monitoring handler now! Use 'haproxy-slb-open' to change it to 200 after reboot. ***\n"

