#!/usr/bin/env bash

# Install r1soft yum repo
echo "Installing R1Soft yum repo..."
echo -e "[r1soft]\\nname=R1Soft Repository Server\\nbaseurl=http://repo.r1soft.com/yum/stable/\$basearch/\\ngpgcheck=0" > /etc/yum.repos.d/r1soft.repo
echo

# Install kernel source
echo "Installing kernel source..."
yum --disableplugin=\* -y install "kernel-devel-$(uname -r)" serverbackup-enterprise-agent
echo

# Build latest HCP module
echo "Checking for HCP module & building latest HCP module..."
lsmod | grep hcp 2>&1 > /dev/null
if [$? -eq 1]; then
r1soft-setup --get-module
fi

# Enable and start cdp-agent
echo "Enabling and starting cdp-agent service..."
CDP_AGENT_UNIT="cdp-agent.service"
systemctl enable "${CDP_AGENT_UNIT}"
systemctl start  "${CDP_AGENT_UNIT}"
sleep 1
echo

echo "Adding cdpserver public keys to allowed list..."
CDP_SERVER_SFX="infra.cin1"
DIR_R1_ALLOW="/usr/sbin/r1soft/conf/server.allow"

FILE_R1_ALLOW[0]="cdpserver1"
FILE_R1_ALLOW[1]="cdpserver2"
FILE_R1_ALLOW[2]="cdpserver3"

PATH_R1_ALLOW[0]="${DIR_R1_ALLOW}/${FILE_R1_ALLOW[0]}.${CDP_SERVER_SFX}"
PATH_R1_ALLOW[1]="${DIR_R1_ALLOW}/${FILE_R1_ALLOW[1]}.${CDP_SERVER_SFX}"
PATH_R1_ALLOW[2]="${DIR_R1_ALLOW}/${FILE_R1_ALLOW[2]}.${CDP_SERVER_SFX}"

echo -e "-----BEGIN PUBLIC KEY-----\\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUXkNUolfxwuz1rYbUQDyZldZ7XvsxMxD8uLHl\\nZGVVl/LscCZWmr88Q7DyyWDm/dmJ5j3c53s+R3Q6NjmTE/3rhzdmnlLAaXUE2/g328uc9MOiMofT\\nLP3pCCMsIattfBuXJEfw4k3vYHLDH7ewmCwLTl4XHWSTblAqnD+N7h7nMwIDAQAB\\n-----END PUBLIC KEY-----" > "${PATH_R1_ALLOW[0]}"
echo -e "-----BEGIN PUBLIC KEY-----\\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLstGKfFaAUWtSY6gKMXs3RF5dJpWIskeI1zY6\\nqZSBdzq2X+MSVK/OtDMcq2CULE9Tx/gcpC8Ywa5XCDWRKg+9//dnZ1jJffR5x+ME0EYvBmSP0Umn\\nwUatiXormLzPHvYue2cHOh7R6lqqOgpdBZq5hkSca62402cofmkECyApvQIDAQAB\\n-----END PUBLIC KEY-----" > "${PATH_R1_ALLOW[1]}"
echo -e "-----BEGIN PUBLIC KEY-----\\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFI6ncGEfzrw5i3QgWBUVf0saYsDGJontRmri2\\n43f8QJzgvLc0c11G33mxNV14ZeI6M3dGb6XvjhXrnyAu+EPXy3qtC0vGUWJu1WJurcwzs5lq6Ao5\\n3FxtXPFUhrc8Lnk06AtVU3cZKHb5PJhReFJuUM4l7eQx0H4kI+/4C2rx4QIDAQAB\\n-----END PUBLIC KEY-----" > "${PATH_R1_ALLOW[2]}"
echo

sleep 1

echo "Restarting cdp-agent service..."
systemctl restart "${CDP_AGENT_UNIT}"
sleep 1

systemctl status "${CDP_AGENT_UNIT}"
echo; echo


CDP_SERVER_IP="8.29.138.28"

echo "Whitelisting CDP server IP..."
csf -a "${CDP_SERVER_IP}"
iptables -A INPUT -s "8.29.138.0/24" -m tcp -p tcp --dport 3306 -j ACCEPT
echo


# Generate random password
_random_pw() {
	< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c 32
}

echo "Adding r1soft user to MySQL and granting permissions..."
FILE_TEMP="$(mktemp)"

MS_USERNAME="r1soft"
MS_PASSWORD="$(_random_pw)"

echo "MySQL username : '${MS_USERNAME}'"
echo "MySQL password : '${MS_PASSWORD}'"
echo

ARRAY_MYSQL_HOSTS=(
'8.29.138.28.%'
'127.0.0.1'
'localhost'
)

# shellcheck disable=SC2129
for MYSQL_HOST in "${ARRAY_MYSQL_HOSTS[@]}"; do
	echo "CREATE USER      '${MS_USERNAME}'@'${MYSQL_HOST}' IDENTIFIED BY '${MS_PASSWORD}';" >> "${FILE_TEMP}"
	echo "SET PASSWORD FOR '${MS_USERNAME}'@'${MYSQL_HOST}' = PASSWORD('${MS_PASSWORD}');"   >> "${FILE_TEMP}"

	echo "GRANT ALL PRIVILEGES ON *.* TO '${MS_USERNAME}'@'${MYSQL_HOST}' IDENTIFIED BY '${MS_PASSWORD}';" >> "${FILE_TEMP}"

	echo '\! echo;'                                          >> "${FILE_TEMP}"
	echo "SHOW GRANTS FOR '${MS_USERNAME}'@'${MYSQL_HOST}';" >> "${FILE_TEMP}"
done

echo "FLUSH PRIVILEGES;" >> "${FILE_TEMP}"

mysql < "${FILE_TEMP}"

rm -f "${FILE_TEMP}"
echo

echo "Done"