#
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
#
#

class hdp-kerberos::server(
  $service_state = $hdp::params::cluster_service_state,
  $opts = {}
) inherits hdp-kerberos::params
{ 
  import 'hdp'

  $hdp::params::service_exists['hdp-kerberos::server'] = true

  $krb_realm = $kerberos_domain
  $kadmin_pw = "bla123"
  $kadmin_admin = "kadmin/admin"

  if ($service_state == 'no_op') {
  } elsif ($service_state in ['running','stopped','installed_and_configured']) {
    # Install kdc server and client
    package { $package_name_kdc:
      ensure => installed
    }

    # set the realm
    $realm = $krb_realm
    # SUHAS: This should be set on all the nodes in addition to kdc server
    file { "/etc/krb5.conf":
      content => template('hdp-kerberos/krb5.conf'),
      owner => "root",
      group => "root",
      mode => "0644",
      require => Package[$package_name_kdc],
      }

    file { $kdc_etc_path:
      ensure => directory,
      owner => root,
      group => root,
      mode => "0700",
      require => Package[$package_name_kdc],
    }

    file { "${kdc_etc_path}/kdc.conf":
      content => template('hdp-kerberos/kdc.conf'),
      require => Package["$package_name_kdc"],
      owner => "root",
      group => "root",
      mode => "0644",
    }

    # SUHAS: kadm5.acl file template is missing in gsInsaller
    # SUHAS: gsInstaller stops stopIptables at this point (sequence is not relevant here).
    file { "${kdc_etc_path}/kadm5.acl":
      content => template('hdp-kerberos/kadm5.acl'),
      require => Package["$package_name_kdc"],
      owner => "root",
      group => "root",
      mode => "0644",
    }

    exec { "kdb5_util":
      path => $exec_path,
      command => "rm -f ${kdc_etc_path}/kadm5.keytab; kdb5_util -P x86yzh12 -r ${realm} create -s && kadmin.local -q 'cpw -pw ${kadmin_pw} ${kadmin_admin}'",
      creates => "${kdc_etc_path}/stash",
      subscribe => File["${kdc_etc_path}/kdc.conf"],
      require => [Package[$package_name_kdc], File["${kdc_etc_path}/kdc.conf"], File["/etc/krb5.conf"]]
    }

    # SUHAS: gsInstaller has checkconfig_on
    exec { "chkconfig_krb5kdc_on":
      path => $exec_path,
      command => "chkconfig krb5kdc on",
      require => [Package["$package_name_kdc"], File["${kdc_etc_path}/kdc.conf"], Exec["kdb5_util"]],
    }
    
    # Start KDC Server
    if ($service_state in ['running','stopped']) {
      service { $service_name_kdc:
        ensure => $service_state,
        require => [Exec["chkconfig_krb5kdc_on"]],
        subscribe => File["${kdc_etc_path}/kdc.conf"],
        hasrestart => true,
      }

      # SUHAS: This is to be done on HMC not KDC Server??
      $se_hack = "setsebool -P kadmind_disable_trans  1 ; setsebool -P krb5kdc_disable_trans 1"
      service { $service_name_admin:
        ensure => $service_state,
        require => Service[$service_name_kdc],
        hasrestart => true,
        restart => "${se_hack} ; service ${service_name_admin} restart",
        start => "${se_hack} ; service ${service_name_admin} start",
      }
    }
  } else {
    hdp_fail("TODO not implemented yet: service_state = ${service_state}")
  }
}