#!/bin/sh
#
# $Id$

${DEBUG:="false"} && set -xu
PROGNAME=`basename $0`

# Gfarm installation directory
prefix="/usr"
sysconfdir="/etc"
datarootdir="/usr/share"
datadir="/usr/share"
config_dir="${datadir}/gfarm/config"
globus_location=""

#
# backend initialization
#

POSTGRESQL_TARGETS=postgresql
LDAP_TARGETS=ldap
# The order of $backend_candidates is important, it's used to choose default.
backend_candidates="${POSTGRESQL_TARGETS} ${LDAP_TARGETS} none"
backend_all="postgresql ldap none"
backend_default=`echo $backend_candidates | awk '{print $1}'`
if [ -z "$backend_default" ]; then
	echo >&2 "$PROGNAME: no usable metadata backend is configured"
	exit 1
fi
BACKEND_TYPE=$backend_default

USE_BACKEND=true
PRIVATE_MODE=false

#
#
#

PATH="${prefix}/bin:${prefix}/sbin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb:/usr/pkg/bin:/usr/pkg/sbin:/usr/local/bin:/usr/local/sbin:$PATH"
export PATH
search_path="$PATH"

awk=awk
if [ -f /usr/bin/nawk ]; then awk=/usr/bin/nawk; fi

status=1
sed_script=/tmp/cf$$
admin_password=/tmp/ap$$
password=/tmp/up$$
rm -f $sed_script $password $admin_password
trap 'rm -f $sed_script $password $admin_password; stty echo 2>/dev/null; exit $status' 0 1 2 15

#
# check whether shell function does work or not.
#
BOURNE_SHELL="${BOURNE_SHELL-/bin/sh}"
if [ x"$1" = x--re-invoked ]; then
	# shell function works with this shell, remove --re-invoked option
	shift
elif "$BOURNE_SHELL" -c 'shellfunc() { exit 0; }; shellfunc' 2>/dev/null; then
	# shell function works
	:
else
	# Search other shell that supports shell functions
	for sh in ksh bash zsh sh ash bsh sh5; do
		set `IFS=:;
		 P="/bin:/usr/5bin:/usr/bin:/usr/local/bin:/usr/pkg/bin:$PATH";
		 echo $P`
		for dir
		do
			shell="$dir/$sh"
			if ( [ -f "$shell" ] || [ -f "$shell.exe" ] ) &&
				"$shell" -c 'shellfunc() { exit 0; }; shellfunc' 2>/dev/null
			then
				BOURNE_SHELL="$shell" exec "$shell" "$0" \
					--re-invoked ${1+"$@"}
			fi
		done
	done
	echo "$PROGNAME: cannot find a shell which supports functions" >&2
	exit 1
fi

. $config_dir/config-gfarm.common

# load backend-dependent functions. should be done after shell detection above.
for i in $backend_all
do
  . $config_dir/config-gfarm.$i
done

usage()
{
	echo >&2 "usage: $PROGNAME [--help] [--prefix prefix] [--confdir dir]"
	echo >&2 "	[-t|-T] [-f] [-S] [-N] [-W] [-w] [-r]"
	echo >&2 "	[-h hostname] [-m gfmd_port]"
	echo >&2 "	[-A metadata_admin_user] [-D metadata_admin_gsi_dn]"
	echo >&2 "	[-a auth_type] [-d digest_type]"
	echo >&2 "	[-b metadata_backend] [-P backend_prefix]"
	echo >&2 "	[-V metadata_backend_version] [-p metadata_backend_port]"
	echo >&2 "	[-U backend_admin_user] [-u backend_user]"
	echo >&2 "	[-l metadata_directory] [-L metadata_logging_directory]"
	echo >&2 "	[-j metadata_journal_directory]"
	echo >&2 "  $BACKEND_TYPE backend options: (must be specified after -b <backend_type>)"
	usage_$BACKEND_TYPE ||
		echo >&2 "	no option for backend=$BACKEND_TYPE"
	echo >&2 "  available metadata_backend: $backend_candidates (default is $backend_default)"

	exit 1
}

# most $BACKEND_TYPE uses the following as "service_start_$BACKEND_TYPE"
# but some may not.
service_start_common()
{
	if [ -f $BACKEND_PID_FILE ]; then
		ctl=restart
	else
		ctl=start
	fi
	service_add $RC_BACKEND_BASENAME &&
	service_ctl $RC_BACKEND_BASENAME $ctl ${1+"$@"} ||
		ABORT "failed to $ctl $RC_BACKEND_BASENAME"
}

sanity()
{
	case X"$METADATA_ADMIN_USER" in
		Xgfarmadm|X_gfarmfs|X_gfarmmd)
			echo "error: $METADATA_ADMIN_USER cannot be specified as a metadata admin user."
			return 1
			;;		
		*)
			;;
	esac

	if $METADATA_REPLICATION; then
		if $PRIVATE_MODE; then
			:
		elif id _gfarmmd >/dev/null 2>&1; then
			:
		else
			echo "error: user _gfarmmd is not registered."
			return 1
		fi
	fi

	sanity_$BACKEND_TYPE
}

# most $BACKEND_TYPE calls the followings
# from display_backend_params_$BACKEND_TYPE, but some may not.
display_plain_param_backend_data_dir()
{
    echo     "metadata     directory       [-l]: $BACKEND_DATA_DIR"
}

display_script_param_backend_data_dir()
{
    echo     "BACKEND_DATA_DIR=$BACKEND_DATA_DIR"
}

display_plain_param_backend_log_dir()
{
    echo     "metadata log directory       [-L]: $BACKEND_LOG_DIR"
}

display_script_param_backend_log_dir()
{
    echo     "BACKEND_LOG_DIR=$BACKEND_LOG_DIR"
}

tf2yn()
{
    case $1 in
    true) echo yes;;
    *)    echo no;;
    esac
}

display_plain_params()
{
    echo "prefix                 [--prefix]: $CONFIG_PREFIX"
    echo "confdir               [--confdir]: $CONFIG_ETC_DIR"
    echo "metadata backend             [-b]: $BACKEND_TYPE"
    echo "(available backend: $backend_candidates)"

    display_plain_params_backend_$BACKEND_TYPE

    METADATA_REPLICATION_YN=`tf2yn $METADATA_REPLICATION`
    echo "metadata replication         [-r]: $METADATA_REPLICATION_YN"
    if $METADATA_REPLICATION; then
        echo "metadata journal directory   [-j]: $METADATA_JOURNAL_DIR"
    fi
    echo "digest                       [-d]: $DIGEST_TYPE"
    echo "metaserver hostname          [-h]: $BACKEND_HOSTNAME"
    echo "matadata admin user          [-A]: $METADATA_ADMIN_USER"
    echo "matadata admin dn            [-D]: $METADATA_ADMIN_USER_GSI_DN"

    display_plain_params_backend_port_$BACKEND_TYPE

    echo "gfmd port                    [-m]: $GFMD_PORT"
    echo "auth type                    [-a]: $AUTH_TYPE"

    display_plain_params_backend_optional_$BACKEND_TYPE

    echo "rc script for gfmd               : $RC_GFMD"
    echo "gfmd conf file                   : $GFMD_CONF"
    echo "gfmd failover conf file          : $GFMD_FAILOVER_CONF"
    echo "gfmd failover agent conf file    : $GFMD_FAILOVER_AGENT_CONF"
    if $PRIVATE_MODE; then
	echo "gfsd conf file                   : $GFSD_CONF"
	echo "usermap file                     : $USERMAP_FILE"
    fi
    echo "gfarm client conf file           : $GFARM_CONF"
    echo "gfmd pid file                    : $GFMD_PID_FILE"
    if $USE_BACKEND; then
	echo "rc script for backend            : $RC_BACKEND"
	echo "backend pid file                 : $BACKEND_PID_FILE"
    fi
    sanity
    exit 0
}

display_script_params()
{
    echo     "CONFIG_PREFIX=$CONFIG_PREFIX"
    echo     "BACKEND_TYPE=$BACKEND_TYPE"

    display_script_params_backend_$BACKEND_TYPE

    echo     "METADATA_REPLICATION=$METADATA_REPLICATION"
    echo     "METADATA_JOURNAL_DIR=$METADATA_JOURNAL_DIR"
    echo     "DIGEST_TYPE=$DIGEST_TYPE"
    echo     "BACKEND_HOSTNAME=$BACKEND_HOSTNAME"
    echo     "METADATA_ADMIN_USER=$METADATA_ADMIN_USER"
    echo     "METADATA_ADMIN_USER_GSI_DN='$METADATA_ADMIN_USER_GSI_DN'"

    display_script_params_backend_port_$BACKEND_TYPE

    echo     "GFMD_PORT=$GFMD_PORT"
    echo     "AUTH_TYPE=$AUTH_TYPE"

    display_script_params_backend_optional_$BACKEND_TYPE

    echo     "GFMD_RC=$RC_GFMD"
    echo     "GFMD_CONF=$GFMD_CONF"
    echo     "GFMD_FAILOVER_CONF=$GFMD_FAILOVER_CONF"
    echo     "GFMD_FAILOVER_AGENT_CONF=$GFMD_FAILOVER_AGENT_CONF"
    if $PRIVATE_MODE; then
	echo     "GFSD_CONF=$GFSD_CONF"
	echo     "USERMAP_FILE=$USERMAP_FILE"
    fi
    echo     "GFARM_CONF=$GFARM_CONF"
    echo     "GFMD_PID_FILE=$GFMD_PID_FILE"
    if $USE_BACKEND; then
	echo     "BACKEND_PID_FILE=$BACKEND_PID_FILE"
	echo     "BACKEND_RC=$RC_BACKEND"
    fi
    sanity
    exit 0
}

#
# parse arguments
#

while [ $# -gt 0 ] ; do
	case $1 in

	# set parameters
	  --prefix) shift; [ $# -ge 1 ] || usage
		CONFIG_PREFIX=$1
		;;
	  # only for gfarm2.conf, gfsd.conf and usermap
	  --confdir) shift; [ $# -ge 1 ] || usage
		CONFIG_ETC_DIR=$1
		;;
	  -b) shift; [ $# -ge 1 ] || usage
		( echo $backend_candidates; echo $backend_all ) |
		$awk 'BEGIN { type="'"$1"'"; st=2 }
		NR==1 { for (i = 1; i <= NF; i++) if ($i == type) {st=0;exit} }
		NR==2 { for (i = 1; i <= NF; i++) if ($i == type) {st=1;exit} }
		END { exit st }'
		case $? in
		0)	BACKEND_TYPE=$1;;
		1)	echo >&2 "backend <$1> is not configured"; exit 1;;
		*)	echo >&2 "unknown metadata backend <$1>"; exit 1;;
		esac
		;;
	  -d) shift; [ $# -ge 1 ] || usage
		DIGEST_TYPE=$1
		;;
	  -U) shift; [ $# -ge 1 ] || usage
		BACKEND_ADMIN_USER=$1
		;;
	  -u) shift; [ $# -ge 1 ] || usage
		BACKEND_USER=$1
		;;
	  -P) shift; [ $# -ge 1 ] || usage
		BACKEND_PREFIX=$1
		;;
	  -V) shift; [ $# -ge 1 ] || usage
		BACKEND_VERSION=$1
		;;
	  -l) shift; [ $# -ge 1 ] || usage
		BACKEND_DATA_DIR=$1
		;;
	  -L) shift; [ $# -ge 1 ] || usage
		BACKEND_LOG_DIR=$1
		;;
	  -h) shift; [ $# -ge 1 ] || usage
		BACKEND_HOSTNAME=$1
		;;
	  -j) shift; [ $# -ge 1 ] || usage
		METADATA_JOURNAL_DIR=$1
		;;
	  -A) shift; [ $# -ge 1 ] || usage
		METADATA_ADMIN_USER=$1
		;;
	  -D) shift; [ $# -ge 1 ] || usage
		METADATA_ADMIN_USER_GSI_DN=$1
		;;
	  -p) shift; [ $# -ge 1 ] || usage
		BACKEND_PORT=$1
		;;
	  -m) shift; [ $# -ge 1 ] || usage
		GFMD_PORT=$1
		;;
	  -a) shift; [ $# -ge 1 ] || usage
		case $1 in
		sharedsecret|gsi_auth|gsi)
			AUTH_TYPE=$1;;
		*)
			echo >&2 "$PROGNAME: the argument of -a option must be sharedsecret, gsi_auth or gsi."
			exit 1;;
		esac
		;;

	# control options
	  --help)
		usage
		;;
	  -S)
		PRIVATE_MODE=true
		;;
	  -N)
		START_SERVICE=false
		;;
	  -f)
		FORCE=true
		;;
	  -t)
		PARAMS_DISPLAY_STYLE=plain
		;;
	  -T)
		PARAMS_DISPLAY_STYLE=script
		;;
	  -r)
		METADATA_REPLICATION=true
		METADATA_REPLICATION_ED=enable
		;;
	  -W)
		stty -echo;
		( umask 077; 
		  printf "admin password: ";
		  $awk 'NR==1{print $0;exit}' > $admin_password
		  echo
		)
		stty echo
		;;
	  -w)
		stty -echo;
		( umask 077;
		  printf "user password: ";
		  $awk 'NR==1{print $0;exit}' > $password
		  echo
		)
		stty echo
		;;
	  -*)
		if parse_argument_$BACKEND_TYPE "$@"; then
			shift $argshift
		else
			echo "unknown option $1"; usage
		fi
		;;
	  *)
		usage
		;;
	esac
	shift
done

[ X$BACKEND_TYPE = X"none" ] &&
	USE_BACKEND=false

#
# search default $BACKEND_PREFIX
#

set_default_backend_prefix_$BACKEND_TYPE

. $config_dir/config-gfarm.sysdep

#
# default values
#
: ${CONFIG_PREFIX:=}

set_first_defaults_$BACKEND_TYPE

# NOTE: $CONFIG_PREFIX and $RC_BACKEND_BASENAME need to be set
#	before calling sysdep_defaults
# sysdep_defaults must set: $RC_DIR
sysdep_defaults

[ X"$RC_BACKEND" = X ] && \
	: ${RC_BACKEND="$RC_DIR/$RC_BACKEND_BASENAME"}
[ X"$RC_GFMD" = X ] && \
	: ${RC_GFMD="$RC_DIR/gfmd"}
[ X"$RC_AGENT" = X ] && \
	: ${RC_AGENT="$RC_DIR/gfarm_agent"}
[ X"$RC_GFSD" = X ] && \
	: ${RC_GFSD="$RC_DIR/gfsd"}

: ${START_SERVICE:=true}
: ${FORCE:=false}
: ${PARAMS_DISPLAY_STYLE:=none}
: ${METADATA_REPLICATION:=false}
: ${METADATA_REPLICATION_ED:=disable}

: ${RUN_DIR:="$CONFIG_PREFIX/var/run"}
: ${GFMD_PID_FILE:="$RUN_DIR/gfmd.pid"}

if [ X"$CONFIG_PREFIX" != X ]; then
	: ${GFARM_CONF_DIR:="$CONFIG_PREFIX/etc"}
else
	: ${GFARM_CONF_DIR:="$sysconfdir"}
fi
: ${CONFIG_ETC_DIR:=$GFARM_CONF_DIR}
: ${GFARM_CONF:="$CONFIG_ETC_DIR/gfarm2.conf"}
: ${GFMD_CONF:="$GFARM_CONF_DIR/gfmd.conf"}

# do not make these two files customizable,
# that introduces extra complexity to config-gfarm-update
GFMD_FAILOVER_CONF="`dirname $GFMD_CONF`/gfmd.failover.conf"
GFMD_FAILOVER_AGENT_CONF="`dirname $GFMD_FAILOVER_CONF`/gfmd.failover.agent.conf"

: ${UNCONFIG_SCRIPT:="$GFARM_CONF_DIR/unconfig-gfarm.sh"}
: ${UNCONFIG_SCRIPT_IN:="$config_dir/unconfig-gfarm.sh.in"}
if $PRIVATE_MODE; then
	: ${GFSD_CONF:="$CONFIG_ETC_DIR/gfsd.conf"}
	: ${USERMAP_FILE:="$CONFIG_ETC_DIR/usermap"}
fi

: ${METADATA_JOURNAL_DIR:="$CONFIG_PREFIX/var/gfarm-metadata/journal"}

: ${METADATA_ADMIN_USER:=`who am i | awk '{print $1}'`}
: ${METADATA_ADMIN_USER_GSI_DN:=}

: ${AUTH_TYPE:="sharedsecret"}

if $PRIVATE_MODE; then
	: ${GFMD_PORT:="10601"}
else
	: ${GFMD_PORT:="601"}
fi
: ${RC_GFMD_IN="$config_dir/gfmd.in"}

: ${RC_BACKEND_IN="$config_dir/$RC_BACKEND_BASENAME.in"}

: ${FQ_HOSTNAME:=`fq_hostname`}

: ${BACKEND_HOSTNAME:="$FQ_HOSTNAME"}

[ X$BACKEND_HOSTNAME = X ] &&
	ABORT 'cannot determine metadata server hostname, please specify it by -h option'

set_last_defaults_$BACKEND_TYPE

# -t and -T options; display parameters
[ $PARAMS_DISPLAY_STYLE != none ] && display_${PARAMS_DISPLAY_STYLE}_params

sanity || ABORT "aborted"

#########################################################################

# most $BACKEND_TYPE uses the following as part of "init_replace_$BACKEND_TYPE"
# but some may not.
init_replace_common()
{
	cat <<_EOF_
s|@config_gfarm_backend_privilege@|$BACKEND_PRIVILEGE|g
s|@config_gfarm_backend_admin_user@|$BACKEND_ADMIN_USER|g
s|@config_gfarm_backend_user@|$BACKEND_USER|g
s|@config_gfarm_backend_hostname@|$BACKEND_HOSTNAME|g
s|@config_gfarm_backend_port@|$BACKEND_PORT|g
s|@config_gfarm_backend_prefix@|$BACKEND_PREFIX|g
s|@config_gfarm_backend_data_dir@|$BACKEND_DATA_DIR|g
s|@config_gfarm_backend_log_dir@|$BACKEND_LOG_DIR|g
s|@config_gfarm_backend_pid_file@|$BACKEND_PID_FILE|g
s|@config_gfarm_metadb_replication@|$METADATA_REPLICATION_ED|g
s|@config_gfarm_metadata_journal_dir@|$METADATA_JOURNAL_DIR|g
_EOF_
}

init_replace()
{
	# create $sed_script for "replace" command

	(
	    umask 077
	    (
		cat <<_EOF_
s|@config_gfarm_prefix@|$prefix|g
s|@config_gfarm_gfarm_config@|$GFARM_CONF|g
s|@config_gfarm_gfmd_config@|$GFMD_CONF|g
s|@config_gfarm_gfmd_failover_config@|$GFMD_FAILOVER_CONF|g
s|@config_gfarm_gfmd_failover_agent_config@|$GFMD_FAILOVER_AGENT_CONF|g
s|@config_gfarm_globus_location@|${GLOBUS_LOCATION:-$globus_location}|g
s|@config_gfarm_metadata_admin_user@|$METADATA_ADMIN_USER|g
s|@config_gfarm_gfmd_port@|$GFMD_PORT|g
s|@config_gfarm_gfmd_option@|-f $GFMD_CONF|g
s|@config_gfarm_gfsd_option@|-f $GFARM_CONF|g
s|@config_gfarm_gfmd_pid_file@|$GFMD_PID_FILE|g
s|@config_gfarm_run_dir@|$RUN_DIR|g
s|@config_gfarm_auth_type@|$AUTH_TYPE|g
_EOF_
		$awk '{
		printf "s|@config_gfarm_backend_admin_password@|%s|g\n", $0
		}' $admin_password
		$awk '{
		printf "s|@config_gfarm_backend_password@|%s|g\n", $0
		}' $password

		init_replace_$BACKEND_TYPE

	    ) > $sed_script
	)
}

unconfig_replace()
{
	# create $unconfig_script for "replace" command
	(
	    umask 077
	    (
		cat <<_EOF_
s|@config_gfarm_datadir@|$datadir|g
s|@config_gfarm_backend_type@|$BACKEND_TYPE|g
s|@config_gfarm_rc_gfmd@|$RC_GFMD|g
s|@config_gfarm_rc_backend@|$RC_BACKEND|g
s|@rc_backend_basename@|$RC_BACKEND_BASENAME|g
s|@config_gfarm_gfmd_config@|$GFMD_CONF|g
s|@config_gfarm_gfmd_failover_config@|$GFMD_FAILOVER_CONF|g
s|@config_gfarm_gfmd_failover_agent_config@|$GFMD_FAILOVER_AGANT_CONF|g
s|@config_gfarm_gfarm_config@|$GFARM_CONF|g
s|@config_gfarm_gfarm_config_dir@|$GFARM_CONF_DIR|g
s|@config_gfarm_config_prefix@|$CONFIG_PREFIX|g
s|@config_gfarm_backend_data_dir@|$BACKEND_DATA_DIR|g
s|@config_gfarm_backend_log_dir@|$BACKEND_LOG_DIR|g
s|@config_gfarm_gfmd_pid_file@|$GFMD_PID_FILE|g
s|@config_gfarm_backend_pid_file@|$BACKEND_PID_FILE|g
s|@config_gfarm_private_mode@|$PRIVATE_MODE|g
s|@config_gfarm_usermap_file@|$USERMAP_FILE|g
s|@config_gfarm_gfsd_config@|$GFSD_CONF|g
s|@config_gfarm_metadata_replication@|$METADATA_REPLICATION|g
s|@config_gfarm_metadata_journal_dir@|$METADATA_JOURNAL_DIR|g
_EOF_
	    ) > $sed_script
	)

	sed -f $sed_script ${1+"$@"}
}

replace()
{
	sed -f $sed_script ${1+"$@"} | config_sysdep
}

# most $BACKEND_TYPE uses the following as "init_replace_$BACKEND_TYPE"
# but some may not.

#########################################################################

delete_file_or_directory \
	"$GFARM_CONF" \
	"$GFMD_CONF" \
	"$GFMD_FAILOVER_CONF" \
	"$GFMD_FAILOVER_AGENT_CONF"
$USE_BACKEND &&
	delete_file_or_directory \
		"$BACKEND_DATA_DIR" \
		"$BACKEND_LOG_DIR" \
		"$RC_BACKEND"
$METADATA_REPLICATION && \
	delete_file_or_directory "$METADATA_JOURNAL_DIR"

# We won't create "$BACKEND_LOG_DIR", otherwise initdb of PostgreSQL fails.
create_directory \
	"$GFARM_CONF_DIR" \
	"$CONFIG_ETC_DIR" \
	"$RC_DIR" \
	"$RUN_DIR"
if $USE_BACKEND; then
	create_directory \
		"$BACKEND_DATA_DIR"
	chmod 700 "$BACKEND_DATA_DIR"
fi

if $METADATA_REPLICATION; then
	create_directory "$METADATA_JOURNAL_DIR"
	chmod 700 "$METADATA_JOURNAL_DIR"
fi

make_configuration_directory_$BACKEND_TYPE

(
umask 077
[ -r $admin_password ] || gen_passwd > $admin_password
[ -r $password ] || gen_passwd > $password
)

init_replace

if [ -n "$BACKEND_PRIVILEGE" ]; then
	chown "$BACKEND_PRIVILEGE" "$BACKEND_DATA_DIR" \
		$admin_password $password
	case `uname` in
	SunOS|HP-UX|NetBSD|DragonFly)
		# "-" option makes Solaris and HP-UX display /etc/motd,
		# and it makes pkgsrc platforms (NetBSD/DragonFly) fail
		# because pkgsrc doesn't create the home directory by default.
		run_with_backend_privilege="su $BACKEND_PRIVILEGE -c /bin/sh";;
	Darwin)	run_with_backend_privilege="sudo -u $BACKEND_PRIVILEGE /bin/sh";;
	*)
		# For SELinux we need to use 'runuser' not 'su'
		[ -x /sbin/runuser ] && SU=/sbin/runuser || SU=su
		run_with_backend_privilege="$SU - $BACKEND_PRIVILEGE -c /bin/sh"
		;;
	esac
else
	run_with_backend_privilege="/bin/sh"
fi

# this needs to be called before other "mkcnf" operations
# to make some directories.
mkcnf_gfmd_sysdep

# create configuration files
mkcnf "$GFARM_CONF"	replace "$config_dir/gfarm.conf.in"

# for GSI authentication  (a service certificate is used)
case $AUTH_TYPE in
gsi_auth|gsi)
	echo "spool_server_cred_type host" >> $GFARM_CONF
	echo "spool_server_cred_service gfsd" >> $GFARM_CONF
	;;
*)
	;;
esac

mkcnf "$GFMD_CONF"	replace "$config_dir/gfarm.conf-$BACKEND_TYPE.in"
chmod 600 "$GFMD_CONF"
# for GSI authentication
if [ X"$METADATA_ADMIN_USER_GSI_DN" != X ]; then
	echo "admin_user_gsi_dn \"$METADATA_ADMIN_USER_GSI_DN\"" >> $GFMD_CONF
fi

# for replication
echo "metadb_replication $METADATA_REPLICATION_ED" >> $GFMD_CONF
echo "# mkdir following directory when metadb_replication is set to enable." >> $GFMD_CONF
echo "metadb_journal_dir $METADATA_JOURNAL_DIR" >> $GFMD_CONF

# digest
if [ X"$DIGEST_TYPE" != X ]; then
	echo "digest $DIGEST_TYPE" >> $GFMD_CONF
fi

# use "cat" instead of replace() to reduce complexity of config-gfarm-update
mkcnf "$GFMD_FAILOVER_CONF" \
	cat "$config_dir/gfmd.failover.conf"
mkcnf "$GFMD_FAILOVER_AGENT_CONF" \
	cat "$config_dir/gfmd.failover.agent.conf"

# by backend type
make_configuration_file_$BACKEND_TYPE

# private user mode
if $PRIVATE_MODE; then
	echo _gfarmfs `whoami` > $USERMAP_FILE
	echo _gfarmmd `whoami` >> $USERMAP_FILE
	cp $GFARM_CONF $GFSD_CONF
	echo local_user_map $USERMAP_FILE >> $GFMD_CONF
	echo local_user_map $USERMAP_FILE >> $GFSD_CONF
fi

# create run scripts
if $USE_BACKEND; then
	create_run_script "$RC_BACKEND"	replace "$RC_BACKEND_IN"
	$PRIVATE_MODE || service_reg $RC_BACKEND_BASENAME
fi
create_run_script "$RC_GFMD"	replace "$RC_GFMD_IN"
$PRIVATE_MODE || service_reg gfmd

apply_configuration_$BACKEND_TYPE

if $START_SERVICE; then
	$USE_BACKEND && service_start_$BACKEND_TYPE

	if [ -f $GFMD_PID_FILE ]; then ctl=restart; else ctl=start; fi
	service_add gfmd &&
	service_ctl gfmd $ctl ||
		ABORT "failed to $ctl gfmd"
fi

mkcnf "$UNCONFIG_SCRIPT" unconfig_replace "$UNCONFIG_SCRIPT_IN"
chmod +x "$UNCONFIG_SCRIPT" || ABORT "cannot chmod +x $UNCONFIG_SCRIPT"

rm -f $sed_script

echo "$PROGNAME success"
status=0
# trap action automatically returns this $status as exit code
