#!/bin/bash
#
# conifgure_cacti:
#   This script sets up a default configuration for cacti:
#       A cacti database is created
#       Cacti is placed behind https/http authentication
#       Cacti is setup so that it requires a 'psadmin' user to authenticate
#

DATABASE=cacti
PASSWORD=`openssl rand -base64 32`;
CACTI_DB_SETTINGS=/etc/cacti/db.php
CACTI_CRON=/etc/cron.d/cacti
CACTI_APACHE=/etc/httpd/conf.d/cacti.conf

/etc/init.d/mysqld status
if [ $? != 0 ]; then
    /etc/init.d/mysqld start
    STOP_MYSQL=1
fi

`mysqlshow $DATABASE &> /dev/null`;
if [ $? != 0 ]; then
    for cacti_sql in /usr/share/doc/cacti*/cacti.sql; do
        CACTI_SQL=$cacti_sql
    done

    if [ -z "$CACTI_SQL" ]; then
        echo "Couldn't find cacti SQL"
        exit -1
    fi

    # Create the cacti database and pre-populate some settings so that it uses http
    # authentication, and that authenticated users are admins
    mysqladmin create $DATABASE
    mysql $DATABASE < $CACTI_SQL
    mysql -e "INSERT INTO settings (name, value) VALUES ('auth_method', 2);" $DATABASE   # Set cacti to use HTTP Authentication
    mysql -e "INSERT INTO settings (name, value) VALUES ('user_template', 'admin');" $DATABASE   # Set the user logins to be admin users

    # If cacti isn't configured, the cacti poller will hang in an infinite
    # loop. Set some default values so that the poller doesn't go nuts.
    DEFAULT_KEYS=(
         "path_rrdtool"
         "path_php_binary"
         "path_snmpwalk"
         "path_snmpget"
         "path_snmpbulkwalk"
         "path_snmpgetnext"
         "path_cactilog"
         "snmp_version"
         "rrdtool_version"
    )

    DEFAULT_VALUES=(
         "/usr/bin/rrdtool"
         "/usr/bin/php"
         "/usr/bin/snmpwalk"
         "/usr/bin/snmpget"
         "/usr/bin/snmpbulkwalk"
         "/usr/bin/snmpgetnext"
         "/usr/share/cacti/log/cacti.log"
         "net-snmp"
         "rrd-1.3.x"
    )

    for ((i = 0; i < ${#DEFAULT_KEYS[@]}; i++)); do
        mysql -e "INSERT INTO settings (name, value) VALUES ('${DEFAULT_KEYS[$i]}', '${DEFAULT_VALUES[$i]}');" $DATABASE
    done
fi

# This is a fix for an issue where the 0.8.8b cacti version got updated on the
# Toolkit, but the tables weren't included, the version number just got
# updated.
OUTPUT=`mysql -e "SHOW TABLES LIKE 'plugin_config';" $DATABASE`
if [ $? == 0 ]; then
    if [ "${OUTPUT}" == "" ]; then
        echo "plugin_config table is missing, setting the cacti version number to 0.8.7c to force an update"
        mysql -e "UPDATE version SET cacti='0.8.7c' WHERE cacti='0.8.8b';" $DATABASE
    fi
fi

# Setup the cacti user
mysql -e "GRANT ALL ON * TO cactiuser@localhost IDENTIFIED BY '$PASSWORD'" $DATABASE

# Set the new database and password
sed -i "s|database_default.*|database_default = \"$DATABASE\";|" $CACTI_DB_SETTINGS
sed -i "s|database_password.*|database_password = \"$PASSWORD\";|" $CACTI_DB_SETTINGS

# Uncomment the url path
sed -i 's|//\$url_path|$url_path|' $CACTI_DB_SETTINGS

# Uncomment the commented-out poller
sed -i 's|#\(.*poller.php.*\)|\1|' $CACTI_CRON

# Move apache behind https
if [ -z "`grep RewriteEngine $CACTI_APACHE`" ]; then
cat > $CACTI_APACHE.new << EOF
# Redirect cacti to behind https
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !=/cacti/graph_view.php
RewriteRule ^/cacti.* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
EOF

cat $CACTI_APACHE >> $CACTI_APACHE.new
mv $CACTI_APACHE $CACTI_APACHE.back
mv $CACTI_APACHE.new $CACTI_APACHE
fi

# Require a 'psadmin' user to login
if [ -z "`grep psadmin $CACTI_APACHE`" ]; then
    sed -i 's|^\s*Require host localhost|AuthShadow on\nAuthType Basic\nAuthName "Password Required"\nRequire group psadmin|' $CACTI_APACHE
    sed -i 's|^\s*Allow from localhost|Allow from all\nAuthShadow on\nAuthType Basic\nAuthName "Password Required"\nRequire group psadmin|' $CACTI_APACHE
fi

# Make sure that the cacti user (which the cron job gets run as) owns any RRDs
chown cacti:cacti /var/lib/cacti/rra/*rrd

# Configure the cacti NTP monitoring, if available
if [ -x /usr/share/cacti-script-ntp-monitoring/setup_cacti_ntp_graph.pl ]; then
    /usr/share/cacti-script-ntp-monitoring/setup_cacti_ntp_graph.pl
fi

if [ "${STOP_MYSQL}" = "1" ]; then
    /etc/init.d/mysqld stop
fi
