#!/usr/bin/perl
use strict;
#==============================================================================
# This is a quick and dirty script designed to configure and register an
# RHEL 3, 4 or 5 system with the UBC IT satellite server (satellite.it.ubc.ca)
#
# This script is for servers to be registered in the "UBC IT" organization.
#
# It places the system in different groups on the satellite server based on the
# following criteria:
#
#   RHEL version (3, 4, or 5)
#   bits (32 or 64)
#   Hardware (VM or real server)
#
# Before running this script, compare the MD5SUM against the value published
# on the projects site - if it doesn't match, don't run it!
#==============================================================================

my $err = '';

eval {
  # Create temp directory for fetching files into
  system('mkdir /tmp/rhnreg > /dev/null 2>&1');

  # Determine type of system we are registering - retrieve appropriate activation key
  print "Determining OS Version and Environment...\n";
  my $activationkey = calc_key();

  # Confirm information is correct.
  print "Is the above information correct? Do you wish to proceed with registration? [n]";
  my $ans = <STDIN>;
  die("Execution cancelled\n") unless $ans =~ m/^(y|yes)$/i;

  # Install our CA cert
  print "Installing UBC IT satellite CA public key certificate...\n";
  fetch('https://satellite.it.ubc.ca/pub/SATELLITE-IT-UBC-CA-CERT','94b08d76fc5853249e61f9a6716f5767');
  system('mv /tmp/rhnreg/SATELLITE-IT-UBC-CA-CERT /usr/share/rhn/');

  # Install our GPG key
  print "Installing UBC IT public GPG key...\n";
  fetch('https://satellite.it.ubc.ca/pub/UBC-IT-RPM-PUB-KEY','664e1e256db1299d08699cd53f70a4ba');
  system('/bin/rpm --import /tmp/rhnreg/UBC-IT-RPM-PUB-KEY');

  # Update configurations to connect to satellite.it.ubc.ca and use the UBC IT CA cert.
  print "Updating up2date/yum configuration file(s)...\n";
  cfgupdate('/etc/sysconfig/rhn/up2date');
  cfgupdate('/etc/syconfig/rhn/rhn_register') if (-f '/etc/sysconfig/rhn/rhn_register');

  # Register with the new satellite server
  print "Registering with satellite server...\n";
  system("/usr/sbin/rhnreg_ks --force --activationkey $activationkey");

  # Ensure YUM/Up2date at latest version and synchronize system profile with satellite server
  if ( -x '/usr/bin/yum' ) {
    print "Running yum clean all...\n";
    system('/usr/bin/yum clean all');
    print "Updating yum...\n";
    system('/usr/bin/yum -y upgrade yum yum-rhn-plugin');
    print "Synchronizing system info into satellite server...\n";
    system('/usr/sbin/rhn-profile-sync');
  } else {
    print "Updating up2date...\n";
    system('/usr/sbin/up2date up2date');
    print "Synchronizing system info into satellite server...\n";
    system('/usr/sbin/up2date -p');
  }

  print "Satellite server reconfiguration and registration complete.\n";

};
$err = $@ if $@;

# Cleanup  - on success or failure!
system('rm -rf /tmp/rhnreg');

# Die with information message if there was an error
die "Script Failure: $err\n" if $err;

exit 0;

#------------------------------------------------------------------------------
# Determine activation key to use based on redhat system type, release, and
# whether or not it's running in a virtual machine (assumes vmware tools installed).
#------------------------------------------------------------------------------
sub calc_key {

   die("Unable to determine redhat release\n") unless -r '/etc/redhat-release';
   my $release = `/bin/cat /etc/redhat-release`;
   chomp($release);
   my $proc = `/bin/uname -p`;
   my $vm = -e '/usr/sbin/vmware-guestd';

   my $bits = 32;
   $bits = 64 if $proc =~ m/^(x86_64)$/;

   print "Redhat Release: $release - $bits bit\n";
   print "   Environment: ", $vm ? 'Virtual Machine' : 'Native Hardware', "\n";
  
   my $activationkey = '';
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux Server release 7.5/ && $bits == 32 && $vm  );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux Server release 7.5/ && $bits == 64 && $vm  );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux Server release 7/ && $bits == 32 && $vm  );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux Server release 7/ && $bits == 64 && $vm  );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux Server release 7/ && $bits == 32 && !$vm );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux Server release 7/ && $bits == 64 && !$vm );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux Server release 6/ && $bits == 32 && $vm  );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux Server release 6/ && $bits == 64 && $vm  );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux Server release 6/ && $bits == 32 && !$vm );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux Server release 6/ && $bits == 64 && !$vm );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux Server release 5/ && $bits == 32 && $vm  );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux Server release 5/ && $bits == 64 && $vm  );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux Server release 5/ && $bits == 32 && !$vm );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux Server release 5/ && $bits == 64 && !$vm );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux AS release 4/ && $bits == 32 && $vm );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux AS release 4/ && $bits == 64 && $vm );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux AS release 4/ && $bits == 32 && !$vm );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux AS release 4/ && $bits == 64 && !$vm );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux AS release 3/ && $bits == 32 && $vm );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux AS release 3/ && $bits == 64 && $vm );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux AS release 3/ && $bits == 32 && !$vm );
   $activationkey = '62-036fe3317019aa8109953cce5d44dd09' if ( $release =~ m/^Red Hat Enterprise Linux AS release 3/ && $bits == 64 && !$vm );

   die('This release is not supported by this script') unless $activationkey;

   return $activationkey;
}

#------------------------------------------------------------------------------
# Update the up2date configuration file
#   1 - config file to update
#------------------------------------------------------------------------------
sub cfgupdate{
  my($file) = @_;

  system("/bin/cp $file $file~");
  open(IN, "<$file~");
  open(OUT, ">$file");
  while(<IN>) {
    if ( m/^\s*serverURL=\S+/ ) {
      print OUT "serverURL=https://satellite.it.ubc.ca/XMLRPC\n";
    } elsif ( m/^\s*sslCACert=\S+/ ) {
      print OUT "sslCACert=/usr/share/rhn/SATELLITE-IT-UBC-CA-CERT\n";
    } else {
      print OUT $_;
    }
  }
  close(IN);
  close(OUT);
}

#------------------------------------------------------------------------------
# Fetch a file from a URL - validate it's md5 checksum
#   1 - URL to fetch
#   2 - Expected MD5 sum of file
#
# All files are retrieved into the /tmp/rhnreg directory
#------------------------------------------------------------------------------
sub fetch {
  my($url, $md5sum) = @_;
  our($wget);

  # The first time this subroutine is called we test which wget options are
  # supported and determine the command to use to retrieve web content.
  if ( !defined($wget) ) {
    die('/usr/bin/wget not found') unless -e '/usr/bin/wget';
    die('/usr/bin/wget not executable') unless -x '/usr/bin/wget';
    $wget = '/usr/bin/wget -q';
    my $output = `LANG=en_US /usr/bin/wget --no-check-certificate 2>&1`;
    $wget .=  $output =~ m/unrecognized option/gi ? '' : ' --no-check-certificate';
  }

  # Extract the file name from the last level of the URL.
  $url =~ m|.*/(.*)$|;
  my $file = "/tmp/rhnreg/$1";

  # Fetch the file
  system("$wget -O $file $url");
  die("Failure fetching '$url'\n") unless -e $file;

  # Extract and compare the MD5 checksums
  my $md5data = `/usr/bin/md5sum $file`;
  $md5data =~ m/^(\S+)/;
  my $md5 = $1;
  die("Checksum failure for url '$url': checksum=$md5 expected=$md5sum\n") unless $md5 eq $md5sum;

}