#!/bin/bash

# IBM(c) 2014 EPL license http://www.eclipse.org/legal/epl-v10.html
#-------------------------------------------------------------------------------
#=head1  setupdockerhost
#=head2  Used on Linux only. Configure docker host
#
#  You can run the following commands on MN:
#       updatenode noderange setupdockerhost (To use the default bridge mydocker0 for docker services)
#       updatenode noderange "setupdockerhost -b=dockerbr0" (To specify the bridge which will be used by docker services)
#
#
#=cut
#-------------------------------------------------------------------------------
set -x
if [ "$(uname -s|tr 'A-Z' 'a-z')" = "linux" ];then
    str_dir_name=`dirname $0`
    . $str_dir_name/xcatlib.sh
fi

if [[ "$OSVER" != ubuntu* ]]; then 
    echo "Sorry, only ubuntu is supported at present"
    exit 1
fi    

# When running setupdockerhost, we suppose either the default bridge mydocker0 or the specified bridge had been configured, check it here before doing anything else

dockerbr="mydocker0"
for arg in "$@"
do 
    if [ "${arg:0:2}" = "-b" ];then
        dockerbr=${arg#-b=}
    fi
done

# To check whether the brctl have been installed
if ! which brctl > /dev/null; then
    echo "No bridge-utils installed, can not check bridge info"
    exit 1
fi

old_ifs=$IFS
IFS=$','
dockerbrs=($dockerbr)
IFS=$old_ifs
for br in ${dockerbrs[@]}
do 
    if ! brctl showstp $br > /dev/null; then
        echo "$br: doesn't configured properly"
        exit 1
    fi 
done

#After check the bridge, we need to replace or add bridge for docker options
# 3 scenarios
# 1. No DOCKER_OPTS ====> add DOCKER_OPTS="-b=$dockerbr" line
# 2. Have DOCKER_OPTS but no "-b" parameter ====> append "-b=$dockerbr" to DOCKER_OPTS
# 3. Have "-b" parameter in DOCKER_OPTS ====> replace "-b=xxx" with "-b=$dockerbr"
docker_conf_file="/etc/default/docker"
if [ ! -f "$docker_conf_file" ]; then
    echo "Error: file $docker_conf_file not exist"
    exit 1
fi
if ! grep "^DOCKER_OPTS" $docker_conf_file > /dev/null 2>&1 ; then
    echo "DOCKER_OPTS=\"-b=$dockerbr\"" >> $docker_conf_file
else
    sed -i "s/-b=[^ |^\"]*//g" $docker_conf_file
    sed -i "s@\ \{2,\}@@g" $docker_conf_file
    sed -i "s@^\(DOCKER_OPTS\=\"[^\"]*\)@\1 -b=$dockerbr\"@" $docker_conf_file
    sed -i "s/\"+$/\"/" $docker_conf_file
    sed -i "s/\"\{2,\}/\"/" $docker_conf_file
fi

#Restart docker service
service docker restart
if ! docker ps >/dev/null 2>&1; then 
    echo "Docker service starting failed"
    exit 1
fi

#Setup TLS 
master=$MASTER
if ! ping $master -c 1 > /dev/null 2>&1 ; then  
    echo "Host $master is not reachable"
    exit 1
fi 

if [ ! -d /root/.docker ]; then
    mkdir -p /root/.docker
fi

HOST_CA_PEM="/root/.docker/ca-cert.pem"
HOST_CERT_PEM="/root/.docker/dockerhost-cert.pem"

allowcred.awk &
CREDPID=$!
sleep 1

getcredentials.awk xcat_dockerhost_cert | grep -E -v '</{0,1}xcatresponse>|</{0,1}serverdone>' | sed -e 's/&lt;/</' -e 's/&gt;/>/' -e 's/&amp;/&/' -e 's/&quot/"/' -e "s/&apos;/'/" > /tmp/xcat_dockerhost_cert

kill -9 $CREDPID

grep -E '<error>' /tmp/xcat_dockerhost_cert
if [ $? -ne 0 ]; then
    cat /tmp/xcat_dockerhost_cert |  
    cat /tmp/xcat_dockerhost_cert | grep -E -v '</{0,1}errorcode>|/{0,1}data>|</{0,1}content>|</{0,1}desc>' >$HOST_CERT_PEM
else 
    echo "Can not get dockerhost certificate files"
    exit 1
fi

cp /xcatpost/ca/ca-cert.pem $HOST_CA_PEM

if [ ! -e $HOST_CA_PEM -o ! -e $HOST_CERT_PEM ];then
    echo "Can not get dockerhost certificate files"
    exit 1
fi

docker_conf_file="/etc/default/docker"
if [ ! -f "$docker_conf_file" ]; then
    echo "Error: file $docker_conf_file not exist"
    exit 1
fi
if ! grep "^DOCKER_OPTS" $docker_conf_file > /dev/null 2>&1 ; then
    echo "DOCKER_OPTS=\"-H tcp://`hostname`:2375 --tls --tlscacert=$HOST_CA_PEM --tlscert=$HOST_CERT_PEM --tlskey=$HOST_CERT_PEM --tlsverify=true\"" >> $docker_conf_file
else
    if grep "^DOCKER_OPTS.*tlsverify" $docker_conf_file > /dev/null 2>&1; then
        sed -i "s@-H [^ |^\"]*@@g" $docker_conf_file
        sed -i "s@--tlscacert=[^ |^\"]*@@g" $docker_conf_file
        sed -i "s@--tlscert=[^ |^\"]*@@g" $docker_conf_file
        sed -i "s@--tlskey=[^ |^\"]*@@g" $docker_conf_file
        sed -i "s@--tlsverify=[^ |^\"]*@@g" $docker_conf_file
        sed -i "s@--tls@@g" $docker_conf_file
        sed -i "s@\ \{2,\}@@g" $docker_conf_file
    fi 
    sed -i "s@^\(DOCKER_OPTS\=\"[^\"]*\)@\1 -H tcp://`hostname`:2375 --tls --tlscacert=$HOST_CA_PEM --tlscert=$HOST_CERT_PEM --tlskey=$HOST_CERT_PEM --tlsverify=true\"@" $docker_conf_file
    sed -i 's/\"\{2,\}/\"/' $docker_conf_file
fi

#Restart docker service
service docker restart
if ! docker ps >/dev/null 2>&1; then 
    echo "Docker service starting failed"
    exit 1
fi

