#!/bin/bash

# IBM(c) 2014 EPL license http://www.eclipse.org/legal/epl-v10.html
#-------------------------------------------------------------------------------
#=head1  setupdockerhost
#=head2  Used on Linux only. Configure SSL connection and docker network object on docker host
#
#  You can run the following commands on MN:
#       updatenode noderange -P "setupdockerhost netname=net/mask@gateway:nicname"
#
#=cut
#-------------------------------------------------------------------------------
set -x
if [ "$(uname -s|tr 'A-Z' 'a-z')" = "linux" ];then
    str_dir_name=`dirname $0`
    . $str_dir_name/xcatlib.sh
fi

if [[ "$OSVER" != ubuntu* ]]; then
    echo "OS = $OSVER: Setup of Docker host is currently supported only on Ubuntu."
    exit 1
fi

if [[ "$ARCH" == "x86_64" ]]; then
    # Check if docker-engine is installed
    dpkg -l docker-engine
    if [ $? -ne 0 ]; then
        echo "Error: can not detect docker-engine installation."
        exit 1
    fi
fi

if [[ "$ARCH" == "ppc64el" ]]; then
    # Check if docker.io is installed
    dpkg -l docker.io
    if [ $? -ne 0 ]; then
        echo "Error: can not detect docker.io installation."
        exit 1
    fi
fi

# Docker is installed, check that it is running
docker info
if [ $? -ne 0 ]; then
    echo "Docker is not running, Trying to restart."
    service docker start
fi

DOCKER_VERSION=`docker info 2>/dev/null | grep "Server Version:" | awk -F: '{print $2}'`
if [ -z "$DOCKER_VERSION" ];then
    echo "Error: failed to get docker server version"
    exit 1
fi
MAJOR_VERSION=`echo $DOCKER_VERSION | awk -F. '{print $1}'`
MINOR_VERSION=`echo $DOCKER_VERSION | awk -F. '{print $2}'`
if [ -z "$MAJOR_VERSION" -o -z "$MINOR_VERSION" ]; then
    echo "The docker version $DOCKER_VERSION can not be recorgnized"
    exit 1
elif [  $MAJOR_VERSION -le 1 -a $MINOR_VERSION -lt 10 ]; then
    echo "Only docker version 1.10.x and above is supported"
    exit 1
fi

netname=""
net=""
mask=""
gateway=""
nicname=""

if [ $# -ne 1 ]; then
    echo "Error: must be in format '$0 netname=net/mask@gateway[:nicname]'"
    exit 1
else
    NETINFO="$1"
    netname=`echo $NETINFO | awk -F= '{print $1}'`
    netinfo=`echo $NETINFO | awk -F= '{print $2}'`
    net=${netinfo%%/*}
    mask=`echo $netinfo | awk -F'@' '{print $1}' | awk -F/ '{print $2}'`
    gateway=`echo $netinfo | awk -F'@' '{print $2}' | awk -F: '{print $1}'`
    nicname=`echo $netinfo | awk -F: '{print $2}'`
    if [ ! -z "$nicname" ]; then
        if [ ! -x /sbin/brctl ]; then
            echo "Error: /sbin/brctl command not found. Not able to configure $nicname"
            exit 1;
        fi
    fi

    if [ -z "$netname" -o -z "$net" -o -z "$mask" -o -z "$gateway" ]; then
        echo "Error: must be in format '$0 netname=net/mask@gateway[:nicname]'"
        exit 1
    fi
fi


#Setup TLS
master=$MASTER
if ! ping $master -c 1 > /dev/null 2>&1 ; then
    echo "Error: Host $master is not reachable"
    exit 1
fi

if [ ! -d /root/.docker ]; then
    mkdir -p /root/.docker
fi

HOST_CA_PEM="/root/.docker/ca-cert.pem"
HOST_CERT_PEM="/root/.docker/dockerhost-cert.pem"

allowcred.awk &
CREDPID=$!
sleep 1

getcredentials.awk xcat_dockerhost_cert | grep -E -v '</{0,1}xcatresponse>|</{0,1}serverdone>' | sed -e 's/&lt;/</' -e 's/&gt;/>/' -e 's/&amp;/&/' -e 's/&quot/"/' -e "s/&apos;/'/" > /tmp/xcat_dockerhost_cert

kill -9 $CREDPID

grep -E '<error>' /tmp/xcat_dockerhost_cert
if [ $? -ne 0 ]; then
    cat /tmp/xcat_dockerhost_cert |
    cat /tmp/xcat_dockerhost_cert | grep -E -v '</{0,1}errorcode>|/{0,1}data>|</{0,1}content>|</{0,1}desc>' >$HOST_CERT_PEM
else
    echo "Error: can not get dockerhost certificate files"
    exit 1
fi

cp /xcatpost/ca/ca-cert.pem $HOST_CA_PEM

if [ ! -e $HOST_CA_PEM -o ! -e $HOST_CERT_PEM ];then
    echo "Error: can not get dockerhost certificate files"
    exit 1
fi

docker_conf_file="/etc/default/docker"
if [ ! -f "$docker_conf_file" ]; then
    echo "Error: file $docker_conf_file does not exist"
    exit 1
fi
if ! grep "^DOCKER_OPTS" $docker_conf_file > /dev/null 2>&1 ; then
    echo "DOCKER_OPTS=\"-H unix:///var/run/docker.sock -H tcp://`hostname`:2375 --tls --tlscacert=$HOST_CA_PEM --tlscert=$HOST_CERT_PEM --tlskey=$HOST_CERT_PEM --tlsverify=true\"" >> $docker_conf_file
else
    if grep "^DOCKER_OPTS.*tlsverify" $docker_conf_file > /dev/null 2>&1; then
        sed -i "s@-H [^ |^\"]*@@g" $docker_conf_file
        sed -i "s@--tlscacert=[^ |^\"]*@@g" $docker_conf_file
        sed -i "s@--tlscert=[^ |^\"]*@@g" $docker_conf_file
        sed -i "s@--tlskey=[^ |^\"]*@@g" $docker_conf_file
        sed -i "s@--tlsverify=[^ |^\"]*@@g" $docker_conf_file
        sed -i "s@--tls@@g" $docker_conf_file
        sed -i "s@\ \{2,\}@@g" $docker_conf_file
    fi
    sed -i "s@^\(DOCKER_OPTS\=\"[^\"]*\)@\1 -H unix:///var/run/docker.sock -H tcp://`hostname`:2375 --tls --tlscacert=$HOST_CA_PEM --tlscert=$HOST_CERT_PEM --tlskey=$HOST_CERT_PEM --tlsverify=true\"@" $docker_conf_file
    sed -i 's/\"\{2,\}/\"/' $docker_conf_file
fi

#Restart docker service
service docker stop
sleep 2
systemctl daemon-reload
service docker start
# It is found that sometimes the docker ps will failed if run immediately after restart docker daemon
sleep 2
docker ps
if [ $? -ne 0 ]; then
    echo "Error: Failed to start Docker service"
    exit 1
fi

echo "Will create network based on: $net/$mask@$gateway===$nicname:$netname====="

ret=`docker network create --gateway=$gateway --subnet=$net/$mask -o "com.docker.network.bridge.host_binding_ipv4"="$gateway" -o "com.docker.network.bridge.name"="$netname" $netname 2>&1`
if [ $? -ne 0 ]; then
    echo "Error: Creation of network object \"$netname\" failed: $ret"
    exit 1
fi
if [ ! -z "$nicname" ]; then
    brctl addif $netname $nicname
    default_info=`ip route | grep default | grep "dev $nicname" | grep via`
    if [ ! -z "$default_info" ]; then
        default_gw=`echo $default_info | awk '{print $3}'`
        ip route replace default dev $netname via $default_gw
    fi
    nic_ip_info=`ip addr show dev $nicname scope global | grep inet | sed -e 's/inet.//'|awk '{print $1}'`
    if [ ! -z "$nic_ip_info" ]; then
        ip addr del $nic_ip_info dev $nicname
    fi
    bridge_ip_info=`ip addr show dev $netname scope global | grep inet | sed -e 's/inet.//'|awk '{print $1}'`
    if [ -z "$bridge_ip_info" ]; then
        ip addr add $gateway/$mask dev $netname
    fi
fi

exit 0
