#!/bin/sh -e


install_conf() {
	echo "Installing configuration file: $1"
	[ -s "$1" -a ! -f "$1.BACKUP" ] && cp -f "$1" "$1.BACKUP"
	[ -f "$1.yandex" ] && cp -f "$1.yandex" "$1"
}

check_mod() {
	mod=$1 ; shift
	own=$1 ; shift

	echo "Checking file or directory $@ for mod $mod and owner $own"
	if [ -d "$@" -o -f "$@" ] ; then
		chmod $mod "$@"
		chown $own "$@"
	fi
}

check_exist() {
	what=$1 ; shift
	mod=$1 ; shift
	own=$1 ; shift

	case $what in
		-f)
			echo "Checking if file $@ exists"
			[ ! -f "$@" ] && mkdir -p "${@%/*}" && touch "$@"
			;;
		-d)
			echo "Checking if directory $@ exists"
			[ ! -d "$@" ] && mkdir -p "$@"
			;;
		*)
			;;
	esac
	check_mod $mod $own $@
}

check_conductor_group() {
        local _group=$1

        if [ -z "$HOSTNAME" ] ; then
                HOSTNAME="$(/bin/hostname)"
        fi
        if [ -z "$GROUPSLIST" ] ; then
                GROUPSLIST="$(/usr/bin/curl -ks https://c.yandex-team.ru/api/hosts2groups/$HOSTNAME)"
        fi

        return $(awk -vG="$_group" 'BEGIN {for (i=1;i<ARGC;++i) if (ARGV[i] == G) {print 0; exit}; print 1}' $GROUPSLIST)
}


#-------------------------------------------------------------------------


post_install() {
	DEFAULT_SETTINGS="/etc/default/kubelet"
	KUBLET_CONF="/etc/kubernetes/kubelet.conf"
	CRI_CONF="/etc/containerd/config.toml"
	JOIN_TOKEN_FILE="/place/keys/join.token"
	CLUSTER_SECRET_FILE="/place/keys/cluster.json"
	REGISTRY_SECRET_FILE="/var/lib/kubelet/config.json"
        SEC_SCRIPT="/usr/local/bin/get_secrets.py"
	SEC_CACHE="/dev/shm/secret.cache"

        GLIST="$(echo '
		solomon_test		: sas	: testing
        ' | awk 'gsub(/[ \t]*:[ \t]*/, ":")')"


	# set environment
        FOUND=false
        for G in $GLIST ; do
                COND_GROUP=$(echo $G | awk -vFS=":" '{print $1}')
                if check_conductor_group $COND_GROUP ; then
                        DC=$(echo $G | awk -vFS=":" '{print $2}')
                        EV=$(echo $G | awk -vFS=":" '{print $3}')

                        echo "Server group is '$COND_GROUP' using '$EV' environment"
                        FOUND=true
                        break
                fi
        done
        if ! $FOUND ; then
                echo "Cannot determine host environment!"
                exit 1
        fi
        if [ "$SUDO_USER" = "z2" ] ; then
                export SUDO_USER="robot-skc"
        fi


	# get secrets
	SEC_ID="sec-01fcankpg2g65x3tw7sf2vcjpe"
	rm -vf $SEC_CACHE
	$SEC_SCRIPT -i $SEC_ID -f $REGISTRY_SECRET_FILE -o root:root -p 400 -k registry --format "{value}"
	$SEC_SCRIPT -i $SEC_ID -f $CLUSTER_SECRET_FILE  -o root:root -p 400 -k $DC --format "{value}"
	rm -vf $SEC_CACHE

	MASTER="$(python -c 'import json; print(json.load(open("'${CLUSTER_SECRET_FILE}'")).get("master", ""))' 2>/dev/null)"
	check_exist -f 600 root:root $JOIN_TOKEN_FILE
	python -c 'import json; print(json.load(open("'${CLUSTER_SECRET_FILE}'")).get("join-token", ""))' > $JOIN_TOKEN_FILE 2>/dev/null


	# install configs
	install_conf $KUBLET_CONF
	sed -i "s#__MASTER_ADDRESS__#${MASTER}#" $KUBLET_CONF
	install_conf $DEFAULT_SETTINGS
	sed -i "s#__ENV__#${EV}#; s#__CLUSTER__#${COND_GROUP}#" $DEFAULT_SETTINGS
	install_conf $CRI_CONF


	# set certificates and secret key
	/usr/local/bin/kubelet_configure.py -s $MASTER cert -i $JOIN_TOKEN_FILE


	# manage services
	/bin/systemctl daemon-reload

	SVC="cni-mtn-configure"
	if [ -f /etc/systemd/system/${SVC}.service ] ; then
		if ! /bin/systemctl enable ${SVC} ; then
			echo "Cannot enable ${SVC} service!"
		fi
		if ! /bin/systemctl restart ${SVC} ; then
			echo "Cannot restart ${SVC} service!"
		fi
	fi
	# restart containerd always
	SVC="containerd"
	# CONATINERS_PRESENT="$(crictl -r unix:///run/containerd/containerd.sock -t 2s ps -q --state running 2>/dev/null || true)"
	CONATINERS_PRESENT=""
	if [ -z "$CONATINERS_PRESENT" ] ; then
		if ! /bin/systemctl restart ${SVC} ; then
       	                echo "Cannot restart ${SVC} service!"
		else
			sleep 1
                fi
	else
		echo "Not restarting ${SVC}: containers present!"
	fi
	SVC="kubelet"
	if /bin/systemctl is-active ${SVC} >/dev/null ; then
		if ! /bin/systemctl restart ${SVC} ; then
                        echo "Cannot restart ${SVC} service!"
                fi
	fi


	# pull default image
	/usr/local/bin/image-pull.sh
}


#-------------------------------------------------------------------------


case "$1" in
	configure)
		post_install
	;;

	abort-upgrade|abort-remove|abort-deconfigure)
	;;

	*)
		echo "postinst was called with unknown argument '$1'" >&2
		exit 1
	;;
esac

#DEBHELPER#

exit 0
