#!/bin/sh

set -e

SBCONF=/etc/supply-baremetal/supply-baremetal.conf

. /usr/share/openstack-pkg-tools/pkgos_func

if ! [ -e ${SBCONF} ] ; then
	echo "Missing config file"
	exit 1
fi

load_config_file () {
	# Load supply-baremetal.conf
	TMPF=$(mktemp -t $(basename $0)-load-cfg-file.XXXXXX)
	grep -v -E '^\[.*' ${SBCONF} >${TMPF}
	sed -i -e 's/[[:space:]]//g' ${TMPF}
	. ${TMPF}
	rm -f ${TMPF}
}

load_config_file

if [ -z "${machine_ip}" ] ; then
	machine_ip=$(hostname -i)
fi

if [ -z "${machine_hostname}" ] ; then
        machine_hostname=$(hostname --fqdn)
fi

if [ -z "${api_fqdn}" ] ; then
	api_fqdn=$(hostname --fqdn)
fi

if [ -z "${region_name}" ] ; then
	echo "Please set a region_name in supply-baremetal.conf"
fi

fix_random_pass () {
	local VAR_NAME
	VAR_NAME=${1}

	pkgos_inifile get ${SBCONF} passwords ${VAR_NAME}
	if [ "${RET}" = "NOT_FOUND" ] ; then
		if [ "${VAR_NAME}" = "pass_nova_ssh_pub" ] ; then
			TMPF=$(mktemp -u -t $(basename $0)-nova-ssh-key.XXXXXX)
			ssh-keygen -t rsa -f ${TMPF} -P '' 1>/dev/null 2>/dev/null
			private_key=$(cat ${TMPF} | base64 | tr -d "\n")
			public_key=$(cat ${TMPF}.pub | awk '{print $2}')
			pkgos_add_directive ${SBCONF} passwords pass_nova_ssh_pub= "# ssh pub key" ${public_key}
			pkgos_add_directive ${SBCONF} passwords pass_nova_ssh_priv= "# ssh priv key" ${private_key}
			rm -f ${TMPF} ${TMPF}.pub
		else
			PASS=$(openssl rand -hex 32)
			pkgos_add_directive ${SBCONF} passwords ${VAR_NAME}= "# ${VAR_NAME}" ${PASS}
		fi
	fi

	load_config_file

	pkgos_inifile get ${SBCONF} passwords ${VAR_NAME}
	if [ -z "${RET}" ] ; then
		if [ "${VAR_NAME}" = "pass_nova_ssh_pub" ] ; then
			TMPF=$(mktemp -u -t $(basename $0)-nova-ssh-key.XXXXXX)
			ssh-keygen -t rsa -f ${TMPF} -P '' 1>/dev/null 2>/dev/null
			private_key=$(cat ${TMPF} | base64 | tr -d "\n")
			public_key=$(cat ${TMPF}.pub | awk '{print $2}')
			pkgos_inifile set ${SBCONF} passwords pass_nova_ssh_pub ${public_key}
			pkgos_inifile set ${SBCONF} passwords pass_nova_ssh_priv ${private_key}
			rm -f ${TMPF} ${TMPF}.pub
		else
			PASS=$(openssl rand -hex 32)
			pkgos_inifile set ${SBCONF} passwords ${VAR_NAME} ${PASS}
		fi

		load_config_file
	fi
}

load_config_file
fix_random_pass pass_mysql_rootuser
fix_random_pass pass_mysql_backup

fix_random_pass pass_rabbitmq_cookie
fix_random_pass pass_rabbitmq_monitoring

fix_random_pass pass_keystone_adminuser
fix_random_pass pass_keystone_db
fix_random_pass pass_keystone_messaging
fix_random_pass pass_keystone_credkey1
fix_random_pass pass_keystone_credkey2
fix_random_pass pass_keystone_fernkey1
fix_random_pass pass_keystone_fernkey2

fix_random_pass pass_barbican_messaging
fix_random_pass pass_barbican_db
fix_random_pass pass_barbican_authtoken

fix_random_pass pass_metadata_proxy_shared_secret

fix_random_pass pass_neutron_messaging
fix_random_pass pass_neutron_db
fix_random_pass pass_neutron_authtoken

fix_random_pass pass_glance_messaging
fix_random_pass pass_glance_db
fix_random_pass pass_glance_authtoken

fix_random_pass pass_ironic_messaging
fix_random_pass pass_ironic_db
fix_random_pass pass_ironic_authtoken

fix_random_pass pass_ironic_inspector_messaging
fix_random_pass pass_ironic_inspector_db
fix_random_pass pass_ironic_inspector_authtoken

fix_random_pass pass_nova_messaging
fix_random_pass pass_nova_db
fix_random_pass pass_novaapi_db
fix_random_pass pass_nova_authtoken
fix_random_pass pass_nova_ssh_pub
fix_random_pass pass_nova_ssh_priv

fix_random_pass pass_placement_messaging
fix_random_pass pass_placement_db
fix_random_pass pass_placement_authtoken

fix_random_pass pass_haproxy_stats
load_config_file

if ! [ -e /var/lib/supply/ssl/ca/supply-pki-supply-ca-chain.pem ] ; then
	supply-gen-pki-root-ca 1>/dev/null 2>/dev/null
fi

supply_pki_root_ca_cert=$(base64 /var/lib/supply/ssl/ca/supply-pki-root-ca.pem | tr -d "\n")
supply_pki_supply_ca_cert=$(base64 /var/lib/supply/ssl/ca/supply-pki-supply-ca.pem | tr -d "\n")
supply_pki_supply_ca_chain=$(base64 /var/lib/supply/ssl/ca/supply-pki-supply-ca-chain.pem | tr -d "\n")

if ! [ -e /var/lib/supply/ssl/slave-nodes/${machine_hostname}/${machine_hostname}.pem ] ; then
	supply-gen-pki-node ${machine_hostname}
fi

supply_pki_machine_cert=$(base64 /var/lib/supply/ssl/slave-nodes/${machine_hostname}/${machine_hostname}.crt | tr -d "\n")
supply_pki_machine_csr=$(base64 /var/lib/supply/ssl/slave-nodes/${machine_hostname}/${machine_hostname}.csr | tr -d "\n")
supply_pki_machine_key=$(base64 /var/lib/supply/ssl/slave-nodes/${machine_hostname}/${machine_hostname}.key | tr -d "\n")
supply_pki_machine_pem=$(base64 /var/lib/supply/ssl/slave-nodes/${machine_hostname}/${machine_hostname}.pem | tr -d "\n")

echo "---"
echo "classes:"
echo "   supply::baremetal::controller:"
echo "      machine_ip: ${machine_ip}"
echo "      machine_hostname: ${machine_hostname}"
echo "      region_name: ${region_name}"

echo "      api_fqdn: ${api_fqdn}"
echo "      controller_ips:"
# TODO: Understand more than one controller
echo "        - ${machine_ip}"
echo "      controller_hostnames:"
echo "        - ${machine_hostname}"
echo "      controller_ids:"
echo "        - 1"

echo "      supply_pki_root_ca_cert: ${supply_pki_root_ca_cert}"
echo "      supply_pki_supply_ca_cert: ${supply_pki_supply_ca_cert}"
echo "      supply_pki_supply_ca_chain: ${supply_pki_supply_ca_chain}"

# TODO: Make it possible to use an API name different than the machine name
# and understand multi-node setups.
echo "      supply_pki_api_cert: ${supply_pki_machine_cert}"
echo "      supply_pki_api_key: ${supply_pki_machine_key}"
echo "      supply_pki_api_pem: ${supply_pki_machine_pem}"

echo "      supply_pki_machine_cert: ${supply_pki_machine_cert}"
echo "      supply_pki_machine_key: ${supply_pki_machine_key}"
echo "      supply_pki_machine_pem: ${supply_pki_machine_pem}"

echo "      pass_mysql_rootuser: ${pass_mysql_rootuser}"
echo "      pass_mysql_backup: ${pass_mysql_backup}"

echo "      pass_rabbitmq_cookie: ${pass_rabbitmq_cookie}"
echo "      pass_rabbitmq_monitoring: ${pass_rabbitmq_monitoring}"

echo "      pass_keystone_adminuser: ${pass_keystone_adminuser}"
echo "      pass_keystone_messaging: ${pass_keystone_messaging}"
echo "      pass_keystone_db: ${pass_keystone_db}"
echo "      pass_keystone_credkey1: ${pass_keystone_credkey1}"
echo "      pass_keystone_credkey2: ${pass_keystone_credkey2}"
echo "      pass_keystone_fernkey1: ${pass_keystone_fernkey1}"
echo "      pass_keystone_fernkey2: ${pass_keystone_fernkey2}"

echo "      pass_barbican_messaging: ${pass_barbican_messaging}"
echo "      pass_barbican_db: ${pass_barbican_db}"
echo "      pass_barbican_authtoken: ${pass_barbican_authtoken}"

echo "      pass_metadata_proxy_shared_secret: ${pass_metadata_proxy_shared_secret}"

echo "      pass_neutron_messaging: ${pass_neutron_messaging}"
echo "      pass_neutron_db: ${pass_neutron_db}"
echo "      pass_neutron_authtoken: ${pass_neutron_authtoken}"

echo "      pass_glance_messaging: ${pass_glance_messaging}"
echo "      pass_glance_db: ${pass_glance_db}"
echo "      pass_glance_authtoken: ${pass_glance_authtoken}"

echo "      pass_ironic_messaging: ${pass_ironic_messaging}"
echo "      pass_ironic_db: ${pass_ironic_db}"
echo "      pass_ironic_authtoken: ${pass_ironic_authtoken}"

echo "      pass_ironic_inspector_messaging: ${pass_ironic_inspector_messaging}"
echo "      pass_ironic_inspector_db: ${pass_ironic_inspector_db}"
echo "      pass_ironic_inspector_authtoken: ${pass_ironic_inspector_authtoken}"

echo "      pass_nova_messaging: ${pass_nova_messaging}"
echo "      pass_nova_db: ${pass_nova_db}"
echo "      pass_novaapi_db: ${pass_novaapi_db}"
echo "      pass_nova_authtoken: ${pass_nova_authtoken}"

echo "      pass_nova_ssh_pub: ${pass_nova_ssh_pub}"
echo "      pass_nova_ssh_priv: ${pass_nova_ssh_priv}"

echo "      pass_placement_messaging: ${pass_placement_messaging}"
echo "      pass_placement_db: ${pass_placement_db}"
echo "      pass_placement_authtoken: ${pass_placement_authtoken}"

echo "      pass_haproxy_stats: ${pass_haproxy_stats}"

# We'll activate these as we implement them.
echo "      has_glance: true"
echo "      has_neutron: true"
echo "      has_nova: true"
echo "      has_placement: true"
echo "      has_ironic: true"

echo "      multinode: false"
echo "      vip_ip: undef"

exit 0
