#!/bin/bash
# Exit immediately if anything goes wrong, instead of making things worse.
set -e

source $REPO_ROOT/bootstrap/shared/shared_functions.sh

setglobal REQUIRED_VARS = ''( BOOTSTRAP_CHEF_DO_CONVERGE BOOTSTRAP_CHEF_ENV BCPC_HYPERVISOR_DOMAIN FILECACHE_MOUNT_POINT REPO_MOUNT_POINT REPO_ROOT )
check_for_envvars $(REQUIRED_VARS[@])

# This script does a lot of stuff:
# - installs Chef Server on the bootstrap node
# - installs Chef client on all nodes

# It would be more efficient as something executed in one shot on each node, but
# doing it this way makes it easy to orchestrate operations between nodes. In some cases,
# commands can be &&'d together to avoid SSHing repeatedly to a node (SSH setup/teardown
# can add a fair amount of time to this script).

cd $REPO_ROOT/bootstrap/vagrant_scripts

# use Chef Server embedded knife instead of the one in /usr/bin
setglobal KNIFE = '/opt/opscode/embedded/bin/knife'

# install and configure Chef Server 12 and Chef 12 client on the bootstrap node
# move nginx insecure to 4000/TCP is so that Cobbler can run on the regular 80/TCP
if [[ -n "$CHEF_SERVER_DEB" ]] {
    setglobal debpath = ""$FILECACHE_MOUNT_POINT/$CHEF_SERVER_DEB""
    setglobal CHEF_SERVER_INSTALL_CMD = ""sudo dpkg -i $debpath""
} else {
    setglobal CHEF_SERVER_INSTALL_CMD = ""sudo dpkg -i \$(find $FILECACHE_MOUNT_POINT/ -name chef-server\*deb -not -name \*downloaded | tail -1)""
}
if [[ -n "$CHEF_CLIENT_DEB" ]] {
    setglobal debpath = ""$FILECACHE_MOUNT_POINT/$CHEF_CLIENT_DEB""
    setglobal CHEF_CLIENT_INSTALL_CMD = ""sudo dpkg -i $debpath""
} else {
    setglobal CHEF_CLIENT_INSTALL_CMD = ""sudo dpkg -i \$(find $FILECACHE_MOUNT_POINT/ -name chef_\*deb -not -name \*downloaded | tail -1)""
}
unset debpath
do_on_node vm-bootstrap "$CHEF_SERVER_INSTALL_CMD \
  && sudo sh -c \"echo nginx[\'non_ssl_port\'] = 4000 > /etc/opscode/chef-server.rb\" \
  && sudo chef-server-ctl reconfigure \
  && sudo chef-server-ctl user-create admin admin admin admin@localhost.com welcome --filename /etc/opscode/admin.pem \
  && sudo chef-server-ctl org-create bcpc BCPC --association admin --filename /etc/opscode/bcpc-validator.pem \
  && sudo chmod 0644 /etc/opscode/admin.pem /etc/opscode/bcpc-validator.pem \
  && $CHEF_CLIENT_INSTALL_CMD"

# configure knife on the bootstrap node and perform a knife bootstrap to create the bootstrap node in Chef
do_on_node vm-bootstrap "mkdir -p \$HOME/.chef && echo -e \"chef_server_url 'https://bcpc-vm-bootstrap.$BCPC_HYPERVISOR_DOMAIN/organizations/bcpc'\\\nvalidation_client_name 'bcpc-validator'\\\nvalidation_key '/etc/opscode/bcpc-validator.pem'\\\nnode_name 'admin'\\\nclient_key '/etc/opscode/admin.pem'\\\nknife['editor'] = 'vim'\\\ncookbook_path [ \\\"#{ENV['HOME']}/chef-bcpc/cookbooks\\\" ]\" > \$HOME/.chef/knife.rb \
  && $KNIFE ssl fetch \
  && $KNIFE bootstrap -x vagrant -P vagrant --sudo 10.0.100.3"

# Initialize VM lists
setglobal vms = '"vm1 vm2 vm3'"
if test $MONITORING_NODES -gt 0 {
  setglobal i = '1'
  while test $i -le $MONITORING_NODES {
    setglobal mon_vm = ""vm$[expr 3 + $i]""
    setglobal mon_vms = ""$mon_vms $mon_vm""
    setglobal i = $[expr $i + 1]
  }
}

# install the knife-acl plugin into embedded knife, rsync the Chef repository into the non-root user
# (vagrant)'s home directory, and add the dependency cookbooks from the file cache
do_on_node vm-bootstrap "sudo /opt/opscode/embedded/bin/gem install $FILECACHE_MOUNT_POINT/knife-acl-1.0.2.gem \
  && rsync -a $REPO_MOUNT_POINT/* \$HOME/chef-bcpc \
  && cp $FILECACHE_MOUNT_POINT/cookbooks/*.tar.gz \$HOME/chef-bcpc/cookbooks \
  && cd \$HOME/chef-bcpc/cookbooks && ls -1 *.tar.gz | xargs -I% tar xvzf %"

# build binaries before uploading the bcpc cookbook
# (this step will change later but using the existing build_bins script for now)
do_on_node vm-bootstrap "sudo apt-get update \
  && cd \$HOME/chef-bcpc \
  && sudo bash -c 'export FILECACHE_MOUNT_POINT=$FILECACHE_MOUNT_POINT \
  && source \$HOME/proxy_config.sh && bootstrap/shared/shared_build_bins.sh'"

# upload all cookbooks, roles and our chosen environment to the Chef server
# (cookbook upload uses the cookbook_path set when configuring knife on the bootstrap node)
do_on_node vm-bootstrap "$KNIFE cookbook upload -a \
  && cd \$HOME/chef-bcpc/roles && $KNIFE role from file *.json \
  && cd \$HOME/chef-bcpc/environments && $KNIFE environment from file $BOOTSTRAP_CHEF_ENV.json"

# install and bootstrap Chef on cluster nodes
setglobal i = '1'
for vm in [$vms $mon_vms] {
  # Try to install a specific version, or just the latest
  if [[ -z "$CHEF_CLIENT_DEB" ]] {
    echo "Installing latest chef-client found in $vm:$FILECACHE_MOUNT_POINT"
  }
  do_on_node $vm $CHEF_CLIENT_INSTALL_CMD
  do_on_node vm-bootstrap "$KNIFE bootstrap -x vagrant -P vagrant --sudo 10.0.100.1$(i)"
  setglobal i = $[expr $i + 1]
}

# augment the previously configured nodes with our newly uploaded environments and roles
setglobal ENVIRONMENT_SET = ''""
for vm in [vm-bootstrap $vms $mon_vms] {
  setglobal ENVIRONMENT_SET = ""$ENVIRONMENT_SET $KNIFE node environment set bcpc-$vm.$BCPC_HYPERVISOR_DOMAIN $BOOTSTRAP_CHEF_ENV && ""
}
setglobal ENVIRONMENT_SET = ""$ENVIRONMENT_SET :""
do_on_node vm-bootstrap $ENVIRONMENT_SET

do_on_node vm-bootstrap "$KNIFE node run_list set bcpc-vm-bootstrap.$BCPC_HYPERVISOR_DOMAIN 'role[BCPC-Hardware-Virtual],role[BCPC-Bootstrap]' \
  && $KNIFE node run_list set bcpc-vm1.$BCPC_HYPERVISOR_DOMAIN 'role[BCPC-Hardware-Virtual],role[BCPC-Headnode]' \
  && $KNIFE node run_list set bcpc-vm2.$BCPC_HYPERVISOR_DOMAIN 'role[BCPC-Hardware-Virtual],role[BCPC-Worknode]' \
  && $KNIFE node run_list set bcpc-vm3.$BCPC_HYPERVISOR_DOMAIN 'role[BCPC-Hardware-Virtual],role[BCPC-EphemeralWorknode]'"

# set bootstrap, vm1 and mon vms (if any) as admins so that they can write into the data bag
setglobal ADMIN_SET = '"true && '"
for vm in [vm-bootstrap vm1 $mon_vms] {
  setglobal ADMIN_SET = ""$ADMIN_SET $KNIFE group add client bcpc-$vm.$BCPC_HYPERVISOR_DOMAIN admins && ""
}
setglobal ADMIN_SET = ""$ADMIN_SET :""
do_on_node vm-bootstrap $ADMIN_SET

# Clustered monitoring setup (>1 mon VM) requires completely initialized node attributes for chef to run
# on each node successfully. If we are not converging automatically, set run_list (for mon VMs) and exit.
# Otherwise, each mon VM needs to complete chef run first before setting the next node's run_list.
if [[ $BOOTSTRAP_CHEF_DO_CONVERGE -eq 0 ]] {
  for vm in [$mon_vms] {
    do_on_node vm-bootstrap "$KNIFE node run_list set bcpc-$vm.$BCPC_HYPERVISOR_DOMAIN 'role[BCPC-Monitoring]'"
  }
  echo "BOOTSTRAP_CHEF_DO_CONVERGE is set to 0, skipping automatic convergence."
  exit 0
} else {
  # run Chef on each node
  do_on_node vm-bootstrap "sudo chef-client"
  for vm in [$vms] {
    do_on_node $vm "sudo chef-client"
  }
  # run on head node one last time to update HAProxy with work node IPs
  do_on_node vm1 "sudo chef-client"
  # HUP OpenStack services on each node to ensure everything's in a working state
  for vm in [$vms] {
    do_on_node $vm "sudo hup_openstack || true"
  }
  # Run chef on each mon VM before assigning next node for monitoring.
  for vm in [$mon_vms] {
    do_on_node vm-bootstrap "$KNIFE node run_list set bcpc-$vm.$BCPC_HYPERVISOR_DOMAIN 'role[BCPC-Monitoring]'"
    do_on_node $vm "sudo chef-client"
  }
  # Run chef on each mon VM except the last node to update cluster components
  for vm in [$[echo $mon_vms | awk '{$NF=""}1]] {
    do_on_node $vm "sudo chef-client"
  }
}