#!/bin/bash
# Create a virtual bridge with PXE services and matchbox
# USAGE: ./scripts/devnet create [example]
# USAGE: ./scripts/devnet status
# USAGE: ./scripts/devnet destroy
set -u

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

EXAMPLE=${2:-}
# Local Container Runtime (docker or rkt)
CONTAINER_RUNTIME="${CONTAINER_RUNTIME:-docker}"
BRIDGE=metal0
ASSETS_DIR="${ASSETS_DIR:-$PWD/examples/assets}"
CONFIG_DIR="${CONFIG_DIR:-$PWD/examples/etc/matchbox}"

COREOS_CHANNEL=stable
COREOS_VERSION=1520.8.0
MATCHBOX_ARGS=""

if [ "$EUID" -ne 0 ]
  then echo "Please run as root"
  exit
fi

function main {
  if [ "$#" -eq 0 ]; then
    usage
    exit 2
  fi
  case "$1" in
    "create") create;;
    "status") status;;
    "destroy") destroy;;
    *)
      usage
      exit 2
      ;;
  esac
}

function usage {
  echo "USAGE: ${0##*/} <command>"
  echo "Commands:"
  echo -e "\tcreate\tcreate matchbox and PXE services on the bridge"
  echo -e "\tstatus\tshow the status of matchbox and dnsmasq"
  echo -e "\tdestroy\tdestroy the services on the bridge"
}

function create {
  case "$CONTAINER_RUNTIME" in
    "rkt") rkt_create;;
    "docker") docker_create;;
    *) docker_create;;
  esac
}

function status {
  case "$CONTAINER_RUNTIME" in
    "rkt") rkt_status;;
    "docker") docker_status;;
    *) docker_status;;
  esac
}

function destroy {
  case "$CONTAINER_RUNTIME" in
    "rkt") rkt_destroy;;
    "docker") docker_destroy;;
    *) docker_destroy;;
  esac
}

function rkt_check {
  # SELinux, if present, it cannot be in Enforcing mode
  if [ $(getenforce) == 'Enforcing' ]; then
    echo "SELinux must be in permissive mode: 'setenforce Permissive'"
    exit 1
  fi

  if [ ! -d $ASSETS_DIR/coreos/$COREOS_VERSION ]; then
    echo "Most examples use CoreOS $COREOS_CHANNEL $COREOS_VERSION. You may wish to download it with './scripts/get-coreos $COREOS_CHANNEL $COREOS_VERSION'."
  fi
}

function rkt_create {
  rkt_check

  if [ -z "$EXAMPLE" ]; then
    echo "Starting matchbox"
  else
    echo "Starting matchbox configured to boot $EXAMPLE"
  fi

  if [ -z "$EXAMPLE" ]; then
    # Mount a data volume with assets and enable gRPC
    MATCHBOX_ARGS="-rpc-address=0.0.0.0:8081"
    DATA_MOUNT="--volume data,kind=host,source=$(mktemp -d) \
    --mount volume=assets,target=/var/lib/matchbox/assets \
    --volume assets,kind=host,source=$ASSETS_DIR,readOnly=true"
  else
    # Mount the given EXAMPLE
    DATA_MOUNT="--volume data,kind=host,source=$PWD/examples \
    --mount volume=groups,target=/var/lib/matchbox/groups \
    --volume groups,kind=host,source=$DIR/../examples/groups/$EXAMPLE \
    --mount volume=assets,target=/var/lib/matchbox/assets \
    --volume assets,kind=host,source=$ASSETS_DIR,readOnly=true"
  fi

  rkt rm --uuid-file=/var/run/matchbox-pod.uuid > /dev/null 2>&1
  systemd-run --unit=dev-matchbox \
    rkt run \
    --uuid-file-save=/var/run/matchbox-pod.uuid \
    --trust-keys-from-https \
    --net=metal0:IP=172.18.0.2 \
    --mount volume=config,target=/etc/matchbox \
    --volume config,kind=host,source=$CONFIG_DIR,readOnly=true \
    --mount volume=data,target=/var/lib/matchbox \
    $DATA_MOUNT \
    quay.io/coreos/matchbox:v0.6.1 -- -address=0.0.0.0:8080 -log-level=debug $MATCHBOX_ARGS

  echo "Starting dnsmasq to provide DHCP/TFTP/DNS services"
  rkt rm --uuid-file=/var/run/dnsmasq-pod.uuid > /dev/null 2>&1
  systemd-run --unit=dev-dnsmasq \
    rkt run \
    --uuid-file-save=/var/run/dnsmasq-pod.uuid \
    --trust-keys-from-https \
    --net=metal0:IP=172.18.0.3 \
    --dns=host \
    --mount volume=config,target=/etc/dnsmasq.conf \
    --volume config,kind=host,source=$DIR/../contrib/dnsmasq/metal0.conf \
    quay.io/coreos/dnsmasq:v0.4.1 \
    --caps-retain="CAP_NET_ADMIN,CAP_NET_BIND_SERVICE"

  status
}

function rkt_status {
  echo ""
  systemctl status dev-matchbox --lines=0 --no-pager
  systemctl status dev-dnsmasq --lines=0 --no-pager
  echo ""
  echo "Use 'systemctl status dev-matchbox' or 'systemctl status dev-dnsmasq' to check individual statuses."
  echo "Use 'journalctl -f -u dev-matchbox', etc. to tail the logs."
}

function rkt_destroy {
  rkt stop --uuid-file=/var/run/matchbox-pod.uuid
  rkt stop --uuid-file=/var/run/dnsmasq-pod.uuid
  systemctl reset-failed dev-matchbox > /dev/null 2>&1
  systemctl reset-failed dev-dnsmasq > /dev/null 2>&1
}

function docker_create {
  if [ -z "$EXAMPLE" ]; then
    echo "Starting matchbox"
  else
    echo "Starting matchbox configured to boot $EXAMPLE"
  fi

  if [ -z "$EXAMPLE" ]; then
    # Mount a data volume with assets and enable gRPC
    MATCHBOX_ARGS="-rpc-address=0.0.0.0:8081"
    DATA_MOUNT=""
  else
    # Mount the given EXAMPLE
    DATA_MOUNT="-v $PWD/examples:/var/lib/matchbox -v $DIR/../examples/groups/$EXAMPLE:/var/lib/matchbox/groups"
  fi
  
  docker run --name matchbox \
    -d \
    -p 8080:8080 \
    -p 8081:8081 \
    -v $CONFIG_DIR:/etc/matchbox:Z \
    -v $ASSETS_DIR:/var/lib/matchbox/assets:Z \
    $DATA_MOUNT \
    quay.io/coreos/matchbox:v0.6.1 -address=0.0.0.0:8080 -log-level=debug $MATCHBOX_ARGS

  echo "Starting dnsmasq to provide DHCP/TFTP/DNS services"
  docker run --name dnsmasq \
    -d \
    --cap-add=NET_ADMIN \
    -v $PWD/contrib/dnsmasq/docker0.conf:/etc/dnsmasq.conf:Z \
    quay.io/coreos/dnsmasq:v0.4.1 -d
}

function docker_status {
  docker logs matchbox
  docker logs dnsmasq
}

function docker_destroy {
  docker stop matchbox
  docker stop dnsmasq
  docker rm matchbox
  docker rm dnsmasq
}

main $@