#!/bin/bash
#
# Deploy a node using automated recipes. See discussion at
#
# - http://current.workingdirectory.net/posts/2011/puppet-without-masters/
# - http://andrewbunday.co.uk/2012/12/04/masterless-puppet-wrapper/
# - http://semicomplete.com/presentations/puppet-at-loggly/puppet-at-loggly.pdf.html
# - https://github.com/jordansissel/puppet-examples/tree/master/masterless
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License along with this program.  If not, see
# <http://www.gnu.org/licenses/>.

# Load
source $APP_BASE/lib/hydra/functions || exit 1
hydra_config_load

# Command line arguments
NODES="$*"

# Build node list
if [ -z "$NODES" ]; then
  NODES="`hydra $HYDRA nodes`"
fi

# Deploy requirements
hydra_install_package ansible rsync

# Banner
#echo '.__              .___                   .___            .__                ._.'
#echo '|  |__ ___.__. __| _/___________      __| _/____ ______ |  |   ____ ___.__.| |'
#echo '|  |  <   |  |/ __ |\_  __ \__  \    / __ |/ __ \\____ \|  |  /  _ <   |  || |'
#echo '|   Y  \___  / /_/ | |  | \// __ \_ / /_/ \  ___/|  |_> >  |_(  <_> )___  | \|'
#echo '|___|  / ____\____ | |__|  (____  / \____ |\___  >   __/|____/\____// ____| __'
#echo '     \/\/         \/            \/       \/    \/|__|               \/      \/'
#echo ''

# Deploy
for node in $NODES; do
  if [ -d "$node" ]; then
    echo "Deploying to $node folder..."

    # Setup deploy environment
    FOLDER=$node
    hydra_deploy_setup folder $FOLDER || continue

    if ! sudo -n true; then
      echo "Please set passwordless sudo on localhost."
      continue
    fi

    # Check if puppet is installed
    if [ ! -e "$FOLDER/usr/bin/puppet" ]; then
      echo "Installing dependencies..."
      $DEPLOY_COMMAND apt-get update
      $DEPLOY_COMMAND DEBIAN_FRONTEND=noninteractive apt-get install $DEPLOY_DEPENDENCIES -y
    fi

    # Create folders
    hydra_deploy_mkdirs

    # Ensure we have a compatible hydra suite
    #hydra $HYDRA install $node
    DESTDIR="$FOLDER" hydractl install

    # Sync repository to server
    echo "Syncing configuration..."
    $DEPLOY_RSYNC "$RSYNC_PATH" $DEPLOY_OPTS

    # Copy keys
    hydra_deploy_copy_keys folder

    # Copy config configuration
    hydra_deploy_copy_secrets folder

    # Run puppet, overriding FQDN
    echo "Applying configuration..."
    LC_ALL=C HOSTNAME=$FQDN FACTER_domain=$DOMAIN FACTER_hostname=$FQDN FACTER_fqdn=$HOSTNAME.$DOMAIN $DEPLOY_APPLY 2>&1 | \
      tee $HYDRA_FOLDER/puppet/logs/$FQDN.`date +%Y%m%d%H%M`.log

    # Check if keys should be imported
    if ! $SUDO test -f $FOLDER/root/.ssh/id_rsa     || \
       ! $SUDO test -f $FOLDER/root/.borg/hydra/key || \
       ! $SUDO gpg --homedir=$FOLDER/root --list-secret-keys root@$FQDN &> /dev/null; then
      echo "No $FOLDER/root/.ssh/id_rsa found. Please import it and other keys when the system is online using import-keys action"
    fi
  elif [ "$node" == "localhost" ] || [ "$node" == "`facter fqdn`" ] || [ "$node" == "`facter hostname`" ]; then
    echo "Deploying to localhost..."

    if ! sudo -n true; then
      echo "Please set passwordless sudo on localhost."
      continue
    fi

    # Setup deploy environment
    hydra_deploy_setup || continue

    # Ensure key availability
    hydra $HYDRA eyaml $FQDN

    # Check if puppet is installed
    if [ ! -e "/usr/bin/puppet" ]; then
      $SUDO apt-get update
      $SUDO apt-get install $DEPLOY_DEPENDENCIES -y
    fi

    # Ensure we have a compatible hydra suite
    #hydra $HYDRA install $node
    hydractl install

    # Collect facts
    hydra_deploy_facts_collect local

    # Run puppet
    echo "Applying configuration..."
    $DEPLOY_APPLY 2>&1 | \
      tee $HYDRA_FOLDER/puppet/logs/$FQDN.`date +%Y%m%d%H%M`.log

    # Fix ssl folder ownership
    $SUDO chown -R `whoami`. $HYDRA_FOLDER/puppet/ssl

    # Import keys if needed
    if ! $SUDO test -f /root/.ssh/id_rsa     || \
       ! $SUDO test -f /root/.borg/hydra/key || \
       ! $SUDO gpg --list-secret-keys root@$FQDN &> /dev/null; then
      hydra $HYDRA import-keys localhost
    fi
  else
    echo "Deploying to $node..."

    # Setup deploy environment
    hydra_deploy_setup remote $node || continue

    # Check for passwordless connections
    # http://stackoverflow.com/questions/3830508/check-if-passwordless-access-has-been-setup#3830680
    if ! $HYDRA_CONNECT -o NumberOfPasswordPrompts=0 $FQDN true; then
      echo "Unable to connect to $FQDN via SSH without a password."
      echo "Check network connection to machine or set a passwordless login for your user at $FQDN using public key auth."
      continue
    fi

    # Ensure we have a compatible hydra suite
    hydra $HYDRA install $node

    # Check remote environment
    $HYDRA_CONNECT $FQDN <<EOF
    ##### BEGIN REMOTE SCRIPT #####
    # Check for passwordless sudo
    # See references like https://raymii.org/s/articles/Check_if_passwordless_sudo_can_be_used_in_a_bash_script_or_nagios_check.html
    if ! sudo -n true; then
      echo "Please set passwordless sudo on $FQDN."
      echo "You can do that by adding the following line on /etc/sudoers.d/local:"
      echo ""
      echo "%sudo ALL=NOPASSWD: ALL"
      echo ""
      echo "And make sure your user is included in the 'sudo' group."
      exit 1
    fi

    if [ "\$(hostname)" != "$FQDN" ]; then
      echo "FQDN does not match:"
      echo "Remote presents itself as \$(hostname) instead of $FQDN"
      exit 1
    fi

    if ! which puppet &> /dev/null; then
      echo "Installing dependencies..."
      sudo apt-get update
      sudo apt-get install $DEPLOY_DEPENDENCIES -y
    fi
    ##### END REMOTE SCRIPT #######
EOF

    # Check connection
    if [ "$?" != "0" ]; then
      echo "Error connecting or setting up $FQDN."
      continue
    fi

    # Create folders
    hydra_deploy_mkdirs

    # Collect facts
    hydra_deploy_facts_collect remote || continue

    # Sync repository to server
    echo "Syncing configuration..."
    $DEPLOY_RSYNC "$RSYNC_PATH" $DEPLOY_OPTS

    # Check connection
    if [ "$?" != "0" ]; then
      echo "Error syncing to $FQDN."
      continue
    fi

    # Copy keys
    hydra_deploy_copy_keys remote || continue

    # Copy configuration
    hydra_deploy_copy_secrets remote || continue

    # Run puppet
    echo "Applying configuration..."
    $DEPLOY_APPLY 2>&1 | \
      tee $HYDRA_FOLDER/puppet/logs/$FQDN.`date +%Y%m%d%H%M`.log

    # Import keys if needed
    if ! $HYDRA_CONNECT $FQDN sudo test -f /root/.ssh/id_rsa     || \
       ! $HYDRA_CONNECT $FQDN sudo test -f /root/.borg/hydra/key || \
       ! $HYDRA_CONNECT $FQDN sudo gpg --list-secret-keys root@$FQDN &> /dev/null; then
      hydra $HYDRA import-keys localhost
    fi
  fi
done