#!/bin/bash
# ============LICENSE_START=======================================================
#  Copyright (C) 2022 The Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
set -o nounset
set -o errexit
set -o pipefail
#set -o xtrace
DPKG_LOCK="/var/lib/dpkg/lock-frontend"

# 3PP versions
DOCKER_VERSION="5:20.10.11~3-0~ubuntu-focal"

# Wait for other apt process to finish by checking the dpkg lock file.
try=0
while sudo lsof ${DPKG_LOCK} >/dev/null 2>&1; do
  echo "DPKG file locked: ${DPKG_LOCK}."
  echo "   Waiting for another pkg instalaltion process to finish ..."
  sleep 10
  if [[ ${try} -gt 60 ]]; then
    echo "ERROR: Max number of re-tries reached, exiting..."
    exit 1
  fi
  try=$((try + 1))
done

# list of basic packages to install
PKG_LIST=(
    apt-utils
    apt-transport-https
    ca-certificates
    gnupg-agent
    software-properties-common
    git
    vim
    curl
    wget
    zip
    unzip
    chrony
    curl
    jq
    docker-ce=${DOCKER_VERSION}
    docker-ce-cli=${DOCKER_VERSION}
    containerd.io
    openjdk-11-jre
    openjdk-11-jdk
)
# we need apt to proceed without any prompt asking for user input
export DEBIAN_FRONTEND=noninteractive

echo "Info  : Install packages"
# update packages to their latest
sudo -H -E apt update
sudo -H -E apt upgrade -y

# install packages
sudo apt remove -y docker docker.io containerd runc
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository \
  "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"
sudo apt-get update
sudo -H -E apt -y -q=3 --no-install-recommends install "${PKG_LIST[@]}"

# If you have a issue with Let's Encrypt certificate when cloning repo due to DST Root CA X3 Expiration:
# https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
# remove outdated certificate from system
sudo rm -rf /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
# update ca-certificates
sudo update-ca-certificates --fresh --verbose

# Enable and start docker
docker --version
sudo systemctl enable docker
sudo systemctl start docker

# remove unnecessary packages
sudo -H -E apt autoremove -y

echo "Info  : Install additional Java version"
# INSTALL additional Java 8 while keep pointing alternatives to JDK11
sudo cp -R /etc/alternatives /etc/keep-alternatives
sudo apt-get update
sudo -H -E apt -y -q=3 install \
    openjdk-8-jdk \
    openjdk-8-jre
sudo rm -rf /etc/alternatives
sudo mv /etc/keep-alternatives /etc/alternatives
java -version

echo "Info  : Enable time sync"
# ensure time sync is setup
sudo systemctl enable chrony --now
sudo chronyc -a 'burst 4/4' && sudo chronyc -a makestep

echo "Info  : Create and configure geode user"
# create and configure geode user
sudo adduser --disabled-password --gecos "" --uid 93043 geode
sudo usermod -G docker -a geode

echo "Info  : Create and configure infra user"
# create and configure infra user
sudo useradd -G sudo,docker -d /home/infra -m -c "infra user" -s /bin/bash infra
sudo mkdir -p /home/infra/nordix/slave_root
sudo chown -R infra:infra /home/infra/nordix/slave_root
sudo chmod -R 755 /home/infra/nordix/slave_root

# Modify sudoers - disable env_reset, !requiretty and passwordless sudo
sudo sed -i "s/^Defaults.*env_reset/#&\nDefaults:infra  \!requiretty/" /etc/sudoers
sudo sed -i "s/^%sudo.*ALL/%sudo   ALL=(ALL:ALL)   NOPASSWD: ALL/" /etc/sudoers

# Disable ssh password login, enable ssh with keys for infra user
sudo bash -c "echo PasswordAuthentication no >> /etc/ssh/sshd_config"
sudo bash -c "echo PubkeyAuthentication yes >> /etc/ssh/sshd_config"
sudo bash -c "echo AllowUsers infra >> /etc/ssh/sshd_config"
sudo systemctl restart sshd

echo "Info  : Create cloud-init script"
# get cloud-init script in place so we can place the keys into ~infra/.ssh
sudo bash -c 'cat << EOF > /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh
#!/bin/bash
sudo mkdir -p /home/infra/.ssh
# append ssh key injected by openstack to authorized_keys
sudo cat /home/ubuntu/.ssh/authorized_keys >> /home/infra/.ssh/authorized_keys
# append user ssh public keys uploaded by packer to authorized_keys
sudo cat /home/ubuntu/authorized_keys.packer >> /home/infra/.ssh/authorized_keys
# remove /home/ubuntu/authorized_keys.packer
sudo rm -f /home/infra/authorized_keys.packer
sudo chown -R infra:infra /home/infra/.ssh
sudo chmod -R go-rwx /home/infra/.ssh
sudo userdel -f -r ubuntu
EOF'

sudo chmod +x /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh