#!/bin/bash
#############################################################################
# Title           : repos
# Description     : This script initialises a standard repos VM in OSS
# Author          : OCF Limited
# Date            : 20250424
# Version         : 2504.0
# Usage           : repos
# Notes           : requires internet access to OCF Steel Stack websites
#############################################################################

phase1() {
  # Set SELINUX to permissive mode
  echo "OCF Steel Stack: Set SELINUX to permissive mode"
  setenforce permissive
  sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/config

  # Set the repos source as mirror.steelstack.io
  tee /etc/yum.repos.d/caster.repo <<EOF
[baseos]
name=baseos
baseurl=http://mirror.steelstack.io/x86_64/rocky/9/baseos
enabled=1
gpgcheck=0

[appstream]
name=appstream
baseurl=http://mirror.steelstack.io/x86_64/rocky/9/appstream
enabled=1
gpgcheck=0

EOF

  mkdir /etc/yum.repos.d/net_repos/
  mv -f /etc/yum.repos.d/!(caster.repo|net_repos) /etc/yum.repos.d/net_repos/
  yum update -y
  mv -f /etc/yum.repos.d/!(caster.repo|net_repos) /etc/yum.repos.d/net_repos/

  echo "OCF Steel Stack: reboot and run the script again to execute phase 2"

  #
  # Setup the firewall
  # ens18: cluster, ens19: campus
  #
  echo "OCF Steel Stack: configure firewall rules"
  firewall-cmd --permanent --zone=trusted --add-service=http
  firewall-cmd --permanent --change-interface=ens18 --zone=trusted
  firewall-cmd --permanent --change-interface=ens19 --zone=public
  firewall-cmd --zone=public --remove-service=cockpit
  firewall-cmd --zone=public --remove-service=dhcpv6-client
  firewall-cmd --zone=public --remove-service=ssh
  firewall-cmd --zone=trusted --add-service=ssh
  firewall-cmd --reload

  #
  # Setup the data disk for /repos
  # This assumes /dev/vdb as the target
  #
  echo "OCF Steel Stack: setting up the data disk"
  pvcreate /dev/vdb
  vgcreate data /dev/vdb
  lvcreate -l 100%FREE data -n repos
  mkfs.xfs /dev/mapper/data-repos
  mkdir /repos
  _OSS_UUID=$(blkid | grep repos | awk '{ print $2 }')
  echo "UUID=${_OSS_UUID} /repos xfs defaults 0 0" >> /etc/fstab
  systemctl daemon-reload
  mount -a
  df -h /repos
  chown ocflocal:ocflocal /repos

  #
  # Install the required packages
  #
  echo "OCF Steel Stack: installing the required packages"
  dnf install git yum-utils createrepo tmux httpd -y

  #
  # Set OSS setup variables for repos
  #
  OSS_MODULE="repos"
  OSS_HOME="/repos"
  OSS_TMP="/tmp/oss"
  OSS_DL="https://gitlab.ocf.co.uk"
  OSS_PROJECT_ID="573"

  mkdir -p $OSS_TMP/$OSS_MODULE
  chown ocflocal:osscontrol $OSS_TMP/$OSS_MODULE
  curl -s -o $OSS_TMP/$OSS_MODULE/checksums https://verify.steelstack.io/$OSS_MODULE/checksums
  LATESTHASH=$(head -1 $OSS_TMP/$OSS_MODULE/checksums | awk '{ print $2 }')
  LATESTVERSION=$(grep $LATESTHASH $OSS_TMP/$OSS_MODULE/checksums | awk '{ print $1 }')

  curl --header "PRIVATE-TOKEN: $OSS_USER_TOKEN" \
     --url "$OSS_DL/api/v4/projects/$OSS_PROJECT_ID/repository/archive.tar.gz?sha=$LATESTVERSION" \
     --output $OSS_TMP/$OSS_MODULE/$LATESTVERSION.tar.gz

  tar --strip-components=1 -xzf $OSS_TMP/$OSS_MODULE/$LATESTVERSION.tar.gz -C /$OSS_MODULE/


  read -p "Please enter the cluster domain: " _OSS_DOMAIN

  tee /etc/httpd/conf.d/yum-repos.conf >/dev/null <<EOF
<VirtualHost *:80>
  ServerName yum.$_OSS_DOMAIN
  ServerAlias yum
  DocumentRoot /repos/www

  <Directory /repos/www>
    AllowOverride None
    Require all granted
    Options +Indexes +FollowSymLinks
    Header always append X-Frame-Options SAMEORIGIN
    Header always append X-XSS-Protection "1; mode=block"
    Header always append X-Content-Type-Options nosniff
    Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
    Header always append X-Permitted-Cross-Domain-Policies none
  </Directory>

</VirtualHost>
EOF

  rm -f /etc/httpd/conf.d/welcome.conf
  systemctl enable httpd
  systemctl restart httpd
}

oss_banner() {
  echo "$(printf '\u001b[38;5;33m')-------------------------------------------------------------------$(printf '\033[0m')"
  echo "$(printf '\u001b[38;5;38m')        ____    ____  _______    |    ____  _            _         $(printf '\033[0m')"
  echo "$(printf '\u001b[38;5;38m')      /      \ /     |       |   |   / ___|| |_ ___  ___| |        $(printf '\033[0m')"
  echo "$(printf '\u001b[38;5;39m')     |   __   |   ___|   ____|   |   \___ \| __/ _ \/ _ \ |        $(printf '\033[0m')"
  echo "$(printf '\u001b[38;5;39m')     |  |  |  |  |   |  |        |    ___) | ||  __/  __/ |        $(printf '\033[0m')"
  echo "$(printf '\u001b[38;5;33m')     |  |  |  |  |   |  |___     |   |____/ \__\___|\___|_|        $(printf '\033[0m')"
  echo "$(printf '\u001b[38;5;33m')     |  |  |  |  |___|   ___|    |    ____  _             _        $(printf '\033[0m')"
  echo "$(printf '\u001b[38;5;33m')     |  |__|  |      |  |        |   / ___|| |_ __ _  ___| | __    $(printf '\033[0m')"
  echo "$(printf '\u001b[38;5;33m')      \______/ \_____|__|        |   \___ \| __/ _  |/ __| |/ /    $(printf '\033[0m')"
  echo "$(printf '\u001b[38;5;39m')    (========================)   |    ___) | || (_| | (__|   <     $(printf '\033[0m')"
  echo "$(printf '\u001b[38;5;39m')      Brilliance. Together.      |   |____/ \__\__,_|\___|_|\_\    $(printf '\033[0m')"
  echo "$(printf '\u001b[38;5;38m')---------------------------------|---------------------------------$(printf '\033[0m')"
  echo "$(printf '\u001b[38;5;38m')     HPC, Storage, Cloud & AI    |         Version: 2504.0        $(printf '\033[0m')"
  echo "$(printf '\u001b[38;5;33m')-------------------------------------------------------------------$(printf '\033[0m')"
  echo "$(printf '\u001b[38;5;34m';printf '\u001b[1m')OCF Steel Stack xCAT initialisation $(printf '\033[0m')"
}

oss_banner

read -sp "Please enter your OCF Gitlab access token: " OSS_USER_TOKEN

phase1

if [ $(grep 'ID=' /etc/os-release | head -1 | awk -F '\"' '{ print $2 }') == "rhel" ]
then
  _OS_DIST="redhat"
else
  _OS_DIST=$(grep 'ID=' /etc/os-release | head -1 | awk -F '\"' '{ print $2 }')
fi

_DIST_VERSION=$(cat /etc/os-release | grep "VERSION_ID" | awk -F '["]' '{ print $2 }' | cut -c 1)

echo "OCF Steel Stack: initialisation complete. Synchronise the repos using:"
echo "========================================"
echo "  tmux new -s reposync"
echo "  cd /repos"
echo "  sudo ./ocf-reposync -d $_OS_DIST -r $_DIST_VERSION"
echo "  sudo ./ocf-reposync -d el -r $_DIST_VERSION"
echo "========================================"
echo "OCF Steel Stack: remember to reboot the node for Kernel updates to be loaded."