#!/bin/bash

# check if system is registered
subscription-manager identity > /dev/null
if [ $? -ne 0 ]; then
    echo "Please register with subscription-manager first, then re-run '$0'."
    exit 1
fi

set -e

echo "Getting configuration from subscription-manager..."
KPPTEMPFILE=$(mktemp kpp_tempfile_XXXXXXXX)
trap "rm -f $KPPTEMPFILE" ERR EXIT
subscription-manager config --list > $KPPTEMPFILE
CONSUMER_CERT_DIR=$(grep 'consumercertdir' $KPPTEMPFILE | cut -d= -f2 | xargs | sed 's/[][]//g')
CERT_FILE=$CONSUMER_CERT_DIR/cert.pem
KEY_FILE=$CONSUMER_CERT_DIR/key.pem
CA_FILE=$(grep 'repo_ca_cert = ' $KPPTEMPFILE | cut -d= -f2 | xargs | cut -d ' ' -f1)
SERVER_NAME=$(grep 'hostname = ' $KPPTEMPFILE | cut -d= -f2 | xargs | cut -d ' ' -f1)

# fail if no server name, cert dir, or ca file
if [ -z "$SERVER_NAME" ] || [ -z "$CONSUMER_CERT_DIR" ] || [ -z "$CA_FILE" ]; then
    echo "Unable to determine config from 'subscription-manager config --list'; exiting"
    exit 1
fi

# fail if client is not registered to a Katello
if ! grep -q 'prefix = \/rhsm' $KPPTEMPFILE; then
    echo "Client is registered to RHSM; exiting"
    exit 1
fi

# set SYSCONFDIR to /etc if it is not set
if [ -z "$SYSCONFDIR" ]; then
    SYSCONFDIR=/etc
fi

# see if /etc/yggdrasil/config.toml exists
CONFIGTOML=$SYSCONFDIR/yggdrasil/config.toml
if [ -f $CONFIGTOML ]; then
    # make a backup of CONFIGTOML
    cp $CONFIGTOML $CONFIGTOML.bak
    cat <<EOF > $CONFIGTOML
# yggdrasil global configuration settings written by katello-pull-transport-migrate

broker = ["mqtts://$SERVER_NAME:1883"]
server = ["mqtts://$SERVER_NAME:1883"]
cert-file = "$CERT_FILE"
key-file = "$KEY_FILE"
ca-root = ["$CA_FILE"]
log-level = "error"
data-host = ""
path-prefix = "yggdrasil"
EOF

else
    echo "$SYSCONFDIR/yggdrasil/config.toml not found! Did 'yum install yggdrasil' succeed?"
    exit 1
fi

YGGDRASIL_SERVICE=yggdrasil.service
systemctl cat $YGGDRASIL_SERVICE >/dev/null 2>/dev/null || YGGDRASIL_SERVICE=yggdrasild.service

# start the yggdrasild service
echo "Starting $YGGDRASIL_SERVICE..."
systemctl try-restart $YGGDRASIL_SERVICE
systemctl enable --now $YGGDRASIL_SERVICE

# check status of $YGGDRASIL_SERVICE and fail if it is not running
# possible failure reason: incorrect protocol (should be tcp:// or mqtt://) or port (should be 1883)
# also, cert-file and key-file must be valid
# and broker must be running on the server
# yggdrasil-0.2.z provides a dedicated status subcommand, newer yggdrasil doesn't have anything like that
if which yggdrasil >/dev/null 2>/dev/null; then
    yggdrasil status
fi

if ! systemctl is-active --quiet $YGGDRASIL_SERVICE; then
    echo ""
    echo "$YGGDRASIL_SERVICE failed to start! Check configuration in $CONFIGTOML and make sure the broker is running on the server."
    exit $?
fi

echo "Complete!"
