#!/bin/bash
set -u
# For openssl cert generation
USE_HTTPS=$(config-get use-https)
COUNTRY=$(config-get country)
STATE=$(config-get state)
LOCALE=$(config-get locale)
COMMON_NAME=$(config-get common-name)
PPA=$(config-get swift-release)
BINDPORT=$(config-get bind-port)
WORKERS=$(config-get workers)
AUTHTYPE=$(config-get auth-type)
KEYSTONE_AUTH_HOST=$(config-get keystone-auth-host)
KEYSTONE_AUTH_PORT=$(config-get keystone-auth-port)
KEYSTONE_AUTH_PROTOCOL=$(config-get keystone-auth-protocol)
KEYSTONE_ADMIN_TENANT_NAME=$(config-get keystone-admin-tenant-name)
KEYSTONE_ADMIN_USER=$(config-get keystone-admin-user)
KEYSTONE_ADMIN_PASSWORD=$(config-get keystone-admin-password)

# Used in proxy-server.conf.  Run one worker per cpu core by default.
CORES=$(cat /proc/cpuinfo | grep processor | wc -l)
[ "$WORKERS" = "0" ] && WORKERS="$CORES"

# TODO: Need to use different addresses for internal swift traffic
# as this the only security measure in place is network isolation
PROXY_LOCAL_NET_IP=`dig +short $(unit-get private-address)`

# Use apache2 to distribute ring config until there is support
# for file xfer in juju
PACKAGES="swift swift-proxy memcached apache2"
if [ "$AUTHTYPE" = "keystone" ]; then
  PACKAGES="$PACKAGES python-keystone"
fi
WWW_DIR="/var/www/swift-rings"
SWIFT_HASH_FILE="/var/lib/juju/swift-hash-path.conf"

# Ring configuration
PARTITION_POWER=$(config-get partition-power)
REPLICAS=$(config-get replicas)
MIN_HOURS=$(config-get min-hours)

# generate the swift hash to be used for salting URLs of objects.
# TODO: its important this is never lost, find out some way of getting
# it off the server and into a sys admins INBOX?
if [[ ! -e $SWIFT_HASH_FILE ]] ; then
  juju-log "swift-proxy: Generating a new SWIFT_HASH in $SWIFT_HASH_FILE"
  echo $(od -t x8 -N 8 -A n </dev/random) >$SWIFT_HASH_FILE
fi

function set_swift_hash {
  # TODO: Do this with augeas and put in a utility function for use elsewhere
  cat >/etc/swift/swift.conf <<EOF
[swift-hash]
# random unique string that can never change (DO NOT LOSE)
swift_hash_path_suffix = `cat $SWIFT_HASH_FILE` 
EOF
}

function create_proxy_conf {
SWIFT_DEB_VERSION="$(dpkg-query -W -f='${Version}' 'swift-proxy')"
cat >/etc/swift/proxy-server.conf <<EOF
[DEFAULT]
EOF
if [ "$USE_HTTPS" = "1" ]; then
  cat >>/etc/swift/proxy-server.conf <<EOF
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
EOF
fi
cat >>/etc/swift/proxy-server.conf <<EOF
bind_port = $BINDPORT
workers = $WORKERS
user = swift

EOF
if [ "$AUTHTYPE" = "keystone" ]; then
  if [ "${SWIFT_DEB_VERSION:0:3}" = "1.7" ]; then
    SIGNING_DIR_LINE="signing_dir = /etc/swift"
    SWIFT3_LINE="use = egg:swift3#swift3"
  else
    SIGNING_DIR_LINE=""
    SWIFT3_LINE="use = egg:swift#swift3"
  fi
  cat >>/etc/swift/proxy-server.conf <<EOF
[pipeline:main]
pipeline = healthcheck cache swift3 s3token authtoken keystone proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true

[filter:keystone]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = admin, swiftaccess

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
# Delaying the auth decision is required to support token-less
# usage for anonymous referrers ('.r:*') or for tempurl/formpost
# middleware.
delay_auth_decision = 1
auth_port = $KEYSTONE_AUTH_PORT
auth_host = $KEYSTONE_AUTH_HOST
auth_protocol = $KEYSTONE_AUTH_PROTOCOL
admin_tenant_name = $KEYSTONE_ADMIN_TENANT_NAME
admin_user = $KEYSTONE_ADMIN_USER
admin_password = $KEYSTONE_ADMIN_PASSWORD
$SIGNING_DIR_LINE

[filter:swift3]
$SWIFT3_LINE

[filter:s3token]
paste.filter_factory = keystone.middleware.s3_token:filter_factory
auth_port = $KEYSTONE_AUTH_PORT
auth_host = $KEYSTONE_AUTH_HOST
auth_protocol = $KEYSTONE_AUTH_PROTOCOL

EOF
else
  cat >>/etc/swift/proxy-server.conf <<EOF
[pipeline:main]
pipeline = healthcheck cache tempauth proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true

[filter:tempauth]
use = egg:swift#tempauth
user_system_root = testpass .admin https://$PROXY_LOCAL_NET_IP:8080/v1/AUTH_system

EOF
fi
cat >>/etc/swift/proxy-server.conf <<EOF
[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]
use = egg:swift#memcache
memcache_servers = $PROXY_LOCAL_NET_IP:11211

EOF
}

function initialize_ring {
  # $1 is ring name. 
  # $PARTITION_POWER, $REPLICAS, $MIN_HOURS from config above
  swift-ring-builder /etc/swift/$1.builder \
    create $PARTITION_POWER $REPLICAS $MIN_HOURS
}

function get_zone {
  # a hack to assign units to zones until config is taken care of
  # in juju
  zone_file="/var/run/juju/swift-zone"
  checked_in="/var/run/juju/checked-in"
  if [[ -e $checked_in ]] ; then
    # changed relation seems to run twice? dont get new zone if 
    # we just got one
    cat $checked_in | grep $JUJU_REMOTE_UNIT >/dev/null
    if [[ $? == 0 ]] ; then
      ZONE=$(cat $checked_in | grep $JUJU_REMOTE_UNIT | cut -d, -f2)
      return 0
    fi
  fi
  if [[ ! -e $zone_file ]] ; then
    echo 1 > $zone_file
  fi
  ZONE=$(cat $zone_file)
  echo "$JUJU_REMOTE_UNIT,$ZONE" >>$checked_in
  if [[ $ZONE == $REPLICAS ]] ; then
    echo 1 >$zone_file
    return 0
  fi
  echo $[$ZONE+1] >$zone_file
}

function add_to_ring {
  juju-log "swift-proxy: Updating $1 ring. Adding $IP:$PORT, zone $ZONE, device $DEVICE"
  swift-ring-builder /etc/swift/$1.builder add \
    z$ZONE-$IP:$PORT/$DEVICE 100
  rc=$?
  if [[ "$rc" == "0" ]] ; then
    juju-log "Added to ring: $IP:$PORT, zone $ZONE, device $DEVICE"
    return 0
  fi
  juju-log "swift-proxy: Failed to add to ring."
  return 1
}

function exists_in_ring {
  swift-ring-builder /etc/swift/$i.builder \
    search z$ZONE-$IP:$PORT/$DEVICE
}

function rebalance_ring {
  juju-log "Rebalancing ring $1"
  swift-ring-builder /etc/swift/$i.builder rebalance
  return $?
}

function add_ppa {
  # Don't configure PPA, install from archive.
  [[ $PPA == "distro" ]] && return 0
  if [ "${PPA:0:4}" = "deb " ]; then
    PPA_URL="$PPA"
  else
    . /etc/lsb-release
    [[ $PPA == "milestone" ]] && PPA="release"
    PPA_URL="deb http://ppa.launchpad.net/swift-core/$PPA/ubuntu $DISTRIB_CODENAME main"
  fi
  add-apt-repository "$PPA_URL" || exit 1
}