#!/bin/bash

# Dependencies:
#
# - functions

# stack.sh
# ---------
# - check_crio
# - install_crio
# - configure_crio
# - stop_crio

# Save trace setting
_XTRACE_DOCKER=$(set +o | grep xtrace)
set +o xtrace


# Defaults
# --------

CRIO_ENGINE_SOCKET_FILE=${CRIO_ENGINE_SOCKET_FILE:-/var/run/crio/crio.sock}
CRIO_ALLOW_ICMP=$(trueorfalse True CRIO_ALLOW_ICMP)

# Functions
# ---------

function check_crio {
    if is_ubuntu; then
        dpkg -l | grep cri-o > /dev/null 2>&1
    else
        false
        # TODO: CentOS/Fedora support.
    fi
}

function install_crio {
    if [[ -z "$os_PACKAGE" ]]; then
        GetOSVersion
    fi

    local lsb_dist=${os_VENDOR,,}
    if is_ubuntu; then
        local stream="https://pkgs.k8s.io/addons:/cri-o:/stable:/v${CRIO_VERSION%.*}"
        local key_path="/etc/apt/keyrings/cri-o-apt-keyring.gpg"

        apt_get install apt-transport-https ca-certificates \
            software-properties-common curl
        curl -fsSL "${stream}/deb/Release.key" | sudo gpg --dearmor -o "${key_path}"
        echo "deb [signed-by=${key_path}] ${stream}/deb/ /" | \
            sudo tee /etc/apt/sources.list.d/cri-o.list

        # Installing podman and containerd will get us compatible versions of
        # cri-o. And we need podman to manage container images anyway.
        REPOS_UPDATED=False apt_get_update
        crio_pkg_version=$(sudo apt-cache show cri-o | grep "Version: $CRIO_VERSION-" | awk '{ print $2 }' | head -n 1)
        apt_get install podman buildah cri-o="${crio_pkg_version}"
        sudo systemctl enable crio
    elif is_fedora; then
        if [[ "$lsb_dist" = "centos" ]]; then
            sudo yum-config-manager \
                --add-repo \
                https://cbs.centos.org/repos/virt7-container-common-candidate/x86_64/os/
            sudo yum-config-manager \
                --add-repo \
                https://cbs.centos.org/repos/paas7-crio-311-candidate/x86_64/os/
        fi
        if [[ "${os_VENDOR}" == *'Stream' ]]; then
                    local stream="_Stream"
        fi
        # NOTE: All crio versions are not supported for Centos 8 stream
        # because crio rpm is not present for some minor versions
        sudo yum-config-manager \
            --add-repo \
            "https://download.opensuse.org/repositories/"`
            `"devel:/kubic:/libcontainers:/stable:/cri-o:/${CRIO_VERSION}/"`
            `"CentOS_${os_RELEASE}${stream}/"`
            `"devel:kubic:libcontainers:stable:cri-o:${CRIO_VERSION}.repo"

        yum_install cri-o podman buildah
    fi
}

function configure_crio {
    # After an ./unstack it will be stopped. So it is ok if it returns exit-code == 1
    sudo systemctl stop crio.service || true

    export CRIO_CONF="/etc/crio/crio.conf"

    # We're wrapping values in \"<val>\" because that's the format cri-o wants.
    iniset -sudo ${CRIO_CONF} crio.api listen \"${CRIO_ENGINE_SOCKET_FILE}\"
    iniset -sudo ${CRIO_CONF} crio.image pause_image \"${CRIO_PAUSE_IMAGE}\"
    iniset -sudo ${CRIO_CONF} crio.image pause_command \"${CRIO_PAUSE_COMMAND}\"
    if [[ "$ENABLE_DEBUG_LOG_LEVEL" == "True" ]]; then
        # debug is way too verbose, info will be enough
        iniset -sudo ${CRIO_CONF} crio.runtime log_level \"info\"
    fi
    if is_ubuntu; then
        local crio_minor=${CRIO_VERSION#*.}
        # At least for 18.04 we need to set up /etc/containers/registries.conf
        # with some initial content. That's another bug with that PPA.
        local registries_conf
        registries_conf="/etc/containers/registries.conf"

        if [[ ! -f ${registries_conf} && $crio_minor -lt 24 ]]; then
            sudo mkdir -p `dirname ${registries_conf}`
            cat << EOF | sudo tee ${registries_conf}
[registries.search]
registries = ['docker.io']
EOF
        else
            # If there is a config file, that means, we are probably on the
            # newer version of crio/container/podman, which basically means
            # we cannot mix [registries.search] registries filled with
            # something and unqualified-search-registries setting which appear
            # on sysregistry v2 config syntax. And because it's a TOML now, we
            # cannot rely on iniset, but directly change the file.

            local rname='unqualified-search-registries'
            local rval='["docker.io", "quay.io"]'
            if [[ ! -f ${registries_conf} ]]; then
                cat << EOF | sudo tee ${registries_conf}
unqualified-search-registries = ["docker.io", "quay.io"]
EOF
            elif grep -wq "^${rname}" "${registries_conf}"; then
                sudo sed -i -e \
                    "s/^${rname}.*$/${rname} = ${rval}/" "${registries_conf}"
            else
                sudo sed -i "1s/^/${rname} = ${rval}\n/" "${registries_conf}"
            fi
        fi
        # CRI-O from kubic repo have placed runc in different place, not even
        # in path, just to not conflict with runc package from official repo.
        # We need to change it.
        iniset -sudo ${CRIO_CONF} crio.runtime.runtimes.runc runtime_path \
            \"/usr/lib/cri-o-runc/sbin/runc\"

        if [ -n "${CNI_CONF_DIR}" ]; then
            iniset -sudo ${CRIO_CONF} crio.network network_dir \
                \"${CNI_CONF_DIR}\"
        fi
        if [ -n "${CNI_PLUGIN_DIR}" ]; then
            iniset -sudo ${CRIO_CONF} crio.network plugin_dir \
                \"${CNI_PLUGIN_DIR}\"
        fi
        # By default CRI-O doesn't allow ICMP between containers, although it
        # is ususally expected for testing purposes.
        if [ "${CRIO_ALLOW_ICMP}" == "True" ]; then
            if grep -wq '^default_sysctls' ${CRIO_CONF}; then
                export CRIO_KEY="default_sysctls"
                export CRIO_VAL='[ "net.ipv4.ping_group_range=0 2147483647", ]'
                _update_config
            else
                iniset -sudo ${CRIO_CONF} crio.runtime default_sysctls \
                    '[ "net.ipv4.ping_group_range=0 2147483647", ]'
            fi
        fi
    elif is_fedora; then
        local lsb_dist=${os_VENDOR,,}

        if [[ "$lsb_dist" = "centos" ]]; then
            # CentOS packages are putting runc binary in different place...
            iniset -sudo ${CRIO_CONF} crio.runtime runtime \"/usr/sbin/runc\"

            # CentOS version seems to only work with cgroupfs...
            iniset -sudo ${CRIO_CONF} crio.runtime cgroup_manager \"cgroupfs\"
        fi
    fi

    sudo systemctl --no-block restart crio.service
}

function stop_crio {
    sudo systemctl stop crio.service || true
}

function _update_config {
sudo -E python3 - <<EOF
"""
Update provided by CRIO_KEY key list in crio configuration in a form of:

  some_key = [ some,
      value
  ]

or just an empty list:

  some_key = [
  ]

with the CRIO_VAL value.

Note, CRIO_VAL must include square brackets.

"""
import os
import re

crio_key = os.environ.get('CRIO_KEY')
crio_val = os.environ.get('CRIO_VAL')
crio_conf = os.environ.get('CRIO_CONF')

pat = re.compile(rf'{crio_key}\s*=\s*\[[^\]]*\]', flags=re.S | re.M)

with open(crio_conf) as fobj:
    conf = fobj.read()

with open(crio_conf, 'w') as fobj:
    search = pat.search(conf)
    if search:
        start, end = search.span()
        conf = conf[:start] + f'{crio_key} = {crio_val}' + conf[end:]
        fobj.write(conf)

EOF
}

# Restore xtrace
$_XTRACE_DOCKER