# Copyright 2015 2015 IBM
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

# == Class: nodepool::builder
#
class nodepool::builder(
  $statsd_host = undef,
  $nodepool_ssh_public_key = undef,
  # If true, export build logs from $build_log_document_root via apache
  $enable_build_log_via_http = false,
  $build_log_document_root = '/var/log/nodepool/builds',
  $vhost_name = $::fqdn,
  $builder_logging_conf_template = 'nodepool/nodepool-builder.logging.conf.erb',
  $environment = {},
  $build_workers = '1',
  $upload_workers = '4',
  $zuulv3 = false,
  $ssl_cert_file = '',
  $ssl_cert_file_contents = '',
  $ssl_chain_file = '',
  $ssl_chain_file_contents = '',
  $ssl_key_file = '',
  $ssl_key_file_contents = '',
) {

  # This requires custom packages which aren't build for arm64; if we
  # ever have a need we can re-evaluate this.
  if ($::architecture == 'aarch64') {
    $support_vhd = false
  } else {
    $support_vhd = true
  }

  class { '::diskimage_builder':
    support_vhd => $support_vhd,
  }

  if ! defined(File['/home/nodepool/.ssh']) {
    file { '/home/nodepool/.ssh':
      ensure  => directory,
      mode    => '0500',
      owner   => 'nodepool',
      group   => 'nodepool',
      require => User['nodepool'],
    }
  }

  if ($nodepool_ssh_public_key != undef) {
    file { '/home/nodepool/.ssh/id_rsa.pub':
      ensure  => present,
      content => $nodepool_ssh_public_key,
      mode    => '0644',
      owner   => 'nodepool',
      group   => 'nodepool',
      require => File['/home/nodepool/.ssh'],
    }
  }

  file { '/etc/init.d/nodepool-builder':
    ensure => present,
    mode   => '0555',
    owner  => 'root',
    group  => 'root',
    source => 'puppet:///modules/nodepool/nodepool-builder.init',
  }

  file { '/etc/default/nodepool-builder':
    ensure  => present,
    content => template('nodepool/nodepool-builder.default.erb'),
    mode    => '0444',
    owner   => 'root',
    group   => 'root',
  }

  file { '/etc/nodepool/builder-logging.conf':
    ensure  => present,
    mode    => '0444',
    owner   => 'root',
    group   => 'root',
    content => template($builder_logging_conf_template),
  }

  if ($::operatingsystem == 'Ubuntu') and ($::operatingsystemrelease >= '16.04') {
    # This is a hack to make sure that systemd is aware of the new service
    # before we attempt to start it.
    exec { 'nodepool-builder-systemd-daemon-reload':
      command     => '/bin/systemctl daemon-reload',
      before      => Service['nodepool-builder'],
      subscribe   => File['/etc/init.d/nodepool-builder'],
      refreshonly => true,
    }
  }

  service { 'nodepool-builder':
    name       => 'nodepool-builder',
    enable     => true,
    hasrestart => true,
    require    => [
      File['/etc/init.d/nodepool-builder'],
      File['/etc/default/nodepool-builder'],
      File['/etc/nodepool/builder-logging.conf'],
    ],
  }

  if $enable_build_log_via_http == true {
    include ::httpd

    if $ssl_cert_file != '' {
      $http_template = 'nodepool/nodepool-builder.vhost.erb'
    } else {
      $http_template = 'nodepool/nodepool-builder.ssl.vhost.erb'
    }

    ::httpd::vhost { $vhost_name:
      port     => 80,
      priority => '50',
      docroot  => 'MEANINGLESS_ARGUMENT',
      template => $http_template,
    }
    if ! defined(Httpd::Mod['rewrite']) {
      httpd::mod { 'rewrite': ensure => present }
    }
    if ! defined(Httpd::Mod['proxy']) {
      httpd::mod { 'proxy': ensure => present }
    }
    if ! defined(Httpd::Mod['proxy_http']) {
      httpd::mod { 'proxy_http': ensure => present }
    }

    file { '/etc/ssl/certs':
      ensure => directory,
      owner  => 'root',
      mode   => '0755',
    }

    file { '/etc/ssl/private':
      ensure => directory,
      owner  => 'root',
      mode   => '0700',
    }

    if $ssl_cert_file_contents != '' {
      file { $ssl_cert_file:
        owner   => 'root',
        group   => 'root',
        mode    => '0640',
        content => $ssl_cert_file_contents,
        before  => Httpd::Vhost[$vhost_name],
      }
    }

    if $ssl_key_file_contents != '' {
      file { $ssl_key_file:
        owner   => 'root',
        group   => 'ssl-cert',
        mode    => '0640',
        content => $ssl_key_file_contents,
        require => Package['ssl-cert'],
        before  => Httpd::Vhost[$vhost_name],
      }
    }

    if $ssl_chain_file_contents != '' {
      file { $ssl_chain_file:
        owner   => 'root',
        group   => 'root',
        mode    => '0640',
        content => $ssl_chain_file_contents,
        before  => Httpd::Vhost[$vhost_name],
      }
    }
  }

  file { $build_log_document_root:
    ensure  => directory,
    mode    => '0755',
    owner   => 'nodepool',
    group   => 'nodepool',
    require => [
        User['nodepool'],
        File['/var/log/nodepool'],
    ],
  }



}