project=upstream.*component=opennebula.*

# ==== Installation ====
# 4.6, 4.8, 4.10, 4.12, 4.14, 5.0
=

project=upstream.*component=opennebula-4.6
ONE_VERSION='4.6'
ONEHOST_ARGS='-n dummy'
.
project=upstream.*component=opennebula-4.8
ONE_VERSION='4.8'
ONEHOST_ARGS='-n dummy'
.
project=upstream.*component=opennebula-4.10
ONE_VERSION='4.10'
ONEHOST_ARGS='-n dummy'
.
project=upstream.*component=opennebula-4.12
ONE_VERSION='4.12'
ONEHOST_ARGS='-n dummy'
.
project=upstream.*component=opennebula-4.14
ONE_VERSION='4.14'
ONEHOST_ARGS='-n dummy'
.
project=upstream.*component=opennebula-5.0
ONE_VERSION='5.0'
ONEHOST_ARGS=''
.

project=upstream.*component=opennebula.*
QEMU_ENABLE=1
SSL_ENABLE=${SSL_ENABLE:-1}
VNC_PASSWORD=`dd if=/dev/random bs=9 count=1 2>/dev/null | base64`

IPPREFIX='192.168.0'
IPADDR='192.168.0.1'
NETMASK='255.255.255.0'
BROADCAST='192.168.0.255'
NETWORK='192.168.0.0'
DNS=`cat /etc/resolv.conf | grep ^nameserver | grep -v : | sed -e 's/.*\s\+//' | head -n 1`

echo "OpenNebula version ${ONE_VERSION}"

# work with xtrace to prevent passwords leaks
USE_X=`case "$-" in *x*) echo "-x" ;; *) echo "+x"; esac`

function ssl_opennebula_master() {
  local ssl=$1

  if test $ssl -eq 0; then
    # no SSL => no proxy
    sed -i /etc/one/sunstone-server.conf -e 's/127.0.0.1/0.0.0.0/'
  else
    # SSL
    if test -f /etc/grid-security/hostkey.pem; then
      cp -p /etc/grid-security/hostcert.pem /etc/grid-security/oneadmin-cert.pem
      cp -p /etc/grid-security/hostkey.pem /etc/grid-security/oneadmin-key.pem
    else
      apt-get install -y ssl-cert
      make-ssl-cert generate-default-snakeoil
      mkdir /etc/grid-security || :
      cp -p /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/grid-security/oneadmin-cert.pem
      cp -p /etc/ssl/private/ssl-cert-snakeoil.key /etc/grid-security/oneadmin-key.pem
    fi

    chown oneadmin:oneadmin /etc/grid-security/oneadmin-*.pem

    # support VNC with SSL
    sed -i /etc/one/sunstone-server.conf \
      -e 's,^\(:vnc_proxy_support_wss\):.*,\1: yes,' \
      -e 's,^\(:vnc_proxy_cert\):.*,\1: /etc/grid-security/oneadmin-cert.pem,' \
      -e 's,^\(:vnc_proxy_key\):.*,\1: /etc/grid-security/oneadmin-key.pem,'

    # proxy
    apt-get install -y apache2

    cat > /etc/apache2/sites-available/opennebula-sunstone << EOF
<VirtualHost _default_:443>
    ServerAdmin opennebula@localhost

    ErrorLog  /var/log/apache2/error.log
    CustomLog /var/log/apache2/ssl_access.log combined

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    SSLEngine on

    SSLCertificateFile    /etc/grid-security/oneadmin-cert.pem
    SSLCertificateKeyFile /etc/grid-security/oneadmin-key.pem

    SSLCACertificatePath  /etc/grid-security/certificates

#    SSLVerifyClient require
#    SSLVerifyDepth 2

    SSLCipherSuite kEECDH:HIGH:MEDIUM:!aNULL:!MD5:!RC4:!eNULL
    SSLProtocol all -SSLv2 -SSLv3
    SSLHonorCipherOrder On

    <Location />
#      RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"
#      RequestHeader set SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}s"
#      RequestHeader set SSL_SERVER_S_DN_OU "%{SSL_SERVER_S_DN_OU}s"
#      RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"
#      RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"

      ProxyPass        http://localhost:9869/
      ProxyPassReverse http://localhost:9869/
    </Location>
</VirtualHost>
EOF
    cp -p /etc/apache2/sites-available/opennebula-sunstone /etc/apache2/sites-available/opennebula-sunstone.conf

    a2enmod ssl
    a2enmod proxy
    a2enmod proxy_http
    #a2enmod headers
    a2ensite opennebula-sunstone

    service apache2 restart
  fi
}


# ==== ONe master ====
apt-get install -y opennebula opennebula-sunstone

ssl_opennebula_master $SSL_ENABLE

#Augment Config if necessary (Nested testing environment)
if test $QEMU_ENABLE -eq 1; then
  # for OpenNebula <= 4.x
  sed -i 's/"kvm" ]/"qemu" ]/' /etc/one/oned.conf
  # for OpenNebula >= 5
  sed -i 's/^\(\s*TYPE.*\)"kvm"/\1"qemu"/' /etc/one/oned.conf
  #TODO: not for Debian 8
  #sed -i 's,#\(EMULATOR\).*$,\1 = /usr/bin/qemu,' /etc/one/vmm_exec/vmm_exec_kvm.conf
fi

# VNC and IPv6
sed -i /etc/one/sunstone-server.conf \
  -e 's,^\(:vnc_proxy_ipv6\):.*,\1: yes,'

service opennebula restart
service opennebula-sunstone restart

cat > ~oneadmin/.ssh/config <<EOF
ConnectTimeout 5
Host *
    StrictHostKeyChecking no
EOF
chown oneadmin:oneadmin ~oneadmin/.ssh/config

if test $SSL_ENABLE -eq 0; then
  echo "SunStone at http://`hostname -f`:9869"
else 
  echo "SunStone at https://`hostname -f`"
fi


# ==== ONe node ====
apt-get install -y opennebula-node qemu qemu-utils libvirt-bin
#TODO: not for Debian 8
#if test $QEMU_ENABLE -eq 1; then
#  update-alternatives --set qemu /usr/bin/qemu-system-x86_64
#fi

# private network
apt-get install -y bridge-utils
sed -e '0,/^auto/s/^\(auto .*\)/\1 vbr0/' -i /etc/network/interfaces
cat >> /etc/network/interfaces <<EOF

iface vbr0 inet static
        bridge_ports none
        address ${IPADDR}
        netmask ${NETMASK}
        network ${NETWORK}
        broadcast ${BROADCAST}
EOF
ifup vbr0

# NAT
echo 'net.ipv4.ip_forward = 1' > /etc/sysctl.d/opennebula.conf
sysctl net.ipv4.ip_forward=1
cat > /etc/network/if-up.d/opennebula <<EOF
#! /bin/sh
iptables -P FORWARD ACCEPT
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
EOF
chmod +x /etc/network/if-up.d/opennebula
# may be problem after upgrade without reboot,
# let's not fail here
/etc/network/if-up.d/opennebula || :

if test $QEMU_ENABLE -eq 1; then
  # new config in /etc/libvirt/qemu.conf!
  if test -x /etc/init.d/libvirt-bin; then
    service libvirt-bin restart
  else
    service libvirtd restart
  fi
else
  service libvirt-bin stop
fi

cp -p ~oneadmin/.ssh/id_rsa.pub ~oneadmin/.ssh/authorized_keys
chown oneadmin:oneadmin ~oneadmin/.ssh/authorized_keys


# ==== ONe master (infrastructure configuration) ==== 

if test -z "${ONE_VERSION}" -o "x${ONE_VERSION}" = 'x4.6'; then
  echo 'export ONE_AUTH=/var/lib/one/.one/one_auth' >> ~/.profile
  export ONE_AUTH=/var/lib/one/.one/one_auth
fi

# Disk
name='ttylinux';link='http://marketplace.c12g.com/appliance/4fc76a938fb81d3517000003/download/0';link2='http://scientific.zcu.cz/images/ttylinux.img'
oneimage create -d default --name ${name} --path ${link2}

#name='debian7';link='http://marketplace.c12g.com/appliance/53e7c2e38fb81d6a69000004/download/0';link2='http://scientific.zcu.cz/images/Debian-7.qcow2.gz'
#name='centos7';link='http://marketplace.c12g.com/appliance/53e7bf928fb81d6a69000002/download/0';link2='http://scientific.zcu.cz/images/CentOS-7.qcow2.gz'
#name='debian8';link=http://marketplace.c12g.com/appliance/56040c398fb81d7410000006/download/0;link2=$link
#oneimage create -d default --name ${name} --path ${link2} --driver qcow2

oneimage chgrp "${name}" users
oneimage chmod "${name}" 640

# Network 
cat > example.net <<EOF
NAME = example
TYPE = RANGED
BRIDGE = vbr0
NETWORK_SIZE = C
NETWORK_ADDRESS = ${NETWORK}
GATEWAY = ${IPADDR}
DNS = ${DNS}
LOAD_BALANCER = ${IPPREFIX}.3
EOF
if test "x${ONE_VERSION}" == 'x5.0'; then
  echo 'VN_MAD=ebtables' >> example.net
fi
if test -z "${ONE_VERSION}" -o "x${ONE_VERSION}" == 'x4.6'; then
  cat >> example.net <<EOF
IP_START=${IPPREFIX}.4
IP_END=${IPPREFIX}.254
EOF
else
  echo "AR=[TYPE=IP4,IP=${IPPREFIX}.4,SIZE=251]" >> example.net
fi
onevnet create example.net
onevnet chgrp example users
onevnet chmod example 640
 
#Template
onetemplate create --name "${name}" --memory 128 --cpu 1 --disk "oneadmin[${name}]" --nic "oneadmin[example]" --net_context --vnc --vnc-password ${VNC_PASSWORD} --context 'NETWORK="YES",SSH_PUBLIC_KEY="$USER[SSH_PUBLIC_KEY]",USER_DATA="# user data"'
onetemplate chgrp "${name}" users
onetemplate chmod "${name}" 640

#Host
onehost create $(hostname -f) -i kvm -v kvm ${ONEHOST_ARGS}

#rOCCI
{ set +x; } 2>/dev/null
if test x"${USE_X}" = 'x-x'; then
  echo '+ ROCCI_PASSWORD="`dd if=/dev/random bs=36 count=1 2>/dev/null | base64`"' 1>&1
  echo '+ oneuser create rocci "${ROCCI_PASSWORD}" --driver server_cipher' 1>&1
  echo '+ echo "rocci:${ROCCI_PASSWORD}" >> /var/lib/one/.one/rocci_auth' 1>&1
fi
ROCCI_PASSWORD="`dd if=/dev/random bs=36 count=1 2>/dev/null | base64`"
oneuser create rocci "${ROCCI_PASSWORD}" --driver server_cipher
touch /var/lib/one/.one/rocci_auth
chown oneadmin:oneadmin /var/lib/one/.one/rocci_auth
chmod 0400 /var/lib/one/.one/rocci_auth
echo "rocci:${ROCCI_PASSWORD}" >> /var/lib/one/.one/rocci_auth
set ${USE_X}
oneuser chgrp rocci oneadmin

# ==== Send information into service discovery ====
if test -f /etc/zoosyncrc; then
  zoosync -s opennebula-${ONE_VERSION} register
  { set +x; } 2>/dev/null
  if test x"${USE_X}" = 'x-x'; then
    echo "+ zoosync -s opennebula-${ONE_VERSION}" 'tag _oneadmin=`cat /var/lib/one/.one/one_auth`' 1>&2
    echo "+ zoosync -s opennebula-${ONE_VERSION}" 'tag _rocci="rocci:${ROCCI_PASSWORD}"' 1>&1
  fi
  zoosync -s opennebula-${ONE_VERSION} tag _oneadmin=`cat /var/lib/one/.one/one_auth`
  zoosync -s opennebula-${ONE_VERSION} tag _rocci="rocci:${ROCCI_PASSWORD}"
  set ${USE_X}
fi
.