#!/usr/bin/env bash



  #
  # Copyright (C) 2010 Cloud.com, Inc.  All rights reserved.
  # 
  # This software is licensed under the GNU General Public License v3 or later.
  # 
  # It is free software: you can redistribute it and/or modify
  # it under the terms of the GNU General Public License as published by
  # the Free Software Foundation, either version 3 of the License, or any later version.
  # This program is distributed in the hope that it will be useful,
  # but WITHOUT ANY WARRANTY; without even the implied warranty of
  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  # GNU General Public License for more details.
  # 
  # You should have received a copy of the GNU General Public License
  # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  #
 

# $Id: loadbalancer.sh 9947 2010-06-25 19:34:24Z manuel $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/patches/xenserver/root/loadbalancer.sh $
# loadbalancer.sh -- reconfigure loadbalancer rules
#
#
# @VERSION@

usage() {
  printf "Usage: %s:  -i <domR eth1 ip>  -a <added public ip address> -d <removed> -f <load balancer config> -s <stats guest ip address> \n" $(basename $0) >&2
}

# set -x

# check if gateway domain is up and running
check_gw() {
  ping -c 1 -n -q $1 > /dev/null
  if [ $? -gt 0 ]
  then
    sleep 1
    ping -c 1 -n -q $1 > /dev/null
  fi
  return $?;
}
fw_remove_backup() {
  for vif in $VIF_LIST; do 
    iptables -F back_load_balancer_$vif 2> /dev/null
    iptables -D INPUT -i $vif -p tcp  -j back_load_balancer_$vif 2> /dev/null
    iptables -X back_load_balancer_$vif 2> /dev/null
  done
  iptables -F back_lb_stats 2> /dev/null
  iptables -D INPUT -i $STAT_IF -p tcp  -j back_lb_stats 2> /dev/null
  iptables -X back_lb_stats 2> /dev/null
}
fw_restore() {
  for vif in $VIF_LIST; do 
    iptables -F load_balancer_$vif 2> /dev/null
    iptables -D INPUT -i $vif -p tcp  -j load_balancer_$vif 2> /dev/null
    iptables -X load_balancer_$vif 2> /dev/null
    iptables -E back_load_balancer_$vif load_balancer_$vif 2> /dev/null
  done
  iptables -F lb_stats 2> /dev/null
  iptables -D INPUT -i $STAT_IF -p tcp  -j lb_stats 2> /dev/null
  iptables -X lb_stats 2> /dev/null
  iptables -E back_lb_stats lb_stats 2> /dev/null
}
# firewall entry to ensure that haproxy can receive on specified port
fw_entry() {
  local added=$1
  local removed=$2
  local stats=$3
  
  if [ "$added" == "none" ]
  then
  	added=""
  fi
  
  if [ "$removed" == "none" ]
  then
  	removed=""
  fi
  
  local a=$(echo $added | cut -d, -f1- --output-delimiter=" ")
  local r=$(echo $removed | cut -d, -f1- --output-delimiter=" ")

# back up the iptable rules by renaming before creating new. 
  for vif in $VIF_LIST; do 
    iptables -E load_balancer_$vif back_load_balancer_$vif 2> /dev/null
    iptables -N load_balancer_$vif 2> /dev/null
    iptables -A INPUT -i $vif -p tcp  -j load_balancer_$vif
  done
  iptables -E lb_stats back_lb_stats 2> /dev/null
  iptables -N lb_stats 2> /dev/null
  iptables -A INPUT -i $STAT_IF -p tcp  -j lb_stats

  for i in $a
  do
    local pubIp=$(echo $i | cut -d: -f1)
    local dport=$(echo $i | cut -d: -f2)    
    local cidrs=$(echo $i | cut -d: -f3 | sed 's/-/,/')
    
    for vif in $VIF_LIST; do 
      iptables -A load_balancer_$vif -s $cidrs -p tcp -d $pubIp --dport $dport -j ACCEPT
      
      if [ $? -gt 0 ]
      then
        return 1
      fi
    done      
  done
  local pubIp=$(echo $stats | cut -d: -f1)
  local dport=$(echo $stats | cut -d: -f2)    
  local cidrs=$(echo $stats | cut -d: -f3 | sed 's/-/,/')
  iptables -A lb_stats -s $cidrs -p tcp -m state --state NEW -d $pubIp --dport $dport -j ACCEPT
  
  return 0
}

#Hot reconfigure HA Proxy in the routing domain
reconfig_lb() {
  /root/reconfigLB.sh
  return $?
}

# Restore the HA Proxy to its previous state, and revert iptables rules on DomR
restore_lb() {
  # Copy the old version of haproxy.cfg into the file that reconfigLB.sh uses
  cp /etc/haproxy/haproxy.cfg.old /etc/haproxy/haproxy.cfg.new
   
  if [ $? -eq 0 ]
  then
    # Run reconfigLB.sh again
    /root/reconfigLB.sh
  fi
}

get_vif_list() {
  local vif_list=""
  for i in /sys/class/net/eth*; do 
    vif=$(basename $i);
    if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ]
    then
      vif_list="$vif_list $vif";
    fi
  done
  
  echo $vif_list
}

mflag=
iflag=
aflag=
dflag=
fflag=
sflag=

while getopts 'i:a:d:f:s:' OPTION
do
  case $OPTION in
  i)	iflag=1
		domRIp="$OPTARG"
		;;
  a)	aflag=1
		addedIps="$OPTARG"
		;;
  d)	dflag=1
		removedIps="$OPTARG"
		;;
  f)	fflag=1
		cfgfile="$OPTARG"
		;;
  s)	sflag=1
		statsIp="$OPTARG"
		;;
  ?)	usage
		exit 2
		;;
  esac
done

VIF_LIST=$(get_vif_list)
# TODO make the stat interface generic
STAT_IF="eth0"

# hot reconfigure haproxy
reconfig_lb $cfgfile

if [ $? -gt 0 ]
then
  printf "Reconfiguring loadbalancer failed\n"
  exit 1
fi

if [ "$addedIps" == "" ]
then
  addedIps="none"
fi

if [ "$removedIps" == "" ]
then
  removedIps="none"
fi

# iptables entry to ensure that haproxy receives traffic
fw_entry $addedIps $removedIps $statsIp
  	
if [ $? -gt 0 ]
then
  # Restore the LB
  restore_lb

  # Revert iptables rules on DomR
  fw_restore

  exit 1
else
  # Remove backedup iptable rules
  fw_remove_backup
fi
 
exit 0