#!/bin/bash

if [ ! -d "/data/ymc-cluster-ymc-config-server/auth" ]; then
  echo "WARNING: Directory '/data/ymc-cluster-ymc-config-server/auth' not present..."
  exit 0
fi

if [ ! -e "/ymc_config/netboot/mgm-ssh-keyring/mgm-rsa.key" ]; then
  echo "ERROR: The mgm-ssh-keyring at /ymc_config/netboot/mgm-ssh-keyring/mgm-rsa.key is missing..." 1>&2
  exit 1
else
  chmod 600 /ymc_config/netboot/mgm-ssh-keyring/mgm-rsa.key
fi

port=4649
known_installed_hosts_file="/data/ymc-cluster-ymc-config-server/auth/ssh_known_hosts"
known_installing_hosts_file=$(tempfile --prefix ymcCl --suffix mgm-install-known-hosts.tmp)
installing_rsa_publickey="/ymc_config/netboot/mgm-ssh-keyring/install-rsa-host.key.pub"

if [ ! -f "$known_installed_hosts_file" ]; then
  echo "WARNING: The know-hosts-db for installed hosts at $known_installed_hosts_file is missing...Generating an empty one" 1>&2
  touch $known_installed_hosts_file
fi

if [ ! -f "$installing_rsa_publickey" ]; then
  echo "ERROR: Missing the ssh-rsa-install-host public key at $installing_rsa_publickey" 1>&2
  rm -f $known_installing_hosts_file
  exit 1
fi

for remote_host in $(fliwi-get-all-services --as-hostnames)
do
  ### Run netcat to check the ip using protocol and port
  nc -w 1 -z $remote_host $port 2>/dev/null 1>/dev/null
  if [ $? -eq 0 ]; then
    echo "INFO: $remote_host seems to wait for a password renewal..."

    remote_ssh_rsa_pubkey=$(ssh-keyscan -t rsa -T 5 $remote_host | cut -d ' ' -f 3)
    installed_ssh_rsa_pubkey=$(ssh-keygen -f $known_installed_hosts_file -F $remote_host |  grep -E -e "^$remote_host " | cut -d ' ' -f 3)
    installing_ssh_rsa_pubkey=$(cat $installing_rsa_publickey | cut -d ' ' -f 2)

    echo -n "INFO: Checking if $remote_host is listed in the know-hosts-db..."
    if [ "$installed_ssh_rsa_pubkey" == "$remote_ssh_rsa_pubkey" ]; then
      echo "YES"
      known_hosts_file=$known_installed_hosts_file
      is_installing=0
    else
      echo "NO"

      echo -n "INFO: Checking if $remote_host currently uses the nfs-root..."
      if [ "$installing_ssh_rsa_pubkey" == "$remote_ssh_rsa_pubkey" ]; then
        echo "YES"
        known_hosts_file=$known_installing_hosts_file
        is_installing=1
      else
        echo "NO"
        echo "ERROR: Could not identify $remote_host" 1>&2
        rm -f $known_installing_hosts_file
        exit 1
      fi
    fi

    if [ $is_installing -eq 1 ]; then
      echo "INFO: Generating temporary installing known-hosts-db..."
      echo "$remote_host,$(fliwi-get-ip-for-hostname $remote_host) $(cat $installing_rsa_publickey)" >> $known_installing_hosts_file

      future_ssh_rsa_pubkey=$(ssh -o "BatchMode yes" \
                                  -o "StrictHostkeyChecking yes" \
                                  -o "CheckHostIP yes" \
                                  -o "UserKnownHostsFile /dev/null" \
                                  -o "GlobalKnownHostsFile $known_hosts_file" \
                                  -o "IdentityFile /ymc_config/netboot/mgm-ssh-keyring/mgm-rsa.key" \
                                  $remote_host \
                                  "cat /mnt/install/root/etc/ssh/ssh_host_rsa_key.pub | cut -d ' ' -f 1-2" )
      if [ $? -ne 0 ] || [ "$future_ssh_rsa_pubkey" == '' ]; then
        echo "ERROR: Failed to get the future installed-state host-key of $remote_host" 2>&1
        rm -f $known_installing_hosts_file
        exit 1
      fi

      echo "INFO: Removing the installed-state host-key from the know-hosts-db, as the host is installing..."
      ssh-keygen -R $remote_host -f $known_installed_hosts_file && ssh-keygen -R $(fliwi-get-ip-for-hostname $remote_host) -f $known_installed_hosts_file
      if [ $? -ne 0 ]; then
        echo "ERROR: Failed to remove installed-state host-key of $remote_host from the know-hosts-db" 1>&2
        rm -f $known_installing_hosts_file
        exit 1
      else
        rm -f $known_installed_hosts_file".old"
      fi

      echo "INFO: Adding the future installed-state host-key to the know-hosts-db..."
      echo "$remote_host,$(fliwi-get-ip-for-hostname $remote_host) $future_ssh_rsa_pubkey" >> $known_installed_hosts_file
      if [ $? -ne 0 ]; then
        echo "ERROR: Failed to add installed-state host-key to know-hosts-db" 1>&2
        rm -f $known_installing_hosts_file
        exit 1
      fi
    fi

    remote_password=$(ssh -o "BatchMode yes" \
                          -o "StrictHostkeyChecking yes" \
                          -o "CheckHostIP yes" \
                          -o "UserKnownHostsFile /dev/null" \
                          -o "GlobalKnownHostsFile $known_hosts_file" \
                          -o "IdentityFile /ymc_config/netboot/mgm-ssh-keyring/mgm-rsa.key" \
                          $remote_host \
                          'if [ -x "/usr/sbin/ymc-config-update-password" ]; then /usr/sbin/ymc-config-update-password --callback; else . /usr/lib/lib-ymc-networktools/bash/ymclibnettools.bash; ymc_generate_new_host_password; fi' )
    if [ $? -ne 0 ] || [ "$remote_password" == '' ]; then
      echo "ERROR: Failed to properly set a new password on $remote_host" 2>&1
      rm -f $known_installing_hosts_file
      exit 1
    fi
    echo "INFO: Successfully set new password on $remote_host"

    if [ -e "$known_installing_hosts_file" ]; then
      rm -f $known_installing_hosts_file
    fi

    echo "INFO: Adding password to svn's sasl-db..."
    echo "$remote_password" | /usr/sbin/saslpasswd2 -c -f /data/ymc-cluster-ymc-config-server/auth/ymc-cluster-sasl.db -u "ymc-config.cluster" $remote_host
    if [ $? -ne 0 ]; then
      echo "ERROR: Failed to update the sasl-db at: /data/ymc-cluster-ymc-config-server/auth/ymc-cluster-sasl.db" 1>&2
      exit 1
    fi
    echo "INFO: Successfully updated svn's sasl-db for $remote_host"

    ### Override the variable which currently contains the password (just to make sure)...
    remote_password=""
  else
    echo "INFO: $remote_host does not want to have a new password..."
    rm -f $known_installing_hosts_file
  fi
done
