#!/usr/bin/python2.7

# Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import os
import re
import sys

import netaddr
import smf_include

from subprocess import CalledProcessError, Popen, PIPE, check_call


def set_hostmodel(value):
    cmd = ["/usr/sbin/ipadm", "show-prop", "-p", "hostmodel",
           "-co", "current", "ipv4"]
    p = Popen(cmd, stdout=PIPE, stderr=PIPE)
    output, error = p.communicate()
    if p.returncode != 0:
        print "failed to retrieve hostmodel ipadm property"
        return False
    if output.strip() == value:
        return True
    cmd = ["/usr/sbin/ipadm", "set-prop", "-t", "-p", "hostmodel=%s" % value,
           "ipv4"]
    p = Popen(cmd, stdout=PIPE, stderr=PIPE)
    output, error = p.communicate()
    if p.returncode != 0:
        print "failed to set ipadm hostmodel property to %s" % value
        return False
    return True


def start():
    # verify paths are valid
    for f in sys.argv[2:4]:
        if not os.path.exists(f) or not os.access(f, os.R_OK):
            print '%s does not exist or is not readable' % f
            return smf_include.SMF_EXIT_ERR_CONFIG

    # System-wide forwarding (either ipv4 or ipv6 or both) must be enabled
    # before neutron-l3-agent can be started.
    cmd = ["/usr/sbin/ipadm", "show-prop", "-c", "-p", "forwarding",
           "-o", "current", "ipv4"]
    p = Popen(cmd, stdout=PIPE, stderr=PIPE)
    output, error = p.communicate()
    if p.returncode != 0:
        print "failed to determine if IPv4 forwarding is enabled or not"
        return smf_include.SMF_EXIT_ERR_FATAL
    v4fwding = "on" in output

    cmd = ["/usr/sbin/ipadm", "show-prop", "-c", "-p", "forwarding",
           "-o", "current", "ipv6"]
    p = Popen(cmd, stdout=PIPE, stderr=PIPE)
    output, error = p.communicate()
    if p.returncode != 0:
        print "failed to determine if IPv6 forwarding is enabled or not"
        return smf_include.SMF_EXIT_ERR_FATAL
    v6fwding = "on" in output

    if not any((v4fwding, v6fwding)):
        print "System-wide IPv4 or IPv6 (or both) forwarding must be " \
              "enabled before enabling neutron-l3-agent"
        return smf_include.SMF_EXIT_ERR_CONFIG

    # set the hostmodel property if necessary
    if not set_hostmodel("src-priority"):
        return smf_include.SMF_EXIT_ERR_FATAL

    cmd = "/usr/lib/neutron/neutron-l3-agent --config-file %s " \
        "--config-file %s" % tuple(sys.argv[2:4])
    smf_include.smf_subprocess(cmd)


def remove_ipfilter_rules(version):
    # remove IP Filter rules added by neutron-l3-agent
    cmd = ["/usr/bin/pfexec", "/usr/sbin/ipfstat", "-io"]
    if version == 6:
        cmd.insert(2, "-6")
    p = Popen(cmd, stdout=PIPE, stderr=PIPE)
    output, error = p.communicate()
    if p.returncode != 0:
        print "failed to retrieve IP Filter rules"
        return smf_include.SMF_EXIT_ERR_FATAL

    ipfilters = output.splitlines()
    # L3 agent IP Filter rules are of the form
    # block in quick on l3i64cbb496_a_0 from ... to pool/15417332
    prog = re.compile('on l3i[0-9A-Fa-f\_]{10}_0')
    ippool_names = []
    for ipf in ipfilters:
        if not prog.search(ipf):
            continue
        # capture the IP pool name
        if 'pool/' in ipf:
            ippool_names.append(ipf.split('pool/')[1])

        try:
            # remove the IP Filter rule
            p = Popen(["echo", ipf], stdout=PIPE)
            cmd = ["/usr/bin/pfexec", "/usr/sbin/ipf", "-r", "-f", "-"]
            if version == 6:
                cmd.insert(2, "-6")
            check_call(cmd, stdin=p.stdout)
        except CalledProcessError as err:
            print "failed to remove IP Filter rule %s: %s" % (ipf, err)
            return smf_include.SMF_EXIT_ERR_FATAL

    # remove IP Pools added by neutron-l3-agent
    for ippool_name in ippool_names:
        try:
            check_call(["/usr/bin/pfexec", "/usr/sbin/ippool", "-R",
                        "-m", ippool_name, "-t", "tree"])
        except CalledProcessError as err:
            print "failed to remove IP Pool %s: %s" % (ippool_name, err)
            return smf_include.SMF_EXIT_ERR_FATAL
    return smf_include.SMF_EXIT_OK


def stop():
    try:
        # first kill the SMF contract
        check_call(["/usr/bin/pkill", "-c", sys.argv[2]])
    except CalledProcessError as err:
        print "failed to kill the SMF contract: %s" % (err)
        return smf_include.SMF_EXIT_ERR_FATAL

    # We need to first remove the IP filter rules and then remove
    # the IP interfaces on which the rules were applied.

    # remove IPv4 Filter rules added by neutron-l3-agent
    rv = remove_ipfilter_rules(4)
    if rv != smf_include.SMF_EXIT_OK:
        return rv

    # remove IPv6 Filter rules added by neutron-l3-agent
    rv = remove_ipfilter_rules(6)
    if rv != smf_include.SMF_EXIT_OK:
        return rv

    # remove IP NAT rules added by neutron-l3-agent
    cmd = ["/usr/bin/pfexec", "/usr/sbin/ipnat", "-lR"]
    p = Popen(cmd, stdout=PIPE, stderr=PIPE)
    output, error = p.communicate()
    if p.returncode != 0:
        print "failed to retrieve IP NAT rules"
        return smf_include.SMF_EXIT_ERR_FATAL

    ipnat_rules = output.splitlines()
    # L3 agent IP NAT rules are of the form
    # bimap l3e64ccc496_a_0 .... OR
    # rdr l3iedf345cc96_a_0 ....
    prog = re.compile('l3[ie][0-9A-Fa-f\_]{10}_0')
    for ipnat_rule in ipnat_rules:
        if not prog.search(ipnat_rule):
            continue
        # remove the IP NAT rule
        try:
            p = Popen(["echo", ipnat_rule], stdout=PIPE)
            check_call(["/usr/bin/pfexec", "/usr/sbin/ipnat", "-r", "-f", "-"],
                       stdin=p.stdout)
        except CalledProcessError as err:
            print "failed to remove IP NAT rule %s: %s" % (ipnat_rule, err)
            return smf_include.SMF_EXIT_ERR_FATAL

    # remove VNICs associated with L3 agent
    cmd = ["/usr/sbin/ipadm", "show-if", "-p", "-o", "ifname"]
    p = Popen(cmd, stdout=PIPE, stderr=PIPE)
    output, error = p.communicate()
    if p.returncode != 0:
        print "failed to retrieve IP interface names"
        return smf_include.SMF_EXIT_ERR_CONFIG

    ifnames = output.splitlines()
    # L3 agent datalinks are always 15 characters in length. They start
    # with either 'l3i' or 'l3e', end with '_0', and in between they are
    # hexadecimal digits.
    prog = re.compile('l3[ie][0-9A-Fa-f\_]{10}_0')
    for ifname in ifnames:
        if not prog.search(ifname):
            continue
        try:
            # first remove the IP
            check_call(["/usr/bin/pfexec", "/usr/sbin/ipadm", "delete-ip",
                        ifname])
            # next remove the VNIC
            check_call(["/usr/bin/pfexec", "/usr/sbin/dladm", "delete-vnic",
                        ifname])
        except CalledProcessError as err:
            print "failed to remove datalinks used by L3 agent: %s" % (err)
            return smf_include.SMF_EXIT_ERR_FATAL

    # finally reset the hostmodel property
    if not set_hostmodel("weak"):
        return smf_include.SMF_EXIT_ERR_FATAL
    return smf_include.SMF_EXIT_OK

if __name__ == "__main__":
    os.putenv("LC_ALL", "C")
    smf_include.smf_main()