#! /bin/bash

# Rocky 9 compatible

. /usr/src/k_framework/main.sh

# ---- VARS -----

VERSION="1.1.5"
SCRIPT_NAME="Redis Install"
REDIS_C7_VERSION="3.2.12"

# ---- FUNCTIONS -----

# ---- MAIN -----

k_start ""
k_config_details ""

k_db_connection_check
if [[ $EXIT_CODE == 1 ]]; then
    k_exit 1
fi

k_detect_os
if [[ $centos_version == 7 || $ROCKY9 == 1 ]]; then
    :
else
    report "Need Centos 7/Rocky 9, current version: $OS $DIST" 1
    k_exit 1
fi

current_redis_v=$(rpm -q --info redis | grep "Version" | awk '{print $3}')
if [[ "$current_redis_v" == "" ]]; then
    report "Redis not installed" 3

    report "Installing Redis" 3
    yum -y install redis
else
    report "Redis $current_redis_v installed" 3

    if [[ $centos_version == 7 ]]; then
        if [ "$current_redis_v" == "$REDIS_C7_VERSION" ]; then
            if k_service_is_enabled "redis"; then
                report "Redis is already installed" 0
                k_exit 0
            else
                # Redis package is installed with Rtpengine installation too
                # In such a case, on GERD+R continue with installation/configuration script
                if [[ $MEDIA_PRESENT == 1 ]]; then
                    report "Redis is installed, but not enabled/configured" 3
                    report "Continuing with installation/configuration" 3
                else
                    report "Redis package is installed, but NOT enabled/configured. Check manually" 1
                fi
            fi
        else
            report "Wrong Redis version installed (installed: $current_redis_v, should be: $REDIS_C7_VERSION)" 1
            report "  Remove Redis (if not used by the client) and execute this script again" 3
            report "  yum -y remove redis" fix
            report "  rm -fr /var/lib/redis/dump.rdb" fix
            k_exit 1
        fi
    fi
fi

systemctl enable redis > /dev/null 2>&1

report "Updating config files" 3

# just in case it's symlink to /etc/redis/redis.conf
rm -fr /etc/redis.conf > /dev/null 2>&1

cp -fr /usr/src/k_framework/helpers/redis/redis.conf /etc/redis.conf
cp -fr /usr/src/k_framework/helpers/redis/redis.service /usr/lib/systemd/system/

report "Tuning for a better performance" 3

k_set_sysctl net.core.somaxconn 65535
k_set_sysctl vm.overcommit_memory 1
sysctl -p > /dev/null

# without deleting this folder 'systemctl daemon-reload' does not work
rm -fr /etc/systemd/system/redis.service.d

systemctl daemon-reload
systemctl start redis

k_iptables_locking_option

# Create Redis whitelist chain
if ! /sbin/iptables $l_opt -nL REDIS-WHITELIST-CHAIN &> /dev/null; then
    report "Creating REDIS-WHITELIST-CHAIN chain" 3
    /sbin/iptables $l_opt -N REDIS-WHITELIST-CHAIN
fi

# Whitelist chain might be created but not added to INPUT chain, lets check and correct that
if ! /sbin/iptables $l_opt -L INPUT -n | grep -Fq REDIS-WHITELIST-CHAIN &> /dev/null; then
    report "REDIS-WHITELIST-CHAIN chain is not added to INPUT chain, adding it to INPUT chain" 3
    /sbin/iptables $l_opt  -I INPUT 1 -j REDIS-WHITELIST-CHAIN
fi

# Allow local interface
if ! /sbin/iptables $l_opt -nL REDIS-WHITELIST-CHAIN | grep 6379 | grep ACCEPT | grep -Fq "127.0.0.1"; then
    report "Allowing Redis access from local interface" 3
    /sbin/iptables -I REDIS-WHITELIST-CHAIN -p tcp -s 127.0.0.1 --dport 6379 -j ACCEPT
fi

# Close from outside
if ! /sbin/iptables $l_opt -nL REDIS-WHITELIST-CHAIN | grep 6379 | grep -Fq DROP; then
    report "Closing Redis access from outside" 3
    /sbin/iptables -A REDIS-WHITELIST-CHAIN -p tcp --dport 6379 -j DROP
fi

# Return rule
if ! /sbin/iptables $l_opt -nL REDIS-WHITELIST-CHAIN | grep "RETURN" &> /dev/null; then
    report "Adding return rule to Redis iptables chain" 3
    /sbin/iptables $l_opt -A REDIS-WHITELIST-CHAIN -j RETURN
fi

# Allow GUI access
gui_ip=$(MYSQL_PWD=$DB_PASSWORD /usr/bin/mysql -h "$DB_HOST" -u "$DB_USERNAME" $P_OPT "$DB_NAME" --silent -e "SELECT server_ip FROM servers WHERE gui = 1 AND active = 1" | grep -v value)
report "Setting GUI [$gui_ip] access in iptables" 3
if [ "$gui_ip" != "" ]; then
    if ! iptables -nL REDIS-WHITELIST-CHAIN | grep 6379 | grep ACCEPT | grep -Fq "$gui_ip"; then
        report "Allowing Redis access for GUI [$gui_ip]" 3
        iptables $l_opt -I REDIS-WHITELIST-CHAIN -p tcp -s "$gui_ip" --dport 6379 -j ACCEPT
    else
        report "GUI Redis access already enabled in iptables" 3
        iptables $l_opt -L -n > /tmp/redis_install_iptables.log
    fi
else
    report "Failed to retrieve GUI IP from DB" 3
fi

service iptables save > /dev/null 2>&1
report "  To open access for X.X.X.X IP do:" 3
report "    iptables -I REDIS-WHITELIST-CHAIN -p tcp -s X.X.X.X --dport 6379 -j ACCEPT" 3
report "    service iptables save" 3

if k_service_is_running "redis"; then
    report "Redis service is active" 0

    current_redis_v=$(rpm -q --info redis | grep "Version" | awk '{print $3}')
    report "Current Redis version: $current_redis_v" 3
else
    report "Redis service is not active. Troubleshoot manually." 1
    report "  Check /var/log/redis" 1
    EXIT_CODE=1
fi

k_exit $EXIT_CODE