#!/bin/bash

. /usr/src/m2/framework/settings.sh
. /usr/src/m2/framework/bash_functions.sh

SCRIPT_NAME="M4 GERD Update"
VERSION="1.2.10"

k_kolmisoft_logo

NO_SCREEN=0
DEBUG=0

k_supported_os_check; if [ "$?" != "0" ]; then k_exit 1; fi

systemd-firstboot --setup-machine-id

#read_m2_settings
k_config_details

# Runs at exit of this script
function ensure {
  # Enable M2 Blocked Countries after updating the system
  if /sbin/iptables -t filter -S "M2-BLOCKED-COUNTRIES" 1 &> /dev/null; then
    if /sbin/iptables -n -L M2-BLOCKED-COUNTRIES | grep -q RETURN; then
        /sbin/iptables -D M2-BLOCKED-COUNTRIES -j RETURN
    fi
  fi
}

trap ensure EXIT QUIT INT TERM KILL

# Disable M2 Blocked Countries while updating the system
if /sbin/iptables -t filter -S "M2-BLOCKED-COUNTRIES" 1 &> /dev/null; then
    if ! /sbin/iptables -n -L M2-BLOCKED-COUNTRIES | grep -q RETURN; then
        /sbin/iptables -I M2-BLOCKED-COUNTRIES -j RETURN
    fi
fi

exec >  >(tee -a update.log)
exec 2> >(tee -a update.log >&2)


# Check arguments
for arg in "$@"
do
    if [ "$arg" == "NO_SCREEN" ]; then
        NO_SCREEN=1
    fi
done

echo
k_start
echo

report `date` 3

# TODO check if we have system installed which should be updated

kf="/usr/src/k_framework"
svn update $kf

src="/usr/src/m2"
svn update $src

if ((centos_version == 6)); then
    if ! $kf/maintenance/centos6_repo_fix.sh; then
        report "Aborting..." 6
        exit 1
    fi
fi


if [[ $NO_SCREEN == 0 ]]; then
    if ! k_we_are_inside_screen; then
        if [[ $ROCKY9 == 1 ]]; then
            report "You have to be in 'tmux' to continue..." 1
        else
            report "You have to be in 'screen' to continue..." 1
        fi
        k_exit 1
    fi
fi

$kf/maintenance/system_preparation/selinux_disable.sh
$kf/maintenance/system_preparation/svn_store_plaintext_passwords_disable.sh
$kf/maintenance/system_preparation/deadline_scheduler_for_ssd_enable.sh


$src/maintenance/configuration_prepare.sh
# just in case
$src/maintenance/folders_permissions_prepare.sh
$src/maintenance/permissions_post_install.sh
$src/maintenance/aliases_install.sh
$src/maintenance/packets_install.sh

$kf/checks/connections_check.sh
if [ "$?" != "0" ]; then
    report "Connection limited. Fix your firewall. Aborting." 1
    ensure
    exit 1
fi

$kf/maintenance/network_tune.sh

$kf/maintenance/journald_tune.sh

# $src/maintenance/symlinks_prepare.sh outdated
$src/maintenance/xsendfile.sh

$kf/helpers/tuned_install.sh
$kf/helpers/zabbix/zabbix_agent_install.sh

if [[ $ROCKY9 != 1 ]]; then
    $kf/helpers/mysql/5.7/mysql8_repo_disable.sh
fi

# logrotates
$src/maintenance/logrotates_enable.sh

# helpers update
$src/helpers/fail2ban/fail2ban_update.sh


if [ "$1" == "LATEST" ]; then

  report "Updating to LATEST revision" 2

  # db update
  $src/db/db_update.sh LATEST NO_SCREEN
  # gui update
  $src/gui/gui_update.sh LATEST
  # scripts update
  $src/scripts/scripts_install.sh LATEST

else

 report "Updating to STABLE revision" 3

  # db update
  $src/db/db_update.sh STABLE NO_SCREEN
  # gui update
  $src/gui/gui_update.sh STABLE
  # scripts update
  $src/scripts/scripts_install.sh STABLE

fi

# SIP Trunking modules
$src/scripts/go/go_modules_install.sh

$src/scripts/m2_server_loadstats_dir/install.sh

# Database configuration
$src/db/disable_mysql_secure_file_priv.sh
$src/db/add_skip_name_resolve.sh

$src/maintenance/safe_services.sh
$kf/maintenance/system_preparation/tmpwatch_cron_disable.sh

# irqbalance service
$src/maintenance/irqbalance_service.sh

#blocked_ips
$src/helpers/m2_gui_iptables/m2_gui_iptables_install.sh
$src/helpers/m2_blocked_countries/m2_blocked_countries_install.sh

#pcap control - outdated, changed to tshark
#$src/helpers/m2_pcap_control/install_m2_pcap_control.sh
#$src/helpers/m2_pcap_control/install_m2_pcap_check_space.sh

#m2 pcap tshark
if [[ $PCAP_ENABLED == 1 ]]; then
    $src/helpers/m2_pcap_tshark/m2_pcap_tshark_install.sh
fi

# iptables whitelist
$src/helpers/m2_connection_points_whitelist/install.sh

# blocking scanners
$src/helpers/m2_block_scanners/install_m2_block_scanners.sh

# Run m2 rates effective control script with system update
/usr/local/m2/m2_rates_effective_from_cache_control.sh > /var/log/m2/m2_rates_effective_from_cache_control.log 2>&1

# new directory for call tracing
mkdir -p /tmp/m2/m2_call_tracing
chmod 777 -R /tmp/m2/m2_call_tracing

# new directory for Quality Routing Stats
mkdir -p /tmp/m2/m2_quality_routing_stats
chmod 777 -R /tmp/m2/m2_quality_routing_stats

# permissions for call tracing
chmod a+r -R /usr/local/etc/raddb/dictionary

# permissions for radius configuration file
chmod 644 /usr/local/etc/raddb/radiusd.conf

# permissions for call log
#chmod -R --reference=/usr/local/freeswitch/ /usr/local/var/log/

# install ES (if not installed)

if [[ $ES_PRESENT == "1" || $ES_PRESENT == "-1" ]]; then
     svn update $src/elasticsearch/
     $src/elasticsearch/elasticsearch_install.sh
     elasticsearch sync hourly stop
fi

# copy ES script to local dir
cp -f /usr/src/m2/elasticsearch/m2_elasticsearch.sh /usr/local/m2/ &> /dev/null

# create symlink to 'elasticsearch' command on all servers
ln -fs /usr/local/m2/m2_elasticsearch.sh /usr/bin/elasticsearch &> /dev/null

# Update email2tariff scripts in GUI server if Automatic Tariff Import is activated
if [[ $GUI_PRESENT == "1" ]]; then
    if [[ $(get_confline "show_tariff_import_menu") == 1 ]]; then
        $src/helpers/email2tariff/email2tariff_install.sh
    else
        rm -f /etc/cron.d/m2_tariff_import_actions
    fi
fi


if [[ $RADIUS_PRESENT == "1" ]]; then
    /usr/src/m2/freeradius/freeradius_update.sh
fi

# update tables using percona
svn update $src/db/percona
$src/db/percona/percona_calls_update_v2.sh calls
$src/db/percona/percona_calls_update_v2.sh calls_old
$src/db/percona/percona_calls_update_v2.sh rates force
$src/db/percona/percona_calls_update_v3.sh calls
$src/db/percona/percona_calls_update_v3.sh calls_old
$src/db/percona/percona_calls_update_v4.sh calls
$src/db/percona/percona_calls_update_v4.sh calls_old

$src/maintenance/check_gui_db_access.sh
$src/maintenance/iptables_service_update.sh
$src/maintenance/check_es_for_full_resync.sh

$kf/maintenance/security/log4j1.x_fix.sh
$kf/helpers/memcached/memcached_install.sh   # UDP fix
$kf/maintenance/system_preparation/perl_ssl_fix.sh

# to avoid failed crond http://trac.kolmisoft.com/trac/ticket/16124
k_delay 10
report "Restarting crond" 3
service crond restart > /dev/null 2>&1

# ---------- Update done, now check -----------


# these should be the last ones to check everything
$src/maintenance/fix_crons_and_services.sh

$src/check.sh

ensure

report "Update complete" 0
report `date` 3