#!/bin/sh

#################################################################
# nom			: init
# description	: Scrit de lancement/arrêt de l'agent DSR sous systèmes de type unix
# version		: 1.14
# date			: 24/06/2022 10:00
# autheur		: remi & flo
#################################################################
# chkconfig: 2345 25 75
# description: Client Data Safe Restore
# + redirection de stderr aussi
# + compatibilite ESX sans le i et gestion des ports qui ne sont pas 6666
# 1.12 16/04/2018 - recree conf si necessaire pour etre sur de creer les logs dans scratch
# 1.13 03/01/2019 - ne se lance pas si le chemin n'est pas /etc/init.d/dsr
# 1.14 24/06/2022 - support ESXi 7.0 
# 1.15 08/07/2022 - Agent demarre meme si la regle DSR n'est pas chargee (firewall desactive)
# 1.16 19/07/2022 - La commande restart pouvait ne pas relancer l'agent
# 1.17 20/07/2022 - Verification du parefeu detecte 'Connection failed' et patiente + retry toutes les secondes pendant 2 minutes

if [ "$0" != "/etc/init.d/dsr" ]; then
	exit
fi


check_i5x_firewall ()
{
	i5x_firewall=1
	RES=$(esxcli network firewall ruleset list -r DSR)
	if [ "$RES" = "Ruleset Not Found: DSR" ]; then
		i5x_firewall=0
	elif [ "$RES" = "Connection failed" ]; then
		i5x_firewall=0
	elif [ "$RES" = "Failed to check loaded status: DSR" ]; then
		echo "Firewall is disabled"
	fi
}

check_running()
{
	RUNNING=""
	if [ -f $PIDFILE ]; then
		PID=`cat $PIDFILE`
		if [ "`uname -s`" == "VMkernel" ]; then
			RUNNING=`ps -c | grep $DSR | grep -v grep`
		elif [ "`uname -r | grep \".ESX$\"`" != "" ]; then
			RUNNING=`ps -ef | grep $DSR | grep -v grep`
		else
			RUNNING=`ps $PID | grep $DSR | grep -v grep`
		fi
	fi
}

FILE=$0
DSRDIR=/usr/local/dsr
DSR=$DSRDIR/dsr
CONFIGFILE="$DSRDIR/conf/config"
PIDFILE="$DSRDIR/conf/pid"
LOCAL_PORT=6666
REMOTE_PORT=6666
i5x_firewall_retries=120
i5x_firewall_delay=1
if [ -f "$CONFIGFILE" ]; then
	PORT=`grep "^local_port=" $CONFIGFILE | awk -F "=" '{ print $2 }'`
	if [ ! -z "$PORT" ] && [ "$PORT" -eq "$PORT" 2> /dev/null ]; then LOCAL_PORT=$PORT; fi
	PORT=`grep "^server_port=" $CONFIGFILE | awk -F "=" '{ print $2 }'`
	if [ ! -z "$PORT" ] && [ "$PORT" -eq "$PORT" 2> /dev/null ]; then REMOTE_PORT=$PORT; fi
fi
if [ "`uname -s`" == "VMkernel" ] || [ "`uname -r | grep \".ESX$\"`" != "" ]; then isESX=true; else isESX=false; fi


case "$1" in
  start)
    echo -n "Starting Data Safe Restore: "
    check_running
    if [ "$RUNNING" ]
    then
    	echo "Already Running"
    else
	#ESX
	if [ "$isESX" == "true" ]; then
		if [ "`uname -s`" == "VMkernel" ]; then
			mkdir -p /scratch/dsr_logs
			mkdir -p /usr/local/dsr/conf
			if [ -d "/usr/local/dsr/conf/logs" ]; then
				rm -Rf /usr/local/dsr/conf/logs
			fi
			if [ ! -h "/usr/local/dsr/conf/logs" ]; then
				ln -s /scratch/dsr_logs /usr/local/dsr/conf/logs
			fi
		elif [ "`uname -r | grep \".ESX$\"`" != "" ]; then
			mkdir -p /var/log/dsr_logs
			mkdir -p /usr/local/dsr/conf
			if [ -d "/usr/local/dsr/conf/logs" ]; then
				rm -Rf /usr/local/dsr/conf/logs
			fi
			if [ ! -h "/usr/local/dsr/conf/logs" ]; then
				ln -s /var/log/dsr_logs /usr/local/dsr/conf/logs
			fi
		fi
		## Ouverture du port 6666 du firewall
		if [ -x /sbin/esxcfg-firewall ] || [ -x /usr/sbin/esxcfg-firewall ]; then # ESX 4
			esxcfg-firewall --openPort $REMOTE_PORT,tcp,out,DSR
			esxcfg-firewall --openPort $LOCAL_PORT,tcp,in,DSR
			# service firewall restart
		elif [ -x /sbin/esxcli ] && [ -f /etc/vmware/firewall/service.xml ]; then # ESXI 5,6,7
			# revert old firewall configuration old school!
			if [ -f /etc/vmware/firewall/service.xml.beemobak ]; then
		 		if [ "`uname -s`" == "VMkernel" ] && [ `uname -r | awk -F. '{print $1}'` -ge 7 ]; then	
					#remove old firewall backup if exist
					echo -e "\nremove service.xml.beemobak ESXI 7.+ detecté"	
					rm /etc/vmware/firewall/service.xml.beemobak
				else # ESXI 5/6
					echo -e "\nrestore service.xml.beemobak ESXI 5/6 detecté"
					rm /etc/vmware/firewall/service.xml
					mv /etc/vmware/firewall/service.xml.beemobak /etc/vmware/firewall/service.xml
				fi
			fi

			# Creer la regle Beemo si elle n'existe pas
			if [ ! -f /etc/vmware/firewall/beemo.xml ]; then # ESX 5,6,7 new config detected
				echo -e "<ConfigRoot>\n<!-- Beemo Technologie DataSafeRestore Agent -->\n <service id='0000'>\n  <id>DSR</id>\n  <rule id='0000'>\n   <direction>outbound</direction>\n   <protocol>tcp</protocol>\n   <porttype>dst</porttype>\n   <port>$REMOTE_PORT</port>\n  </rule>\n  <rule id='0001'>\n   <direction>inbound</direction>\n   <protocol>tcp</protocol>\n   <porttype>dst</porttype>\n   <port>$LOCAL_PORT</port>\n  </rule>\n  <enabled>true</enabled>\n  <required>true</required>\n  </service>\n <!-- Beemo Technologie DataSafeRestore Agent -->\n</ConfigRoot>" >  /etc/vmware/firewall/beemo.xml
				if [ $? -ne 0 ]; then
					echo -e "\nL'enregistrement de la configuration du firewall pour le service DSR a échoué. Contactez le support technique."
					echo -e "\nL'enregistrement de la configuration du firewall pour le service DSR a échoué. Contactez le support technique." >> /usr/local/dsr/conf/logs/events.txt
				fi
			fi

			i5x_firewall_attempts=1
			esxcli network firewall refresh
			check_i5x_firewall
			while [ $i5x_firewall_attempts -le $i5x_firewall_retries ] && [ $i5x_firewall -eq 0 ]; do
				echo "Règles de firewall DSR pas encore propagées. Essai num $i5x_firewall_attempts"
				sleep $i5x_firewall_delay
				sync
				esxcli network firewall refresh
				check_i5x_firewall
				i5x_firewall_attempts=$(( $i5x_firewall_attempts + 1 ))
			done
			if [ $i5x_firewall -eq 0 ]; then
				echo "`date +\"%d/%m/%Y @ %H:%M\"` : (SYSTEM) Impossible de configurer le port de communication DSR dans le firewall. Lancement du logiciel client interrompu."
				echo "`date +\"%d/%m/%Y @ %H:%M\"` : (SYSTEM) Impossible de configurer le port de communication DSR dans le firewall. Lancement du logiciel client interrompu." >> /usr/local/dsr/conf/logs/events.txt
			fi
		elif [ "`uname -s`" == "VMkernel" ] && [ "`uname -r | grep "^4."`" != "" ]; then
			echo -e "\nCette version d'ESX n'a pas de firewall."
		else
			echo -e "\nCette version d'ESX n'est pas supportée. Veuillez ouvrir le port 6666 (TCP, traffic entrant et sortant) du firewall de votre serveur ESX manuellement si votre version d'ESX a un firewall."
		fi
	fi
	nohup $DSR > /dev/null 2>&1 < /dev/null &
    	echo "done."
    fi
    ;;
  stop)
    echo -n "Stopping Data Safe Restore: "
    check_running
    if [ "$RUNNING" ]; then
	# ESX
	if [ "`uname -r | grep \".ESX$\"`" != "" ]; then
		FORKED_PID=`ps -ef | grep $DSR | grep -v grep | awk '{ print $2 }'`
	elif [ "`uname -s`" == "VMkernel" ]; then
		FORKED_PID=`ps -c | grep $DSR | grep -v grep | awk '{print $1}'`
	fi

	if [ "$FORKED_PID" != "" ]; then
		kill -9 $FORKED_PID
	else
		kill -9 $PID
	fi

	COUNTER=0
	check_running
	while [ ! -z "$RUNNING" ] && [ $COUNTER -lt 10 ]; do
		sleep 1
		check_running
		COUNTER=$(expr $COUNTER + 1)
	done
	if [ -z "$RUNNING" ]; then
		echo "done."
	else
		echo "failed."
	fi
    else
        echo "Not Running"
    fi
    ;;
  restart)
    $FILE stop
    $FILE start > /dev/null
    ;; 
  status)
    check_running
    if [ "$RUNNING" ]
    then
	echo "DSR is Running with pid $PID"
    else
	echo "DSR is not running"
    fi
    ;;
  *)
    echo "Usage: /etc/init.d/dsr {start|stop|restart|status}"
    ;;
esac 
