#!/bin/bash
#
# Written by Xueshan Feng <sfeng@stanford.edu>
# Copyright 2012, 2013 Board of Trustees, Leland Stanford Jr. University
#
# Updated by Adam Lewenberg <adamhl@stanford.edu>
# Updated by Jonathan Lent <jlent@stanford.edu>
# Copyright 2015 Board of Trustees, Leland Stanford Jr. University

# Puppet infrastructure and out-of-date hostnames
puppetdb='puppetdb'
puppetmaster='puppetservice1'
puppetca='puppetca'
oodhost='frankoz2'

# Default domain
mydomain='stanford.edu'

# Print usage and quit
usage(){
    echo "$error"
    echo "Usage $0 { delnode|disposed|repurposed } <hostname> \"comments\""
    exit 1
}

# Cleanup
cleanup(){
    h=`echo $host | cut -d. -f1`
    echo "== Reset puppet report."
    remctl $puppetmaster pm reset $host "$comment"
    echo "== Clean  puppet cert"
    remctl $puppetca pca clean $host
    echo "== Update node record in PuppetDB"
    remctl $puppetdb pdb $cmd $host "$comment"
    echo "== Reset tripwire for short and long hostname (you will see one error)"
    remctl devnull tripwire-report reset $host
    remctl devnull tripwire-report reset $h
    remctl lsdb tripwire-afs delete $host
    echo "== Deactivate in OOD"
    remctl $oodhost ood deactivate $host
    echo "== Destroy host keytab in wallet"
    wallet destroy keytab host/$host
    echo "== Destroy duo-pam object in wallet"
    wallet destroy duo-pam $host
    echo "== Destroy host acl in wallet"
    wallet acl destroy host/$host

    echo "== Attempting to remove pxe config from RH build system"
    remctl yum pxe delete $host 2>&1 > /dev/null
    remctl yum pxe delete $h 2>&1 > /dev/null

    echo "This node may need to be removed from NetDB"
    swhois=`which swhois`
    if [ "$swhois" != "" ]; then
        $swhois $sys\*.
    fi

    results=`egrep "^$h" /afs/ir/dept/its/cgi-bin/group/unix/servers.csv`
    if [[ ! -z $results ]]; then
        echo
        echo "The server is still on the override server support list in "
        echo "/afs/ir/dept/its/cgi-bin/group/unix/servers.csv. Remove the "
        echo "host from that file, git add, commit and push your changes."
        echo " The grep results were: "
        echo " $results"
        echo
    fi
}

# Check commandline arguments
getoptions(){
    if [ $# -lt 3 ]; then
        error='Wrong number of arguments.'
        usage
    fi

    # Supported mdr commands
    commands='delnode disposed repurposed'

    # Get the arguments
    cmd=$1
    sys=$2
    shift 2
    comment=$*
    echo $commands | grep "$cmd" > /dev/null
    if [ $? != 0 ]; then
        error="Unsupported command: $cmd."
        usage
    fi

    # You need to run this as root principal
    princ_mit=`klist -5 2>&1 |grep -i 'Default principal'`
    princ_heimdal=`klist -5 2>&1 |grep 'Principal'`

    if [[ ! "${princ_mit}" =~ "$USER/root" ]] && [[ ! "${princ_heimdal}" =~ "$USER/root" ]]; then
        echo "Hmm, you should run the command as $USER/root."
        exit 1
    fi
}

#######
# Main
#######

# Get options and do error checking
getoptions $*

if [[ "$sys" =~ "${mydomain}" ]]; then
    host=$sys
else
    host="$sys.$mydomain"
    host $host > /dev/null
    if [ $? -ne 0 ]; then
        answer='N'
        echo -n "$sys does not exist in NetDB, continue(Y/N)?"
        read answer
        [ "X$answer" != "XY" ] && exit 1;
    fi
fi

cleanup

exit 0

# Documentation.  Use a hack to hide this from the shell.  Because of the
# above exit line, this should never be executed.
DOCS=<<__END_OF_DOCS__

=for stopwords
Xueshan Feng remctl

=head1 NAME

retire-system - Call various remctl commands to decommission a server

=head1 SYNOPSIS

retire-system { delnode|disposed|repurposed } <hostname> "comments"

=head1 DESCRIPTION

Automate things to change when retiring a system so that it's cleared
from our various reports and billing systems.

The script needs to run with <user>/root tickets and from a host that
has remctl access to central management systems.

=head1 REFERENCE

L<https://ikiwiki.stanford.edu/tools/retiring-system/>

=head1 AUTHOR

Xueshan Feng <sfeng@stanford.edu>

=cut

__END_OF_DOCS__
