package org.apache.whirr.compute;

import com.google.common.base.Joiner;
import com.google.common.base.Splitter;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import org.apache.whirr.ClusterSpec;
import org.apache.whirr.InstanceTemplate;
import org.apache.whirr.service.jclouds.StatementBuilder;
import org.jclouds.aws.ec2.AWSEC2ApiMetadata;
import org.jclouds.aws.ec2.compute.AWSEC2TemplateOptions;
import org.jclouds.compute.ComputeService;
import org.jclouds.compute.ComputeServiceContext;
import org.jclouds.compute.domain.Template;
import org.jclouds.ec2.EC2ApiMetadata;
import org.jclouds.ec2.compute.options.EC2TemplateOptions;
import org.jclouds.ec2.compute.predicates.EC2ImagePredicates;
import org.jclouds.ec2.domain.RootDeviceType;
import org.jclouds.scriptbuilder.domain.OsFamily;
import org.jclouds.scriptbuilder.domain.Statement;
import org.jclouds.scriptbuilder.domain.Statements;
import org.jclouds.scriptbuilder.statements.ssh.SshStatements;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/whirr/compute/BootstrapTemplate.class */
public class BootstrapTemplate {
    private static final Logger LOG = LoggerFactory.getLogger(BootstrapTemplate.class);

    public static Template build(ClusterSpec clusterSpec, ComputeService computeService, StatementBuilder statementBuilder, InstanceTemplate instanceTemplate) {
        String str = "bootstrap-" + Joiner.on('_').join((Iterable<?>) instanceTemplate.getRoles());
        LOG.info("Configuring template for {}", str);
        statementBuilder.name(str);
        ensureUserExistsAndAuthorizeSudo(statementBuilder, clusterSpec.getClusterUser(), clusterSpec.getPublicKey(), clusterSpec.getPrivateKey());
        Statement build = statementBuilder.build(clusterSpec);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Running script {}:\n{}", str, build.render(OsFamily.UNIX));
        }
        Template build2 = computeService.templateBuilder().from(instanceTemplate.getTemplate() != null ? instanceTemplate.getTemplate() : clusterSpec.getTemplate()).build();
        build2.getOptions().runScript(build);
        return setSpotInstancePriceIfSpecified(computeService.getContext(), clusterSpec, build2, instanceTemplate);
    }

    private static void ensureUserExistsAndAuthorizeSudo(StatementBuilder statementBuilder, String str, String str2, String str3) {
        statementBuilder.addExport("NEW_USER", str);
        statementBuilder.addExport("DEFAULT_HOME", "/home/users");
        statementBuilder.addStatement(0, Statements.newStatementList(ensureUserExistsWithPublicAndPrivateKey(str, str2, str3), makeSudoersOnlyPermitting(str), disablePasswordBasedAuth()));
    }

    private static Template setSpotInstancePriceIfSpecified(ComputeServiceContext computeServiceContext, ClusterSpec clusterSpec, Template template, InstanceTemplate instanceTemplate) {
        if (AWSEC2ApiMetadata.CONTEXT_TOKEN.isAssignableFrom(computeServiceContext.getBackendType())) {
            ((AWSEC2TemplateOptions) template.getOptions().as(AWSEC2TemplateOptions.class)).spotPrice(instanceTemplate.getAwsEc2SpotPrice() != null ? instanceTemplate.getAwsEc2SpotPrice() : clusterSpec.getAwsEc2SpotPrice());
        }
        return mapEphemeralIfImageIsEBSBacked(computeServiceContext, clusterSpec, template, instanceTemplate);
    }

    private static Template mapEphemeralIfImageIsEBSBacked(ComputeServiceContext computeServiceContext, ClusterSpec clusterSpec, Template template, InstanceTemplate instanceTemplate) {
        if (EC2ApiMetadata.CONTEXT_TOKEN.isAssignableFrom(computeServiceContext.getBackendType()) && EC2ImagePredicates.rootDeviceType(RootDeviceType.EBS).apply(template.getImage())) {
            ((EC2TemplateOptions) template.getOptions().as(EC2TemplateOptions.class)).mapEphemeralDeviceToDeviceName("/dev/sdc", "ephemeral1");
        }
        return setPlacementGroup(computeServiceContext, clusterSpec, template, instanceTemplate);
    }

    private static Template setPlacementGroup(ComputeServiceContext computeServiceContext, ClusterSpec clusterSpec, Template template, InstanceTemplate instanceTemplate) {
        if (AWSEC2ApiMetadata.CONTEXT_TOKEN.isAssignableFrom(computeServiceContext.getBackendType()) && clusterSpec.getAwsEc2PlacementGroup() != null) {
            ((AWSEC2TemplateOptions) template.getOptions().as(AWSEC2TemplateOptions.class)).placementGroup(clusterSpec.getAwsEc2PlacementGroup());
        }
        return template;
    }

    private static Statement ensureUserExistsWithPublicAndPrivateKey(String str, String str2, String str3) {
        return Statements.newStatementList(Statements.interpret("USER_HOME=$DEFAULT_HOME/$NEW_USER", "mkdir -p $USER_HOME/.ssh", "useradd --shell /bin/bash -d $USER_HOME $NEW_USER", "[ $? -ne 0 ] && USER_HOME=$(grep $NEW_USER /etc/passwd | cut -d \":\" -f6)\n"), Statements.appendFile("$USER_HOME/.ssh/authorized_keys", Splitter.on('\n').split(str2)), Statements.createOrOverwriteFile("$USER_HOME/.ssh/id_rsa.pub", Splitter.on('\n').split(str2)), Statements.createOrOverwriteFile("$USER_HOME/.ssh/id_rsa", Splitter.on('\n').split(str3)), Statements.interpret("chmod 400 $USER_HOME/.ssh/*", "chown -R $NEW_USER $USER_HOME\n"));
    }

    private static Statement makeSudoersOnlyPermitting(String str) {
        return Statements.newStatementList(Statements.interpret("rm /etc/sudoers", "touch /etc/sudoers", "chmod 0440 /etc/sudoers", "chown root /etc/sudoers\n"), Statements.appendFile("/etc/sudoers", ImmutableSet.of("root ALL = (ALL) ALL", "%adm ALL = (ALL) ALL", str + " ALL = (ALL) NOPASSWD: ALL")));
    }

    private static Statement disablePasswordBasedAuth() {
        return SshStatements.sshdConfig(ImmutableMap.of("PasswordAuthentication", "no"));
    }
}
