#!/bin/bash

set -euo pipefail

if [ "$(id -u)" -ne 0 ]; then
  echo "Скрипт должен быть запущен от root" >&2
  exit 1
fi

SSL_PATH="/var/lib/puppet/ssl"
PUPPET_CONF_OLD_PATH="/etc/puppet/puppet.conf"
PUPPET_CONF_NEW_PATH="/etc/puppetlabs/puppet/puppet.conf"
SSL_BACKUP_PATH=""
PUPPET_CONF_BACKUP_PATH=""

log() {
  printf '%s %s\n' "$(date '+%Y-%m-%d %H:%M:%S')" "$*" >&2;
}

backup_ssl() {
  if [ -d "${SSL_PATH}" ]; then
    SSL_BACKUP_PATH="$(mktemp -d /tmp/puppet-ssl-backup-XXXXXX)"
    log "Бэкап ${SSL_PATH} в ${SSL_BACKUP_PATH}"
    cp -a "${SSL_PATH}" "${SSL_BACKUP_PATH}/"
  fi
}

backup_puppet_conf() {
  if [ -f "${PUPPET_CONF_OLD_PATH}" ]; then
    PUPPET_CONF_BACKUP_PATH="$(mktemp /tmp/puppet.conf.backup-XXXXXX)"
    log "Бэкап ${PUPPET_CONF_OLD_PATH} -> ${PUPPET_CONF_BACKUP_PATH}"
    cp -p "${PUPPET_CONF_OLD_PATH}" "${PUPPET_CONF_BACKUP_PATH}"
  fi
}

purge_old_puppet_if_present() {
  log "Удаление старых пакетов puppet и puppet-agent (если они установлены)"
  apt-get purge -y puppet puppet-agent
  apt-get autoremove -y
}

restore_ssl() {
  mkdir -p ${SSL_PATH}
  if [ -n "${SSL_BACKUP_PATH}" ] && [ -d "${SSL_BACKUP_PATH}/ssl" ]; then
    log "Восстановление SSL из бэкапа"
    rm -rf "${SSL_PATH}" || true
    mkdir -p "$(dirname "${SSL_PATH}")"
    cp -a "${SSL_BACKUP_PATH}/ssl" "${SSL_PATH}"
  fi
}

restore_puppet_conf() {
  if [ -n "${PUPPET_CONF_BACKUP_PATH}" ] && [ -f "${PUPPET_CONF_BACKUP_PATH}" ]; then
    log "Восстановление файла puppet.conf из бэкапа"
    mkdir -p "$(dirname "${PUPPET_CONF_NEW_PATH}")"
    cp -f "${PUPPET_CONF_BACKUP_PATH}" "${PUPPET_CONF_NEW_PATH}"
    log "Файл puppet.conf восстановлен в ${PUPPET_CONF_NEW_PATH}"
  fi
}

log "Начало установки puppet-agent"

backup_ssl
backup_puppet_conf

# Безопасная остановка сервисов
systemctl stop puppet puppet-agent 2>/dev/null || true

# Удаление старых пакетов puppet и puppet-agent
purge_old_puppet_if_present

# Установка puppet-agent 6.28.0-1jammy из локального репозитория
apt-get update -qq
apt-get install -y puppet-agent=6.28.0-1jammy

# Восстановление ssl
restore_ssl
# Восстановление puppet.conf в /etc/puppetlabs/puppet/puppet.conf
restore_puppet_conf

# Создание symlink в /usr/bin
if [ -x /opt/puppetlabs/bin/puppet ]; then
  ln -sf /opt/puppetlabs/bin/puppet /usr/bin/puppet
fi

# Включение и запуск сервиса
if systemctl list-unit-files puppet.service >/dev/null 2>&1; then
  systemctl enable --now puppet
fi

log "Установка puppet-agent завершена"
log "Текущая версия puppet-agent: $(/usr/bin/puppet --version)"