#!/bin/bash
set +x

G_INSPECT_MMLPATH="/opt/huawei/snas/script/inspect_mml"
source $G_INSPECT_MMLPATH/CheckItems
CurInspectNum="336"
CurInspectFun="$(GetInspectType $CurInspectNum)"
RESULTFILE="${G_TMP_INSPECT_PATH}tmpResult${CurInspectFun}"
>${RESULTFILE}

CHECK_PASSED=0
CHECK_FAILED=1
keyid=""
ERR_KEYID="$( hostname )"
isPass=${CHECK_PASSED}

LOGFILE="/var/log/inspect.log"

function LOG()
{
    echo [${time}][$$][$CurInspectFun]$@ >> $LOGFILE
}

#0号domain的key不涉及到kmms秘钥更新，不能作为巡检判定一致性的标准
#domain 1-4是加密盘密管用的，非加密盘环境可以不处理
#domain 5-10是业务模块用的，要求所有节点相同domain的keyid必须一致
function checkKmmsDomainId()
{
    local local_back_ip=""
    local domain_id=""
    local tmpKeyId=""
    local type=3
    local activeStatus=1

    local_back_ip=$( GetLocalIp )
    if [ -z "${local_back_ip}" ]; then
        echo "[ERR]INFO:Can't get backend IP." >> ${RESULTFILE} 2>&1
        echo "${CurInspectFun}_Pass ${CHECK_FAILED}" >>${RESULTFILE} 2>&1
        exit 1
    fi

    # MML執行結果內容大致如下
    # Domain    Type    Status  Style   Keyid       Create Time              Expired Time   
    # 0         3       1       0       1           2018-07-29 15:48:02      2019-01-25 15:48:02
    # 1         3       0       1       0           2018-07-29 18:48:06      2019-01-25 18:48:06
    ${G_INSPECT_MMLPATH}/ShowInspectMml ${local_back_ip} 4092 "kmms kmc show mk" > ${G_TMP_INSPECT_PATH}tmpkmmsdomainkeyid 2>&1
    sed -i -e 's/\x1B\[0;[3-4][0-9]m//g' -e 's/\x0D//g' -e 's/\x00//g' -e 's/\t/ /g' ${G_TMP_INSPECT_PATH}tmpkmmsdomainkeyid
    dos2unix ${G_TMP_INSPECT_PATH}tmpkmmsdomainkeyid >/dev/null 2>&1
    if [ ! -s "${G_TMP_INSPECT_PATH}tmpkmmsdomainkeyid" ]; then
        echo "[ERR]INFO:Failed to excute 4092 'kmms kmc show mk'" >> ${RESULTFILE} 2>&1
        echo "${CurInspectFun}_Pass ${CHECK_FAILED}" >>${RESULTFILE} 2>&1
        exit 1
    fi

    local encryptNode=0
    local startDomainId=5
    encryptNode=$( grep isDiskEncrypt /opt/huawei/snas/etc/snas.ini | awk -F= '{print $2}' | grep -o '[0-9]*' )
    # 1-4是加密盘密管用的，非加密盘环境可以不处理
    if [ "X${encryptNode}" == "X1" ]
    then
        startDomainId=1
    fi

    for domain_id in $( seq ${startDomainId} 10 )
    do
        # 1.0 domain缺一不可
        domain_exist=$( grep "^ *${domain_id} ${type} " ${G_TMP_INSPECT_PATH}tmpkmmsdomainkeyid 2>/dev/null )
        if [ X"${domain_exist}" == X"" ]; then
            echo "[ERR]INFO:domain_id(${domain_id}) is nonexit" >> ${RESULTFILE} 2>&1
            isPass=${CHECK_FAILED}
            continue
        fi

        # 单节点上如果任意一个domain没有active的keyid
        tmpKeyId=$( grep "^ *${domain_id} ${type} ${activeStatus} " ${G_TMP_INSPECT_PATH}tmpkmmsdomainkeyid 2>/dev/null | head -1 | awk '{print $5}' )
        echo "DOMAINID:${domain_id}||KEYID:${tmpKeyId}" >> ${RESULTFILE} 2>&1
        if [ X"${tmpKeyId}" == X"" ]; then
            echo "[ERR]INFO:domain(${domain_id}) have no active keyid" >> ${RESULTFILE} 2>&1
            isPass=${CHECK_FAILED}
            continue
        fi

        # 同一个节点不同domain的keyid可以不一样，整集群来说，同一个domain keyid必须一样
    done

    return
}

checkKmmsDomainId

echo "${CurInspectFun}_Pass ${isPass}" >> ${RESULTFILE} 2>&1
[ -f "${G_TMP_INSPECT_PATH}tmpkmmsdomainkeyid" ] && rm -f "${G_TMP_INSPECT_PATH}tmpkmmsdomainkeyid"
exit 0
