#! /bin/sh
#
# This script is RPM-specific
# It is run at the very end of an install/upgrade of the package
# It is NOT run on removal of the package
#
# .deb: n/a
# .rpm: STEP 6 of 6

INSTALL_DIR=/opt/datadog-agent
CONFIG_DIR=/etc/datadog-agent
SERVICE_NAME=datadog-agent

KNOWN_DISTRIBUTION="(Debian|Ubuntu|RedHat|CentOS|openSUSE|Amazon|Arista|SUSE)"
DISTRIBUTION=$(lsb_release -d 2>/dev/null | grep -Eo $KNOWN_DISTRIBUTION  || grep -Eo $KNOWN_DISTRIBUTION /etc/issue 2>/dev/null || grep -Eo $KNOWN_DISTRIBUTION /etc/Eos-release 2>/dev/null || grep -m1 -Eo $KNOWN_DISTRIBUTION /etc/os-release 2>/dev/null || uname -s)
if [ -f "/etc/SuSE-release" ] || [ "$DISTRIBUTION" = "openSUSE" ] || [ "$DISTRIBUTION" = "SUSE" ]; then
    DISTRIBUTION_FAMILY="SUSE"
fi

if [ "$DISTRIBUTION_FAMILY" = "SUSE" ]; then
    # HACK: Check if we're running on SUSE 11. In that case, we support SysVInit scripts.
    # Otherwise, remove the SysVInit files.
    # This is necessary because, at least on SLES 15, the presence of these files makes systemd crash
    # (even if they're not used) as it cannot process them (a package necessary to process them
    # was removed from the base distribution).
    if cat /etc/SuSE-release 2>/dev/null | grep VERSION | grep 11; then
        SUSE_SYSVINIT_SUPPORT="yes"
    else
        rm -f /etc/init.d/datadog-agent
        rm -f /etc/init.d/datadog-agent-process
        rm -f /etc/init.d/datadog-agent-trace
        rm -f /etc/init.d/datadog-agent-security
    fi
fi

# Create a symlink to the agent's binary
ln -sf $INSTALL_DIR/bin/agent/agent /usr/bin/datadog-agent

echo "Enabling service $SERVICE_NAME"
if command -v systemctl >/dev/null 2>&1; then
    systemctl enable $SERVICE_NAME || echo "[ WARNING ]\tCannot enable $SERVICE_NAME with systemctl"
elif command -v initctl >/dev/null 2>&1; then
    # start/stop policy is already defined in the upstart job file
    :
elif [ "$SUSE_SYSVINIT_SUPPORT" = "yes" ]; then
    if command -v update-rc.d >/dev/null 2>&1; then
        update-rc.d $SERVICE_NAME defaults || echo "[ WARNING ]\tCannot enable $SERVICE_NAME with update-rc.d"
        update-rc.d $SERVICE_NAME-process defaults || echo "[ WARNING ]\tCannot enable $SERVICE_NAME-process with update-rc.d"
        update-rc.d $SERVICE_NAME-trace defaults || echo "[ WARNING ]\tCannot enable $SERVICE_NAME-trace with update-rc.d"
        update-rc.d $SERVICE_NAME-security defaults || echo "[ WARNING ]\tCannot enable $SERVICE_NAME-security with update-rc.d"
    elif command -v chkconfig >/dev/null 2>&1; then
        chkconfig --set $SERVICE_NAME on || echo "[ WARNING ]\tCannot enable $SERVICE_NAME with chkconfig"
        chkconfig --set $SERVICE_NAME-process on || echo "[ WARNING ]\tCannot enable $SERVICE_NAME-process with chkconfig"
        chkconfig --set $SERVICE_NAME-trace on || echo "[ WARNING ]\tCannot enable $SERVICE_NAME-trace with chkconfig"
        chkconfig --set $SERVICE_NAME-security on || echo "[ WARNING ]\tCannot enable $SERVICE_NAME-security with chkconfig"
    fi
else
    echo "[ WARNING ]\tCannot detect a supported init system. The datadog-agent package only provides service files for systemd and upstart."
fi

INSTALL_SELINUX_POLICY="false"
if [ "$DISTRIBUTION" = "CentOS" ] || [ "$DISTRIBUTION" = "RedHat" ]; then
    OS_RELEASE_VERSION=$(grep VERSION_ID /etc/os-release | cut -d = -f 2 | tr -d '"')
    if [ "$OS_RELEASE_VERSION" = "7" ]; then
        INSTALL_SELINUX_POLICY="true"
    fi
fi

if [ "$INSTALL_SELINUX_POLICY" = "true" ]; then
    # Setup SELinux policy and label if SELinux detected on the host
    if command -v semodule >/dev/null 2>&1 && [ -f "$INSTALL_DIR/embedded/bin/system-probe" ]; then
        echo "Loading SELinux policy module for datadog-agent."
        semodule -v -i $CONFIG_DIR/selinux/system_probe_policy.pp >/dev/null 2>&1
        if [ "$?" != "0" ]; then
            echo "Couldn’t load system-probe policy."
            echo "To be able to run system-probe on your host, please install or update the selinux-policy-targeted and"
            echo "policycoreutils-python (or policycoreutils-python-utils depending on your distribution) packages."
            echo "Then run the following commands, or reinstall datadog-agent:"
            echo "    semodule -i $CONFIG_DIR/selinux/system_probe_policy.pp"
            echo "    semanage fcontext -a -t system_probe_t $INSTALL_DIR/embedded/bin/system-probe"
            echo "    restorecon -v $INSTALL_DIR/embedded/bin/system-probe"
        else
            echo "Labeling SELinux type for the system-probe binary."
            if command -v semanage >/dev/null 2>&1 && command -v restorecon >/dev/null 2>&1;then
                semanage fcontext -a -t system_probe_t $INSTALL_DIR/embedded/bin/system-probe && restorecon -v $INSTALL_DIR/embedded/bin/system-probe
                if [ "$?" != "0" ]; then
                    echo "Couldn’t install system-probe policy."
                    echo "To be able to run system-probe on your host, please install or update the selinux-policy-targeted and"
                    echo "policycoreutils-python (or policycoreutils-python-utils depending on your distribution) packages."
                    echo "Then run the following commands, or reinstall datadog-agent:"
                    echo "    semodule -i $CONFIG_DIR/selinux/system_probe_policy.pp"
                    echo "    semanage fcontext -a -t system_probe_t $INSTALL_DIR/embedded/bin/system-probe"
                    echo "    restorecon -v $INSTALL_DIR/embedded/bin/system-probe"
                fi
            else
                echo "Couldn’t load system-probe policy (missing selinux utilities)."
                echo "To be able to run system-probe on your host, please install or update the selinux-policy-targeted and"
                echo "policycoreutils-python (or policycoreutils-python-utils depending on your distribution) packages."
                echo "Then run the following commands, or reinstall datadog-agent:"
                echo "    semodule -i $CONFIG_DIR/selinux/system_probe_policy.pp"
                echo "    semanage fcontext -a -t system_probe_t $INSTALL_DIR/embedded/bin/system-probe"
                echo "    restorecon -v $INSTALL_DIR/embedded/bin/system-probe"
            fi
        fi
    fi
fi

# TODO: Use a configcheck command on the agent to determine if it's safe to restart,
# and avoid restarting when a check conf is invalid
if [ -f "$CONFIG_DIR/datadog.yaml" ]; then
    echo "(Re)starting $SERVICE_NAME now..."
    if command -v systemctl >/dev/null 2>&1; then
        systemctl restart $SERVICE_NAME || true
    elif command -v initctl >/dev/null 2>&1; then
        initctl start $SERVICE_NAME || initctl restart $SERVICE_NAME || true
    elif [ "$SUSE_SYSVINIT_SUPPORT" = "yes" ] && command -v service >/dev/null 2>&1; then
        service $SERVICE_NAME restart || true
    else
        echo "[ WARNING ]\tCannot detect a supported init system. The datadog-agent package only provides service files for systemd and upstart."
    fi
else
    # No datadog.yaml file is present. This is probably a clean install made with the
    # step-by-step instructions/an automation tool, and the config file will be added next.
    echo "No datadog.yaml file detected, not starting the agent"
fi

exit 0
