package com.yahoo.vespa.hosted.node.admin.docker;

import com.yahoo.collections.Pair;
import com.yahoo.config.provision.NodeType;
import com.yahoo.system.ProcessExecuter;
import com.yahoo.vespa.hosted.dockerapi.Container;
import com.yahoo.vespa.hosted.dockerapi.ContainerName;
import com.yahoo.vespa.hosted.dockerapi.ContainerResources;
import com.yahoo.vespa.hosted.dockerapi.Docker;
import com.yahoo.vespa.hosted.dockerapi.DockerImage;
import com.yahoo.vespa.hosted.dockerapi.DockerNetworkCreator;
import com.yahoo.vespa.hosted.dockerapi.ProcessResult;
import com.yahoo.vespa.hosted.node.admin.ContainerNodeSpec;
import com.yahoo.vespa.hosted.node.admin.component.Environment;
import com.yahoo.vespa.hosted.node.admin.task.util.network.IPAddresses;
import com.yahoo.vespa.hosted.node.admin.util.PrefixLogger;
import java.io.IOException;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Stream;

/* loaded from: input_file:com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.class */
public class DockerOperationsImpl implements DockerOperations {
    private static final String MANAGER_NAME = "node-admin";
    private static final String IPV6_NPT_PREFIX = "fd00::";
    private static final String IPV4_NPT_PREFIX = "172.17.0.0";
    private static final String DOCKER_CUSTOM_BRIDGE_NETWORK_NAME = "vespa-bridge";
    private final Docker docker;
    private final Environment environment;
    private final ProcessExecuter processExecuter;
    private final String nodeProgram;
    private final Map<Path, Boolean> directoriesToMount;
    private final IPAddresses retriever;

    public DockerOperationsImpl(Docker docker, Environment environment, ProcessExecuter processExecuter, IPAddresses iPAddresses) {
        this.docker = docker;
        this.environment = environment;
        this.processExecuter = processExecuter;
        this.retriever = iPAddresses;
        this.nodeProgram = environment.pathInNodeUnderVespaHome("bin/vespa-nodectl").toString();
        this.directoriesToMount = getDirectoriesToMount(environment);
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void createContainer(ContainerName containerName, ContainerNodeSpec containerNodeSpec) {
        PrefixLogger nodeAgentLogger = PrefixLogger.getNodeAgentLogger(DockerOperationsImpl.class, containerName);
        nodeAgentLogger.info("Creating container " + containerName);
        try {
            InetAddress inetAddressForHost = this.environment.getInetAddressForHost(containerNodeSpec.hostname);
            Docker.CreateContainerCommand withAddCapability = this.docker.createContainerCommand(containerNodeSpec.wantedDockerImage.get(), ContainerResources.from(containerNodeSpec.minCpuCores.doubleValue(), containerNodeSpec.minMainMemoryAvailableGb.doubleValue()), containerName, containerNodeSpec.hostname).withManagedBy(MANAGER_NAME).withEnvironment("CONFIG_SERVER_ADDRESS", String.join(",", this.environment.getConfigServerHostNames())).withEnvironment("CONTAINER_ENVIRONMENT_SETTINGS", this.environment.getContainerEnvironmentResolver().createSettings(this.environment, containerNodeSpec)).withUlimit("nofile", 262144, 262144).withUlimit("nproc", 32768, 409600).withUlimit("core", -1, -1).withAddCapability("SYS_PTRACE").withAddCapability("SYS_ADMIN");
            if (this.environment.getNodeType() == NodeType.confighost || this.environment.getNodeType() == NodeType.proxyhost) {
                withAddCapability.withVolume("/var/lib/sia", "/var/lib/sia");
            }
            if (this.environment.getNodeType() == NodeType.proxyhost) {
                withAddCapability.withVolume("/opt/yahoo/share/ssl/certs/", "/opt/yahoo/share/ssl/certs/");
            }
            if (this.docker.networkNPTed()) {
                withAddCapability.withIpAddress(IPAddresses.prefixTranslate(this.retriever.getIPv6Address(containerNodeSpec.hostname).orElseThrow(() -> {
                    return new RuntimeException("Unable to find a valid IPv6 address. Missing an AAAA DNS entry?");
                }), InetAddress.getByName(IPV6_NPT_PREFIX), 8));
                Optional<Inet4Address> iPv4Address = this.retriever.getIPv4Address(containerNodeSpec.hostname);
                if (iPv4Address.isPresent()) {
                    withAddCapability.withIpAddress(IPAddresses.prefixTranslate(iPv4Address.get(), InetAddress.getByName(IPV4_NPT_PREFIX), 2));
                }
                withAddCapability.withNetworkMode(DOCKER_CUSTOM_BRIDGE_NETWORK_NAME);
            } else {
                withAddCapability.withIpAddress(inetAddressForHost);
                withAddCapability.withNetworkMode("vespa-macvlan");
                withAddCapability.withVolume("/etc/hosts", "/etc/hosts");
            }
            for (Path path : this.directoriesToMount.keySet()) {
                withAddCapability.withVolume(this.environment.pathInHostFromPathInNode(containerName, path).toString(), path.toString());
            }
            long doubleValue = (long) (containerNodeSpec.minMainMemoryAvailableGb.doubleValue() * 1024.0d);
            if (doubleValue > 0) {
                withAddCapability.withEnvironment("VESPA_TOTAL_MEMORY_MB", Long.toString(doubleValue));
            }
            nodeAgentLogger.info("Creating new container with args: " + withAddCapability);
            withAddCapability.create();
            this.docker.createContainer(withAddCapability);
        } catch (IOException e) {
            throw new RuntimeException("Failed to create container " + containerName.asString(), e);
        }
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void startContainer(ContainerName containerName, ContainerNodeSpec containerNodeSpec) {
        PrefixLogger.getNodeAgentLogger(DockerOperationsImpl.class, containerName).info("Starting container " + containerName);
        try {
            if (this.environment.getInetAddressForHost(containerNodeSpec.hostname) instanceof Inet6Address) {
                if (!this.docker.networkNPTed()) {
                    this.docker.connectContainerToNetwork(containerName, "bridge");
                }
                this.docker.startContainer(containerName);
                setupContainerNetworkConnectivity(containerName);
            } else {
                this.docker.startContainer(containerName);
            }
            this.directoriesToMount.entrySet().stream().filter((v0) -> {
                return v0.getValue();
            }).map((v0) -> {
                return v0.getKey();
            }).forEach(path -> {
                this.docker.executeInContainerAsRoot(containerName, new String[]{"chmod", "-R", "a+w", path.toString()});
            });
        } catch (IOException e) {
            throw new RuntimeException("Failed to start container " + containerName.asString(), e);
        }
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void removeContainer(Container container, ContainerNodeSpec containerNodeSpec) {
        ContainerName containerName = container.name;
        PrefixLogger nodeAgentLogger = PrefixLogger.getNodeAgentLogger(DockerOperationsImpl.class, containerName);
        if (container.state.isRunning()) {
            nodeAgentLogger.info("Stopping container " + containerName.asString());
            this.docker.stopContainer(containerName);
        }
        nodeAgentLogger.info("Deleting container " + containerName.asString());
        this.docker.deleteContainer(containerName);
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public Optional<Container> getContainer(ContainerName containerName) {
        return this.docker.getContainer(containerName);
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void trySuspendNode(ContainerName containerName) {
        try {
            executeCommandInContainer(containerName, this.nodeProgram, "suspend");
        } catch (RuntimeException e) {
            PrefixLogger.getNodeAgentLogger(DockerOperationsImpl.class, containerName).warning("Failed trying to suspend container " + containerName.asString(), e);
        }
    }

    private void setupContainerNetworkConnectivity(ContainerName containerName) throws IOException {
        if (this.docker.networkNPTed()) {
            return;
        }
        executeCommandInNetworkNamespace(containerName, "route", "-A", "inet6", "add", "default", "gw", DockerNetworkCreator.getDefaultGatewayLinux(true).getHostAddress(), "dev", "eth1");
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public boolean pullImageAsyncIfNeeded(DockerImage dockerImage) {
        return this.docker.pullImageAsyncIfNeeded(dockerImage);
    }

    ProcessResult executeCommandInContainer(ContainerName containerName, String... strArr) {
        ProcessResult executeInContainerAsRoot = this.docker.executeInContainerAsRoot(containerName, strArr);
        if (executeInContainerAsRoot.isSuccess()) {
            return executeInContainerAsRoot;
        }
        throw new RuntimeException("Container " + containerName.asString() + ": command " + Arrays.toString(strArr) + " failed: " + executeInContainerAsRoot);
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public ProcessResult executeCommandInContainerAsRoot(ContainerName containerName, Long l, String... strArr) {
        return this.docker.executeInContainerAsRoot(containerName, l, strArr);
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public ProcessResult executeCommandInContainerAsRoot(ContainerName containerName, String... strArr) {
        return this.docker.executeInContainerAsRoot(containerName, strArr);
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void executeCommandInNetworkNamespace(ContainerName containerName, String... strArr) {
        PrefixLogger nodeAgentLogger = PrefixLogger.getNodeAgentLogger(DockerOperationsImpl.class, containerName);
        Integer num = (Integer) this.docker.getContainer(containerName).filter(container -> {
            return container.state.isRunning();
        }).map(container2 -> {
            return Integer.valueOf(container2.pid);
        }).orElseThrow(() -> {
            return new RuntimeException("PID not found for container with name: " + containerName.asString());
        });
        String[] strArr2 = (String[]) Stream.concat(Stream.of((Object[]) new String[]{"sudo", "nsenter", String.format("--net=%s/%d/ns/net", this.environment.getPathResolver().getPathToRootOfHost().resolve("proc"), num), "--"}), Stream.of((Object[]) strArr)).toArray(i -> {
            return new String[i];
        });
        try {
            Pair exec = this.processExecuter.exec(strArr2);
            if (((Integer) exec.getFirst()).intValue() != 0) {
                String format = String.format("Failed to execute %s in network namespace for %s (PID = %d), exit code: %d, output: %s", Arrays.toString(strArr2), containerName.asString(), num, exec.getFirst(), exec.getSecond());
                nodeAgentLogger.error(format);
                throw new RuntimeException(format);
            }
        } catch (IOException e) {
            nodeAgentLogger.warning(String.format("IOException while executing %s in network namespace for %s (PID = %d)", Arrays.toString(strArr2), containerName.asString(), num), e);
            throw new RuntimeException(e);
        }
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void resumeNode(ContainerName containerName) {
        executeCommandInContainer(containerName, this.nodeProgram, "resume");
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void restartVespaOnNode(ContainerName containerName) {
        executeCommandInContainer(containerName, this.nodeProgram, "restart-vespa");
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void stopServicesOnNode(ContainerName containerName) {
        executeCommandInContainer(containerName, this.nodeProgram, "stop");
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public Optional<Docker.ContainerStats> getContainerStats(ContainerName containerName) {
        return this.docker.getContainerStats(containerName);
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public List<Container> getAllManagedContainers() {
        return this.docker.getAllContainersManagedBy(MANAGER_NAME);
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public List<ContainerName> listAllManagedContainers() {
        return this.docker.listAllContainersManagedBy(MANAGER_NAME);
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void deleteUnusedDockerImages() {
        this.docker.deleteUnusedDockerImages();
    }

    private static Map<Path, Boolean> getDirectoriesToMount(Environment environment) {
        HashMap hashMap = new HashMap();
        hashMap.put(Paths.get("/var/log/secret-agent", new String[0]), false);
        hashMap.put(Paths.get("/etc/yamas-agent", new String[0]), true);
        hashMap.put(Paths.get("/etc/filebeat", new String[0]), true);
        hashMap.put(environment.pathInNodeUnderVespaHome("logs/daemontools_y"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("logs/jdisc_core"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("logs/langdetect/"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("logs/vespa"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("logs/yca"), true);
        hashMap.put(environment.pathInNodeUnderVespaHome("logs/yck"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("logs/yell"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("logs/ykeykey"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("logs/ykeykeyd"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("logs/yms_agent"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("logs/ysar"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("logs/ystatus"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("logs/zpu"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/cache"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/crash"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/db/jdisc"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/db/vespa"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/jdisc_container"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/jdisc_core"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/maven"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/run"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/scoreboards"), true);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/service"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/share"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/spool"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/vespa"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/yca"), true);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/ycore++"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/zookeeper"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/zpe"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("tmp"), false);
        hashMap.put(environment.pathInNodeUnderVespaHome("var/container-data"), false);
        if (environment.getNodeType() == NodeType.proxyhost) {
            hashMap.put(environment.pathInNodeUnderVespaHome("var/vespa-hosted/routing"), true);
        }
        return Collections.unmodifiableMap(hashMap);
    }
}
