package com.yahoo.vespa.hosted.node.admin.docker;

import com.google.common.net.InetAddresses;
import com.yahoo.collections.Pair;
import com.yahoo.config.provision.NodeType;
import com.yahoo.system.ProcessExecuter;
import com.yahoo.vespa.hosted.dockerapi.Container;
import com.yahoo.vespa.hosted.dockerapi.ContainerName;
import com.yahoo.vespa.hosted.dockerapi.ContainerResources;
import com.yahoo.vespa.hosted.dockerapi.ContainerStats;
import com.yahoo.vespa.hosted.dockerapi.Docker;
import com.yahoo.vespa.hosted.dockerapi.DockerImage;
import com.yahoo.vespa.hosted.dockerapi.ProcessResult;
import com.yahoo.vespa.hosted.node.admin.nodeagent.ContainerData;
import com.yahoo.vespa.hosted.node.admin.nodeagent.NodeAgentContext;
import com.yahoo.vespa.hosted.node.admin.task.util.network.IPAddresses;
import java.io.IOException;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import java.util.OptionalLong;
import java.util.logging.Logger;
import java.util.stream.Stream;

/* loaded from: input_file:com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.class */
public class DockerOperationsImpl implements DockerOperations {
    private static final Logger logger = Logger.getLogger(DockerOperationsImpl.class.getName());
    private static final String MANAGER_NAME = "node-admin";
    private static final String IPV6_NPT_PREFIX = "fd00::";
    private static final String IPV4_NPT_PREFIX = "172.17.0.0";
    private final Docker docker;
    private final ProcessExecuter processExecuter;
    private final IPAddresses ipAddresses;

    public DockerOperationsImpl(Docker docker, ProcessExecuter processExecuter, IPAddresses iPAddresses) {
        this.docker = docker;
        this.processExecuter = processExecuter;
        this.ipAddresses = iPAddresses;
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void createContainer(NodeAgentContext nodeAgentContext, ContainerData containerData) {
        nodeAgentContext.log(logger, "Creating container");
        Inet6Address orElseThrow = this.ipAddresses.getIPv6Address(nodeAgentContext.node().getHostname()).orElseThrow(() -> {
            return new RuntimeException("Unable to find a valid IPv6 address for " + nodeAgentContext.node().getHostname() + ". Missing an AAAA DNS entry?");
        });
        Docker.CreateContainerCommand withAddCapability = this.docker.createContainerCommand(nodeAgentContext.node().getWantedDockerImage().get(), nodeAgentContext.containerName()).withHostName(nodeAgentContext.node().getHostname()).withResources(ContainerResources.from(0.0d, nodeAgentContext.node().getMinCpuCores(), nodeAgentContext.node().getMinMainMemoryAvailableGb())).withManagedBy(MANAGER_NAME).withUlimit("nofile", 262144, 262144).withUlimit("nproc", 409600, 409600).withUlimit("core", -1, -1).withAddCapability("SYS_PTRACE").withAddCapability("SYS_ADMIN").withAddCapability("SYS_NICE");
        DockerNetworking dockerNetworking = nodeAgentContext.dockerNetworking();
        withAddCapability.withNetworkMode(dockerNetworking.getDockerNetworkMode());
        if (dockerNetworking == DockerNetworking.NPT) {
            InetAddress prefixTranslate = IPAddresses.prefixTranslate(orElseThrow, InetAddresses.forString(IPV6_NPT_PREFIX), 8);
            withAddCapability.withIpAddress(prefixTranslate);
            Optional<InetAddress> map = this.ipAddresses.getIPv4Address(nodeAgentContext.node().getHostname()).map(inet4Address -> {
                return IPAddresses.prefixTranslate(inet4Address, InetAddresses.forString(IPV4_NPT_PREFIX), 2);
            });
            withAddCapability.getClass();
            map.ifPresent(withAddCapability::withIpAddress);
            addEtcHosts(containerData, nodeAgentContext.node().getHostname(), map, prefixTranslate);
        }
        addMounts(nodeAgentContext, withAddCapability);
        long minMainMemoryAvailableGb = (long) (nodeAgentContext.node().getMinMainMemoryAvailableGb() * 1024.0d);
        if (minMainMemoryAvailableGb > 0) {
            withAddCapability.withEnvironment("VESPA_TOTAL_MEMORY_MB", Long.toString(minMainMemoryAvailableGb));
        }
        logger.info("Creating new container with args: " + withAddCapability);
        withAddCapability.create();
    }

    void addEtcHosts(ContainerData containerData, String str, Optional<InetAddress> optional, InetAddress inetAddress) {
        StringBuilder sb = new StringBuilder("# This file was generated by " + DockerOperationsImpl.class.getName() + "\n127.0.0.1\tlocalhost\n::1\tlocalhost ip6-localhost ip6-loopback\nfe00::0\tip6-localnet\nff00::0\tip6-mcastprefix\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" + inetAddress.getHostAddress() + '\t' + str + '\n');
        optional.ifPresent(inetAddress2 -> {
            sb.append(inetAddress2.getHostAddress() + '\t' + str + '\n');
        });
        containerData.addFile(Paths.get("/etc/hosts", new String[0]), sb.toString());
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void startContainer(NodeAgentContext nodeAgentContext) {
        nodeAgentContext.log(logger, "Starting container");
        this.docker.startContainer(nodeAgentContext.containerName());
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void removeContainer(NodeAgentContext nodeAgentContext, Container container) {
        if (container.state.isRunning()) {
            nodeAgentContext.log(logger, "Stopping container");
            this.docker.stopContainer(nodeAgentContext.containerName());
        }
        nodeAgentContext.log(logger, "Deleting container");
        this.docker.deleteContainer(nodeAgentContext.containerName());
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void updateContainer(NodeAgentContext nodeAgentContext, ContainerResources containerResources) {
        this.docker.updateContainer(nodeAgentContext.containerName(), containerResources);
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public Optional<Container> getContainer(NodeAgentContext nodeAgentContext) {
        return this.docker.getContainer(nodeAgentContext.containerName());
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public boolean pullImageAsyncIfNeeded(DockerImage dockerImage) {
        return this.docker.pullImageAsyncIfNeeded(dockerImage);
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public ProcessResult executeCommandInContainerAsRoot(NodeAgentContext nodeAgentContext, Long l, String... strArr) {
        return this.docker.executeInContainerAsUser(nodeAgentContext.containerName(), "root", OptionalLong.of(l.longValue()), strArr);
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public ProcessResult executeCommandInContainerAsRoot(NodeAgentContext nodeAgentContext, String... strArr) {
        return this.docker.executeInContainerAsUser(nodeAgentContext.containerName(), "root", OptionalLong.empty(), strArr);
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public ProcessResult executeCommandInNetworkNamespace(ContainerName containerName, String... strArr) {
        Integer num = (Integer) this.docker.getContainer(containerName).filter(container -> {
            return container.state.isRunning();
        }).map(container2 -> {
            return Integer.valueOf(container2.pid);
        }).orElseThrow(() -> {
            return new RuntimeException("PID not found for container with name: " + containerName.asString());
        });
        String[] strArr2 = (String[]) Stream.concat(Stream.of((Object[]) new String[]{"nsenter", String.format("--net=/proc/%d/ns/net", num), "--"}), Stream.of((Object[]) strArr)).toArray(i -> {
            return new String[i];
        });
        try {
            Pair exec = this.processExecuter.exec(strArr2);
            if (((Integer) exec.getFirst()).intValue() != 0) {
                throw new RuntimeException(String.format("Failed to execute %s in network namespace for %s (PID = %d), exit code: %d, output: %s", Arrays.toString(strArr2), containerName.asString(), num, exec.getFirst(), exec.getSecond()));
            }
            return new ProcessResult(0, (String) exec.getSecond(), "");
        } catch (IOException e) {
            throw new RuntimeException(String.format("IOException while executing %s in network namespace for %s (PID = %d)", Arrays.toString(strArr2), containerName.asString(), num), e);
        }
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void resumeNode(NodeAgentContext nodeAgentContext) {
        executeNodeCtlInContainer(nodeAgentContext, "resume");
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void suspendNode(NodeAgentContext nodeAgentContext) {
        executeNodeCtlInContainer(nodeAgentContext, "suspend");
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void restartVespa(NodeAgentContext nodeAgentContext) {
        executeNodeCtlInContainer(nodeAgentContext, "restart-vespa");
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void startServices(NodeAgentContext nodeAgentContext) {
        executeNodeCtlInContainer(nodeAgentContext, "start");
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public void stopServices(NodeAgentContext nodeAgentContext) {
        executeNodeCtlInContainer(nodeAgentContext, "stop");
    }

    ProcessResult executeNodeCtlInContainer(NodeAgentContext nodeAgentContext, String str) {
        String[] strArr = {nodeAgentContext.pathInNodeUnderVespaHome("bin/vespa-nodectl").toString(), str};
        ProcessResult executeCommandInContainerAsRoot = executeCommandInContainerAsRoot(nodeAgentContext, strArr);
        if (executeCommandInContainerAsRoot.isSuccess()) {
            return executeCommandInContainerAsRoot;
        }
        throw new RuntimeException("Container " + nodeAgentContext.containerName().asString() + ": command " + Arrays.toString(strArr) + " failed: " + executeCommandInContainerAsRoot);
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public Optional<ContainerStats> getContainerStats(NodeAgentContext nodeAgentContext) {
        return this.docker.getContainerStats(nodeAgentContext.containerName());
    }

    @Override // com.yahoo.vespa.hosted.node.admin.docker.DockerOperations
    public List<Container> getAllManagedContainers() {
        return this.docker.getAllContainersManagedBy(MANAGER_NAME);
    }

    private static void addMounts(NodeAgentContext nodeAgentContext, Docker.CreateContainerCommand createContainerCommand) {
        Path path = Paths.get("/var/lib/sia", new String[0]);
        ArrayList arrayList = new ArrayList(Arrays.asList(Paths.get("/etc/vespa/flags", new String[0]), Paths.get("/etc/yamas-agent", new String[0]), nodeAgentContext.pathInNodeUnderVespaHome("logs/daemontools_y"), nodeAgentContext.pathInNodeUnderVespaHome("logs/jdisc_core"), nodeAgentContext.pathInNodeUnderVespaHome("logs/langdetect/"), nodeAgentContext.pathInNodeUnderVespaHome("logs/nginx"), nodeAgentContext.pathInNodeUnderVespaHome("logs/vespa"), nodeAgentContext.pathInNodeUnderVespaHome("logs/yca"), nodeAgentContext.pathInNodeUnderVespaHome("logs/yck"), nodeAgentContext.pathInNodeUnderVespaHome("logs/yell"), nodeAgentContext.pathInNodeUnderVespaHome("logs/ykeykey"), nodeAgentContext.pathInNodeUnderVespaHome("logs/ykeykeyd"), nodeAgentContext.pathInNodeUnderVespaHome("logs/yms_agent"), nodeAgentContext.pathInNodeUnderVespaHome("logs/ysar"), nodeAgentContext.pathInNodeUnderVespaHome("logs/ystatus"), nodeAgentContext.pathInNodeUnderVespaHome("logs/zpu"), nodeAgentContext.pathInNodeUnderVespaHome("var/cache"), nodeAgentContext.pathInNodeUnderVespaHome("var/crash"), nodeAgentContext.pathInNodeUnderVespaHome("var/db/jdisc"), nodeAgentContext.pathInNodeUnderVespaHome("var/db/vespa"), nodeAgentContext.pathInNodeUnderVespaHome("var/jdisc_container"), nodeAgentContext.pathInNodeUnderVespaHome("var/jdisc_core"), nodeAgentContext.pathInNodeUnderVespaHome("var/maven"), nodeAgentContext.pathInNodeUnderVespaHome("var/mediasearch"), nodeAgentContext.pathInNodeUnderVespaHome("var/run"), nodeAgentContext.pathInNodeUnderVespaHome("var/scoreboards"), nodeAgentContext.pathInNodeUnderVespaHome("var/service"), nodeAgentContext.pathInNodeUnderVespaHome("var/share"), nodeAgentContext.pathInNodeUnderVespaHome("var/spool"), nodeAgentContext.pathInNodeUnderVespaHome("var/vespa"), nodeAgentContext.pathInNodeUnderVespaHome("var/yca"), nodeAgentContext.pathInNodeUnderVespaHome("var/ycore++"), nodeAgentContext.pathInNodeUnderVespaHome("var/yinst/tmp"), nodeAgentContext.pathInNodeUnderVespaHome("var/zookeeper"), nodeAgentContext.pathInNodeUnderVespaHome("tmp"), nodeAgentContext.pathInNodeUnderVespaHome("var/container-data")));
        if (nodeAgentContext.nodeType() == NodeType.proxy) {
            arrayList.add(nodeAgentContext.pathInNodeUnderVespaHome("var/vespa-hosted/routing"));
        }
        if (nodeAgentContext.nodeType() == NodeType.tenant) {
            arrayList.add(path);
        }
        arrayList.forEach(path2 -> {
            createContainerCommand.withVolume(nodeAgentContext.pathOnHostFromPathInNode(path2), path2);
        });
        if (isInfrastructureHost(nodeAgentContext.nodeType())) {
            createContainerCommand.withSharedVolume(path, path);
        }
        if (nodeAgentContext.nodeType() == NodeType.proxy || nodeAgentContext.nodeType() == NodeType.controller) {
            createContainerCommand.withSharedVolume(Paths.get("/opt/yahoo/share/ssl/certs", new String[0]), Paths.get("/opt/yahoo/share/ssl/certs", new String[0]));
        }
        if (nodeAgentContext.nodeType() == NodeType.tenant) {
            createContainerCommand.withSharedVolume(Paths.get("/var/zpe", new String[0]), nodeAgentContext.pathInNodeUnderVespaHome("var/zpe"));
        }
    }

    private static boolean isInfrastructureHost(NodeType nodeType) {
        return nodeType == NodeType.config || nodeType == NodeType.proxy || nodeType == NodeType.controller;
    }
}
