#!/usr/bin/env ruby

# -------------------------------------------------------------------------- #
# Copyright 2002-2025, OpenNebula Project, OpenNebula Systems                #
#                                                                            #
# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
# not use this file except in compliance with the License. You may obtain    #
# a copy of the License at                                                   #
#                                                                            #
# http://www.apache.org/licenses/LICENSE-2.0                                 #
#                                                                            #
# Unless required by applicable law or agreed to in writing, software        #
# distributed under the License is distributed on an "AS IS" BASIS,          #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
# See the License for the specific language governing permissions and        #
# limitations under the License.                                             #
#--------------------------------------------------------------------------- #
# %%RUBYGEMS_SETUP_BEGIN%%
require 'load_opennebula_paths'
# %%RUBYGEMS_SETUP_END%%

$LOAD_PATH << RUBY_LIB_LOCATION

require 'pathname'
require 'rexml/document'

require 'CommandManager'

require_relative '../../tm/lib/tm_action'
require_relative '../../tm/lib/datastore'
require_relative 'restic'

# BACKUP host:remote_dir DISK_ID:...:DISK_ID vm_uuid bj_id vm_id ds_id

TransferManager::Datastore.load_env

xml = STDIN.read

dir      = ARGV[0].split(':')
_disks   = ARGV[1]
_vm_uuid = ARGV[2]
bj_id    = ARGV[3]
vm_id    = ARGV[4]
_ds_id   = ARGV[5]

dsrdir = ENV['BACKUP_BASE_PATH']
vm_dir = if dsrdir
             Pathname.new("#{dsrdir}/#{vm_id}/backup").cleanpath.to_s
         else
             Pathname.new("#{dir[1]}/backup").cleanpath.to_s
         end

repo_id = if bj_id != '-'
              Restic.mk_repo_id(bj_id)
          else
              vm_id
          end

begin
    doc     = REXML::Document.new(xml)
    ds_xml  = doc.root.elements['DATASTORE']
    vm_xml  = doc.root.elements['VM']

    ds = TransferManager::Datastore.from_xml(:ds_xml => ds_xml.to_s)

    bridge_host = vm_xml.elements['BACKUPS/BACKUP_CONFIG/LAST_BRIDGE']&.text
    vm_host     = bridge_host || dir[0]

    rds = Restic.new ds_xml.to_s, :create_repo => true,
                                  :repo_type   => :sftp,
                                  :host_type   => :hypervisor,
                                  :repo_id     => repo_id
    rds.resticenv_rb
rescue StandardError => e
    STDERR.puts e.full_message
    exit(-1)
end

# Install cleanup handler (triggered by backup_cancel action)
pipe_r, pipe_w = IO.pipe

Thread.new do
    loop do
        rs, _ws, _es = IO.select([pipe_r])
        break if rs[0] == pipe_r
    end

    # Kill the restic process.
    script = <<~EOS
        set -x -e -o pipefail; shopt -qs failglob
        (ps --no-headers -o pid,cmd -C restic \
        | awk '$0 ~ "#{vm_dir}" { print $1 } END { print "\\0" }' || :) \\
        | (read -d '' PIDS
           [[ -n "$PIDS" ]] || exit 0                           # empty
           [[ -z "${PIDS//[[:space:][:digit:]]/}" ]] || exit -1 # !integers
           kill -s TERM $PIDS)
    EOS

    rc = TransferManager::Action.ssh 'backup_cancel',
                                     :host     => vm_host,
                                     :cmds     => script,
                                     :nostdout => true,
                                     :nostderr => false

    if rc.code != 0
        STDERR.puts "Unable to stop restic process: #{rc.stderr}"
        exit(-1)
    end

    # From the restic help screen:
    # > The "unlock" command removes stale locks that have been created by other restic processes.

    script = <<~EOS
        set -e -o pipefail; shopt -qs failglob
        #{rds.resticenv_sh}
        #{rds.restic('unlock')}
    EOS

    rc = TransferManager::Action.ssh 'remove_stale_locks',
                                     :host     => vm_host,
                                     :forward  => true,
                                     :cmds     => script,
                                     :nostdout => true,
                                     :nostderr => false

    if rc.code != 0
        STDERR.puts "Error removing restic stale locks: #{rc.stderr}"
        exit(-1)
    end

    STDERR.puts 'Backup cancelled'
    STDERR.flush

    # Suppress "`read': stream closed in another thread (IOError)"
    STDOUT.reopen IO::NULL
    STDERR.reopen IO::NULL

    exit(-1) # fail anyway
end

Signal.trap(:TERM) do
    pipe_w.write 'W'
end

# Execute restic backup in pull mode in the hypervisor using OpenNebula ssh-agent
# --force (will re-read disk files as will have changed since last backup)
#
# Command:
#     restic \
#       -r sftp:oneadmin@192.168.150.1:/var/lib/one/datastores/100 \
#       backup \
#       --force /var/lib/one/datastores/0/10/backup
rcmd = rds.restic "backup '#{vm_dir}'/disk.* '#{vm_dir}'/vm.xml",
                  'force' => nil,
                  'json' => nil,
                  'tag' => "one-#{vm_id}"

script = <<~EOS
    set -e -o pipefail; shopt -qs failglob

    #{rds.resticenv_sh}
    BKNAME=$(ls #{vm_dir}/disk.* | head -n 1)

    RC=`#{ds.cmd_confinement(rcmd, vm_dir, ['SSH_AUTH_SOCK', 'RESTIC_PASSWORD', 'GOMAXPROCS'])}`

    INFO=`echo "$RC" | jq -r '.snapshot_id + " " + (.total_bytes_processed|tostring) | select ( . != " null" )'`

    echo "$INFO $BKNAME"
EOS

rc = TransferManager::Action.ssh 'backup',
                                 :host     => vm_host,
                                 :forward  => true,
                                 :cmds     => script,
                                 :nostdout => false,
                                 :nostderr => false

if rc.stdout.empty?
    STDERR.puts "Cannot find backup information: #{rc.stdout} #{rc.stderr}"
    exit(-1)
end

parts = rc.stdout.lines.last.split

if parts.length != 3
    STDERR.puts "Wrong format for backup action: #{rc.stdout}"
    exit(-1)
end

# NOTE: The backup command in restic 0.16.0 returns the long snapshot id, but previously (0.14.0) it
#       was the short snapshot id. We trim it here to keep it backward compatible.
id       = parts[0]
short_id = id[0..7] # first 8 chars only

disk_filepath = parts[2]
extension     = File.extname(disk_filepath).delete_prefix('.')
backup_format = ['rbd2', 'rbdiff'].include?(extension) ? 'rbd' : 'raw'

STDOUT.puts "#{short_id} #{parts[1].to_i / (1024 * 1024)} #{backup_format}"
exit(0)
