package org.apache.whirr.compute;

import com.google.common.base.Splitter;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.net.MalformedURLException;
import org.apache.whirr.ClusterSpec;
import org.apache.whirr.service.jclouds.StatementBuilder;
import org.apache.whirr.service.jclouds.TemplateBuilderStrategy;
import org.jclouds.aws.ec2.AWSEC2Client;
import org.jclouds.aws.ec2.compute.AWSEC2TemplateOptions;
import org.jclouds.compute.ComputeService;
import org.jclouds.compute.ComputeServiceContext;
import org.jclouds.compute.domain.Template;
import org.jclouds.compute.domain.TemplateBuilder;
import org.jclouds.compute.options.TemplateOptions;
import org.jclouds.scriptbuilder.InitBuilder;
import org.jclouds.scriptbuilder.domain.OsFamily;
import org.jclouds.scriptbuilder.domain.Statement;
import org.jclouds.scriptbuilder.domain.Statements;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/whirr/compute/BootstrapTemplate.class */
public class BootstrapTemplate {
    private static final Logger LOG = LoggerFactory.getLogger(BootstrapTemplate.class);

    public static Template build(ClusterSpec clusterSpec, ComputeService computeService, StatementBuilder statementBuilder, TemplateBuilderStrategy templateBuilderStrategy) throws MalformedURLException {
        LOG.info("Configuring template");
        Statement addUserAndAuthorizeSudo = addUserAndAuthorizeSudo(clusterSpec.getClusterUser(), clusterSpec.getPublicKey(), clusterSpec.getPrivateKey(), statementBuilder.build(clusterSpec));
        if (LOG.isDebugEnabled()) {
            LOG.debug("Running script:\n{}", addUserAndAuthorizeSudo.render(OsFamily.UNIX));
        }
        TemplateBuilder options = computeService.templateBuilder().options(TemplateOptions.Builder.runScript(addUserAndAuthorizeSudo));
        templateBuilderStrategy.configureTemplateBuilder(clusterSpec, options);
        return setSpotInstancePriceIfSpecified(computeService.getContext(), clusterSpec, options.build());
    }

    private static Statement addUserAndAuthorizeSudo(String str, String str2, String str3, Statement statement) {
        return new InitBuilder("setup-" + str, "/tmp", "/tmp/logs", ImmutableMap.of("newUser", str, "defaultHome", "/home/users"), ImmutableList.of(createUserWithPublicAndPrivateKey(str, str2, str3), makeSudoersOnlyPermitting(str), statement));
    }

    private static Template setSpotInstancePriceIfSpecified(ComputeServiceContext computeServiceContext, ClusterSpec clusterSpec, Template template) {
        if (computeServiceContext != null && (computeServiceContext.getProviderSpecificContext().getApi() instanceof AWSEC2Client) && clusterSpec.getAwsEc2SpotPrice() > 0.0f) {
            template.getOptions().as(AWSEC2TemplateOptions.class).spotPrice(Float.valueOf(clusterSpec.getAwsEc2SpotPrice()));
        }
        return template;
    }

    private static Statement createUserWithPublicAndPrivateKey(String str, String str2, String str3) {
        return Statements.newStatementList(new Statement[]{Statements.interpret(new String[]{"mkdir -p $DEFAULT_HOME/$NEW_USER/.ssh", "useradd --shell /bin/bash -d $DEFAULT_HOME/$NEW_USER $NEW_USER\n"}), Statements.appendFile("$DEFAULT_HOME/$NEW_USER/.ssh/authorized_keys", Splitter.on('\n').split(str2)), Statements.appendFile("$DEFAULT_HOME/$NEW_USER/.ssh/id_rsa", Splitter.on('\n').split(str3)), Statements.interpret(new String[]{"chmod 400 $DEFAULT_HOME/$NEW_USER/.ssh/*", "chown -R $NEW_USER $DEFAULT_HOME/$NEW_USER\n"})});
    }

    private static Statement makeSudoersOnlyPermitting(String str) {
        return Statements.newStatementList(new Statement[]{Statements.interpret(new String[]{"rm /etc/sudoers", "touch /etc/sudoers", "chmod 0440 /etc/sudoers", "chown root /etc/sudoers\n"}), Statements.appendFile("/etc/sudoers", ImmutableSet.of("root ALL = (ALL) ALL", "%adm ALL = (ALL) ALL", str + " ALL = (ALL) NOPASSWD: ALL"))});
    }
}
