#!/usr/bin/env bash
set -u

section() {
    printf '\n===== %s =====\n' "$*"
}

have() {
    command -v "$1" >/dev/null 2>&1
}

run() {
    echo "+ $*"
    "$@" 2>&1 || true
}

section "NiceOS Core Node profile"
if [ -f /etc/niceos/profiles/core-node-kubernetes.env ]; then
    cat /etc/niceos/profiles/core-node-kubernetes.env
else
    echo "Profile env file is missing: /etc/niceos/profiles/core-node-kubernetes.env"
fi

section "OS"
run cat /etc/os-release
run uname -a

section "RPM packages"
for pkg in \
    niceos-core-node-kubernetes \
    niceos-core-containerd-config \
    niceos-core-kernel-kubernetes \
    niceos-core-kubeadm-config \
    niceos-addon-cni-flannel \
    containerd \
    runc \
    cri-tools \
    kubernetes135-node \
    kubernetes135-kubelet \
    kubernetes135-kubeadm \
    kubernetes135-kubectl \
    kubernetes135-kube-proxy \
    cni \
    cni-plugins
do
    rpm -q "$pkg" 2>/dev/null || true
done

section "Systemd services"
for svc in containerd kubelet systemd-modules-load systemd-sysctl systemd-resolved; do
    if systemctl list-unit-files "${svc}.service" >/dev/null 2>&1; then
        echo "--- ${svc}.service ---"
        systemctl is-enabled "${svc}.service" 2>/dev/null || true
        systemctl is-active "${svc}.service" 2>/dev/null || true
    fi
done

section "containerd config"
if [ -f /etc/containerd/config.toml ]; then
    grep -nE "version =|sandbox =|SystemdCgroup|enable_selinux|disable_apparmor|conf_dir|bin_dirs" /etc/containerd/config.toml || true
else
    echo "/etc/containerd/config.toml is missing"
fi

section "crictl config"
if [ -f /etc/crictl.yaml ]; then
    cat /etc/crictl.yaml
else
    echo "/etc/crictl.yaml is missing"
fi

section "Kernel modules"
lsmod | grep -E 'overlay|br_netfilter|vxlan|ip_vs|nf_conntrack|ip_tables|ip_set' || true

section "Kubernetes sysctl"
for key in \
    net.ipv4.ip_forward \
    net.bridge.bridge-nf-call-iptables \
    net.bridge.bridge-nf-call-ip6tables \
    net.ipv4.conf.all.rp_filter \
    net.ipv4.conf.default.rp_filter \
    fs.inotify.max_user_watches \
    fs.inotify.max_user_instances \
    vm.max_map_count \
    kernel.pid_max
do
    sysctl "$key" 2>/dev/null || true
done

section "CNI filesystem"
for path in /etc/cni /etc/cni/net.d /opt/cni /opt/cni/bin /run/flannel/subnet.env; do
    if [ -e "$path" ]; then
        ls -ld "$path"
    else
        echo "missing: $path"
    fi
done

if [ -d /etc/cni/net.d ]; then
    echo "--- /etc/cni/net.d ---"
    ls -la /etc/cni/net.d || true
fi

if [ -d /opt/cni/bin ]; then
    echo "--- /opt/cni/bin selected plugins ---"
    ls -la /opt/cni/bin | grep -E 'bridge|loopback|host-local|portmap|flannel|bandwidth|firewall|tuning' || true
fi

section "CRI status"
if have crictl; then
    crictl info 2>/dev/null | grep -E 'lastCNILoadStatus|RuntimeReady|NetworkReady|ContainerdHasNoDeprecationWarnings|SystemdCgroup|enableSelinux|disableApparmor' -A10 || true
    echo "--- CRI pods ---"
    crictl pods -n 0 2>/dev/null || crictl pods 2>/dev/null || true
    echo "--- CRI containers ---"
    crictl ps -a 2>/dev/null || true
    echo "--- CRI images selected ---"
    crictl images 2>/dev/null | grep -E 'pause|kube-apiserver|kube-controller|kube-scheduler|kube-proxy|etcd|coredns|flannel|metrics-server|node-problem|agnhost' || true
else
    echo "crictl is not installed"
fi

section "Kubernetes local state"
for path in \
    /etc/kubernetes/admin.conf \
    /etc/kubernetes/kubelet.conf \
    /etc/kubernetes/bootstrap-kubelet.conf \
    /etc/kubernetes/manifests \
    /var/lib/kubelet/config.yaml \
    /var/lib/kubelet/kubeadm-flags.env \
    /var/lib/etcd
do
    if [ -e "$path" ]; then
        ls -ld "$path"
    else
        echo "missing: $path"
    fi
done

if [ -f /var/lib/kubelet/config.yaml ]; then
    echo "--- kubelet resolvConf ---"
    grep -n '^resolvConf:' /var/lib/kubelet/config.yaml || true
fi

section "Listening ports"
ss -lntp 2>/dev/null | grep -E ':6443|:2379|:2380|:10250|:10257|:10259' || true

section "kubectl cluster status"
if have kubectl; then
    if [ -n "${KUBECONFIG:-}" ]; then
        echo "Using KUBECONFIG=${KUBECONFIG}"
    elif [ -f /etc/kubernetes/admin.conf ]; then
        export KUBECONFIG=/etc/kubernetes/admin.conf
        echo "Using KUBECONFIG=/etc/kubernetes/admin.conf"
    fi

    if [ -n "${KUBECONFIG:-}" ]; then
        kubectl get nodes -o wide 2>/dev/null || true
        kubectl get pods -A -o wide 2>/dev/null || true
    else
        echo "KUBECONFIG is not set and /etc/kubernetes/admin.conf is missing"
    fi
else
    echo "kubectl is not installed"
fi

section "Recent logs"
run journalctl -u containerd -b -n 40 --no-pager
run journalctl -u kubelet -b -n 80 --no-pager

section "Summary hints"
echo "Expected healthy baseline:"
echo "  containerd: active"
echo "  kubelet: active after kubeadm init/join"
echo "  crictl RuntimeReady: true"
echo "  crictl NetworkReady: true after CNI addon"
echo "  node: Ready after kubeadm init/join and CNI addon"
echo "  CoreDNS: 1/1 Running after resolvConf avoids systemd-resolved stub"