#!/bin/bash
exec 2>&1
export PIDFILE="/tmp/haproxy.pid"

LOG_PREFIX="$(pwd) $0"
log() {
    logline="[$LOG_PREFIX] $1\n"
    printf "$logline" >&1
}
log_error() {
    logline="[$LOG_PREFIX] $1\n"
    printf "$logline" >&1
    printf "$logline" >&2
}

addFirewallRules() {
  IFS=',' read -ra ADDR <<< "$PORTS"
  for i in "${ADDR[@]}"; do
    iptables -w -I INPUT -p tcp --dport $i --syn -j DROP
  done
}

removeFirewallRules() {
  IFS=',' read -ra ADDR <<< "$PORTS"
  for i in "${ADDR[@]}"; do
    while iptables -w -D INPUT -p tcp --dport $i --syn -j DROP 2>/dev/null; do :; done
  done
}

reload() {
  log "Reloading haproxy"

  (
    flock 200

    log "Dropping SYN packets with addFirewallRules"
    addFirewallRules

    # Wait to settle
    sleep 0.1
    log "addFirewallRules done"

    log "Saving the current HAProxy state"
    socat /var/run/haproxy/socket - <<< "show servers state" > /var/state/haproxy/global
    log "Done saving the current HAProxy state"

    # Trigger reload
    LATEST_HAPROXY_PID=$(cat $PIDFILE)
    log "LATEST_HAPROXY_PID: [$LATEST_HAPROXY_PID]"

    WHICH_HAPROXY=$(which haproxy)

    log "/marathon-lb/haproxy_wrapper.py $WHICH_HAPROXY -D -p $PIDFILE -f /marathon-lb/haproxy.cfg -sf $LATEST_HAPROXY_PID 200>&-"
    /marathon-lb/haproxy_wrapper.py $WHICH_HAPROXY -D -p $PIDFILE -f /marathon-lb/haproxy.cfg -sf $LATEST_HAPROXY_PID 200>&-
    local exit_code=$?
    log "exit code: $exit_code"
    if [ $exit_code -ne 0 ]; then
      log_error "HAProxy reload failed"
    fi

    log "Removing firewall rules with removeFirewallRules"
    removeFirewallRules
    log "removeFirewallRules done"

    # Need to wait 1s to prevent TCP SYN exponential backoff
    sleep 1

    log "Reload finished"
  ) 200>/var/run/haproxy/lock
}

mkdir -p /var/state/haproxy
mkdir -p /var/run/haproxy

reload

trap reload SIGHUP
while true; do sleep 0.5; done
