"""zioinfo-mail 서버 권한 수정 + Jenkins sudo 설정"""
import paramiko, sys, json, time
sys.stdout.reconfigure(encoding='utf-8', errors='replace')
c = paramiko.SSHClient(); c.set_missing_host_key_policy(paramiko.AutoAddPolicy())
c.connect('101.79.17.164', username='root', password='1q2w3e!Q', timeout=15)
J = 'http://127.0.0.1:9080'; A = 'admin:Admin@2026!'

def run(label, cmd, timeout=20):
    print(f'\n[{label}]')
    _, o, _ = c.exec_command(cmd, timeout=timeout)
    print(o.read().decode('utf-8','replace').strip()[:400])

# 1. /opt/mail 권한을 jenkins 사용자도 쓸 수 있게
run('/opt/mail 권한 확인', 'ls -la /opt/ | grep mail')
run('/opt/mail jenkins 쓰기 권한',
    'chown -R jenkins:jenkins /opt/mail/backend /opt/mail/venv /var/www/mail 2>/dev/null; '
    'chmod -R 755 /opt/mail/backend 2>/dev/null; echo done')

# 2. Jenkins sudoers: systemctl restart zioinfo-mail 허용
run('sudoers 설정',
    'echo "jenkins ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart zioinfo-mail, /usr/bin/systemctl is-active zioinfo-mail, /usr/bin/curl" > /etc/sudoers.d/jenkins-mail && '
    'chmod 440 /etc/sudoers.d/jenkins-mail && echo ok')

# 3. Jenkinsfile에서 rsync와 systemctl에 sudo 추가
# 현재 Jenkinsfile 확인
import base64
G = base64.b64encode(b'zio:Zio@Admin2026!').decode()
run('현재 Jenkinsfile 확인',
    f'curl -sf "http://127.0.0.1:9003/api/v1/repos/zio/zioinfo-mail/contents/Jenkinsfile" '
    f'-H "Authorization: Basic {G}" 2>/dev/null | '
    'python3 -c "import sys,json,base64; d=json.load(sys.stdin); print(base64.b64decode(d[\'content\']).decode())" 2>/dev/null | head -30')

# 4. workspace 초기화 + 재빌드
run('workspace 초기화', 'rm -rf /var/lib/jenkins/workspace/zioinfo-mail && echo ok')

_, o, _ = c.exec_command(f'curl -sf -u "{A}" {J}/crumbIssuer/api/json 2>/dev/null', timeout=10)
try:
    cd = json.loads(o.read().decode('utf-8','replace').strip())
    CH = f'{cd["crumbRequestField"]}: {cd["crumb"]}'
except: CH = 'Jenkins-Crumb: x'

run('재빌드',
    f'curl -sf -X POST -u "{A}" -H "{CH}" {J}/job/zioinfo-mail/build 2>/dev/null && echo "트리거됨"')

print('\n빌드 대기 (180초)...')
for i in range(36):
    time.sleep(5)
    _, o2, _ = c.exec_command(
        f'curl -sf -u "{A}" {J}/job/zioinfo-mail/lastBuild/api/json 2>/dev/null', timeout=10)
    try:
        d = json.loads(o2.read().decode('utf-8','replace'))
        num = d.get('number','?'); result = d.get('result','진행중'); building = d.get('building',True)
        print(f'  #{num}: {result} building={building}')
        if not building: break
    except: pass

run('콘솔 로그 (마지막)',
    f'curl -sf -u "{A}" {J}/job/zioinfo-mail/lastBuild/consoleText 2>/dev/null | tail -20')

c.close()