package com.nirima.jenkins.plugins.docker;

import com.github.dockerjava.api.DockerClient;
import com.github.dockerjava.api.model.Container;
import com.nirima.jenkins.plugins.docker.utils.JenkinsUtils;
import hudson.Extension;
import hudson.model.AsyncPeriodicWork;
import hudson.model.Node;
import hudson.model.TaskListener;
import hudson.slaves.SlaveComputer;
import io.jenkins.docker.DockerTransientNode;
import io.jenkins.docker.client.DockerAPI;
import java.io.IOException;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import jenkins.model.Jenkins;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Extension
/* loaded from: input_file:com/nirima/jenkins/plugins/docker/DockerContainerWatchdog.class */
public class DockerContainerWatchdog extends AsyncPeriodicWork {
    private Clock clock;
    private static final Logger LOGGER = LoggerFactory.getLogger(DockerContainerWatchdog.class);
    private static final long RECURRENCE_PERIOD_IN_MS = JenkinsUtils.getSystemPropertyLong(DockerContainerWatchdog.class.getName() + ".recurrenceInSeconds", 300L).longValue() * 1000;
    private static final Duration PROCESSING_TIMEOUT = Duration.ofMillis((RECURRENCE_PERIOD_IN_MS * 4) / 5);
    private static final Statistics executionStatistics = new Statistics();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/nirima/jenkins/plugins/docker/DockerContainerWatchdog$ContainerIsTaintedException.class */
    public static class ContainerIsTaintedException extends Exception {
        public ContainerIsTaintedException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/nirima/jenkins/plugins/docker/DockerContainerWatchdog$ContainersRetrievalException.class */
    public static class ContainersRetrievalException extends Exception {
        public ContainersRetrievalException(Throwable th) {
            super(th);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/nirima/jenkins/plugins/docker/DockerContainerWatchdog$Statistics.class */
    public static class Statistics {
        private long executions;
        private long containersRemovedGracefully;
        private long containersRemovedGracefullyRuntimeSum;
        private long containersRemovedForce;
        private long containersRemovedForceRuntimeSum;
        private long containersRemovedFailed;
        private long nodesRemoved;
        private long nodesRemovedFailed;
        private long processingTimeout;
        private long overallRuntime;
        private long retrieveContainersRuntime;
        private long retrieveContainersCalls;

        private Statistics() {
        }

        public void writeStatisticsToLog() {
            DockerContainerWatchdog.LOGGER.debug("Watchdog Statistics: Number of overall executions: {}, Executions with processing timeout: {}, Containers removed gracefully: {}, Containers removed with force: {}, Containers removal failed: {}, Nodes removed successfully: {}, Nodes removal failed: {}, Container removal average duration (gracefully): {} ms, Container removal average duration (force): {} ms, Average overall runtime of watchdog: {} ms, Average runtime of container retrieval: {} ms", new Object[]{Long.valueOf(this.executions), Long.valueOf(this.processingTimeout), Long.valueOf(this.containersRemovedGracefully), Long.valueOf(this.containersRemovedForce), Long.valueOf(this.containersRemovedFailed), Long.valueOf(this.nodesRemoved), Long.valueOf(this.nodesRemovedFailed), getContainerRemovalAverageDurationGracefully(), getContainerRemovalAverageDurationForce(), getAverageOverallRuntime(), getAverageRetrieveContainerRuntime()});
        }

        private void addExecution() {
            this.executions++;
        }

        private void addContainerRemovalGracefully(long j) {
            this.containersRemovedGracefully++;
            this.containersRemovedGracefullyRuntimeSum += j;
        }

        private void addContainerRemovalForce(long j) {
            this.containersRemovedForce++;
            this.containersRemovedForceRuntimeSum += j;
        }

        private void addContainerRemovalFailed() {
            this.containersRemovedFailed++;
        }

        private void addNodeRemoved() {
            this.nodesRemoved++;
        }

        private void addNodeRemovedFailed() {
            this.nodesRemovedFailed++;
        }

        private void addProcessingTimeout() {
            this.processingTimeout++;
        }

        private void addOverallRuntime(long j) {
            this.overallRuntime += j;
        }

        private void addRetrieveContainerRuntime(long j) {
            this.retrieveContainersRuntime += j;
            this.retrieveContainersCalls++;
        }

        private String getAverageOverallRuntime() {
            return this.executions == 0 ? "0" : Long.toString(this.overallRuntime / this.executions);
        }

        private String getContainerRemovalAverageDurationForce() {
            return this.containersRemovedForce == 0 ? "0" : Long.toString(this.containersRemovedForceRuntimeSum / this.containersRemovedForce);
        }

        private String getContainerRemovalAverageDurationGracefully() {
            return this.containersRemovedGracefully == 0 ? "0" : Long.toString(this.containersRemovedGracefullyRuntimeSum / this.containersRemovedGracefully);
        }

        private String getAverageRetrieveContainerRuntime() {
            return this.retrieveContainersCalls == 0 ? "0" : Long.toString(this.retrieveContainersRuntime / this.retrieveContainersCalls);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/nirima/jenkins/plugins/docker/DockerContainerWatchdog$TerminationException.class */
    public static class TerminationException extends Exception {
        public TerminationException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/nirima/jenkins/plugins/docker/DockerContainerWatchdog$WatchdogProcessingTimeout.class */
    public static class WatchdogProcessingTimeout extends Error {
    }

    public DockerContainerWatchdog() {
        super(String.format("%s Asynchronous Periodic Work", DockerContainerWatchdog.class.getSimpleName()));
        this.clock = Clock.systemUTC();
    }

    @Restricted({NoExternalUse.class})
    void setClock(Clock clock) {
        this.clock = clock;
    }

    public long getRecurrencePeriod() {
        return RECURRENCE_PERIOD_IN_MS;
    }

    protected List<DockerCloud> getAllClouds() {
        return DockerCloud.instances();
    }

    protected List<Node> getAllNodes() {
        return Jenkins.get().getNodes();
    }

    protected String getJenkinsInstanceId() {
        return DockerTemplateBase.getJenkinsInstanceIdForContainerLabel();
    }

    protected void removeNode(DockerTransientNode dockerTransientNode) throws IOException {
        Jenkins.get().removeNode(dockerTransientNode);
    }

    protected boolean stopAndRemoveContainer(DockerAPI dockerAPI, Logger logger, String str, boolean z, String str2, boolean z2) {
        return DockerTransientNode.stopAndRemoveContainer(dockerAPI, logger, str, z, str2, z2);
    }

    protected void execute(TaskListener taskListener) throws IOException, InterruptedException {
        if (!JenkinsUtils.getSystemPropertyBoolean(DockerContainerWatchdog.class.getName() + ".enabled", true)) {
            LOGGER.info("Docker Container Watchdog is disabled based on system configuration");
            return;
        }
        LOGGER.debug("Docker Container Watchdog has been triggered");
        executionStatistics.writeStatisticsToLog();
        executionStatistics.addExecution();
        Instant instant = this.clock.instant();
        try {
            ContainerNodeNameMap containerNodeNameMap = new ContainerNodeNameMap();
            Instant instant2 = this.clock.instant();
            Map<String, Node> loadNodeMap = loadNodeMap();
            try {
                for (DockerCloud dockerCloud : getAllClouds()) {
                    String uri = dockerCloud.getDockerApi().getDockerHost().getUri();
                    if (uri == null) {
                        LOGGER.info("Skipping unconfigured Docker Cloud {}", dockerCloud.getDisplayName());
                    } else {
                        LOGGER.debug("Checking Docker Cloud {} at {}", dockerCloud.getDisplayName(), uri);
                        taskListener.getLogger().println(String.format("Checking Docker Cloud %s", dockerCloud.getDisplayName()));
                        containerNodeNameMap = processCloud(dockerCloud, loadNodeMap, containerNodeNameMap, instant2);
                    }
                }
                if (containerNodeNameMap.isContainerListIncomplete()) {
                    LOGGER.info("Not checking the list of nodes, as list of containers is known to be incomplete");
                } else {
                    cleanUpSuperfluousComputer(loadNodeMap, containerNodeNameMap, instant2);
                }
                executionStatistics.addOverallRuntime(Duration.between(instant, this.clock.instant()).toMillis());
                LOGGER.debug("Docker Container Watchdog check has been completed");
            } catch (WatchdogProcessingTimeout e) {
                LOGGER.warn("Processing of cleanup watchdog took too long; current timeout value: {}, watchdog started on {}", new Object[]{PROCESSING_TIMEOUT, instant.toString(), e});
                executionStatistics.addProcessingTimeout();
                executionStatistics.addOverallRuntime(Duration.between(instant, this.clock.instant()).toMillis());
                executionStatistics.addOverallRuntime(Duration.between(instant, this.clock.instant()).toMillis());
            }
        } catch (Throwable th) {
            executionStatistics.addOverallRuntime(Duration.between(instant, this.clock.instant()).toMillis());
            throw th;
        }
    }

    private Map<String, Node> loadNodeMap() {
        HashMap hashMap = new HashMap();
        for (Node node : getAllNodes()) {
            hashMap.put(node.getNodeName(), node);
        }
        LOGGER.debug("We currently have {} nodes assigned to this Jenkins instance, which we will check", Integer.valueOf(hashMap.size()));
        return hashMap;
    }

    private ContainerNodeNameMap processCloud(DockerCloud dockerCloud, Map<String, Node> map, ContainerNodeNameMap containerNodeNameMap, Instant instant) {
        try {
            DockerClient client = dockerCloud.getDockerApi().getClient();
            try {
                ContainerNodeNameMap retrieveContainers = retrieveContainers(dockerCloud, client);
                if (dockerCloud.getDisabled().isDisabled()) {
                    LOGGER.debug("Will not cleanup superfluous containers on DockerCloud [name={}, dockerURI={}], as it is disabled", dockerCloud.getDisplayName(), dockerCloud.getDockerApi().getDockerHost().getUri());
                } else {
                    cleanUpSuperfluousContainers(client, map, retrieveContainers, dockerCloud, instant);
                }
                containerNodeNameMap = containerNodeNameMap.merge(retrieveContainers);
                if (client != null) {
                    client.close();
                }
            } catch (Throwable th) {
                if (client != null) {
                    try {
                        client.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (ContainersRetrievalException e) {
            containerNodeNameMap.setContainerListIncomplete(true);
        } catch (IOException e2) {
            LOGGER.warn("Failed to properly close a DockerClient instance after reading the list of containers and cleaning them up; ignoring", e2);
        }
        return containerNodeNameMap;
    }

    private ContainerNodeNameMap retrieveContainers(DockerCloud dockerCloud, DockerClient dockerClient) throws ContainersRetrievalException {
        HashMap hashMap = new HashMap();
        hashMap.put(DockerContainerLabelKeys.JENKINS_INSTANCE_ID, getJenkinsInstanceId());
        ContainerNodeNameMap containerNodeNameMap = new ContainerNodeNameMap();
        Instant instant = this.clock.instant();
        try {
            try {
                for (Container container : (List) dockerClient.listContainersCmd().withShowAll(true).withLabelFilter(hashMap).exec()) {
                    String id = container.getId();
                    if (container.getStatus() == null) {
                        LOGGER.warn("Container {} has a null-status and thus cannot be checked; ignoring container", id);
                    } else {
                        String str = (String) container.getLabels().get(DockerContainerLabelKeys.NODE_NAME);
                        if (str == null) {
                            LOGGER.warn("Container {} is said to be created by this Jenkins instance, but does not have any node name label assigned; manual cleanup is required for this", id);
                        } else {
                            containerNodeNameMap.registerMapping(container, str);
                        }
                    }
                }
                return containerNodeNameMap;
            } catch (Exception e) {
                LOGGER.warn("Unable to retrieve list of containers available on DockerCloud [name={}, dockerURI={}] while reading list of containers (showAll=true, labelFilters={})", new Object[]{dockerCloud.getDisplayName(), dockerCloud.getDockerApi().getDockerHost().getUri(), hashMap.toString(), e});
                throw new ContainersRetrievalException(e);
            }
        } finally {
            executionStatistics.addRetrieveContainerRuntime(Duration.between(instant, this.clock.instant()).toMillis());
        }
    }

    private void cleanUpSuperfluousContainers(DockerClient dockerClient, Map<String, Node> map, ContainerNodeNameMap containerNodeNameMap, DockerCloud dockerCloud, Instant instant) {
        for (Container container : containerNodeNameMap.getAllContainers()) {
            String id = container.getId();
            String nodeName = containerNodeNameMap.getNodeName(id);
            if (map.get(nodeName) == null) {
                Long created = container.getCreated();
                if (isStillTooYoung(created, instant)) {
                    LOGGER.info("Container {} is too young to be considered for removal", id);
                } else {
                    checkForTimeout(instant);
                    LOGGER.info("Container {}, which is reported to be assigned to node {}, is no longer associated (node might be gone already?). The container's last status is {}; it was created on {}", new Object[]{id, nodeName, container.getStatus(), created});
                    try {
                        terminateContainer(dockerCloud, dockerClient, container);
                    } catch (Exception e) {
                        LOGGER.warn("Graceful termination of Container {} failed", id, e);
                    }
                }
            }
        }
    }

    private static boolean isStillTooYoung(Long l, Instant instant) {
        return Duration.between(Instant.ofEpochSecond(l.longValue()), instant).minus(Duration.ofSeconds(JenkinsUtils.getSystemPropertyLong(DockerContainerWatchdog.class.getName() + ".initialGraceDurationForContainersInSeconds", 60L).longValue())).isNegative();
    }

    private void terminateContainer(DockerCloud dockerCloud, DockerClient dockerClient, Container container) {
        boolean z = false;
        try {
            terminateContainerGracefully(dockerCloud, container);
        } catch (ContainerIsTaintedException e) {
            LOGGER.warn("Container {} has been tampered with; skipping cleanup", container.getId(), e);
            return;
        } catch (TerminationException e2) {
            z = true;
        }
        if (z) {
            try {
                Instant instant = this.clock.instant();
                dockerClient.removeContainerCmd(container.getId()).withForce(true).exec();
                executionStatistics.addContainerRemovalForce(Duration.between(instant, this.clock.instant()).toMillis());
            } catch (RuntimeException e3) {
                LOGGER.warn("Forced termination of container {} failed with RuntimeException", container.getId(), e3);
                executionStatistics.addContainerRemovalFailed();
            }
        }
    }

    private void terminateContainerGracefully(DockerCloud dockerCloud, Container container) throws TerminationException, ContainerIsTaintedException {
        String id = container.getId();
        Map labels = container.getLabels();
        if (nodeExistsBypassingCache((String) labels.get(DockerContainerLabelKeys.NODE_NAME))) {
            LOGGER.warn("Was going to terminate container ID {}, but a node for it has appeared so it does not need removing now.", container.getId());
            throw new ContainerIsTaintedException(String.format("Node for container ID %s has appeared", container.getId()));
        }
        String str = (String) labels.get(DockerContainerLabelKeys.REMOVE_VOLUMES);
        if (str == null) {
            throw new ContainerIsTaintedException(String.format("Container ID %s has no '%s' label; skipping.", container.getId(), DockerContainerLabelKeys.REMOVE_VOLUMES));
        }
        boolean parseBoolean = Boolean.parseBoolean(str);
        boolean z = true;
        if (container.getStatus().startsWith("Dead") || container.getStatus().startsWith("Exited") || container.getStatus().startsWith("Created")) {
            z = false;
        }
        DockerAPI dockerApi = dockerCloud.getDockerApi();
        Instant instant = this.clock.instant();
        boolean stopAndRemoveContainer = stopAndRemoveContainer(dockerApi, LOGGER, String.format("(orphaned container found by %s)", DockerContainerWatchdog.class.getSimpleName()), parseBoolean, container.getId(), !z);
        Instant instant2 = this.clock.instant();
        if (!stopAndRemoveContainer) {
            throw new TerminationException("Graceful termination failed.");
        }
        executionStatistics.addContainerRemovalGracefully(Duration.between(instant, instant2).toMillis());
        LOGGER.info("Successfully terminated orphaned container {}", id);
    }

    private boolean nodeExistsBypassingCache(String str) {
        Iterator<Node> it = getAllNodes().iterator();
        while (it.hasNext()) {
            if (str.equals(it.next().getNodeName())) {
                return true;
            }
        }
        return false;
    }

    private void cleanUpSuperfluousComputer(Map<String, Node> map, ContainerNodeNameMap containerNodeNameMap, Instant instant) {
        SlaveComputer computer;
        for (Node node : map.values()) {
            if (node instanceof DockerTransientNode) {
                checkForTimeout(instant);
                DockerTransientNode dockerTransientNode = (DockerTransientNode) node;
                if (!containerNodeNameMap.isContainerIdRegistered(dockerTransientNode.getContainerId()) && (computer = dockerTransientNode.getComputer()) != null && computer.isOffline()) {
                    LOGGER.info("{} has container ID {}, but the container does not exist in any docker cloud. Will remove node.", dockerTransientNode, dockerTransientNode.getContainerId());
                    try {
                        removeNode(dockerTransientNode);
                        executionStatistics.addNodeRemoved();
                    } catch (IOException e) {
                        LOGGER.warn("Failed to remove orphaned node {}", dockerTransientNode.toString(), e);
                        executionStatistics.addNodeRemovedFailed();
                    }
                }
            }
        }
    }

    private void checkForTimeout(Instant instant) {
        if (Duration.between(instant, this.clock.instant()).compareTo(PROCESSING_TIMEOUT) > 0) {
            throw new WatchdogProcessingTimeout();
        }
    }
}
