#!/bin/bash

# Copyright (c) 2024 Oracle and/or its affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown
# at http://oss.oracle.com/licenses/upl.

###############################################################################
#
# Name: oci-image-expand
# Description: script to expand (unminimize) an OL9 minimal image
#    User selects which non-default options to add (those requiring reboot)
#    Default added functions include systemd services, diagnostic packages and cloud configuration settings.
#    User selectable functions (requiring reboot) -- SELinux, Kdump, Ksplice, iSCSI.
#    If a reboot is required, user will be prompted
#
###############################################################################

# global variables
return_val=0
SELINUX_SELECTED="NO"
KDUMP_SELECTED="NO"
KSPLICE_SELECTED="NO"
REBOOT_REQUIRED="NO"
SELINUX_ENABLED="NO"
KDUMP_ENABLED="NO"
KSPLICE_ENABLED="NO"
declare -a options=('All reboot options' 'Enable SELinux' 'Enable Kdump' 'Enable Ksplice')
# set a default set of initially chosen options -- start with no reboot options selected
declare -a choices=( " " " " " " " " )
ERROR=" "

usage() {
cat <<EOF
Usage: $0 [OPTION]

Add key functionality not included in an OL9 minimal image. 

Option:
  -h
  --help                       Print this message.
EOF
} # end usage

log() {
    logger -t "${0##*/}" "$*"
} # end log

# Print the current menu options (with selections marked by "+"
function menu() {
    echo "oci-image-expand"
    echo "    Adds key functionality not included in an OL9 minimal image."
    echo "    Default added functions include systemd services, diagnostic packages, cloud configuration settings as well as configuring and enabling swap on the instance."
    echo "    User selectable functions (requiring reboot) -- SELinux, Kdump, Ksplice."
    echo 
    echo "Please select the set of reboot required functions, if any"
    echo "    Selecting a function transitions from not selected [ ] to selected [+] or vice versa"
    echo
    for NUM in "${!options[@]}"; do
        echo "[""${choices[NUM]:- }""]" $((NUM))") ${options[NUM]}"
    done
    echo "$ERROR"
} # end menu

# Ask the user to keep selecting options (ENTER will exit this loop)
function menu_loop() {
    # Clear screen for menu
    clear

    # Menu loop
    while menu && read -e -r -p "Select the desired options using their number (again to uncheck, ENTER when done): " -n2 SELECTION && [[ -n "$SELECTION" ]]; do
        clear
        if [[ "$SELECTION" == *[[:digit:]]* && $SELECTION -ge 0 && $SELECTION -lt ${#options[@]} ]]; then
            if [[ "${choices[SELECTION]}" == "+" ]]; then
                choices[SELECTION]=""
            else
                choices[SELECTION]="+"
            fi
            ERROR=" "
        else
            ERROR="Invalid option: $SELECTION"
        fi
    done
} # end menu_loop

function select_options() {
    menu_loop

    num_selected=0
    for ((i = 0; i < ${#choices[*]}; i++)); do
        if [[ "${choices[i]}" == "+" ]]; then
            (( num_selected++ ))
        fi
    done

    # summarize the options selected (either none or some reboot ones)
    if [[ $num_selected == 0 ]]; then
        echo "No reboot options were selected."
        read -t 10 -n 1 -s -r -p "The default functions will now be applied. Press any key to continue (within 10 seconds)"
    else 
        # set flags for the selected reboot required implementation choices 
        echo "The following options were selected:"
        if [[ "${choices[0]}" == "+" ]]; then
            echo "    ${options[1]}"
            echo "    ${options[2]}"
            echo "    ${options[3]}"
            SELINUX_SELECTED="YES"
            KDUMP_SELECTED="YES"
            KSPLICE_SELECTED="YES"
        else # individual choice of the four options
            if [[ "${choices[1]}" == "+" ]]; then
                echo "    ${options[1]}"
                SELINUX_SELECTED="YES"
            fi
            if [[ "${choices[2]}" == "+" ]]; then
                echo "    ${options[2]}"
                KDUMP_SELECTED="YES"
            fi
            if [[ "${choices[3]}" == "+" ]]; then
                echo "    ${options[3]}"
                KSPLICE_SELECTED="YES"
            fi
        fi
        read -t 10 -n 1 -s -r -p "The chosen options will now be applied. Press any key to continue (within 10 seconds)"
    fi 
    echo ""
} # end select_options

# apply_options will first apply the default functions and then apply the user selected reboot required options
#    Default added functions include systemd services, diagnostic packages and cloud configuration settings
#    User selectable functions (requiring reboot) -- SELinux, Kdump, Ksplice, iSCSI
# If an error occurs in a function, that methods steps will be undone and then 
#    main program will print a message and exit
apply_options() {

    # Apply the default (no user selection) options

    echo "Applying the default functions."
    log "INFO: Applying the default functions."

    # Default options -- enable systemd services auditd, ldconfig, dnf_makecache_timer and oracle_cloud_agent_updater
    enable_auditd
    if [ "$return_val" -ne 0 ]; then
        echo "ERROR: Enabling auditd failed, please check the log file, fix the issue and retry.  Exiting."
        exit 1
    fi
    log "INFO: auditd has been enabled."

    enable_ldconfig
    if [ "$return_val" -ne 0 ]; then
        echo "ERROR: Enabling ldconfig failed, please check the log file, fix the issue and retry.  Exiting."
        exit 2
    fi
    log "INFO: ldconfig has been enabled."

    enable_dnf_makecache_timer
    if [ "$return_val" -ne 0 ]; then
        echo "ERROR: Enabling DNF makecache timer failed, please check the log file, fix the issue and retry.  Exiting."
        exit 3
    fi
    log "INFO: DNF makecache timer has been enabled."

    enable_oracle_cloud_agent_updater
    if [ "$return_val" -ne 0 ]; then
        echo "ERROR: Enabling Oracle cloud agent updater failed, please check the log file, fix the issue and retry.  Exiting."
        exit 4
    fi
    log "INFO: Oracle cloud agent updater has been enabled."

    # Default option -- enable diagnostics PCP / services and additional diagnostic RPMS
    enable_pcp
    if [ "$return_val" -ne 0 ]; then
        echo "ERROR: Enabling Performance Co-Pilot failed, please check the log file, fix the issue and retry.  Exiting."
        exit 5
    fi
    log "INFO: Performance Co-Pilot has been enabled."

    enable_diagnostic_rpms
    if [ "$return_val" -ne 0 ]; then
        echo "ERROR: Enabling diagnostic RPMs failed, please check the log file, fix the issue and retry.  Exiting."
        exit 6
    fi
    log "INFO: Diagnostic RPMs have been enabled."

    # Default option -- cloud configuration options
    enable_cloud_init_modules
    if [ "$return_val" -ne 0 ]; then
        echo "ERROR: Enabling Cloud init modules failed, please check the log file, fix the issue and retry.  Exiting."
        exit 7
    fi
    log "INFO: Cloud init modules have been enabled."

    enable_cloud_config_modules
    if [ "$return_val" -ne 0 ]; then
        echo "ERROR: Enabling Cloud config modules failed, please check the log file, fix the issue and retry.  Exiting."
        exit 8
    fi
    log "INFO: Cloud config modules have been enabled."

    enable_cloud_final_modules
    if [ "$return_val" -ne 0 ]; then
        echo "ERROR: Enabling Cloud final modules failed, please check the log file, fix the issue and retry.  Exiting."
        exit 9
    fi
    log "INFO: Cloud final modules have been enabled."

    # all modifications to 99_oci.cfg have succeeded, remove the backup
    sudo rm /etc/cloud/cloud.cfg.d/99_oci.cfg.bak
    
    echo "Applying the reboot required functions (if any were selected)."
    log "INFO: Applying the reboot required functions (if any were selected)."

    # Apply the user selected reboot required options (if any)
    if [[ $SELINUX_SELECTED == "YES" ]]; then
        enable_selinux
        if [ "$return_val" -ne 0 ]; then
            echo "ERROR: Enabling SELinux failed, please check the log file, fix the issue and retry.  Exiting."
            exit 10
        fi
        if [[ $SELINUX_ENABLED == "YES" ]]; then
            log "INFO: SELinux has been enabled -- will take effect after reboot."
            REBOOT_REQUIRED="YES"
        else
            log "INFO: SELinux is already enabled."
        fi
    fi

    if [[ $KDUMP_SELECTED == "YES" ]]; then
        enable_kdump
        if [ "$return_val" -ne 0 ]; then
            echo "ERROR: Enabling Kdump failed, please check the log file, fix the issue and retry.  Exiting."
            exit 11
        fi
        if [[ $KDUMP_ENABLED == "YES" ]]; then
            log "INFO: Kdump has been enabled -- will take effect after reboot."
            REBOOT_REQUIRED="YES"
        else
            log "INFO: Kdump is already enabled."
        fi
    fi

    if [[ $KSPLICE_SELECTED == "YES" ]]; then
        enable_ksplice
        if [ "$return_val" -ne 0 ]; then
            echo "ERROR: Enabling Ksplice failed, please check the log file, fix the issue and retry.  Exiting."
            exit 12
        fi
        if [[ $KSPLICE_ENABLED == "YES" ]]; then
            log "INFO: Ksplice has been enabled -- will take effect after reboot."
            REBOOT_REQUIRED="YES"
        else
            log "INFO: Ksplice is already enabled."
        fi
    fi

} # end apply_options

enable_auditd() {
    return_val=0
    sudo systemctl enable auditd
    rc=$?
    if [ "$rc" -eq 0 ]; then  
        auditd_enabled=$(systemctl is-enabled auditd) 
        if [ "$auditd_enabled" == "enabled" ]; then
            sudo systemctl start auditd
            rc=$?
            if [ "$rc" -ne 0 ]; then  
                log "ERROR: sudo systemctl start auditd return code == $rc"
                return_val=1
            fi 
        else
            log "ERROR: systemctl is-enabled auditd return code == $auditd_enabled"
            return_val=1
        fi
    else  
        log "ERROR: sudo systemctl enable auditd return code == $rc"
        return_val=1
    fi 

    # if error undo
    [ "$return_val" == 1 ] && [ "$(sudo systemctl disable auditd)" ]
} # end enable_auditd

enable_ldconfig() {
    return_val=0
    sudo systemctl unmask ldconfig.service
    rc=$?
    if [ "$rc" -eq 0 ]; then  
        sudo rm -f /etc/ld.so.cache
        rc=$?
        if [ "$rc" -eq 0 ]; then  
            sudo systemctl restart ldconfig.service
            rc=$?
            if [ "$rc" -ne 0 ]; then  
                log "ERROR: sudo systemctl restart ldconfig.service return code == $rc"
                return_val=1
            fi 
        else
            log "ERROR: sudo rm -f /etc/ld.so.cache return code == $rc"
            return_val=1
        fi
    else  
        log "ERROR: sudo systemctl unmask ldconfig.service return code == $rc"
        return_val=1
    fi 

    # if error undo
    [ "$return_val" == 1 ] && [ "$(sudo systemctl mask ldconfig.service)" ]
} # end enable_ldconfig

enable_dnf_makecache_timer() {
    return_val=0
    sudo systemctl enable dnf-makecache.timer
    rc=$?
    if [ "$rc" -eq 0 ]; then  
        timer_enabled=$(systemctl is-enabled dnf-makecache.timer) 
        if [ "$timer_enabled" == "enabled" ]; then
            sudo systemctl start dnf-makecache.timer
            rc=$?
            if [ "$rc" -ne 0 ]; then  
                log "ERROR: sudo systemctl start dnf-makecache.timer return code == $rc"
                return_val=1
            fi 
        else
            log "ERROR: systemctl is-enabled dnf-makecache.timer return code == $timer_enabled"
            return_val=1
        fi
    else  
        log "ERROR: sudo systemctl enable dnf-makecache.timer return code == $rc"
        return_val=1
    fi 

    # if error undo
    [ "$return_val" == 1 ] && [ "$(sudo systemctl disable dnf-makecache.timer)" ]
} # end enable_dnf_makecache_timer 

enable_oracle_cloud_agent_updater() {
    return_val=0
    sudo systemctl enable oracle-cloud-agent-updater
    rc=$?
    if [ "$rc" -eq 0 ]; then  
        updater_enabled=$(systemctl is-enabled oracle-cloud-agent-updater) 
        if [ "$updater_enabled" == "enabled" ]; then
            sudo systemctl start oracle-cloud-agent-updater
            rc=$?
            if [ "$rc" -ne 0 ]; then  
                log "ERROR: sudo systemctl start oracle-cloud-agent-updater return code == $rc"
                return_val=1
            fi 
        else
            log "ERROR: systemctl is-enabled oracle-cloud-agent-updater return code == $updater_enabled"
            return_val=1
        fi
    else  
        log "ERROR: sudo systemctl enable oracle-cloud-agent-updater return code == $rc"
        return_val=1
    fi 

    # if error undo
    [ "$return_val" == 1 ] && [ "$(sudo systemctl disable oracle-cloud-agent-updater)" ]
} # end enable_oracle_cloud_agent_updater

enable_cloud_init_modules() {
    # save the config file in case a problem occurs
    sudo cp /etc/cloud/cloud.cfg.d/99_oci.cfg /etc/cloud/cloud.cfg.d/99_oci.cfg.bak

    # certain lines in /etc/cloud/cloud.cfg.d/99_oci.cfg are uncommented
    sudo sed -i "s/^# - bootcmd/ - bootcmd/g" /etc/cloud/cloud.cfg.d/99_oci.cfg
    return_val=$?
} # end enable_cloud_init_modules 
 
enable_cloud_config_modules() {
    # certain lines in /etc/cloud/cloud.cfg.d/99_oci.cfg are uncommented
    sudo sed -i "s/^# - mounts/ - mounts/g" /etc/cloud/cloud.cfg.d/99_oci.cfg
    sudo sed -i "s/^# - yum-add-repo/ - yum-add-repo/g" /etc/cloud/cloud.cfg.d/99_oci.cfg
    sudo sed -i "s/^# - package-update-upgrade-install/ - package-update-upgrade-install/g" /etc/cloud/cloud.cfg.d/99_oci.cfg
    sudo sed -i "s/^# - timezone/ - timezone/g" /etc/cloud/cloud.cfg.d/99_oci.cfg
    sudo sed -i "s/^# - puppet/ - puppet/g" /etc/cloud/cloud.cfg.d/99_oci.cfg
    sudo sed -i "s/^# - chef/ - chef/g" /etc/cloud/cloud.cfg.d/99_oci.cfg
    sudo sed -i "s/^# - runcmd/ - runcmd/g" /etc/cloud/cloud.cfg.d/99_oci.cfg

    # enable the cloud-config service (no reboot required)
    return_val=0
    sudo systemctl unmask cloud-config.service
    rc=$?
    if [ "$rc" -eq 0 ]; then  
        sudo systemctl restart cloud-config.service
        rc=$?
        if [ "$rc" -ne 0 ]; then  
            log "ERROR: sudo systemctl restart cloud-config.service return code == $rc"
            return_val=1
        fi 
    else  
        log "ERROR: sudo systemctl unmask cloud-config.service return code == $rc"
        return_val=1
    fi 

    # if error undo
    if [ "$return_val" == 1 ]; then
        sudo systemctl mask cloud-config.service
        sudo cp /etc/cloud/cloud.cfg.d/99_oci.cfg.bak /etc/cloud/cloud.cfg.d/99_oci.cfg
    fi
} # end enable_cloud_config_modules 

enable_cloud_final_modules() {
    # certain lines in /etc/cloud/cloud.cfg.d/99_oci.cfg are uncommented
    sudo sed -i "s/^# - scripts-per-once/ - scripts-per-once/g" /etc/cloud/cloud.cfg.d/99_oci.cfg
    sudo sed -i "s/^# - scripts-user/ - scripts-user/g" /etc/cloud/cloud.cfg.d/99_oci.cfg
    return_val=$?
} # end enable_cloud_final_modules 

enable_pcp() {
    sudo yum -y install pcp-oracle-conf
    rc=$?
    if [ "$rc" -ne 0 ]; then
        log "ERROR: sudo yum -y install pcp-oracle-conf return code == $rc"
        return_val=1
        return
    fi

    # Sustaining requests that the PCP logs should go to /var/oled/pcp, not default /var/log
    sudo mkdir -p /var/oled/pcp
    sudo sed -i '/^#/!s,/var/log,/var/oled,g' /etc/pcp.conf
    # Need to define the correct SELinux context for /var/oled/pcp
    #   and add workaround to resolve permission issue seen with PCP
    sudo mkdir -p /var/oled/pcp/pmcd
    sudo chmod 775 /var/oled/pcp/pmcd
    sudo mkdir -p /var/oled/pcp/pmie
    sudo mkdir -p /var/oled/pcp/pmlogger
    sudo chown -R pcp:pcp /var/oled/pcp
    sudo semanage fcontext -a -t pcp_log_t "/var/oled/pcp(/.*)?"
    sudo restorecon -R -v /var/oled/pcp/

    # Install of pcp-oracle-conf should enable and start the following services: pmie, pmcd and pmlogger
    # Check to be sure that each are active
    return_val=0
    pmie_active=$(systemctl is-active pmie) 
    if [ ! "$pmie_active" == "active" ]; then
        log "ERROR: systemctl is-active pmie return code == $pmie_active"
        return_val=1
    fi

    pmcd_active=$(systemctl is-active pmcd) 
    if [ ! "$pmcd_active" == "active" ]; then
        log "ERROR: systemctl is-active pmcd return code == $pmcd_active"
        return_val=1
    fi

    pmlogger_active=$(systemctl is-active pmlogger) 
    if [ ! "$pmlogger_active" == "active" ]; then
        log "ERROR: systemctl is-active pmlogger return code == $pmlogger_active"
        return_val=1
    fi

    # if error remove package pcp which will delete the services
    [ "$return_val" == 1 ] && [ "$(sudo yum -y remove pcp-oracle-conf)" ]
} # end enable_pcp

enable_diagnostic_rpms() {
    # Install the set of diagnostic packages 
    sudo yum -y install systemtap dtrace ltrace bcc kernel-uek-devel trace-cmd perf iperf3
    rc=$?
    if [ "$rc" -ne 0 ]; then
        log "ERROR: sudo yum -y install systemtap dtrace ltrace bcc kernel-uek-devel trace-cmd perf iperf3 return code == $rc"
        return_val=1
    else 
        return_val=0
    fi
} # end enable_diagnostic_rpms

enable_selinux() {
    # first check to see if SELinux is enabled and set to Enforcing mode
    [ ! "$(getenforce)" == "Enforcing" ] || return

    sudo grubby --update-kernel ALL --remove-args selinux
    SELINUX_ENABLED="YES"
    return_val=0
} # end enable_selinux 

enable_kdump() {
    # first check to see if Kdump has been enabled in the command line
    grep -q crash_kexec_post_notifiers /proc/cmdline
    rc1=$?
    grep -q crashkernel /proc/cmdline
    rc2=$?
    if [[ "$rc1" -ne 0  ||  "$rc2" -ne 0 ]]; then
        # Kdump is not enabled in the command line, so add it 
        sudo grubby --update-kernel ALL --args crash_kexec_post_notifiers
        sudo grubby --update-kernel ALL --args "crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M"
        KDUMP_ENABLED="YES"
    fi 

    # Kdump is now enabled in the command line, now ensure the service is enabled
    return_val=0
    kdump_service_enabled=$(systemctl is-enabled kdump) 
    if [ ! "$kdump_service_enabled" == "enabled" ]; then
        sudo systemctl enable kdump
        rc=$?
        if [ "$rc" -ne 0 ]; then
            log "ERROR: sudo systemctl enable kdump return code == $rc"
            return_val=1
        fi
    fi 
} # end enable_kdump 
 
enable_ksplice() {
    # first check to see if Ksplice is already running -- if so, do nothing
    [[ ! "$(rpm -q ksplice)" == "ksplice-"* ]] || return

    # Ksplice is not already running -- so install the RPMs 
    KSPLICE_ENABLED="YES"

    sudo yum -y install ksplice-release-el9
    rc=$?
    if [ "$rc" -ne 0 ]; then
        log "ERROR: sudo yum -y install ksplice-release-el9 return code == $rc"
        return_val=1
        return
    fi

    sudo yum -y install ksplice   
    rc=$?
    if [ "$rc" -ne 0 ]; then
        log "ERROR: sudo yum -y install ksplice return code == $rc"
        return_val=1
        sudo yum -y remove ksplice-release-el9
        return
    fi

    # Add the "access key" to /etc/uptrack/uptrack.conf 
    # re-installing oci-linux-config rpm will initialize the key
    sudo yum -y reinstall oci-linux-config
    rc=$?
    if [ "$rc" -ne 0 ]; then
        log "ERROR: sudo yum -y reinstall oci-linux-config return code == $rc"
        return_val=1
        sudo yum -y remove ksplice
        sudo yum -y remove ksplice-release-el9
        return
    fi

    # a reboot will result in Ksplice running and then exiting, so do not need to 
    # explicitly enable the services (which can't be done manually due to flag setting)
    #    sudo systemctl enable uptrack
    #    sudo systemctl enable uptrack-prefetch
    return_val=0
} # end enable_ksplice 

# MAIN 

# check for -h or --help user command line options and print usage
while [ "$#" -gt 0 ]; do
    case "$1" in
    -h | --help)
        usage
        exit 0
        ;;
    -* | *)
        echo "unknown option: $1" >&2;
        usage;
        exit 99
        ;;
    esac
done

# use the bash logger facility to log information and error messages
log "INFO: oci-image-expand START $(date):"

# this script is only valid for OL9 instances and above
os_version=0
if [ -f /etc/os-release ]; then
    os_string=$(grep -w VERSION /etc/os-release | awk -F "\"" '{print $2}')
    log "INFO: Obtained $os_string from /etc/os-release" 
    echo "INFO: Obtained OS version string $os_string from /etc/os-release" 
    if [[ "$os_string" == "9."* || "$os_string" == "9"* ]]; then
        os_version=9
    elif [[ "$os_string" == "8."* || "$os_string" == "8"* ]]; then
        os_version=8
    elif [[ "$os_string" == "7."* || "$os_string" == "7"* ]]; then
        os_version=7
    elif [[ "$os_string" == "6."* ]]; then
        os_version=6
    fi
fi

if [ $os_version == 0 ]; then
    log "INFO: Getting OS version via uname -mrs"
    kernel_version=$(uname -mrs)
    if [[ "$kernel_version" == *"el9"* ]]; then
        os_version=9
    elif [[ "$kernel_version" == *"el8"* ]]; then
        os_version=8
    elif [[ "$kernel_version" == *"el7"* ]]; then
        os_version=7
    elif [[ "$kernel_version" == *"el6"* ]]; then
        os_version=6
    fi
fi

if [ $os_version == 0 ]; then
    log "ERROR: Could not obtain valid OS version. Exiting."
    echo "ERROR: Could not obtain valid OS version. Exiting."
    exit 20
fi

if [[ "$os_version" -lt 9 ]]; then 
   log "ERROR: This script is only valid on instances running OL9, current version is $os_version"
   echo "ERROR: This script is only valid on instances running OL9, current version is $os_version"
   exit 21
fi

# at present, there is only an OL9 minimal image for x86_64 shapes
# so, we check for ARM shapes -- aarch64 -- and print warning and exit if so
processor_type=$(uname -p)
log "INFO: Obtained processor type $processor_type using uname -p output." 
echo "INFO: Obtained processor type $processor_type using uname -p output." 
if [ "$processor_type" == "aarch64" ]; then
   log "ERROR: This script is only valid on x86_64 architectures, not on $processor_type, exiting."
   echo "ERROR: This script is only valid on x86_64 architectures, not on $processor_type, exiting."
   exit 22
fi

# this script is only valid for OL9 minimal images, so check for that
# under dnf installed groups label "Installed Environment Groups:" 
#    will be "Minimal Install" (perhaps with some leading spaces)
log "INFO: Checking to see if this is an OL Minimal image instance."
echo "INFO: Checking to see if this is an OL Minimal image instance."
min_image_str=$(dnf group list --installed | grep "Minimal Install" | sed -e 's/^[[:space:]]*//')
if [ ! "$min_image_str" == "Minimal Install" ]; then
   log "ERROR: This script is only valid on OL9 minimal images, exiting."
   echo "ERROR: This script is only valid on OL9 minimal images, exiting."
   exit 23
fi

# this script requires sudo privileges for calls to systemctl, yum, etc.
# so check to see if those privileges exist for this user, else exit
log "INFO: Checking to see if the current user has sudo privileges."
echo "INFO: Checking to see if the current user has sudo privileges."
sudo -n true
rc=$?
if [ "$rc" -ne 0 ]; then
   log "ERROR: This script requires the user to have sudo privileges, exiting."
   echo "ERROR: This script requires the user to have sudo privileges, exiting."
   exit 24
fi

select_options 

apply_options 

# if at least one rebootable option was selected, offer a choice of when to reboot
printf "\n oci-image-expand: All selected options have now been applied.\n\n"
if [[ $REBOOT_REQUIRED == "YES" ]]; then
    printf "A reboot is required to enable and activate all restored services\n"
    while true; do
    
        read -r -p "Do you wish to reboot now? (y/n) " yn
    
        case $yn in
            [yY] ) echo "Proceeding to reboot ..."
                   log "INFO: oci-image-expand END rebooting now $(date):"
                   break;;
            [nN] ) echo "Exiting ... please reboot the system to restore full functionality.;"
                   log "INFO: oci-image-expand END reboot required to restore full functionality $(date):"
                   exit 0;;
            * ) echo invalid response;;
        esac

    done
    # as reboot quickly disables rsyslogd, add a short sleep for log message to be committed
    sleep 5
    sudo reboot
else
    log "INFO: oci-image-expand END $(date):"
    echo "oci-image-expand execution complete -- reboot not needed at this time."
    exit 0
fi

# end MAIN
