#建议保存编码为：bom头 + utf8

param
(
	[Alias("force_change_pwd")][Switch]$忽略时间戳_强制更新密码,

	[Alias("Write_Log")][Switch]$写入log
)

if ($env:LANG -eq 'zh_CN.UTF-8')
{
	Write-Warning '信息：脚本依赖主控机上的nodelist.csv，每台linux被控机上的"chpasswd"。验证密码依赖win主控机上的winscp模块。依赖linux主控机上的sshpass'
}
else
{
	Write-Warning 'inof: Script depends on nodelist.csv on master,depends on "chpasswd" on each linux node.verification password depends on the "winscp module" on the win master. Depends on "sshpass" on the linux master'
}

if ( ($IsWindows -eq $True) -or ($PSVersionTable.psversion.major -lt 6) ) #win
{
	& 'c:\ProgramData\kasini3000\0k_source.ps1'
}

if ($IsLinux -eq $True)
{
	& '/etc/kasini3000/0k_source.ps1'
}

if ($IsLinux -eq $True)
{
	& '/etc/kasini3000/0k_source.ps1'
}

if ($IsLinux -eq $True)
{
	[string]$temp2 = /usr/bin/which sshpass
	if ( $temp2.contains('no sshpass') -or ($temp2 -eq '') )
	{
		Write-Error '此linux主控机上没有 sshpass程序'
		exit 988
	}
}

& 'zd只读nodelist文件.ps1'

foreach ($private:temp1 in $global:所有被控机)
{
	if (& 'tcp--ping-v5.ps1' ${private:temp1}.ip ${private:temp1}.端口 -Quiet)
	{
	}
	else
	{
		if ($env:LANG -eq 'zh_CN.UTF-8')
		{
			Write-Error ("错误：被控机【{0}】端口不通。" -f $private:temp1.ip )
		}
		else
		{
			Write-Error ("Error:Node port closed: {0} " -f $private:temp1.ip )
		}

		if ($写入log -eq $True)
		{
			if ($env:LANG -eq 'zh_CN.UTF-8')
			{
				& 'k_写log.ps1' -被写入的log内容 ("错误：被控机【{0}】端口不通。" -f $private:temp1.ip )
			}
			else
			{
				& 'k_写log.ps1' -被写入的log内容 ("Error:Node port closed: {0} " -f $private:temp1.ip )
			}
		}
		continue
	}

	[System.Net.IPAddress]$ip2 = 0
	if (-not ( [System.Net.IPAddress]::TryParse($private:temp1.ip,[ref]$ip2) ) )
	{
		Write-Error ("错误：nodelist文件中找到这个ip地址：【{0}】但ip不合法，跳过此被控机" -f ${private:temp1}.ip)

		if ($写入log -eq $True)
		{
			if ($env:LANG -eq 'zh_CN.UTF-8')
			{
				& 'k_写log.ps1' -被写入的log内容 ("错误：nodelist文件中找到这个ip地址：【{0}】但ip不合法，跳过此被控机" -f ${private:temp1}.ip)
			}
			else
			{
				& 'k_写log.ps1' -被写入的log内容 ("Error: The ip address found in the nodelist file: {0} but the ip is illegal, skip this node" -f ${private:temp1}.ip)
			}
		}
		continue
	}

	& 'zd只读nodelist文件.ps1'
	$当前被控机 = $global:所有被控机 | Where-Object { $_.ip -eq ${private:temp1}.ip }
	if ($当前被控机.ip -ne ${private:temp1}.ip)
	{
		Write-Error "错误：当前被控机ip获取失败: ${当前被控机}"
		if ($写入log -eq $True)
		{
			if ($env:LANG -eq 'zh_CN.UTF-8')
			{
				& 'k_写log.ps1' -被写入的log内容 "错误：当前被控机ip获取失败: ${当前被控机}"
			}
			else
			{
				& 'k_写log.ps1' -被写入的log内容 "Error: Failed to obtain the node ip: ${当前被控机}"
			}
		}
		continue
	}

	$win = 'win7','win8','win10','win11','win2008r2','win2012r2','win2016','win2019','win2022'

	if ( ($private:temp1.被控机os类型 -eq $null) -or ($private:temp1.被控机os类型 -eq '') )
	{
		& 'sx1刷新单个被控机对象的_os类型属性.ps1' -被控机ip地址 ${private:temp1}.ip
	}

	if ( $private:temp1.被控机os类型 -in $win)
	{
		Write-Warning ("警告：此被控机：【{0}】不是linux操作系统，跳过此被控机" -f ${private:temp1}.ip)

		if ($写入log -eq $True)
		{
			if ($env:LANG -eq 'zh_CN.UTF-8')
			{
				& 'k_写log.ps1' -被写入的log内容 ("警告：此被控机：【{0}】不是linux操作系统，跳过此被控机" -f ${private:temp1}.ip)
			}
			else
			{
				& 'k_写log.ps1' -被写入的log内容 ("Warning: This node: {0} is not a linux os, skip this node" -f ${private:temp1}.ip)
			}
		}
		continue
	}

	if ($忽略时间戳_强制更新密码 -eq $true)
	{
	}
	else
	{
		if ($private:temp1.密码写入节点时间戳 -ne '')
		{
			$最早改密码时间 = Get-Date $private:temp1.密码写入节点时间戳
			if ( (Get-Date) -lt $最早改密码时间)
			{
				Write-Warning ("警告：此被控机【{0}】，时间戳【{1}】，未到改密周期，跳过此被控机!" -f ${private:temp1}.ip,$最早改密码时间 )
				if ($写入log -eq $True)
				{
					if ($env:LANG -eq 'zh_CN.UTF-8')
					{
						& 'k_写log.ps1' -被写入的log内容 ("警告：此被控机【{0}】，时间戳【{1}】，未到改密周期，跳过此被控机!" -f ${private:temp1}.ip,$最早改密码时间 )
					}
					else
					{
						& 'k_写log.ps1' -被写入的log内容 ("Warning: This node {0}, timestamp {1}, has not reached the password change period, skip this node" -f ${private:temp1}.ip)
					}
				}
				continue
			}
		}
	}

	#改密码
	if ( ($IsWindows -eq $True) -or ($PSVersionTable.psversion.major -lt 6) ) #win
	{
		Write-Verbose ("使用当前密码，在被控机【{0}】上w2l改密码开始" -f ${private:temp1}.ip )
		[string]$private:cmd1 = " 'root:{0}' | chpasswd " -f $private:temp1.旧密码
		$private:cmd2 = [scriptblock]::Create($private:cmd1)
		& "${PSScriptRoot}/run_win2linux_key_pwd.ps1" -目的ip地址 ${private:temp1}.ip -端口 ${private:temp1}.端口 -powershell代码块 $private:cmd2
		Start-Sleep -Seconds 2


		#验证
		Write-Verbose '使用旧密码，验证开始'
		[byte]$private:temp日期 = & "${PSScriptRoot}/k_run_ip_port_winscp2bash_user_pwd.ps1" -目的ip地址 ${private:temp1}.ip -端口 ${private:temp1}.端口 -用户名 'root' -密码 $private:temp1.旧密码 -单行shell命令 'date +%d'
		if ($private:temp日期 -eq (Get-Date).day)
		{
			#密码对调
			$private:temp993 = $private:temp1.当前密码
			$private:temp1.当前密码 = $private:temp1.旧密码
			$private:temp1.旧密码 = $private:temp993

			#写入时间戳
			$private:temp1.密码写入节点时间戳 = Get-Date ((Get-Date) + $global:被控机密码_变更周期) -Format 'F'

			if ($env:LANG -eq 'zh_CN.UTF-8')
			{
				Write-Host -ForegroundColor green ("信息：被控机【{0}】密码修改成功。" -f $private:temp1.ip )
			}
			else
			{
				Write-Host -ForegroundColor green ("info：Node password is successfully modified: {0} " -f $private:temp1.ip )
			}

			if ($写入log -eq $True)
			{
				if ($env:LANG -eq 'zh_CN.UTF-8')
				{
					& 'k_写log.ps1' -被写入的log内容 ("信息：被控机【{0}】密码修改成功。" -f $private:temp1.ip )
				}
				else
				{
					& 'k_写log.ps1' -被写入的log内容 ("info：Node password is successfully modified: {0} " -f $private:temp1.ip )
				}
			}
		}
		else
		{
			if ($env:LANG -eq 'zh_CN.UTF-8')
			{
				Write-Error ("错误：使用旧密码，验证失败。密码修改失败！被控机：{0}" -f $private:temp1.ip )
			}
			else
			{
				Write-Error ("error：Using the old password, verification failed. Password modification failed! node:{0} " -f $private:temp1.ip )
			}

			if ($env:LANG -eq 'zh_CN.UTF-8')
			{
				& 'k_写log.ps1' -被写入的log内容 ("错误：使用旧密码，验证失败。密码修改失败！被控机：{0}" -f ${private:temp1}.ip )
			}
			else
			{
				& 'k_写log.ps1' -被写入的log内容 ("error：Using the old password, verification failed. Password modification failed! node:{0} " -f ${private:temp1}.ip )
			}
		}
	}

	if ($IsLinux -eq $True)
	{
		Write-Verbose ("使用当前密码，在被控机【{0}】上l2l改密码开始" -f ${private:temp1}.ip )
		[string]$private:cmd1 = " 'root:{0}' | chpasswd " -f $private:temp1.旧密码
		$private:cmd2 = [scriptblock]::Create($private:cmd1)
		& "${PSScriptRoot}/run_linux2linux_key_pwd.ps1" -目的ip地址 ${private:temp1}.ip -端口 ${private:temp1}.端口 -powershell代码块 $private:cmd2
		Start-Sleep -Seconds 2


		#验证
		Write-Verbose '使用旧密码，验证开始'
		$private:ssh命令 = @"
sshpass -p '{0}' ssh -o StrictHostKeyChecking=no root@{1} "date +%d"
"@ -f $private:temp1.旧密码,${private:temp1}.ip
		Write-Verbose $private:ssh命令

		[byte]$private:temp日期 = $private:ssh命令 | /usr/bin/bash
		if (Test-Path -LiteralPath '/bin/ash') # 改善alpine-linux主控机兼容性
		{
			[byte]$private:temp日期 = $private:ssh命令 | /bin/ash
		}

		if ($private:temp日期 -eq (Get-Date).day)
		{
			#密码对调
			$private:temp993 = $private:temp1.当前密码
			$private:temp1.当前密码 = $private:temp1.旧密码
			$private:temp1.旧密码 = $private:temp993

			#写入时间戳
			$private:temp1.密码写入节点时间戳 = Get-Date ((Get-Date) + $global:被控机密码_变更周期) -Format 'F'

			if ($env:LANG -eq 'zh_CN.UTF-8')
			{
				Write-Host -ForegroundColor green ("信息：被控机【{0}】密码修改成功。" -f $private:temp1.ip )
			}
			else
			{
				Write-Host -ForegroundColor green ("info：Node password is successfully modified: {0} " -f $private:temp1.ip )
			}

			if ($写入log -eq $True)
			{
				if ($env:LANG -eq 'zh_CN.UTF-8')
				{
					& 'k_写log.ps1' -被写入的log内容 ("信息：被控机【{0}】密码修改成功。" -f $private:temp1.ip )
				}
				else
				{
					& 'k_写log.ps1' -被写入的log内容 ("info：Node password is successfully modified: {0} " -f $private:temp1.ip )
				}
			}
		}
		else
		{
			if ($env:LANG -eq 'zh_CN.UTF-8')
			{
				Write-Error ("错误：使用旧密码，验证失败。密码修改失败！被控机：{0} " -f $private:temp1.ip )
			}
			else
			{
				Write-Error ("error：Using the old password, verification failed. Password modification failed! node:{0} " -f $private:temp1.ip )
			}

			if ($env:LANG -eq 'zh_CN.UTF-8')
			{
				& 'k_写log.ps1' -被写入的log内容 ("使用旧密码，验证失败。密码修改失败！被控机：{0}" -f ${private:temp1}.ip )
			}
			else
			{
				& 'k_写log.ps1' -被写入的log内容 ("Using the old password, verification failed. Password modification failed! node:{0} " -f ${private:temp1}.ip )
			}
		}
	}
}

& 'zl整理写入nodelist文件.ps1'

exit 0