yakko

#!/bin/bash
#set -x; export  PS4='Line ${LINENO}: '

YAKKOVERSION=8.1
YAKKODATE=20241221.1459

###########################################################################
# YAKKO - Yet another KVM Konfigurator for OpenShift
# AUTHOR: Daniel Cifuentes
# ------------------------------------------------------------------------ 
# A COVID Pandemic Confinement project - Circa 09/2020 
# ------------------------------------------------------------------------ 
# Inspirational Documentation for this:
# https://github.com/eitchugo/openshift-libvirt/blob/master/OpenShift_4_libvirt_install_1_master.md
###########################################################################

############ OPENSHIFT 4.16 SIZING ########################################
#
# PLATFORM AGNOSTIC:
# https://docs.openshift.com/container-platform/4.16/installing/installing_platform_agnostic/installing-platform-agnostic.html
#
# SNO:
# https://docs.openshift.com/container-platform/4.16/installing/installing_sno/install-sno-preparing-to-install-sno.html
#
# AGENT BASED INSTALLER:
# https://docs.openshift.com/container-platform/4.16/installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.html
# 
##########################################################################

# TESTED PLATFORMS FOR THIS VERSION OF YAKKO - this will be checked always on install
TESTEDPLATFORMS="rhel 9.4, fedora 40"

#########################################################################
## START: USER CONFIGURABLE PARAMETERS - you can also change through the use of a template
## (do not change this heading!)
#########################################################################

# RAM Sizing
SINGLEMASTERRAMSIZE=32000  # See recommendation links above
THREEMASTERRAMSIZE=16000   # See recommendation links above
DEFAULTWORKERRAMSIZE=8000  # Recommended 8GB
WORKERRAMSIZE=8000         # Recommended 8GB
MINWORKERRAMSIZE=8000      # This boundary has been changing as OCP revs up!
BOOTSTRAPNODERAMSIZE=16000 # See recommendation links above - RAM size of the bootstrap has changed over time...
MAXMEMBALOONSIZE=2000      # We provide a little room for growth. No one wants to swap!

# CPU Sizing
MASTERNODECOUNT=3          # Default clusters by YAKKO are built as 3x0
MASTERVCPUS=4              # Recommended 4, though with SNO/single master it is better to have 8
WORKERVCPUS=2              # Recommended 2
RECOMMENDEDCORECOUNT=8     # This is for the YAKKO host to work well. Less than this? try harder when installing.
BOOTSTRAPNODEVCPUS=4       # See recommendation links above - CPU count of the bootstrap has changed over time...
MAXNODEVCPUS=8             # Max number of allowable CPUs for a worker node

# Disk Sizing
MASTERDISKSIZE=120         # Disk image size for master, GB  # OCP 4.15 needs 120GB for Agent Based Install
WORKERDISKSIZE=120         # Disk image size for worker, GB

#Node Sizing
MAXWORKERNODES=5           # Max number of worker nodes allowed at cluster BUILD time, after that, no limit 

# Other parameters - these are configured by YAKKO, but here you go
USEYAKKODNSMASQ=Y          # Choose to use your own name servers only or have YAKKO also setup a complimentary DNS service
WEBSERVERPORT=8086         # This is the webserver that YAKKO uses for provisioning and for further info
HAPROXYACCESS=0            # We default OPEN access through the proxy, subject to change later
PROXYADDRESS=1             # So that the overall "proxy" to the cluster is BASENETWORK.PROXY e.g. 192.168.140.1
VNCPORT=5920               # We'll leave the firt few ports open for traditional VNC uses
SDNTYPE=OVNKubernetes      # Just in case... it can also be: OpenShiftSDN
AGENTBASEDINSTALLER=""     # It's a question now. YAKKO 7.0++
SNAPCLUSTERONINSTALL=N     # 8.0 - we can snap a cluster, offer the option on fresh install
OCPINSTLOGLEVEL=info       # OCP installer log level 
REDUCEPROMETHEUS=N         # Prometheus pod RAM can be reduced, which makes sense, change to Y if not desired. 
COREMACADDRESS=52:54:00:4a # This is the MAC address prefix for all node VM MACs
## The BASEMACADDRESS is missing the last two entries/hexes. The second to last is calculated on
## the last number of the BASEMACNETWORK, in case two clusters run on the same box, to prevent 
## virtual network confusion, even if perhaps... it may work without conflict. Original code had
## this number as 52:54:00:4a:66 but now the last hex number will be the 3 network digit i.e. 140 which is "8c"

# File and directory variables used throughout
OCPVMDIR=/var/lib/libvirt/images         # This is where node VMs will reside
CLUSTERDOMAIN=localdomain                # The default domain name if no other is offered
LOGINCOMMANDFILE=cluster-login           # Yakko leaves a login file behind when done!
CLUSTERNOTES=cluster-notes               # Where YAKKO keeps your notes about the cluster
CLUSTERPOSTINSTALL=cluster-post-install  # The default file to run for post-install tasks
OCPSETUPENV=ocp-setup-env                # Default commands to setup your KUEBCONFIG and oc binary

#########################################################################
## END: USER CONFIGURABLE PARAMETERS
## (do not change this heading!)
#########################################################################


#### DO NOT CHANGE FROM HEREON
YAKKONAME=YAKKO        # In case we want to change the name?
YAKKOSCRIPTNAME=yakko  # In case we want to change the script name??

# HOST DETAILS
YAKKOHOSTOSNAME=$(cat /etc/os-release | grep '^ID=' | cut -f2 -d= | tr -d "\"")
YAKKOHOSTOSRELEASE=$(cat /etc/os-release | grep '^VERSION_ID=' | cut -f2 -d= | tr -d "\"")
YAKKOHOSTPLATFORM="$YAKKOHOSTOSNAME $YAKKOHOSTOSRELEASE"

# WGET setup (one day - curl!)
[ ${YAKKOHOSTOSNAME} == "rhel" ] && WGET="wget" 
[ ${YAKKOHOSTOSNAME} == "fedora" ] && WGET="wget2" 

# Cluster build progression variables - DO NOT CHANGE
REQUIREDPACKAGES="libvirt virt-install qemu-kvm virt-top haproxy lsof httpd firewalld bind-utils net-tools ${WGET}"
YAKKOSTAGE=0
STAGEPROGRESS=0
YAKKOBUILDTEMPLATETYPE=0  # 0 means "ask questions, don't use a template file"
AUTOSETUP=N # Y is Auto, N is manual
DELETECLUSTERMODE=1  # This goes to 0 when we delete the entire cluster with deletecluster
DELETECLUSTERFORCE=1
YAKKOADMIN=kubeadmin # once deleted this is stored as "" in CLUSTERCONFIGFILE
PAUSEFORCONFIGEDIT=1
SPINNERPID=0
CSRAPPROVALPID=0
ADDNODETIMEOUT=900   # TIMER: If I cannot add a node within timeout (this multiplied by number of nodes)
YAKKOTEXTCOLOUR=brightblue  # Look and feel :)

# YAKKO parameter options
YAKKOINFRAOPTIONS=" startcluster / stopcluster / snaptake / snaprestore / addnode / deletenode / nodelogs / sshtonode / changeaccess / updateservices / listresources / listclusters / purgedownloads / resizeram / describehw / nfsshare / installcomplete / deletecluster "
YAKKOCLUSTEROPTIONS=" htpasswd / useradd / userdelete / mastersched / nodelabel / localregistry / nfsregistry / nfsmap / ingresscert / approvecsrs / emergency / yakkotest "

# Temporary files
HTPASSWDFILE=/tmp/ocp-htpasswd.$$
DHCPXMLTMPFILE=/tmp/yakkodhcpxmlline.$$.tmp
OCPWGETTMP=/tmp/ocpsetupwget.$$.tmp
YAKKOTALLY=/.yakkobuildtally

# Default Download links
# Get the OCP installer specifically for x86_64. One day this may be useful for IBM ... Power ;)
OCPPLATFORM=x86_64
OCPROOT=https://mirror.openshift.com/pub/openshift-v4/$OCPPLATFORM

# Decorations
SEPARATIONLINE="__________________________________________________________________________"

# Some useful constants
NUMBERRE='^[0-9]+$' # Number - regular expression

################ A FEW INITIALISATION FUNCTIONS ################################################

print-yakko-nocluster-menu() {
	echo "    yakko  (no params) -------------------------> build new cluster - just answer questions"
	echo "    yakko rebuildcluster -----------------------> recreate the last cluster built"
	echo "    yakko buildclusterfromtemplate <file/URL> --> build new cluster from file or URL"
	echo "    yakko buildclusterfromdefaults <#M> <#W> ---> build with all defaults, specifing only"
	echo "                                                  # of masters and # of workers" 
}

populate-cluster-config-file() {
	# CLUSTERCONFIGFILE CREATION
	# Populate the config file with some references for future calls

	# this is an emergency break, has happened!
	[ -z "${CLUSTERNAME}" ] && check-for-error-and-exit 0 "Cluster name is blank - saving cluster config file"

	{
		echo "CLUSTERNAME=${CLUSTERNAME}" 
		echo "CLUSTERDOMAIN=${CLUSTERDOMAIN}"
		echo "CLUSTERFQDN=${CLUSTERFQDN}"
		echo "CLUSTERWEBURL=${CLUSTERWEBURL}"
		echo "CLUSTERAPIURL=${CLUSTERAPIURL}"
		echo "YAKKOSTAGE=0"
		echo "CLUSTERSETUPDIR=${CLUSTERSETUPDIR}" 
		echo "NETWORKNAME=${NETWORKNAME}" 
		echo "OCPVERSION=${OCPVERSION}"
		echo "OCPDOWNLOADCLIENT=${OCPDOWNLOADCLIENT}"
		echo "OCPINSTALLVERSION=${OCPVERSION}" 
		echo "OCPINSTALLMINORVERSION=${OCPINSTALLMINORVERSION}"
		echo "OCPDOWNLOADIMAGES=${OCPDOWNLOADIMAGES}"
		echo "OCPVMDISKDIR=${OCPVMDISKDIR}"
		echo "OCPINSTALLSOURCE=$OCPINSTALLSOURCE" 
		echo "NETWORKXML=$CLUSTERSETUPDIR/${NETWORKNAME}.xml"
		echo "NETWORKADDRESSSLOT=20"
		echo "NODECOUNT=0"
		echo "OCPSSHKEY=${OCPSSHKEY}"
		echo "BUILTWITHYAKKOVERSION=${YAKKOVERSION}"
		echo "NOTICEYAKKOVERSION=${YAKKOVERSION}"
		echo "YAKKOHOSTIP=${YAKKOHOSTIP}"
		echo "VNCPORT=${VNCPORT}"
		echo "HAPROXYACCESS=${HAPROXYACCESS}"
		echo "SYSTEMSTUBFILE_DNSMASQ=${SYSTEMSTUBFILE_DNSMASQ}"
		echo "SYSTEMSTUBFILE_NETWORKMANAGER=${SYSTEMSTUBFILE_NETWORKMANAGER}"
		echo "SYSTEMSTUBFILE_RESOLVED=${SYSTEMSTUBFILE_RESOLVED}"
		echo "SYSTEMSTUBFILE_HAPROXY=${SYSTEMSTUBFILE_HAPROXY}"
		echo "SYSTEMSTUBFILE_HTTPD=${SYSTEMSTUBFILE_HTTPD}"
		echo "STUBFILES=${STUBFILES}"
		echo "SELINUXSTATE=${SELINUXSTATE}"
		echo "OCPINSTLOGLEVEL=${OCPINSTLOGLEVEL}"
		echo "REDUCEPROMETHEUES=${REDUCEPROMETHEUS}"
		echo "WEBSERVERPORT=${WEBSERVERPORT}"
		echo "LOGINFILEHASPASSWORD=0"  
		echo "AGENTBASEDINSTALLER=$AGENTBASEDINSTALLER"  

		# These exist in lastclusterconfig too, but resizing will change it here only
		echo "MASTERNODECOUNT=${MASTERNODECOUNT}"
		echo "WORKERNODECOUNT=${WORKERNODECOUNT}"
		echo "MASTERRAMSIZE=${MASTERRAMSIZE}"
		echo "WORKERRAMSIZE=${WORKERRAMSIZE}"
		echo "MASTERVCPUS=${MASTERVCPUS}"
		echo "WORKERVCPUS=${WORKERVCPUS}"
		echo "MASTERDISKSIZE=${MASTERDISKSIZE}"
		echo "WORKERDISKSIZE=${WORKERDISKSIZE}"
		
	} > "${CLUSTERCONFIGFILE}"

	source "${CLUSTERCONFIGFILE}"
}

populate-user-definitions() {

	# Basic directories 
	CLUSTERSETUPDIR=${YAKKODIRECTORY}/install
	STUBFILES=${CLUSTERSETUPDIR}/stubfiles
	OCPINSTALLVERSION=$OCPVERSION
	OCPINSTALLSOURCE=$IMAGEREPO/$OCPINSTALLVERSION
	
	# Added ${PROXYADDRESS} below so that you can repeat cluster names without interefering with the virtual network
	NETWORKNAME=${YAKKOSCRIPTNAME}-net-${CLUSTERNAME}-${CLUSTERDOMAIN}-${YAKKOID}
	NETWORKXML=$CLUSTERSETUPDIR/${NETWORKNAME}.xml
	CLUSTERFQDN=${CLUSTERNAME}.${CLUSTERDOMAIN}
	CLUSTERWEBURL="https://console-openshift-console.apps.${CLUSTERFQDN}"
	CLUSTERAPIURL="https://api.${CLUSTERFQDN}:6443"
	CLUSTERPROXY="${BASENETWORK}.${PROXYADDRESS}"
	OCPSSHKEY=~/.ssh/id_rsa_ocp_${CLUSTERNAME}_${CLUSTERDOMAIN}_${YAKKOID}

	#Disk storage for VMs
	OCPVMDISKDIR="$OCPVMDIR"/YAKKO-${CLUSTERNAME}-${CLUSTERDOMAIN}-${YAKKOID}

	# These are files that will be placed in the right place on cluster boot, SYSTEMSTUBFILE_*
	SYSTEMSTUBFILE_DNSMASQ=/etc/NetworkManager/dnsmasq.d/yakko-${CLUSTERNAME}-${CLUSTERDOMAIN}-${YAKKOID}-dnsmasq.conf
	SYSTEMSTUBFILE_NETWORKMANAGER=/etc/NetworkManager/conf.d/yakko-${CLUSTERNAME}-${CLUSTERDOMAIN}-${YAKKOID}-NetworkManager.conf
	SYSTEMSTUBFILE_HTTPD=/etc/httpd/conf.d/yakko-${CLUSTERNAME}-${CLUSTERDOMAIN}-${YAKKOID}-httpd.conf
	SYSTEMSTUBFILE_RESOLVED=/etc/systemd/resolved.conf.d/yakko-${CLUSTERNAME}-${CLUSTERDOMAIN}-${YAKKOID}-resolved.conf
	SYSTEMSTUBFILE_HAPROXY=/etc/haproxy/conf.d/yakko-${CLUSTERNAME}-${CLUSTERDOMAIN}-${YAKKOID}-haproxy.cfg

	# We calculate the BASEMACADDRESS last digit here...
	# This in case there is more than one cluster defined... Maybe...
	BASEMACADDRESS="${COREMACADDRESS}:$(echo ${BASENETWORK} | cut -f3 -d. | xargs printf '%x')"

	{
		# GENERAL CONFIG
		echo "CLUSTERNAME=${CLUSTERNAME}" 
		echo "CLUSTERDOMAIN=${CLUSTERDOMAIN}"
		echo "OCPVMDIR=${OCPVMDIR}"
		echo "OCPVMDISKDIR=${OCPVMDISKDIR}"
		echo "PAUSEFORCONFIGEDIT=${PAUSEFORCONFIGEDIT}"
		echo "AGENTBASEDINSTALLER=$AGENTBASEDINSTALLER"  

		# CLUSTER NODE CONFGURATION
		echo "MASTERNODECOUNT=${MASTERNODECOUNT}"
		echo "WORKERNODECOUNT=${WORKERNODECOUNT}"
		echo "MASTERRAMSIZE=${MASTERRAMSIZE}"
		echo "WORKERRAMSIZE=${WORKERRAMSIZE}"
		echo "MASTERVCPUS=${MASTERVCPUS}"
		echo "WORKERVCPUS=${WORKERVCPUS}"
		echo "MASTERDISKSIZE=${MASTERDISKSIZE}"
		echo "WORKERDISKSIZE=${WORKERDISKSIZE}"
	
		# NETWORK CONFIGURATION
		echo "BASEMACADDRESS=${BASEMACADDRESS}"
		echo "BASENETWORK=${BASENETWORK}"
		echo "YAKKOHOSTIP=${YAKKOHOSTIP}"
		echo "HAPROXYACCESS=${HAPROXYACCESS}"
		echo "USEYAKKODNSMASQ=${USEYAKKODNSMASQ}"
		echo "WEBSERVERPORT=${WEBSERVERPORT}"
		echo "CLUSTERPROXY=${CLUSTERPROXY}"

		# This will be used for creating nodes later on so that any new nodes start at $NETWORKADDRESSSLOT
		# Note that bootstrap and masters have fixed numbers for IP and MAC
		# 52:54:00 is KVM/QEMU default    4A:66:00 is a transliteration of YAKKO ;)
		# All worker nodes will begin with MAC and IP $NETWORKADDRESSSLOT
		echo "NETWORKADDRESSSLOT=20"
		echo "BOOTSTRAPMAC=${BASEMACADDRESS}:09"
		echo "MASTER0MAC=${BASEMACADDRESS}:10"
		echo "MASTER1MAC=${BASEMACADDRESS}:11"
		echo "MASTER2MAC=${BASEMACADDRESS}:12"
		echo "BOOTSTRAPIP=${BASENETWORK}.9"
		echo "MASTER0IP=${BASENETWORK}.10"
		echo "MASTER1IP=${BASENETWORK}.11"
		echo "MASTER2IP=${BASENETWORK}.12"
		echo "MIRRORSERVER=${MIRRORSERVER}"
		echo "CLUSTERPOSTINSTALL=${CLUSTERPOSTINSTALL}"

	} > "${CLUSTERBUILDDEFAULTS}"

	source "${CLUSTERBUILDDEFAULTS}"
}

print-yakko-defaults() {
	awk '/START: USER CONFIGURABLE PARAMETERS/,/END: USER CONFIGURABLE PARAMETERS/' < yakko | grep -v "START: USER CONFIGURABLE" | grep -v "^##" 
}

generate-login-command-file() {

	# Need two parameters,username and password
	LOGINUSERNAME=$1
	LOGINPASSWORD=$2

	if [ "${LOGINUSERNAME}" == "kubeadmin" ]
	then
		echo "oc login -u ${LOGINUSERNAME} -p $(cat ${CLUSTERSETUPDIR}/auth/kubeadmin-password) --insecure-skip-tls-verify=true --server=https://api.${CLUSTERFQDN}:6443" > ${YAKKODIRECTORY}/$LOGINCOMMANDFILE
	else
		sed -i "s/oc login -u kubeadmin/#oc login -u kubeadmin/" ${YAKKODIRECTORY}/$LOGINCOMMANDFILE &>/dev/null
		if [  "${LOGINFILEHASPASSWORD}" -eq 0 ] # O means it's allowed to put the password in the file
		then
			echo "oc login -u ${LOGINUSERNAME} -p ${LOGINPASSWORD} --insecure-skip-tls-verify=true --server=https://api.${CLUSTERFQDN}:6443" >> ${YAKKODIRECTORY}/$LOGINCOMMANDFILE
		else
			echo "oc login -u ${LOGINUSERNAME} --insecure-skip-tls-verify=true --server=https://api.${CLUSTERFQDN}:6443" >> ${YAKKODIRECTORY}/$LOGINCOMMANDFILE
		fi
	fi
	chmod 700 ${YAKKODIRECTORY}/$LOGINCOMMANDFILE
}

change-console-logo() {
	rm /tmp/yakko-custom-logo.png &>/dev/null
	${WGET} -O /tmp/yakko-custom-logo.png  https://raw.githubusercontent.com/ozchamo/YAKKO/master/openshift-yakko-logo.png &>/dev/null
	if [ $? -eq 0 ]
	then
		echo "Updating OpenShift Console logo!"
		${OCCOMMAND} delete configmap yakko-custom-logo -n openshift-config 
		${OCCOMMAND} create configmap yakko-custom-logo --from-file /tmp/yakko-custom-logo.png -n openshift-config
		${OCCOMMAND} patch consoles.operator.openshift.io/cluster --type=merge -p '{"spec":{"customization":{"customLogoFile":{"name":"yakko-custom-logo"}}}}'
		${OCCOMMAND} patch consoles.operator.openshift.io/cluster --type=merge -p '{"spec":{"customization":{"customLogoFile":{"key":"yakko-custom-logo.png"}}}}'
		rm /tmp/yakko-custom-logo.png &>/dev/null
	else
		echo "Could not update OpenShift Console logo - failed to download from github."
	fi
}

mark-cluster-complete() {
	
	OCPINSTALLCODE=$1

	CLUSTERCOMPLETE="\"exitcode ${OCPINSTALLCODE} date $(date +"%d-%b-%Y@%T") hostdir ${YAKKODIRECTORY} \""
	echo "CLUSTERCOMPLETE=$CLUSTERCOMPLETE" >> ${CLUSTERCONFIGFILE}

	if [ ${OCPINSTALLCODE} == MANUAL ]
	then
		CLUSTERCERTSEXPIRY=Unknown
	else
		CLUSTERCERTSEXPIRY=\"$(get-cluster-certificate-expiry)\"
	fi
	echo "CLUSTERCERTSEXPIRY=${CLUSTERCERTSEXPIRY}" >> ${CLUSTERCONFIGFILE}

	# We copy the cluster config file for retrieval via the web server
	cp ${KUBECONFIG} ${IMAGEREPO}/kubeconfig
	chmod +r ${IMAGEREPO}/kubeconfig
	chcon -R -t httpd_sys_content_t ${IMAGEREPO}/kubeconfig
	compose-html-cluster-report
	# and dump the login token ;)
	
	check-oc-credentials
	if [ $? -eq 0 ]
	then
		generate-login-command-file kubeadmin 
	fi
}


check-for-other-yakko-cluster-files() {

	# very simple routine, simply exit if there are other yakko files present.
	# this is in particular useful when starting a cluster after a crash
	# or when building a new cluster after a crash
	
	if [ $(find /etc -name 'yakko*' | wc -l) -gt 0 ]
	then
		print-in-colour orange "NOTE: There is no active cluster but there are YAKKO files in the system"
		echo "This can cause conflicts for services to come up properly."
		echo "There is no dependency on the following files to cleanly"
		echo "start up the cluster and can therefore be removed safely:"
		echo
		find /etc -name 'yakko*' | sed -e "s/^/- /"
		echo

		ask-user "Delete these files and continue" Y noauto
		if [ $? -eq 0 ]
		then
			remove-stubfiles 
       		stop-virtual-network undefine
			echo
		else
			cleanup-and-exit 1 orange "Please check manually and return when ready"
		fi
	fi
}


################ A FEW REUSABLE FUNCTIONS ################################################

start-spinner() {
	# Call this to start the spinner. No need to background anything. 
	# $1 - Pass some text if you want to explain what's going on.
	# SPINNERPID is global 

	[ "$RUNCOMMANDDEBUG" == "Y" ] && return
	SPINNERSTRING=$1

	local -a cursor=( '/' '-' '\' '|' );    
	tput civis # Hide the cursor

	while true
	do      
		printf "$SPINNERSTRING %s\r" "${cursor[i++ % ${#cursor[@]}]}";      
		sleep 0.25
		trap "tput cnorm;exit" SIGTERM # Restore the cursor and exit on signal
		trap "tput cnorm;exit" SIGINT  # Restore the cursor and exit on signal
		trap "tput cnorm;exit" SIGQUIT # Restore the cursor and exit on signal
	done &
	SPINNERPID=$!
}


stop-spinner() {
	# Call this to stop the spinner. No params required thanks to global SPINNERPID

	[ "$RUNCOMMANDDEBUG" == "Y" ] && return 
	local ENDSPINNERSTRING=$1

	if [ $SPINNERPID -ne 0 ]
	then
		# If it's not zero, it means it's active, we kill it and set it back to zero
		if [ -z "$ENDSPINNERSTRING" ]
		then
			#printf "                                                                  \r";
			blank-line
		else
			echo "$ENDSPINNERSTRING"
		fi
		kill -SIGTERM $SPINNERPID
		tput cnorm # Just in case
		SPINNERPID=0
		SPINNERSTRING=""

		sleep 2 # Give a little time for the above
	fi
}

wait-for-any-key() {    
	echo -n "$* "
	read -n1 -s _
	echo
}

wait-for-stable-operators() {

	TIMEOUT=$1
	
	echo
	start-spinner "Waiting up to $TIMEOUT minutes for all operators to become stable (start time $(date +%H:%M))"
	$OCCOMMAND adm wait-for-stable-cluster --minimum-stable-period=10s --timeout=0h${TIMEOUT}m0s &> /dev/null
	RESULT=$?
	stop-spinner

	return $RESULT
}

cleanup-and-exit() {

	# $1 is the return code
	# $2-colour and $3-message come together and are optional
	
	if [ $# -eq 2 ]
	then
		local TEXTCOLOUR=white
		local TEXTMESSAGE=$2
	else
		local TEXTCOLOUR=$2
		local TEXTMESSAGE=$3
	fi

	if [ -n "$TEXTMESSAGE" ]
	then
		echo
		print-in-colour $TEXTCOLOUR "$TEXTMESSAGE. Exiting..."
	fi
	echo # Make it all look pretty
	
	pkill -P $BASHPID # We kill all children spawned by the big guy # YAKKO 8.0
	stop-spinner

	# Other basic cleanup
	rm $OCPWGETTMP &>/dev/null

	if [ $# -eq 0 ]
	then
		exit 0
	else
		exit $1
	fi
}


do-remove-directory() {

	if [ $# -gt 1 ]
	then
		echo "Requested to remove multiple directories - aborting!"
		exit
	fi

	if [ -z "$1" ]
	then
		echo "WARNING: A request to remove a directory was made without a directory name!"
	fi

	if [ "$1" == "/" ] 
	then
		echo "Requested to delete / - aborting!"
		exit
	fi

	SLRE='^/+$'
	
	# and this just in case 
	if [[ $1 =~ $SLRE ]] 
	then 
		echo "Requested to delete / - aborting!"
		exit
	fi

	# We are in a safer place now
	rm -rf "$1"
}


print-in-colour() {

	# $1 is the color:
	case "$1" in
		"red") TEXTCOLOR=1;;
		"green") TEXTCOLOR=2;;
		"yellow") TEXTCOLOR=3;;
		"lightblue") TEXTCOLOR=6;;
		"white") TEXTCOLOR=7;;
		"brightblue") TEXTCOLOR=14;;
		"orange") TEXTCOLOR=9;;
	esac
	shift

	# It's $1 again because we shifted above
	if [ "$1" == "nonewline" ]
	then 
		ECHOPARAMS="-e -n"
		shift
	else
		ECHOPARAMS="-e"
	fi
	
	tput setaf ${TEXTCOLOR};tput bold
	echo ${ECHOPARAMS} "$*"
	tput sgr0
}


print-in-blink() {

	# $1 is the message
	MESSAGE=$1
	echo -e $(tput blink)${MESSAGE}$(tput sgr0)
	echo
}

print-alert() {

	# $1 is the message
	# This is in red and blinking for drawing lots of attention
	MESSAGE=$1
	tput setaf 1;tput bold
	echo -e $(tput blink)${MESSAGE}$(tput sgr0)
	tput sgr0
	echo
}

print-time-elapsed() {

	TIMEELAPSEDSECS=$(( $SECONDS - $TIMESTART))
	TIMEELAPSEDMINS=$(( $TIMEELAPSEDSECS / 60 ))

	print-in-colour ${YAKKOTEXTCOLOUR} "Time elapsed: " ${TIMEELAPSEDMINS} mins $(( ${TIMEELAPSEDSECS} - (${TIMEELAPSEDMINS} * 60 ) )) secs

}

print-question-separator() {
	echo
	tput bold
	print-in-colour lightblue "[$((QUESTIONNUM++))/${QUESTIONSTOTAL}] $*:" 
	tput sgr0
}

print-question-skip() {
	echo
	tput bold
	print-in-colour lightblue "[$((QUESTIONNUM++))/${QUESTIONSTOTAL}] $*"
	tput sgr0
}

blank-line() {
	
	# This little trick let's you overwrite a line with the next echo
	echo -ne "\r\e[0K"
}

ask-user() {

	# $1 is the string to display
	# $2 is the default if user presses <ENTER>
	# $3 as "noauto" ignores the AUTOSETUP flag
	# Returns 0 for YES and 1 for NO
	DIALOGUETEXT=$1
	DEFAULTRESPONSE=$2
	NOAUTO=$3

	local AURESPONSE

	# We are within a stage, so we need to setup a trap to rollback
	[ -n "${CURRENTSTAGE}" ] && trap 'echo; echo "Input interrupted. Aborting."; ${CURRENTSTAGE} rollback; echo; cleanup-and-exit 1' SIGINT

	if [ $AUTOSETUP == Y -a -z "$NOAUTO" ]
	then 
		# if in AUTO mode return DEFAULTRESPONSE
		if [ "$DEFAULTRESPONSE" == "y" -o "$DEFAULTRESPONSE" == "Y" ]
		then
			return 0
		elif [ "$DEFAULTRESPONSE" == "n" -o "$DEFAULTRESPONSE" == "N" ]
		then
			return 1 # 1 = false!
		fi
	fi

	# We use AURESPONSE as "Ask User Response" - because RESPONSE is global :(
	while true
	do
		echo -n "$DIALOGUETEXT (Y/N) [$DEFAULTRESPONSE]? "
		read AURESPONSE

		[ -z "${AURESPONSE}" ] && AURESPONSE=${DEFAULTRESPONSE} 

		if [ "$AURESPONSE" == "y" -o "$AURESPONSE" == "Y" ]
		then
			return 0
			elif [ "$AURESPONSE" == "n" -o "$AURESPONSE" == "N" ]
			then
				return 1 # 1 = false!
			else
				echo "Invalid reponse [$AURESPONSE]."
			fi
	done
}

check-for-error-and-print() {

	# There is no error found
	[ "$1" -eq 0 ] && return

	# Else... Doom!
	echo
	print-in-colour red  "ERROR: $2"
}

check-for-error-and-exit() {
	# Something bad got caught somewhere - write this out and abort
	# $1 is the error code passed (0 is good)
	# $2 is a string to report

	# If we are already in a rollback don't repeat!
	if [ "${ROLLBACKACTIVE}" == "Y"  ] 
	then
		return
	fi

	# There is no error found
	[ "$1" -eq 0 ] && return

	# Else... Doom!
	echo
	print-in-colour red  "ERROR: $2 - exiting..."

	if [ -n "${CURRENTSTAGE}" ]
	then
		#We are within a stage so we rollback
		ask-user "Rollback steps of this stage (Y) or leave for debugging (N)" "Y" noauto

		[ $? -eq 0 ] && ${CURRENTSTAGE} rollback 
	fi

	#We had to print that there was an earlier error so we cannot now pass ERROR text to cleanup-and-exit
	cleanup-and-exit 1
}

print-yakko-header() {
	# PRINTFULLYAKKOHEADER - This is to allow for little text output when calling yakko within yakko

	if [ "${PRINTFULLYAKKOHEADER}" != "Y" ]
	then
		# If yakko is called within yakko during the post-install, we don't want too much noise
		# and we know where we are because CLUSTERCOMPLETE is not set
		echo ${SEPARATIONLINE}
	else
		# Here comes the colorful YAKKO header!
		clear -x
		print-in-colour ${YAKKOTEXTCOLOUR} ${SEPARATIONLINE}
		echo
		print-in-colour ${YAKKOTEXTCOLOUR} " YAKKO: Yet Another KVM Konfigurator for Openshift (Ver. ${YAKKOVERSION})"
		print-in-colour ${YAKKOTEXTCOLOUR} ${SEPARATIONLINE}
		echo
	fi
}

install-package-if-missing() {
	
	# $1 is the package to check for
	PACKAGE=$1

	dnf list installed | grep $PACKAGE &>/dev/null
	if [ $? -ne 0 ] 
	then
		if [ ${CONNECTEDINSTALL} == 1 ]
		then
			print-in-colour orange "- $PACKAGE is required but not installed."
			PACKAGEINSTALLSTATUS=1
		else
			echo "Installing package [$PACKAGE]"
			dnf -y install $PACKAGE
			check-for-error-and-exit $? "Failed to install package [$PACKAGE]"
		fi
	fi
}

install-required-yakko-packages() {

	# This procedure only gets called when you are running yakko for the first time
	# as an installation. If you are running "addcluster" there would be no need
	# to check that all packages are there because it has been done before
	
	PACKAGEINSTALLSTATUS=0

	echo
	echo "${YAKKONAME} requires a number of packages to be present. For this, it can automatically"
	echo "attempt to install these where access to repos for 'dnf' exists. You can however,"
	echo "also install these manually using dnf."
	echo
	ask-user "Do you want ${YAKKONAME} to install required packages automatically?" Y
	CONNECTEDINSTALL=$?

	echo
	if [ ${CONNECTEDINSTALL} == 1 ]
	then
		print-in-colour orange "${YAKKONAME} will look for the required packages and prompt you to install any that are missing."
	else
		echo "Installing required packages..."
	fi

	for PACKAGE in ${REQUIREDPACKAGES}
	do
		echo "> Checking package [$PACKAGE]..."
		install-package-if-missing "${PACKAGE}" 
	done

	if [ "${PACKAGEINSTALLSTATUS}" == "1" ]
	then
		echo
		echo "You will need to install the above highlighted packages and rerun ${YAKKONAME} when ready."
		echo
		cleanup-and-exit 1
	else
		print-in-colour green "All required packages are installed."
		echo
	fi
}

test-libvirt-monolithic-service-status() {

	SERVICE=$1 # service name eg libvirtd.socket

	echo "Testing status of monolithic daemon $1 ..."
	sleep 1

	systemctl is-active $SERVICE &>/dev/null
	RESULTTSS1=$?
	if [ $RESULTTSS1 -eq 0 ]
	then
		echo "- $SERVICE is ACTIVE"
	else
		echo "- $SERVICE is NOT ACTIVE"
	fi

	return $RESULTTSS1
}

install-libvirt-modular-services() {

	# Starting with YAKKO 8.0, it's all about libvirt MODULAR daemons
	# https://libvirt.org/daemons.html
	# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_and_managing_virtualization/optimizing-virtual-machine-performance-in-rhel_configuring-and-managing-virtualization#assembly_optimizing-libvirt-daemons_optimizing-virtual-machine-performance-in-rhel
	# #
	# MONOLYTHIC DAEMON: libvirtd.service 
	# MONOLYTHIC SOCKETS: libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket
	#
	# MODULAR DAEMONS: virtqemud
	# MODULAR DAEMONS SECONDARY: virtinterfaced virtnetworkd virtnodedevd virtnwfilterd virtsecretd virtstoraged
	#
	if [ "$YAKKOHOSTOSNAME" == "fedora" ]
	then
		if [ "$YAKKOHOSTOSRELEASE" -lt 36  ]
		then
			echo "As this system is earlier than Fedora 36, you should use an older version of YAKKO."
			echo "Going forward YAKKO only uses modular libvirt daemons, which were released post Fedora 35."
			echo
			cleanup-and-exit 1
		fi
	fi
	if [ "$YAKKOHOSTOSNAME" == "rhel" -a "$(echo $YAKKOHOSTOSRELEASE | tr -d .)" -lt 90  ]
	then
		echo "As this system is earlier than RHEL 9, it will remain under monolithic daemons."
		echo "Going forward YAKKO only uses modular libvirt daemons, which were released post Fedora 35."
		echo
		cleanup-and-exit 1
	fi
	
	test-libvirt-monolithic-service-status libvirtd.socket
	RESULTMONOLITHIC=$?
	test-libvirt-monolithic-service-status libvirtd.service
	RESULTMONOLITHIC=$(($RESULTMONOLITHIC+$?))

	if [ $RESULTMONOLITHIC -eq 0 ]
	then
		#MONOLITHIC DAEMON IS IN USE
		echo
		echo "Legacy monolithic libvirt daemons are in use. YAKKO requires modular daemons going forward."
		echo "For further information, visit https://libvirt.org/daemons.html or search \"optimizing  modular libvirt daemons\""
		ask-user "Do you want $YAKKONAME to update your system accordingly (Y) or exit (N)" "Y" noauto

		if [ $? -ne 0 ]
		then
			# The update is not wanted. Too bad
			echo "YAKKO will now exit. Please refer to the above URL and run $YAKKONAME again when ready."
			cleanup-and-exit 1
		fi
		# KVM MODULAR SERVICES, yakko 8.0...
		#Stop the current monolithic daemon and its socket units
		echo
		echo "Stopping and disabling legacy monolithic libvirt daemons..."
		systemctl stop libvirtd.service
		systemctl stop libvirtd{,-ro,-admin,-tcp,-tls}.socket

		#Disable future start of the monolithic daemon

		systemctl disable libvirtd.service
		systemctl disable libvirtd{,-ro,-admin,-tcp,-tls}.socket
		#For stronger protection it is valid to use mask instead of disable too.
	else
		#MODULAR DAEMONS ARE IN USE.
		echo "Modular libvirt daemons are in use. $YAKKONAME will check and update to meet requirements."
	fi
	
	#Enable the new daemons for the particular virtualizationd driver desired, and any of the secondary drivers to accompany it. The following example enables the QEMU driver and all the secondary drivers:
	
	echo
	echo "Enabling modular libvirt daemons..."
	for drv in qemu interface network nodedev nwfilter secret storage
	do
		systemctl unmask virt${drv}d.service
		systemctl unmask virt${drv}d{,-ro,-admin}.socket
		systemctl enable virt${drv}d.service
		systemctl enable virt${drv}d{,-ro,-admin}.socket
	done
	sleep 2

	#Start the sockets for the same set of daemons. There is no need to start the services as they will get started when the first socket connection is established
	echo "Starting modular libvirt daemons..."
	for drv in qemu network nodedev nwfilter secret storage
	do
		systemctl start virt${drv}d{,-ro,-admin}.socket
	done
	sleep 3
	print-in-colour green  "Modular libvirt daemon framework is active."
	echo
}
			
process-system-service-state() {

	# eg process-system-service-state restart virtqemud quietfast

	# This is a general approach to handling the multiple systemctl restarts used in YAKKO 
	# in a better way of course ;)

	SYSTEMSERVICEACTION=$1 # can be start, restart, force-restart
	SYSTEMSERVICENAME=$2

	# These are here to make the code more legible
	BEQUIET=N
	BEFAST=N
	EXITONFAIL=N
	case "$3" in
		"quiet") BEQUIET=Y;;
		"fast") BEFAST=Y;;
		"quietfast"|"fastquiet") BEQUIET=Y;BEFAST=Y;;
		"exitonfail") EXITONFAIL=Y;;
	esac
	case "$4" in
		"quiet") BEQUIET=Y;;
		"fast") BEFAST=Y;;
		"quietfast"|"fastquiet") BEQUIET=Y;BEFAST=Y;;
		"exitonfail") EXITONFAIL=Y;;
	esac

	#[ "$BEQUIET" == "N" ] && echo -n "Checking service [$SYSTEMSERVICENAME]."
	if [ "$BEQUIET" == "N" ] 
	then
		start-spinner "Checking service [$SYSTEMSERVICENAME]"
	fi

	case $SYSTEMSERVICEACTION in
		"start"|"restart") systemctl restart ${SYSTEMSERVICENAME} &>/dev/null;;
		"force-restart") systemctl reload-or-restart ${SYSTEMSERVICENAME} &>/dev/null;;
	esac

	WAITCYCLES=5 # sometimes services take their sweet time, we give 'em a chance

	if [ "$BEFAST" == "Y" ]
	then
		WAITCYCLES=3
	else
		WAITCYCLES=10
	fi

	while [ $WAITCYCLES -gt 0 ]
	do
		systemctl is-active --quiet ${SYSTEMSERVICENAME} &>/dev/null
		[ $? -eq 0 ] && break

		((WAITCYCLES--))

		sleep 1
	done
	stop-spinner

	if [ $WAITCYCLES -eq 0 ]
	then
		if  [ $EXITONFAIL == Y ]
		then
			check-for-error-and-exit 1 "Service [${SYSTEMSERVICENAME}] could not be ${SYSTEMSERVICEACTION}ed and is required, please review your system" 
		else
			print-in-colour orange "ATTENTION: Failed to restart service [${SYSTEMSERVICENAME}]."
		fi
	fi

	[ "$BEQUIET" == "N" ] && blank-line
}

set-selinux-state() {

	selinuxenabled &>/dev/null
	if [ $? -eq 0 ]
	then
		SELINUXSTATE=0
	else
		print-in-colour orange "SELinux is disabled in this system"
		SELINUXSTATE=1
	fi
}

check-ip-address-is-valid() {
	# returns 0 if $1 is a proper IPV4 address
	#
	if [[ $1 =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]
	then
		return 0
	else
		return 1	
	fi
}

get-node-vm-name() {
	# This is a safety measure...
	# This function should be called as
	# $(get-node-vm-name <kvm-machine-name>)
	# it returns a KVM machine name

	VMNAME=$1
	echo ${VMNAME} | grep ${CLUSTERFQDN} | grep ${YAKKOID}  &>/dev/null
	[ $? -ne 0 ] && VMNAME=${VMNAME}.${CLUSTERFQDN}.${YAKKOID}
	echo ${VMNAME}
}

get-node-fqdn() {
	# This is a safety measure...
	# This function should be called as
	# $(get-node-fqdn $NODENAME)
	# it returns a nodename with the FQDN attached

	UNQUALIFIEDNAME=$1

	# if the VM name has YAKKOID, we filter that and that's enough!
	echo ${UNQUALIFIEDNAME} | grep ${YAKKOID} &>/dev/null
	[ $? -eq 0 ] && UNQUALIFIEDNAME=$(echo $UNQUALIFIEDNAME | sed "s/\.$YAKKOID//")

	# if the name does not have the FQDN, we add it (the above affects nothing)
	echo ${UNQUALIFIEDNAME} | grep ${CLUSTERFQDN} &>/dev/null
	[ $? -ne 0 ] && UNQUALIFIEDNAME=${UNQUALIFIEDNAME}.${CLUSTERFQDN}

	echo ${UNQUALIFIEDNAME}
}

get-dns-forwarder() {

	# DNSMASQ will still use 127.0.0.1 as ip for lookups within NetworkManager! (03.01.2023...)
	DEFAULTDNSFORD=127.0.0.1

	# Changing this in 5.0...
	# cat /etc/resolv.conf | grep "nameserver 127.0.0.53"
	netstat -tunlp | grep "127.0.0.53:53" &>/dev/null
	if [ $? -eq 0 ]
	then	
		# Testing for 6.0 - there I said it. 
		# This is required for the DNSFORWARDer in the virtual network definition
		# ooops maybe not? Seems to fail with yakko built in yakko built in dnsmasq setup
		DEFAULTDNSFORD=127.0.0.53
	fi
	echo $DEFAULTDNSFORD
}

alert-network-dns() {

	[ $HAPROXYACCESS -eq 1 ] && return
	[ ${USEYAKKODNSMASQ} == Y ] && return

	NAMESERVICESHOST=$(host testing.apps.${CLUSTERFQDN} | grep "has address" | awk '{ print $4 }')

	if [ -n "${NAMESERVICESHOST}" -a "${NAMESERVICESHOST}" != ${YAKKOHOSTIP} ]
	then
		print-in-colour red "ALERT: Your network DNS service does not agree with the name you have given this host."
		print-in-colour red "       This host has IP address: ${YAKKOHOSTIP}"
		print-in-colour red "       The name lookup for the cluster FQDN has IP address: ${NAMESERVICESHOST}"

		[ "$1" == "exit" ] && exit
		sleep 3
		echo
	fi
}

test-dns() {
	# First test
	alert-network-dns exit

	echo "DNS test - from Virtual Network ${BASENETWORK}.0:"

	host api-int.${CLUSTERFQDN} ${CLUSTERPROXY} | grep "has address"
	check-for-error-and-exit $? "Could not resolve api-int.${CLUSTERFQDN} on ${BASENETWORK}"
	echo

	if [ "${USEYAKKODNSMASQ}" == N ]
	then
		echo "DNS test - using external DNS service"
		# We are using external DNS
		host api.${CLUSTERFQDN} | grep "has address"
		check-for-error-and-exit $? "Could not resolve api.${CLUSTERFQDN}"

		host -t A testing.apps.${CLUSTERFQDN} | grep "has address"
		check-for-error-and-exit $? "Could not resolve testing.apps (this is to test the wildcard DNS entry)" 
	else
		# Testing the YAKKO DNS framework...
		echo "DNS test - from the host"

		systemctl reload NetworkManager.service
		
		LOOPDNSSUCCESS=1
		start-spinner "Re/trying test up to 10 times - 5 seconds apart"
		for _ in 1 2 3 4 5 6 7 8 9 10
		do
			sleep 5
			host -t A api.${CLUSTERFQDN} | grep "has address" &>/dev/null
			[ $? -eq 0 ] && {
				LOOPDNSSUCCESS=0
				break
			}
		done
		stop-spinner

		if [ ${LOOPDNSSUCCESS} -eq 1 ]
		then
			echo "Failed DNS test to api.${CLUSTERFQDN} from host"
			echo "Command executed was: 'host -t A api.${CLUSTERFQDN}'"
			echo "This can be common - just press Y and let ${YAKKONAME} automatically run to this point again"
			print-in-colour orange "NOTE: If you fail to get past this point PLEASE raise an issue at https://github.com/ozchamo/YAKKO/issues"
			check-for-error-and-exit 1 "Could not resolve api.${CLUSTERFQDN} on host"
		fi

		host -t A testing.apps.${CLUSTERFQDN}  | grep "has address"
		check-for-error-and-exit $? "Could not resolve testing.apps on the host (this is to test the wildcard DNS entry)"
	fi
}

check-node-vm-name() {
	# Quick function to check that user is passing valid yakko hostname
	# check-node-vm-name CHECKNODENAME [exit]

	# Return 0 if the VM name belongs to the cluster
	# Return 1 if the VM name does not belong to the cluster
	# Return 2 if the VM name does not exist!

	CHECKNODENAME=$1
	EXITONINVALID=$2

	virsh list --all | grep ${YAKKOID} | grep ${CHECKNODENAME}  &>/dev/null
	if [ $? -eq 1 ]
	then
		# There is no such nodename
		return 2
	fi

	# If something skips the below check, buy the lotto with the nodename ASCIIs...
	virsh list --all | grep ${YAKKOID} | awk '{print $2}' | grep ${CHECKNODENAME} | grep -E '^master-|^node-|^bootstrap' &>/dev/null
	if [ $? -eq 0 ]
	then
		# Node name belongs to YAKKO setup
		return 0
	else
		[ "${EXITONINVALID}" == "exit" ] && {
			echo
			echo "Invalid node name [$CHECKNODENAME]. Exiting..."
			cleanup-and-exit 1
		}
		return 1
	fi
}

check-if-all-cluster-nodes-up() {

	get-node-list active
	NODELIST1=$NODELIST
	get-node-list all 
	NODELIST2=$NODELIST

	# if the two lists are the same it's because all VMs are up
	if [ "$NODELIST1" == "$NODELIST2" ]
	then
		return 0
	else
		print-in-colour red "ALERT: THE FOLLOWING NODE(S) ARE OFF-LINED/POWERED OFF:"

		VMLIST=$(virsh list --all | grep $YAKKOID | grep "shut off" | awk '{ print $2 }')
		TOTREQRAM=0
		for OFFLINEDVM in $VMLIST 
		do 
			echo "- $OFFLINEDVM"
			VMREQRAM=$(virsh dominfo $OFFLINEDVM | grep "Used memory" | awk '{ print $3 }') 
			TOTREQRAM=$(($TOTREQRAM+$(($VMREQRAM/1000))))
		done
	
		AVAILRAM=$(free -m | grep "Mem:" | awk '{ print $7 }')
	
		if [ $TOTREQRAM -gt $AVAILRAM ]
		then
			echo
			print-in-colour orange "NOTE: Your system is out of RAM. The available RAM is $AVAILRAM MB but the offlined VMs need $TOTREQRAM MB."
		fi
		return 1
	fi
}

delete-kvm-machine() {
	# This is a safety measure...
	VMTODELETE=$(get-node-vm-name $1)

	check-node-vm-name $VMTODELETE
	RESULTVMCHECK=$?

	if [ $RESULTVMCHECK -eq 0 ]
	then
		virsh list | grep $VMTODELETE &>/dev/null
		if [ $? -eq 0 ]
		then
			# Finding it above means it's running so we can stop it
			virsh destroy ${VMTODELETE} 2>/dev/null 
			if [ $? -ne 0 ]
			then
				print-alert "Failed to stop virtual machine ${VMTODELETE}."
			fi
		fi

		for SNAPSHOTINSTANCE in $(virsh snapshot-list --name ${VMTODELETE})
		do
			[ -n "${SNAPSHOTINSTANCE}" ] && virsh snapshot-delete --domain ${VMTODELETE} --children --snapshotname $SNAPSHOTINSTANCE 2>/dev/null
		done

		virsh undefine --domain ${VMTODELETE} --remove-all-storage
		if [ $? -ne 0 ]
		then
			print-alert "Failed to remove virtual machine ${VMTODELETE}, please remove manually."
		fi
	fi

	if [ $RESULTVMCHECK -eq 1 ]
	then
		echo "ERROR: Tried to delete non-cluster KVM machine: [${VMTODELETE}]"
	fi
}

find-unused-base-network() {

	process-system-service-state restart virtqemud exitonfail quiet
	process-system-service-state force-restart virtnetworkd exitonfail

	# We calculate a base network that's unused by looking at how many virtual networks exist.
	# The user can change it or deal with it ;)
	# This also takes care of potential duplicates in mac addresses

	# YAKKO 8.0 - this code is no longer effective since YAKKO cleans up virtual networks
	# of shutdown clusters. Luckily, this is now also stored in the metadata of each VM!
	# for DEFINEDBASENET in $(virsh -q net-list --all | awk '{print $1}')
	# do 
	# 	virsh net-dumpxml $DEFINEDBASENET | grep range | cut -f2 -d= | cut -f2 -d\'
	# done  | grep 192.168.${BASENETWORKNUM} &>/dev/null

	for EACHCLUSTER in $(virsh list --all --name | grep master-0)
	do
		USEDNETWORKS="$USEDNETWORKS $(virsh desc ${EACHCLUSTER} | grep BASENETWORK | cut -f2 -d=)"
	done

	BASENETWORKNUM=140
	while true
	do
		echo $USEDNETWORKS | grep 192.168.$BASENETWORKNUM &>/dev/null
		if [ $? -eq 0 ]
		then
			BASENETWORKNUM=$((BASENETWORKNUM+1))
		else
			BASENETWORK=192.168.${BASENETWORKNUM}
			[ -n "$BASENETWORK" ] && break
		fi
	done
}

get-yakko-host-ip() {

	# $1 can be:
	# "" is used only during QUESTIONS
	# notifychange - so that we can send the message that the IP address has changed and user accepts
	# update - looks up the IP and changes it, no questions asked
	NOTIFYCHANGE=$1

	if [ "$HAPROXYACCESS" == 1 -a "$NOTIFYCHANGE" != update ]
	then 
		#VERSION 7 check - if this is a 'private' cluster (no external access), then do not check this
		return 1 # IP address did "not change" - this is not important
	fi

	# Post 4.30 added an additional lookup for 'bond' after Gavin Lukin (thanks!) 
	# Post 7.1 added an additional lookup for 'bridge' after John Francini (thanks!) 
	# and OCP Virt training showed need for 'bond' interfaces
	# for PHYSICALNWPORT in $(ls -l /sys/class/net/ | grep -v virtual | grep -v total | awk '{print $9}')
	for PHYSICALNWPORT in $(ls -l /sys/class/net/ | grep -v virtual | grep -v total | awk '{print $9}') $(ls -l /sys/class/net/ | grep bond | awk '{print $9}') $(ls -l /sys/class/net/ | grep bridge | awk '{print $9}')
	do
		for CONNECTEDNWPORT in $(ip -br -4 addr show | grep UP |awk '{print$1}')
		do
			if [ $PHYSICALNWPORT == $CONNECTEDNWPORT ]
			then 
				YAKKOMAINHOSTPORT=$CONNECTEDNWPORT
				break
			fi
		done
		if [ -n "$YAKKOMAINHOSTPORT" ]
		then
			break
		fi
	done

	# There is no network detected
	if [ -z "$YAKKOMAINHOSTPORT" ]
	then
		cleanup-and-exit 1 red "ERROR: No active public networks were detected"
	fi

	# This echoes the result to be captured typically into $YAKKOHOSTIP but doesn't have to be...
	# This is useful when 
	# 1. The cluster is being configured for the first time
	# 2. The cluster is being rebooted and the IP address may changed (think demo laptop)

	CURRENTYAKKOHOSTIP=$(ip -br -4 addr show | grep ${YAKKOMAINHOSTPORT} | awk '{print $3}' | cut -f1 -d/)

	# This parameter is just for flaggin a change message

	if [ "$NOTIFYCHANGE" == "update" ]
	then
		# This is used to force the HOST IP update, no questions asked. Use cases are:
		# 1) when switching changeaccess to disabled (ie only the host can access the cluster)
		# 2) when forcing a build from a template that has a predefined IP address
		YAKKOHOSTIP=$CURRENTYAKKOHOSTIP
		update-yakko-host-ip
		return 1
	fi

	YAKKOHOSTIPCHANGED=1
	if [ "${CURRENTYAKKOHOSTIP}" != "${YAKKOHOSTIP}" ] 
	then
		if [ "$NOTIFYCHANGE" == "notifychange" ]
		then
			# changeip
			echo
			print-in-colour orange "ALERT: The current IP address of this host has changed or disagress with your configuration [${YAKKOHOSTIP} -> ${CURRENTYAKKOHOSTIP}] "
			echo
		fi

		while true
		do
			echo -n  "Enter the IP address of this host on your network [${CURRENTYAKKOHOSTIP}]: "
			read RESPONSE
			
			if [ -n "${RESPONSE}" ]
			then
				if [[ $RESPONSE =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]
				then
					ping -c 1 $RESPONSE &>/dev/null
					if [ $? -ne 0 ]
					then
						echo "ERROR: Could not identify this host IP address via PING. Check your IP address!"
						echo
						continue
					fi
					YAKKOHOSTIP=$RESPONSE
				else
					echo "ERROR: That's not a valid IP address!"
					echo
					continue
				fi
	
				YAKKOHOSTIP=$RESPONSE
				break
			else
				YAKKOHOSTIP=${CURRENTYAKKOHOSTIP}
				break
			fi
		done
		YAKKOHOSTIPCHANGED=0
	fi
	# get-yakko-host-ip is used in QUESTIONS so technically the below is out of place there
	# But, since there is nothing to update at the point, that's OK, it won't do anything

	if [ $YAKKOHOSTIPCHANGED -eq 0 ]
	then
		update-yakko-host-ip
		[ -n "${CLUSTERCOMPLETE}" ] && compose-html-cluster-report
		return 0 # 1 means IP address changed
	else
		return 1 # 0 means IP address did not change
	fi
}

check-if-openshift-version-is-valid() {

	DOEXIT=$1

	OCPINSTALLMINORVERSION=$(echo ${OCPVERSION}|cut -f2 -d.)
	if [ $OCPINSTALLMINORVERSION -eq 2 ] # OpenShift 4.2.x
	then
		print-in-colour yellow "NOTE: OpenShift 4.2 will be built with 'latest' - 4.2.18"
		print-in-colour yellow "      (To avoid a file-naming issue of different minor versions < 4.6)"
		OCPVERSION=4.2.18
	fi
	if [ $OCPINSTALLMINORVERSION -eq 3 ] # OpenShift 4.3.x
	then
		print-in-colour yellow "NOTE: OpenShift 4.3 will be built with 'latesta - 4.3.33"
		print-in-colour yellow "      (To avoid a file-naming issue of different minor versions < 4.6)"
		OCPVERSION=4.3.33
	fi
	if [ $OCPINSTALLMINORVERSION -eq 4 ] # OpenShift 4.4.x
	then
		print-in-colour yellow "NOTE: OpenShift 4.4 will be built with 'latest' - 4.4.17"
		print-in-colour yellow "      (To avoid a file-naming issue of different minor versions < 4.6)"
		OCPVERSION=4.4.17
	fi
	if [ $OCPINSTALLMINORVERSION -eq 5 ] # OpenShift 4.5.x
	then
		print-in-colour yellow "NOTE: OpenShift 4.5 will be built with 'latest' - 4.5.6"
		print-in-colour yellow "      (To avoid a file-naming issue of different minor versions < 4.6)"
		OCPVERSION=4.5.6
	fi
	OCPDOWNLOADCLIENT="$OCPROOT/clients/ocp/$OCPVERSION"

	start-spinner "Checking if OCP version $OCPVERSION is valid"
	${WGET} -O $OCPWGETTMP -q --method=HEAD "$OCPDOWNLOADCLIENT/" # all of sudden a traling / is required?
	RESULT=$?
	stop-spinner

	if [ $RESULT -ne 0 ]
	then
		if [ -n "$DOEXIT" ]
		then
			cleanup-and-exit 1 orange "ERROR: OpenShift Version $OCPVERSION is not available for download/install in OpenShift mirror"
		else
			echo "ERROR: OpenShift Version $OCPVERSION is not available for download/install in OpenShift mirror"
			return 1
		fi
	else
		echo "OCP Version $OCPVERSION is available for install."
		OCPINSTALLMINORVERSION=$(echo ${OCPVERSION}|cut -f2 -d.)
		return 0
	fi
}

get-openshift-latest() {

	# Now we get on with downloading the OCP binaries

	# NOTE: There can be discrepancies between the installer version (OCPVERSION) and  the RHCOS images version (OCPGETIMAGEVERSION)
	# We will download the lot under OCPVERSION to keep a single point reference. 
	# HOWEVER, outside of the DOWNLOAD section of the script, the version will be known as OCPINSTALLVERSION

	OCPDOWNLOADCLIENT="$OCPROOT/clients/ocp/latest"
	# It looks like on May 28 2024, RH finally changed the double latest...
	# OCPDOWNLOADIMAGES="$OCPROOT/dependencies/rhcos/latest/latest" # OCP 4.10 change to layout?
	OCPDOWNLOADIMAGES="$OCPROOT/dependencies/rhcos/latest" # OCP 4.15 change to layout

	start-spinner "Checking for latest OpenShift version"
	${WGET} -T 5 --tries=5 -O $OCPWGETTMP $OCPDOWNLOADCLIENT/release.txt &>/dev/null
	check-for-error-and-exit $? "Failed to download version file for latest OCP - check if https://mirror.openshift.com is reachable" 
	stop-spinner

	OCPVERSION=$(cat $OCPWGETTMP 2>/dev/null | grep Version: | awk '{ print $2 }')
	if ! [[ "$(echo $OCPVERSION | cut -f1 -d.)" =~ $NUMBERRE ]]
	then	
		cleanup-and-exit 1 red "ERROR: Failed to verify OpenShift latest version from mirror.openshift.com"
	fi
	OCPINSTALLMINORVERSION=$(echo $OCPVERSION | cut -f2 -d.)
}

get-rhcos-dependency() {

	# This function uses $OCPVERSION to find the closest RHCOS dependancy URL for download
	# and sets it in OCPDOWNLOADIMAGES for further downloading from
	# https://mirror.openshift.com/pub/openshift-v4/x86_64/dependencies/rhcos/

	VERSIONMAJOR=$(echo $OCPVERSION | cut -f1 -d.)
	VERSIONMINOR=$(echo $OCPVERSION | cut -f2 -d.)
	VERSIONMICRO=$(echo $OCPVERSION | cut -f3 -d.)

	IMAGESVERSIONMICRO=$VERSIONMICRO

	echo "Searching for accompanying RHCOS image version in $OCPROOT/dependencies/rhcos/$VERSIONMAJOR.$VERSIONMINOR/$RHCOSVERSION"
	echo -n "Inspecting:"
	while true
	do
		echo -n " $IMAGESVERSIONMICRO"
		RHCOSVERSION=$VERSIONMAJOR.$VERSIONMINOR.$IMAGESVERSIONMICRO
		OCPDOWNLOADIMAGES="$OCPROOT/dependencies/rhcos/$VERSIONMAJOR.$VERSIONMINOR/$RHCOSVERSION"
		${WGET} -O $OCPWGETTMP $OCPDOWNLOADIMAGES/sha256sum.txt &>/dev/null
		if [ $? -eq 0 ]
		then
			# We found the right accompanying RHCOS version to OCPVERSION
			break
		else
			((--IMAGESVERSIONMICRO))
			if [ $IMAGESVERSIONMICRO -lt 0 ]
			then
				echo
				echo "ERROR: Could not find an accompanying RHCOS image for OCP Version $OCPVERSION."
				echo "       This is unexpected! Check your inputs!"
				cleanup-and-exit 1
			fi
		fi
	done
	echo
	echo "RHCOS matching image version is $RHCOSVERSION."
}

advance-stage-progression() {

	# We skip all stages until we get to the one we were in...
	((++STAGEPROGRESS))

	#We'll get a timestamp of the first stage for a final run report
	[ -z "${TIMESTART}" ] && TIMESTART=$SECONDS

	if [ ${STAGEPROGRESS} -lt ${YAKKOSTAGE} ]
	then
		return 0
	else
		print-in-colour ${YAKKOTEXTCOLOUR} ${SEPARATIONLINE}
		echo
		print-in-colour ${YAKKOTEXTCOLOUR} "STAGE ${STAGEPROGRESS}: $1 (Time start: $(date +%H:%M%p))"
		echo
	
		# We write the stage we are at so that we can return if desired
		sed -i "/YAKKOSTAGE.*/c\YAKKOSTAGE=${STAGEPROGRESS}" ${CLUSTERCONFIGFILE} 2>/dev/null

		# We set the CURRENTSTAGE in case we have to rollback from a deeper function, to ease lookup
		# This works because advance-stage-progression CAN ONLY be called within a stage, and at the begining!
		CURRENTSTAGE=${FUNCNAME[1]} 

		# Since this stage will progress, we capture CTRL-C to rollback 
		# we set it to 0 so that the running advance-stage can call itself back
		trap 'echo; $CURRENTSTAGE rollback; echo; cleanup-and-exit 1' SIGINT 

		return 1
	fi
}

rollback-stage-progression() {
	echo
	# We set this variable so that YAKKO knows that we are in aborting mode
	# Particularly useful in check-for-error-and-exit as is may well call rollback
	# again, and end up in a loop
	ROLLBACKACTIVE=Y
	print-in-colour orange "ROLLBACK STAGE: $*"
}

get-node-list() {

	# call: get-node-list <all|active> [print]
	# returns the requested node list in NODELIST

	if [ $1 == "all" ]
	then
		NODELIST=" $(virsh list --all --name | grep ${YAKKOID} | grep -e "master-" -e "node-" -e "bootstrap") " 
	fi

	if [ $1 == "active" ]
	then
		NODELIST=" $(virsh list --name | grep ${YAKKOID} | grep -e "master-" -e "node-" -e "bootstrap") " 
	fi

	if [ "$2" == "print" ]
	then
		#we also print the list in columns
		for NODE in ${NODELIST}
		do
			echo ${NODE} | cut -f1 -d.
		done
	fi
}

get-node-ip-address() {

	# This routine returns the ip address of $1 regardless of how you call it:
	# IP address (why not!)
	# node-x
	# node-x.clusterfqdn
	# node-x.clusterfqdn.yakkoid
	#
	# It deposits the findings into NODENAME and NODEIPADDRESS
	# It cannot echo anything as it may be called from within file building functions

	TARGETNODE=$1
	check-ip-address-is-valid ${TARGETNODE} && {
		NODEIPADDRESS=$TARGETNODE
		return 0
	}

	# So we work backwards, first we want to test the virtual network for the ip address. 
	# This will ignore the state of the VM!
	NODENAME=${TARGETNODE%"$YAKKOID"} # This deletes the ID at the end IF it exists
	NODEIPADDRESS=$(dig +short @${CLUSTERPROXY} $NODENAME 2>/dev/null) # This is the simplest test
	check-ip-address-is-valid ${NODEIPADDRESS} && return 0

	# If the dns server fails us, we revert to testing the VM
	NODEIPADDRESS=$(virsh domifaddr ${NODENAME}  2>/dev/null| grep ${BASENETWORK} | awk '{ print $4 }' | cut -f1 -d/ )
	check-ip-address-is-valid ${NODEIPADDRESS} && return 0

	return 1

}

pick-a-node() {

	# Call: pick-a-node <string-to-display-for-chooser-query>
	#
	# Get the IP address via virsh:
	# virsh domifaddr  master-0.test.cluster | grep 192.168 | awk '{ print $4 }' | cut -f1 -d/
	#
	#if [ $(virsh domifaddr master-0.${CLUSTERFQDN}  | grep ${BASENETWORK} | awk '{ print $4 }' | cut -f1 -d/ | wc -l) -eq 1 ]
	if [ $(virsh list | grep ${YAKKOID} | grep running | grep -Ec 'master-|node-') -eq 1 ]
	then
		# This is a SNO, no need to offer a pick
		get-node-list active 

		print-in-colour white "This is a single node OpenShift cluster, only one master active"
		NODENAME=master-0.${CLUSTERFQDN}
	else
		while true
		do
			echo "Available nodes for this action are:"
			get-node-list active print
			echo
			echo -n "$1: "
			read NODENAME
			get-node-list active print | grep $NODENAME &>/dev/null
			[ $? -eq 0 ] && break
			echo "Invalid nodename. Try Again."
			echo
		done
		NODENAME=${NODENAME}.${CLUSTERFQDN}
	fi
	
	get-node-ip-address ${NODENAME}
	return $?
}

get-cluster-certificate-expiry() {

	# This prints out the date of expiry for cluster certs... Headaches else
	CLUSTERCERTSEXPIRY=$(date -d $(${OCCOMMAND} describe secret/csr-signer -n openshift-kube-controller-manager-operator | grep not-after | awk '{ print $2 }'))
	echo ${CLUSTERCERTSEXPIRY}
	sed -i "s/CLUSTERCERTSEXPIRY=.*/CLUSTERCERTSEXPIRY=\"${CLUSTERCERTSEXPIRY}\"/" ${CLUSTERCONFIGFILE} &>/dev/null
}

compose-html-cluster-report() {

	# This here builds a landing page for the info of the last cluster built
	# the web server left a file index.html sitting there

	# To be honest, this just makes the whole thing look more professional ;)
	
	# check-api-server should be the right thing here, but it takes too long to come up as a health check
	# typically, oc get clusterversion is available throughout the creation of the cluster.
	
	# CLUSTERID would have been set at cluster installation and does not change so it's now in CLUSTERCONFIGFILE
	if [ -n "$CLUSTERID" ]
	then
		CLUSTERIDURL="Cluster @ Red Hat Console: <A HREF=https://console.redhat.com/openshift/details/$CLUSTERID>$CLUSTERID</A><BR><BR>"
	fi

	if [ "$1" != "noadmin" ]
	then
		ADMINISTRATORINFO="<P>Administrator: kubeadmin <BR> Password: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$(cat ${CLUSTERSETUPDIR}/auth/kubeadmin-password) <BR></P>"
	fi

	cat <<HTMLCONTENT > ${IMAGEREPO}/index.html

<HTML>
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<LINK REL="stylesheet" HREF="https://fonts.googleapis.com/css?family=Saira+Condensed">
<STYLE>
   H2 {
       font-family: 'Saira Condensed', sans-serif;
       font-size: 34px;
      }
    P {
       font-family: 'Saira Condensed', sans-serif;
       font-size: 22px;
      }
</STYLE>
</HEAD>

<BODY>

<A HREF=https://ozchamo.github.io/YAKKO/> <IMG SRC="https://ozchamo.github.io/YAKKO/yakkologo.png" height=400 ALIGN="Left" style="margin-right: 30;"> </A>
<H2>OpenShift Cluster [$CLUSTERFQDN] is available on this server:</H2>

<P>
<B>Console URL:</B> &nbsp;<A HREF="${CLUSTERWEBURL}" TARGET="_blank">${CLUSTERWEBURL}</A>
<BR>
<B>API server:</B> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;${CLUSTERAPIURL}
</P>

${ADMINISTRATORINFO}
<P>
KUBECONFIG: &nbsp;<A HREF="http://${YAKKOHOSTIP}:${WEBSERVERPORT}/kubeconfig" TARGET="_blank">http://${YAKKOHOSTIP}:${WEBSERVERPORT}/kubeconfig</A>
<BR>
${CLUSTERIDURL}
(Version: ${OCPINSTALLVERSION} &nbsp;&nbsp;Build date: $(echo "${CLUSTERCOMPLETE}" | awk '{print $4}') &nbsp;&nbsp; Hostdir: $(echo "${CLUSTERCOMPLETE}" | awk '{print $6}'))
</P>
</BODY>
</HTML>

HTMLCONTENT

}

check-cluster-state() {

	# this is the yakkodashboard! #dashboard 

	CALLPARAM=$1

	# This is only executed at the end of the process or on subsequent calls
	source ${CLUSTERCONFIGFILE}

	alert-network-dns

	# If the web console is available, offer info for it regardless of the output above
	echo -n " Please wait - checking OCP cluster console availability..."
	${WGET} -O $OCPWGETTMP ${CLUSTERWEBURL} --no-check-certificate -4 &>/dev/null
	RESULTCONSOLE=$?
	blank-line

	# VERSION 1.1 - Check virtual network status
	virsh net-list --all | grep ${NETWORKNAME} | grep " active" &>/dev/null
	if [ $? -ne 0 ]
	then
		print-in-blink "ALERT: The virtual network (${NETWORKNAME}) does not appear to be operational. Check status with 'virsh net-list --all'"
		cleanup-and-exit 1
	fi

	# VERSION 1.1 - Check HAproxy status
	systemctl status haproxy &>/dev/null
	if [ $? -ne 0 ]
	then
		print-in-blink " ALERT: HAproxy seems to be off-line. Check status with 'systemctl status haproxy'"
		cleanup-and-exit 1
	fi

	check-cluster-power exit

	echo -n " Please wait - checking OCP cluster API server availability..."
	check-api-server 
	RESULTAPISERVER=$?

	blank-line
	check-oc-credentials getstate
	if [ $RESULTAPISERVER -eq 0 -a $? -eq 0 ]
	then
		CURRENTCLUSTERVERSION=$(${OCCOMMAND} get clusterversion -o jsonpath='{.items[].status.history[].version}' 2>/dev/null)

		# if the cluster was manually "completed" CLUSTERID would have not been set. We try again...
		if [ -n "${CLUSTERID}" ]
		then
			echo " CLUSTER: ${CLUSTERFQDN}  (Built: $(echo "${CLUSTERCOMPLETE}" | awk '{print $4}'))"    
		else
			CLUSTERID=$(${OCCOMMAND} get clusterversion -o jsonpath='{.items[].spec.clusterID}')
			if [ $? -eq 0 ]
			then
				echo "CLUSTERID=${CLUSTERID}" >> ${CLUSTERCONFIGFILE}
				echo " CLUSTER: ${CLUSTERFQDN}"  #(ID: $CLUSTERID)"
			else
				echo " CLUSTER: ${CLUSTERFQDN}  (Cluster ID not available)"
			fi
		fi
		echo " YAKKOID: $YAKKOID"
		echo " VERSION: $CURRENTCLUSTERVERSION"  
		echo " @REDHAT: https://console.redhat.com/openshift/details/$CLUSTERID"
		echo " SUBNET:  ${BASENETWORK}".0
		# This from https://access.redhat.com/solutions/5542981
		echo " CERTEXP: $(get-cluster-certificate-expiry)"
	else
		echo " CLUSTER: ${CLUSTERFQDN}  (Version not available - Built: $(echo "${CLUSTERCOMPLETE}" | awk '{print $4}'))"  
		echo " YAKKOID: $YAKKOID"
		echo " SUBNET:  ${BASENETWORK}".0
		echo " CERTEXP: ${CLUSTERCERTSEXPIRY}"
	fi
	print-cluster-purpose titled

	echo
	echo "               state      "

	if [ $RESULTCONSOLE -eq 0 ] 
	then
		echo -n " Web Console:  [ "
		print-in-colour green nonewline "✔"
		echo " ]  ${CLUSTERWEBURL}"
	else
		echo -n " Web Console:  [ "
		print-in-colour red nonewline "✘"
		echo " ]"
	fi

	if [ $RESULTAPISERVER -eq 0 ] 
	then
		echo -n " API Service:  [ "
		print-in-colour green nonewline "✔"
		echo " ]  ${CLUSTERAPIURL}"
	else
		echo -n " API Service:  [ "
		print-in-colour red nonewline "✘"
		if [ "${CALLPARAM}" == "firstcall" ]
		then
			echo " ]  Some services may still be starting"
			cleanup-and-exit 1
		else
			echo -n " ]  "  
			print-in-colour red nonewline "API Server is not available, cannot continue reporting"
			echo
			cleanup-and-exit 1
		fi
	fi

	check-oc-credentials # we check again -  this time it will ask for creds as not called with 'getstate'

	# The 2>/dev/null redirect is to avoid error messages when running oc if there's pending CSRs... Nightmare!
	ACTIVEMASTERS=$(${OCCOMMAND} get nodes 2>/dev/null | grep "master-" | grep -c " Ready")
	TOTALMASTERS=$(${OCCOMMAND} get nodes 2>/dev/null | grep -c "master-")

	ACTIVENODES=$(${OCCOMMAND} get nodes 2>/dev/null | grep "node-" | grep -c " Ready" )
	TOTALNODES=$(${OCCOMMAND} get nodes 2>/dev/null | grep -c "node-")

	# The grep for "4.1" guarantees that onlu operators that are actually available are counted.
	ACTIVEOPERATORS=$(${OCCOMMAND} get co 2>/dev/null | grep "4." |  grep -v AVAILABLE | awk '{print $3}' | grep -c True)
	PROGRESSINGOPERATORS=$(${OCCOMMAND} get co 2>/dev/null | grep "4." |  grep -v AVAILABLE | awk '{print $4}' | grep -c True)
	DEGRADEDOPERATORS=$(${OCCOMMAND} get co 2>/dev/null | grep "4." |  grep -v AVAILABLE | awk '{print $5}' | grep -c True)
	TOTALOPERATORS=$(${OCCOMMAND} get co 2>/dev/null | grep -cv AVAILABLE)

	${OCCOMMAND} get nodes 2>/dev/null | grep master-0 | grep worker &>/dev/null
	[ $? -eq 0 ] && MASTERSARESCHEDULABLE="(schedulable)"

	echo
	echo " Active Masters:   ${ACTIVEMASTERS}/${TOTALMASTERS} ${MASTERSARESCHEDULABLE}"
	echo " Active Nodes:     ${ACTIVENODES}/${TOTALNODES} (workers/infra)"
	echo -n " Active Operators: ${ACTIVEOPERATORS}/${TOTALOPERATORS}"
	if [ ${DEGRADEDOPERATORS} -ne 0 -o ${PROGRESSINGOPERATORS} -ne 0 ]
	then
		echo -n " (${PROGRESSINGOPERATORS} progressing, ${DEGRADEDOPERATORS} degraded)"
	fi
	echo

	echo

	# VERSION 1.1 - Check for pending CSRs
	PENDINGCSRS=$(${OCCOMMAND} get csr 2>/dev/null | grep Pending | awk '{ print $1 }')
	if [ -n "${PENDINGCSRS}" ]
	then
		set $PENDINGCSRS
		print-in-blink " ALERT: There are [$#] Pending Certificate Signing Requests (CSRs) that need approval!"
		echo " You will need to issue 'yakko ops approvecsrs' to allow the cluster to come up."
		echo
	fi

	if [ "${YAKKOADMIN}" != "kubeadmin" ]
	then
		echo " Administrator: ${YAKKOADMIN}  (Password not available for display)"
		#generate-login-command-file ${YAKKOADMIN} 
	else
		echo " Administrator: kubeadmin"
		echo " Password:      $(cat ${CLUSTERSETUPDIR}/auth/kubeadmin-password)"
		generate-login-command-file kubeadmin 
		# And we generate a new login command for now
	fi
	echo

	echo " Registry configuration:" $(check-registry-type)
	echo

	# VERSION 1.1 - report cluster access
	if [ $HAPROXYACCESS -eq 0 ]
	then
		echo " External access: ENABLED (to change: yakko infra changeaccess)"
	else
		print-in-colour orange " External access: DISABLED - Cluster unreachable from outside the YAKKO host"
		print-in-colour orange "                             (to change: yakko infra changeaccess)"
	fi
	echo

	echo " - See yakko command usage --------> ${YAKKOSCRIPTNAME} usage"
	echo " - Make infrastructure changes ----> ${YAKKOSCRIPTNAME} infra <options>"
	echo " - Make operational changes -------> ${YAKKOSCRIPTNAME} ops <options>"
	echo " - Use OpenShift's 'oc' command ---> source ${YAKKODIRECTORY}/${OCPSETUPENV}"
	echo " - Cluster command line login -----> ${YAKKODIRECTORY}/$LOGINCOMMANDFILE"
	echo " - Basic cluster info web page ----> http://${YAKKOHOSTIP}:${WEBSERVERPORT}"
	echo " - Edit cluster purpose + notes ---> /usr/bin/vim ${YAKKODIRECTORY}/cluster-notes"
	if [ ${HAPROXYACCESS} -eq 0 -a ${USEYAKKODNSMASQ} == Y ]
	then
		echo " - Access cluster externally ------> Add [${YAKKOHOSTIP}] as a DNS server in your clients"
		echo "   (This provides an alternative for when configuring DNS in your network is not possible)"
	fi

	if [ -n "${NOTSETKUBECONFIG}" ]
	then
		echo
		print-in-colour orange " NOTE: You did not have KUBECONFIG set when you invoked YAKKO."     
		print-in-colour orange "       Remember to use 'source ${OCPSETUPENV}' or adjust your environment accordingly!"
	fi
}

build-ocp-node() {

	trap 'echo; ${FUNCNAME[1]} rollback; cleanup-and-exit 1' SIGINT

	#master example is  build-ocp-node master-X 52:00:84:12:34:56 $MASTERVCPUS $MASTERRAMSIZE $MASTERDISKSIZE master.ign

	NODEVMNAME=$1.${CLUSTERFQDN}.${YAKKOID}
	NODEHOSTNAME=$1.${CLUSTERFQDN}

	process-system-service-state start httpd exitonfail

	if [ "$2" == "auto" ]
	then
		# If $1 is not 'auto' it's because the MAC has been passed - for MASTER nodes only
		# If not, we're creating a new WORKER node, this calls for an auto mac and ip address
		NODEMACADDRESS=${BASEMACADDRESS}:${NETWORKADDRESSSLOT}

		# Update the networking tables for KVM
		# This function adds a dhcp entry in the virtual network table by inserting 
		# it in the DHCP scope XML definition and then restarting the network!
	# <host mac='${NODEMAC}' name='nodename.${CLUSTERFQDN}' ip='${NODEIP}'/>"

		HOSTDHCPENTRY="<host mac=\"${NODEMACADDRESS}\" name=\"${NODEHOSTNAME}\" ip=\"${BASENETWORK}.${NETWORKADDRESSSLOT}\"/>"
		sed -i "/<\/dhcp>/i\			${HOSTDHCPENTRY}" ${NETWORKXML}
		echo "${HOSTDHCPENTRY}" > ${DHCPXMLTMPFILE} #It's way too hard to pass this as an argument below!
		restart-virtual-network add-last ip-dhcp-host

		# while this will all be handled dynamically later on by update-haproxy-config-file
		# we must do this manually until the cluster is operational, i.e. when oc get nodes works!
		echo "Updating and restarting HAproxy"
		sed -i "/addingressrouternode80/a\    server ${NODEHOSTNAME} ${BASENETWORK}.${NETWORKADDRESSSLOT}:80 check inter 1s" ${STUBFILES}/haproxy.cfg
		sed -i "/addingressrouternode443/a\    server ${NODEHOSTNAME} ${BASENETWORK}.${NETWORKADDRESSSLOT}:443 check inter 1s" ${STUBFILES}/haproxy.cfg
		cp ${STUBFILES}/haproxy.cfg ${SYSTEMSTUBFILE_HAPROXY} 
		process-system-service-state restart haproxy exitonfail
		echo

		# Update the last mac address used in the CLUSTERCONFIGFILE 
		((NETWORKADDRESSSLOT++))
		sed -i "/NETWORKADDRESSSLOT=/c\NETWORKADDRESSSLOT=${NETWORKADDRESSSLOT}" ${CLUSTERCONFIGFILE}
	else
		NODEMACADDRESS=$2
	fi

	NODEVCPUS=$3
	NODERAMSIZE=$4
	NODEDISKSIZE=$5
	IGNITIONFILE=$6

	VNCPORT=$(($VNCPORT+1))
	sed -i "/VNCPORT=/c\VNCPORT=${VNCPORT}" ${CLUSTERCONFIGFILE}

	if [ -n "$AGENTBASEDINSTALLER" -a ${MASTERNODECOUNT} -eq 1 -a ${NODEVCPUS} -lt 8 ]  # We are on OCP 4.14 or higher AND we are using the agent based installer
	then
		print-in-colour orange "ATTENTION: Building SNO with the OpenShift Agent-Based Installer has specific requirements:"
		print-in-colour orange "           - Adjusting the vCPU count to 8 vCPUs. If required, adjust down later!"
		echo
		NODEVCPUS=8
	fi

	process-system-service-state start virtstoraged

	print-in-colour lightblue "Building OCP node: ${NODEVMNAME}"
	echo
	echo "Configuration:"
	echo "- Name: ${NODEVMNAME}"
	echo "- vCPUs: ${NODEVCPUS}"
	echo "- Memory: ${NODERAMSIZE} MiB"
	echo "- MAC address: ${NODEMACADDRESS}"
	echo "- Disk size: ${NODEDISKSIZE}" GiB
	echo "- VM file: ${OCPVMDISKDIR}/${NODEVMNAME}.qcow2"

	if [ -n "$AGENTBASEDINSTALLER" ]  # We are using the agent based installer - which only works with 'latest'
	then

		# see this note for further info on kernel args: https://access.redhat.com/solutions/7005590
		# ignition.firstboot ignition.platform.id=metal coreos.live.rootfs_url=http://example.com/path/agent.x86_64-rootfs.img
		
		#THE BELOW ATTEMPTS TO BUILD IMAGES WITH PXE BOOT AND AGENT, BUT ALWAYS FAILS WITH THIS IN CONSOLE OF VM:
		#openshift install ignition: no config provided by user
		#virt-install \
		#	--name ${NODEVMNAME} \
		#	--memory=${NODERAMSIZE},maxmemory=$((${NODERAMSIZE} + ${MAXMEMBALOONSIZE})) \
		#	--vcpus ${NODEVCPUS} \
		#	--cpu host,+vmx \
		#	--disk path=${OCPVMDISKDIR}/${NODEVMNAME}.qcow2,size=${NODEDISKSIZE},bus=virtio,format=qcow2 \
		#	--install kernel=${WEBSERVERURL}/${OCPINSTALLVERSION}/agent.x86_64-vmlinuz,initrd=${WEBSERVERURL}/${OCPINSTALLVERSION}/agent.x86_64-initrd.img,kernel_args_overwrite=yes,kernel_args="coreos.inst.install_dev=/dev/vda coreos.live.rootfs_url=${WEBSERVERURL}/${OCPINSTALLVERSION}/agent.x86_64-rootfs.img coreos.inst.insecure ip=dhcp rd.neednet=1 ignition.firstboot ignition.platform.id=metal" \
		#	--os-variant=rhel9-unknown \
		#	--graphics vnc,port=${VNCPORT}  \
		#	--network network=${NETWORKNAME},mac=${NODEMACADDRESS}  \
		#	--noautoconsole --wait -1 \
		#	--metadata description="YAKKODIRECTORY=${YAKKODIRECTORY}
#CLUSTERFQDN=$CLUSTERFQDN
#BASENETWORK=$BASENETWORK" 

		#EXCLUDING THIS FOR NOW
		#--cdrom ${IMAGEREPO}/${OCPINSTALLVERSION}/agent.x86_64.iso \
		virt-install \
			--name ${NODEVMNAME} \
			--memory=${NODERAMSIZE},maxmemory=$((${NODERAMSIZE} + ${MAXMEMBALOONSIZE})) \
			--vcpus ${NODEVCPUS} \
			--cpu host,+vmx \
			--disk path=${OCPVMDISKDIR}/${NODEVMNAME}.qcow2,size=${NODEDISKSIZE},bus=virtio,format=qcow2 \
			--os-variant=rhel9-unknown \
			--graphics vnc,port=${VNCPORT}  \
			--network network=${NETWORKNAME},mac=${NODEMACADDRESS}  \
			--noautoconsole \
			--wait -1 \
			--metadata description="YAKKODIRECTORY=${YAKKODIRECTORY}
CLUSTERFQDN=$CLUSTERFQDN
BASENETWORK=$BASENETWORK" \
			--print-xml > ${OCPVMDISKDIR}/${NODEVMNAME}.xml
		BUILDOCPNODERESULT=$?
		check-for-error-and-print $BUILDOCPNODERESULT "Could not build XML definition of host ${NODEVMNAME}"
		[ $BUILDOCPNODERESULT -ne 0 ] && return $BUILDOCPNODERESULT

		virsh define ${OCPVMDISKDIR}/${NODEVMNAME}.xml
		BUILDOCPNODERESULT=$?
		check-for-error-and-print $BUILDOCPNODERESULT "Could not define host ${NODEVMNAME} from XML ${OCPVMDISKDIR}/${NODEVMNAME}.xml"
		[ $BUILDOCPNODERESULT -ne 0 ] && return $BUILDOCPNODERESULT

		virt-xml ${NODEVMNAME} --add-device --disk=${IMAGEREPO}/${OCPINSTALLVERSION}/agent.x86_64.iso,device=cdrom,target.dev=sdc --quiet
		BUILDOCPNODERESULT=$?
		check-for-error-and-print $BUILDOCPNODERESULT "Could not attach ISO image to host ${NODEVMNAME}"
		[ $BUILDOCPNODERESULT -ne 0 ] && return $BUILDOCPNODERESULT

		virt-xml ${NODEVMNAME} --edit target=vda --disk="boot_order=1" --quiet

		echo "Starting up node ${NODEVMNAME}..."
		virt-xml ${NODEVMNAME} --edit target=sdc --disk="boot_order=2" --start  --quiet
		BUILDOCPNODERESULT=$?
		check-for-error-and-print $BUILDOCPNODERESULT "Failed to boot node ${NODEVMNAME}"
		[ $BUILDOCPNODERESULT -ne 0 ] && return $BUILDOCPNODERESULT

		echo

	elif [ "${OCPINSTALLMINORVERSION}" -ge 6 ]  # We are on OCP 4.6 or higher
	then
		virt-install \
			--memory=${NODERAMSIZE},maxmemory=$((${NODERAMSIZE} + ${MAXMEMBALOONSIZE})) \
			--vcpus ${NODEVCPUS} \
			--cpu host,+vmx \
			--disk path=${OCPVMDISKDIR}/${NODEVMNAME}.qcow2,size=${NODEDISKSIZE},bus=virtio,format=qcow2 \
			--install kernel=${WEBSERVERURL}/${OCPINSTALLVERSION}/rhcos-live-kernel-x86_64,initrd=${WEBSERVERURL}/${OCPINSTALLVERSION}/rhcos-live-initramfs.x86_64.img,kernel_args_overwrite=yes,kernel_args="coreos.inst=yes coreos.inst.install_dev=vda coreos.live.rootfs_url=${WEBSERVERURL}/${OCPINSTALLVERSION}/rhcos-live-rootfs.x86_64.img coreos.inst.image_url=${WEBSERVERURL}/${OCPINSTALLVERSION}/rhcos-metal.x86_64.raw.gz coreos.inst.ignition_url=${WEBSERVERURL}/${IGNITIONFILE} coreos.inst.insecure ip=dhcp rd.neednet=1" \
			--os-variant=rhel8-unknown \
			--graphics vnc,port=${VNCPORT}  \
			--network network=${NETWORKNAME},mac=${NODEMACADDRESS}  \
			--noautoconsole --wait -1 \
			--metadata description="YAKKODIRECTORY=${YAKKODIRECTORY}
CLUSTERFQDN=$CLUSTERFQDN
BASENETWORK=$BASENETWORK" \
			--name ${NODEVMNAME}
		BUILDOCPNODERESULT=$?
	elif [ "${OCPINSTALLMINORVERSION}" -ge 3 ]
	then
		virt-install \
			--memory=${NODERAMSIZE},maxmemory=$((${NODERAMSIZE} + ${MAXMEMBALOONSIZE})) \
			--vcpus ${NODEVCPUS} \
			--cpu host \
			--disk path=${OCPVMDISKDIR}/${NODEVMNAME}.qcow2,size=${NODEDISKSIZE},bus=virtio,format=qcow2 \
			--install kernel=${WEBSERVERURL}/${OCPINSTALLVERSION}/rhcos-installer-kernel-x86_64,initrd=${WEBSERVERURL}/${OCPINSTALLVERSION}/rhcos-installer-initramfs.x86_64.img,kernel_args_overwrite=yes,kernel_args="coreos.inst=yes coreos.inst.install_dev=vda coreos.inst.image_url=${WEBSERVERURL}/${OCPINSTALLVERSION}/rhcos-metal.x86_64.raw.gz coreos.inst.ignition_url=${WEBSERVERURL}/${IGNITIONFILE} ip=dhcp rd.neednet=1" \
			--os-variant=rhel8-unknown \
			--graphics vnc,port=${VNCPORT} \
			--network network=${NETWORKNAME},mac=${NODEMACADDRESS}  \
			--noautoconsole --wait -1 \
			--metadata description="YAKKODIRECTORY=${YAKKODIRECTORY}
CLUSTERFQDN=$CLUSTERFQDN
BASENETWORK=$BASENETWORK" \
			--name ${NODEVMNAME}
		BUILDOCPNODERESULT=$?
	else
		virt-install \
			--memory=${NODERAMSIZE},maxmemory=$((${NODERAMSIZE} + ${MAXMEMBALOONSIZE})) \
			--vcpus ${NODEVCPUS} \
			--cpu host \
			--disk path=${OCPVMDISKDIR}/${NODEVMNAME}.qcow2,size=${NODEDISKSIZE},bus=virtio,format=qcow2 \
			--install kernel=${WEBSERVERURL}/${OCPINSTALLVERSION}/rhcos-${RHCOSVERSION}-x86_64-installer-kernel,initrd=${WEBSERVERURL}/${OCPINSTALLVERSION}/rhcos-${RHCOSVERSION}-x86_64-installer-initramfs.img,kernel_args_overwrite=yes,kernel_args="coreos.inst=yes coreos.inst.install_dev=vda coreos.inst.image_url=${WEBSERVERURL}/${OCPINSTALLVERSION}/rhcos-${RHCOSVERSION}-x86_64-metal-bios.raw.gz coreos.inst.ignition_url=${WEBSERVERURL}/${IGNITIONFILE} ip=dhcp rd.neednet=1" \
			--os-variant=rhel8-unknown \
			--graphics vnc,port=${VNCPORT} \
			--network network=${NETWORKNAME},mac=${NODEMACADDRESS}  \
			--noautoconsole --wait -1 \
			--metadata description="YAKKODIRECTORY=${YAKKODIRECTORY}
CLUSTERFQDN=$CLUSTERFQDN
BASENETWORK=$BASENETWORK" \
			--name ${NODEVMNAME}
		BUILDOCPNODERESULT=$?
	fi

	# We clear any old entries in known hosts so that user sees no nasty security business
	sed -i "/${NODEHOSTNAME}/d" /root/.ssh/known_hosts &>/dev/null

	return $BUILDOCPNODERESULT
}

csr-approval() {

	# $1 start/stop 
	# $2 number of nodes we are waiting for
	# this changes depending on wheter we are building an entire cluster or just adding nodes

	if [ $1 == "start" -a $CSRAPPROVALPID -eq 0 ]
	then
		echo "CSR approval task will run in the background and will exit automatically on stage completion."
		echo

		TIMEOUTANDEXIT=$(($2 * ${ADDNODETIMEOUT}))

		# running oc here is a little trickier as this gets forked off, so we test for it before
		[ -x ${OCCOMMAND} ] 
		check-for-error-and-exit $? "Cannot process CSRs as this stage cannot execute command ${OCPINSTALLSOURCE}/oc"

		# This runs in the backgound approving certificates as they come...
		{
			#trap "echo 'Certificate Approval (oc get csr) stopped.'; cleanup-and-exit" SIGTERM
			trap 'cleanup-and-exit 0' SIGTERM # As this takes a while to work, it messages out of sync so... no message!
	
			while true 
			do
				${OCCOMMAND} get csr 2>/dev/null | grep Pending | awk '{ print $1 }' | xargs ${OCCOMMAND} adm certificate approve &>/dev/null
	
				sleep 10
	
				# Insurance policy should parent die...
				TIMEOUTANDEXIT=$((${TIMEOUTANDEXIT} - 15))
				[ ${TIMEOUTANDEXIT} -le 0 ] && exit
			done
		} &
		CSRAPPROVALPID=$!
	fi

	if [ $1 == "stop" ]
	then
		if [  $CSRAPPROVALPID -ne 0 ]
		then
			echo "Terminating automated CSR approval process..."
			kill -s SIGTERM $CSRAPPROVALPID &>/dev/null
			CSRAPPROVALPID=0
		fi
	fi
}

yakko-backup() {

	# NOTE: THIS CALL UPDATES THIS FILE WITH sed -i for VERSION
	# Tread carefully

	# A small developer backdoor...
	# Too lazy to push to git all the time
	# $2 creates a message that accompanies the backup... Like commit -m ;)
	#
	bash -n $0
	if [ $? -ne 0 ]
	then
		cleanup-and-exit "Cannot backup - bash -n did not pass syntax check"
	fi

	shift # get rid of backup parameter

	BACKUPDATE=$(date +%Y%m%d.%H%M)
	BACKUPFILE=${YAKKOSCRIPTNAME}.$BACKUPDATE
	BACKUPMSG="$*"

	# This is the first thing that can be called so don't have much info
	cd ${YAKKODIRECTORY}
	
	if [ -r .yakkohome -a -r .yakkobackups ]
	then
		echo
		print-in-colour green "Backing up yakko code"
		echo
		echo "Total code lines (exc. comments and blanks): " $(cat yakko | grep -v "^$" | grep -cv "^	*#")
		[ -r "$YAKKOTALLY" ] && echo "Clusters built on this host: $(cat "$YAKKOTALLY" | wc -l)"
		echo

		# If there is a message attached, construe this as an updated version!
		if [ -n "$BACKUPMSG" ]
		then
			echo "Yakko version is $YAKKOVERSION."
			cp ${YAKKOEXECUTABLE} /tmp/yakko.tmp.$BACKUPDATE

			MINORRELEASE="$(echo $YAKKOVERSION | cut -f2 -d.)"
			NEWMINOR=$((MINORRELEASE + 1))
			NEWVERSION="$(echo $YAKKOVERSION | cut -f1 -d.)".$NEWMINOR

			echo
			ask-user "Update NEW RELEASE version to [$NEWVERSION]" Y
			if [ $? -ne 0 ]
			then
				echo -n "Enter version number to stamp to this release [${YAKKOVERSION}]: "
				read RESPONSE
				if [ -n "${RESPONSE}" ]
				then
					NEWVERSION=${RESPONSE}
				else
					NEWVERSION=${YAKKOVERSION}
				fi
			fi

			sed -i "s/YAKKODATE=${YAKKODATE}/YAKKODATE=${BACKUPDATE}/" ${YAKKOEXECUTABLE}
			echo "Version: DATE stamp updated to [${BACKUPDATE}]"
			echo

			PUSHOPTION=N
			if [ "${NEWVERSION}" != "${YAKKOVERSION}" ]
			then
				PUSHOPTION=Y
				sed -i "s/YAKKOVERSION=${YAKKOVERSION}/YAKKOVERSION=${NEWVERSION}/" ${YAKKOEXECUTABLE}
				echo "Version: VERSION stamp updated to [${NEWVERSION}]"
			fi

			ask-user "Commit new version to GITHUB" ${PUSHOPTION}

			if [ $? -eq 0 ]
			then
				# We change the README.md file
				sed -i "/## CURRENT VERSION/c\## CURRENT VERSION: ${NEWVERSION} (${BACKUPDATE})" README.md

				# We add changes
				git add yakko README.md YAKKO-architecture.png
				echo "'git add' exited with code [$?]"
				echo

				# We commit them with the same message
				ask-user "Ready to commit? [Y]" Y
				if [ $? -eq 0 ]
				then
					git commit -m "${BACKUPMSG}"
				else
					echo "OK, exiting - did not commit!"
					echo
					exit
				fi

				# We push
				echo
				echo "Git PWD: $GCLAVE"
				ask-user "Ready to push? [Y]" Y
				if [ $? -eq 0 ]
				then
					git push -f origin master
					check-for-error-and-exit $? "Aborting, could not push!"
				else
					echo "OK, exiting - did not push!"
					echo
					exit
				fi

				# We tag
				echo
				ask-user "Ready to tag? [Y]" Y
				if [ $? -eq 0 ]
				then
					git tag "v${NEWVERSION}"
					git push --tags
				else
					echo "OK, exiting - did not tag!"
					echo
					exit
				fi

			fi
		fi

		while read -r YBD
		do
			if [ ! -d "$YBD" ]
			then
				mkdir /YAKKO-BACKUPS &>/dev/null
				cp ${YAKKOEXECUTABLE} /YAKKO-BACKUPS/${BACKUPFILE}
				echo
				echo "ERROR: [$YBD] cannot be written to for backup."
				echo "NOTE: A backup has been made in root directory (/YAKKO-BACKUPS)"
				echo
				break
			fi
				
			cp ${YAKKOEXECUTABLE} $YBD/${BACKUPFILE}
			cp ${YAKKOEXECUTABLE} $YBD/${YAKKOSCRIPTNAME} # This will always be the latest. ln does not work on VFAT ;)

			if [ -n "$BACKUPMSG" ]
			then
				echo $BACKUPMSG > $YBD/${BACKUPFILE}.txt
			fi
	
			echo "Backed up current ${YAKKONAME} as ${YBD}/${BACKUPFILE}"
		done < .yakkobackups
	else
		echo "Cannot backup because .yakkobackups is not defined"
		echo "Just drop a directory in that filename and yakko will back itself up in there!"
	fi

	cleanup-and-exit

}

set-cluster-purpose-and-notes() {

	if [ -n "$CLUSTERPURPOSE" ]
	then
		echo "$CLUSTERPURPOSE" > $CLUSTERNOTES
		echo "--" >> $CLUSTERNOTES
		[ -z "$ADDITIONALCLUSTERNOTES" ] && {
			echo "# The above section is printed in the normal ${YAKKONAME} report. You can change it here if you wish." >> $CLUSTERNOTES
			echo "# The below section is for user edited notes. Use as desired." >> $CLUSTERNOTES
		}
		if [ "$1" != quiet ] 
		then
			echo
			echo "Writing cluster purpose as:"
			echo \""$CLUSTERPURPOSE"\"
			echo "You can change this later by editing the file '$CLUSTERNOTES'"
			echo "$ADDITIONALCLUSTERNOTES" >> $CLUSTERNOTES
		fi
	fi
}

print-cluster-purpose() {

	# this takes the $CLUSTERNOTES file as input and nicely displays the top before --
	# $1 = titled adds the word PURPOSE for cluster reporting purposes, with indent

	if [ -r $CLUSTERNOTES ] 
	then
		if [ "$1" == titled ] 
		then
			cat $YAKKODIRECTORY/$CLUSTERNOTES | sed '/--/,$ d' | sed '/^ *$/d' | fold -w 65 -s | sed '1 s/^/ PURPOSE: /' | sed  '2,$ s/^/          /'
		else 
			cat $YAKKODIRECTORY/$CLUSTERNOTES | sed '/--/,$ d' | sed '/^ *$/d' 
		fi
	fi
}

print-option-header() {

	# $1 reads 'infra' or 'ops'
	# Maybe we redecorate on this later but placeholder in place
	if [ "$1" == "infra" ]
	then
		HEADERCATEGORY="INFRA:"
	elif [ "$1" == "ops" ]
	then
		HEADERCATEGORY="OPS:"
	else
		HEADERCATEGORY=""
	fi

	shift

	#echo
	print-in-colour lightblue "$HEADERCATEGORY $*"
	echo
}

get-cluster-configuration() {

	MASTERCOUNTCONFIG=$(virsh list --all | grep "${YAKKOID}" | grep -c master-)
	WORKERCOUNTCONFIG=$(virsh list --all | grep "${YAKKOID}" | grep -c node-)
	[ ${MASTERCOUNTCONFIG} -eq 1 ] && CLUSTERSHAPE="1 master" || CLUSTERSHAPE="3 masters"
	[ ${WORKERCOUNTCONFIG} -eq 1 ] && CLUSTERSHAPE="${CLUSTERSHAPE} + 1 infra/worker node" || CLUSTERSHAPE="${CLUSTERSHAPE} + ${WORKERCOUNTCONFIG} infra/worker nodes"

	if [ -z "${WORKERCOUNTCONFIG}" ]
	then
		WORKERCOUNTCONFIG=0
	fi

	if [ $1 == "print" ]
	then
		echo " CLUSTER: ${CLUSTERFQDN} (Built: $(echo "${CLUSTERCOMPLETE}" | awk '{print $4}'))"
		echo " YAKKOID: $YAKKOID"
		echo " CONFIG:  ${CLUSTERSHAPE} (${MASTERCOUNTCONFIG} + ${WORKERCOUNTCONFIG})"
		echo " SUBNET:  ${BASENETWORK}"
		echo " CERTEXP: ${CLUSTERCERTSEXPIRY}"
		echo " @REDHAT: https://console.redhat.com/openshift/details/${CLUSTERID}"

		print-cluster-purpose titled
	else
		echo "${MASTERCOUNTCONFIG} ${WORKERCOUNTCONFIG}"
	fi
}

start-virtual-network() {

	# virsh net-start is finicky - if you try to start an active network it retuns 0
	# so this workaround is more telling
	#
	if [ "$1" == "define" ]
	then
		# We redefine the network, super clean! This is at cluster boot for example
		virsh net-define --file $NETWORKXML &>/dev/null
		check-for-error-and-exit $? "Could not define virtual network at $NETWORKXML. Check 'virsh net-list --all'"
	fi
	process-system-service-state restart virtnetworkd exitonfail quiet
	virsh net-start ${NETWORKNAME} 2>&1 | grep -E 'started|already active' &>/dev/null
	check-for-error-and-exit $? "Virtual network [${NETWORKNAME}] used by the cluster could not be activated"
}

stop-virtual-network() {

	# stop and possibly undefine virtual network (any and all! V8.01)
	
	for EACHVIRTUALNETWORK in $(virsh net-list --all --name  | grep yakko)
	do
		virsh net-destroy ${EACHVIRTUALNETWORK} &>/dev/null

		if [ "$1" == "undefine" ]
		then
			virsh net-undefine ${EACHVIRTUALNETWORK} &>/dev/null
		fi
	done
}

restart-virtual-network() {

	# call simply with restart params
	# this is an attempt to avoid
	# error: Failed to update network net-yakko-testcluster
	# error: internal error: Failed to apply firewall rules /usr/sbin/iptables -w --table filter 
	# --insert LIBVIRT_INP --in-interface virbrocp --protocol tcp --destination-port 67 --jump ACCEPT: iptables: No chain/target/match by that name.

	echo "Restarting virtual network"

	if [ $# -eq 0 ]
	then
		stop-virtual-network
		sleep 1
		start-virtual-network
	else
		virsh net-update ${NETWORKNAME} $* ${DHCPXMLTMPFILE} --live --config #&>/dev/null
		if [ $? -ne 0 ]
		then
			process-system-service-state restart virtqemud exitonfail quiet
			process-system-service-state restart virtnetworkd exitonfail quiet
			virsh net-update ${NETWORKNAME} $* ${DHCPXMLTMPFILE} --live --config #&>/dev/null
			check-for-error-and-exit $? "Could not restart the virtual network - with libvirt restart attempted!"
		fi
		rm ${DHCPXMLTMPFILE}
	fi
}

check-api-server() {

	# $1 can be 'exit' so that we exit immediately if no api server appears present
	
	# the api server can fail in two ways:
	# the URL is not responding (code > 0)
	# the URL responds and has string "healthz check failed" or "status": "Failure"

	# CURL will return 0 if it was able to download the URL, BUT that's not the outcome
	RESULTAPISTRING=$(curl -k -s "https://api.${CLUSTERFQDN}:6443/healthz" 2>/dev/null) 
	RESULTAPICHECK=$?
	if [ $RESULTAPICHECK -eq 0 ]
	then
		echo ${RESULTAPISTRING} | grep -e "failed" -e "Failure" &>/dev/null
		if [ $? -eq 0 ]
		then
			RESULTAPICHECK=1
		else 
			RESULTAPICHECK=0
		fi
	elif [ "$1" == "exit" ]
	then
			cleanup-and-exit "$RESULTAPICHECK" red "The OpenShift API server is not available (either partially or fully). Cannot continue."
	fi
	return $RESULTAPICHECK
}
	
check-cluster-power() {

	#check-cluster-power

	DOEXIT=$1  #blank or "exit"

	MASTERNODECOUNT=$(virsh list --all | grep "master-" | grep -c ${YAKKOID}) # This value should exist in .lastclusterbuild, but nevertheless
	if [ "${MASTERNODECOUNT}" -eq 0 ]
	then
		print-in-colour red "ERROR: Something went wrong, there are no masters detected! (see virsh list --all)"
		cleanup-and-exit 1
	fi

	MASTERUPCOUNT=$(virsh list --all | grep "master-" | grep running | grep -c ${YAKKOID})
	MASTERSUSPENDEDCOUNT=$(virsh list --all | grep "master-" | grep pause | grep -c ${YAKKOID})

	if [ ${MASTERSUSPENDEDCOUNT} -eq ${MASTERNODECOUNT} ]
	then
		if [ "$DOEXIT" == "exit" ]
		then
			get-cluster-configuration print
			cleanup-and-exit 1 orange " This cluster is currently SUSPENDED: run 'yakko startcluster'"
		fi

		return 5 #  The masters are suspended (note that this is not granular enough, but c'mon)
	fi

	if [ ${MASTERUPCOUNT} -eq 0 ]
	then
		if [ "$DOEXIT" == "exit" ]
		then
			get-cluster-configuration print
			cleanup-and-exit 1 orange " This cluster is currently SHUTDOWN: run 'yakko startcluster'"
		fi

		return 4 # Special case - the cluster is SHUTDOWN!
	fi

	return 0 # The cluster is powered up
}

check-oc-credentials() {

	# $1 = getstate means we do not bomb out and we don't check, only used when checking cluster state
	if [ "$1" == "getstate" ]
	then
		GETSTATE=Y
	else
		GETSTATE=N
	fi

	[ "${LOGINFILEHASPASSWORD}" -eq 0 ] &&
		source ${YAKKODIRECTORY}/${LOGINCOMMANDFILE} &>/dev/null

	# There are four possibilities:
	# 1. API server is working well and returns who you are
	# 2. API server is working well and you are not logged in
	# 3. API server is not working...
	# 4. oc version 4.14+ seems to require a Username: if not logged on - go figure
	# unfortunately, all fails return 1
	echo | ${OCCOMMAND} whoami &>/dev/null
	if [ $? -eq 1 ]
	then
		OCPUSER=unknown
	else
		OCPUSER=$(${OCCOMMAND} whoami 2>/dev/null)
	fi

	echo " system:admin kube:admin ${YAKKOADMIN} " | grep "${OCPUSER}" &>/dev/null
	CREDRESULT=$?

	[ $GETSTATE == Y ] && return $CREDRESULT # we are just returning the state
	
	if [ $CREDRESULT -ne 0 ]
	then
		echo
		print-in-colour orange " Current credentials do not allow reporting."
		echo
		echo -n " Enter password for user '${YAKKOADMIN}': "
		read -s RESPONSE
		echo
		[ -n "${RESPONSE}" ] && YAKKOADMINPASSWORD=${RESPONSE}
		${OCCOMMAND} login -u ${YAKKOADMIN} -p ${YAKKOADMINPASSWORD} ${CLUSTERAPIURL} &>/dev/null
		if [ $? -ne 0 ]
		then
			cleanup-and-exit 1 white "Login failed"
		fi
	fi
}

check-oc-credentials-and-state() {

	check-api-server exit
	check-cluster-power exit
	check-oc-credentials 
}

check-if-yakko-running() {

	# If YAKKO is already running, we block this run. Don't want to clobber an install...
	# except for the stray timeouts with addnode...
	MAINYAKKOPID=$BASHPID
	OTHERYAKKOPID=$(THISYAKKOPID=$BASHPID;pgrep yakko | grep -v "PID\|$MAINYAKKOPID\|$THISYAKKOPID" | tr '\n' ' ')
	if [ -n "$OTHERYAKKOPID" ]
	then
		if [ ${DELETECLUSTERMODE} -eq 0 ]
		then
			# Killing any remaining instances of yakko such as csr approvals
			kill -9 ${OTHERYAKKOPID} >/dev/null
		fi

		check-for-error-and-exit 1 "It appears that 'yakko' is already running - see PID [ $OTHERYAKKOPID]"
	fi

}

check-if-another-yakko-cluster-running() {

	virsh list &>/dev/null
	check-for-error-and-exit $? "Cannot communicate to the hypervisor via virsh.\n   Although restarting libvirtd may clear the error, a reboot may be required"

	if [ -z "${CLUSTERFQDN}" ]
	then
		# We are starting a new cluster so we need to lookout that this is not yet set
		CLUSTERFQDN="CLUSTERNAMENOTSET" # This is a 'whatever' string 
	fi

	RUNNINGCLUSTER=$(virsh list | grep master-0 | grep -v ${YAKKOID} | awk '{print $2}')
	[ -n "${RUNNINGCLUSTER}" ] && {
		
		if [ ${CLUSTERFQDN} == "CLUSTERNAMENOTSET" ]
		then
			echo " You cannot install a new cluster when another cluster is running."
			echo
		else
			get-cluster-configuration print
		fi

		OTHERCLUSTERDIR=$(virsh desc ${RUNNINGCLUSTER} | grep YAKKODIRECTORY=  | cut -f2 -d=)
		OTHERCLUSTERID=$(echo ${RUNNINGCLUSTER}  | cut -f4 -d.)
		OTHERCLUSTERID=${RUNNINGCLUSTER##*.}

		# This is just a small precaution should the above fail
		echo
		if [ -z "${OTHERCLUSTERDIR}" ]
		then
			print-in-colour orange " OpenShift cluster [$(echo ${RUNNINGCLUSTER} | cut -f2,3 -d .)] with ID [${OTHERCLUSTERID}] is running on this host"
		else
			print-in-colour orange " OpenShift cluster [$(echo ${RUNNINGCLUSTER} | cut -f2,3 -d .)] with ID [${OTHERCLUSTERID}] is running on this host, installed at [${OTHERCLUSTERDIR}]"
		fi
		
		echo
		echo " You can only one run cluster at a time!" 

		cleanup-and-exit 1
	}	
}

restore-stubfiles() {
	[ -r ${STUBFILES}/resolved.conf ] && cp ${STUBFILES}/resolved.conf ${SYSTEMSTUBFILE_RESOLVED}
	# We need to take into account that the main IP address may have changed
	[ ${USEYAKKODNSMASQ} == Y ] && {
		update-dnsmasq-config-file ${HAPROXYACCESS} # This is painful but we must rebuild the dnsmasq file on the fly
		cp ${STUBFILES}/NetworkManager.conf ${SYSTEMSTUBFILE_NETWORKMANAGER}
	}
	cp ${STUBFILES}/haproxy.cfg ${SYSTEMSTUBFILE_HAPROXY}
	cp ${STUBFILES}/httpd.conf ${SYSTEMSTUBFILE_HTTPD}
}

remove-stubfiles() {

	# This routine deletes all current stub files
	# Additionally, a virtual network config file could linger at /etc/libvirt/qemu/networks 

	rm /etc/NetworkManager/dnsmasq.d/yakko-* &>/dev/null
	rm /etc/NetworkManager/conf.d/yakko-* &>/dev/null
	rm /etc/systemd/resolved.conf.d/yakko-* &>/dev/null
	rm /etc/haproxy/conf.d/yakko-* &>/dev/null
	rm /etc/httpd/conf.d/yakko-* &>/dev/null
}

update-services() {

	# $1 is one of [ start | stop | restart | refresh ]

	SERVICESMODE=$1

	if [ $SERVICESMODE == "start" ]
	then
		print-in-colour white "Starting ${YAKKONAME} supporting services:"
		echo

		echo "- Inserting stub files for ${YAKKONAME} services into system..."
		restore-stubfiles
		echo

		echo "- Starting virtual network..."
		start-virtual-network define
		echo

		echo "- Re/starting virtqemud service..."
		process-system-service-state restart virtqemud exitonfail
		echo

		if [ -f ${SYSTEMSTUBFILE_RESOLVED} ]
		then
			echo "- Starting systemd-resolved service..."
			process-system-service-state restart systemd-resolved quietfast
			echo
		fi

		echo "- Re/starting NetworkManager service and testing..."
		process-system-service-state restart NetworkManager quietfast

		WAITTIME=30
		while true
		do
			sleep 1
			ping -c 1 ${YAKKOHOSTIP} &>/dev/null && break
			((WAITTIME--))
			[ $WAITTIME -eq 0 ] && {
				echo
				print-in-colour red "Timed out waiting for main interface to come UP. Exiting."
				cleanup-and-exit 1
			}
		done
		echo

		echo "- Starting HAproxy service..."
		process-system-service-state restart haproxy quietfast
		echo

		echo "- Re/starting HTTPD service..."
		process-system-service-state restart httpd quietfast

		compose-html-cluster-report
		#check-for-error-and-exit $? "Could not start HTTPD service"
		echo

		sleep 2

		print-in-colour green "All services started. Some operators may take a while to become fully available."
	fi

	if [ $SERVICESMODE == "stop" ]
	then
		echo
		print-in-colour white "Stopping ${YAKKONAME} supporting services:"
		echo

		echo "- Removing stub files for ${YAKKONAME} services from system..."
		remove-stubfiles
		echo

		echo "- Stopping HAproxy service..."
		systemctl stop haproxy
		echo

		if [ -f ${SYSTEMSTUBFILE_RESOLVED} ]
		then
			echo "- Re/starting systemd-resolved service..."
			process-system-service-state restart systemd-resolved quiet
			echo
		fi

		echo "- Restarting NetworkManager service..."
		process-system-service-state restart NetworkManager quietfast
		echo

		echo "- Restarting HTTPD service without port :${WEBSERVERPORT}..." 
		process-system-service-state restart httpd quietfast
		echo

		echo "- Stopping virtual network..."
		stop-virtual-network undefine
		echo

		echo "- Restarting virtqemud service..."
		process-system-service-state restart virtqemud exitonfail

		echo
		print-in-colour orange "All supporting services retired/stopped. "
		sleep 2
	fi

	if [ $SERVICESMODE == "restart" ]
	then
		# There is no need to test if IP address has changed because it's always
		# checked in advance of getting here
		update-services stop
		echo
		update-services start
	fi

	if [ $SERVICESMODE == "refresh" ]
	then
		# This is experimental, it doesn't restart everything when a change of network is detected
		# it only updates the dnsmasq conf

		[ ${USEYAKKODNSMASQ} == Y ] && {
			update-dnsmasq-config-file ${HAPROXYACCESS} # This is painful but we must rebuild the dnsmasq file on the fly
			process-system-service-state restart NetworkManager quietfast
			sleep 5
		}
	fi
}

check-system-core-count() {

	# This deposits the actual CORE count in TOTALCORES
	# Not run at the beginning because we often want to check and advertise constraint
	#
	local LINENOTE=$1

	which lscpu &>/dev/null
	if [ $? -eq 0 ]
	then
		TOTALCORES=$(( $(lscpu | grep "Core(s)" | awk '{print $4}') * $(lscpu | grep "Socket(s)" | awk '{print $2}') ))
	else
		TOTALCORES=4
	fi

	if [ $TOTALCORES -lt $RECOMMENDEDCORECOUNT ] 
	then
		print-in-colour orange $LINENOTE "Your system may be underpowered ($TOTALCORES cores) to run this configuration."
		return 1
	else 
		return 0
	fi

}

purge-downloads() {

	# At this point, CLUSTERCONFIGFILE is not loaded so we do that to avoid deleting the current image
	[ -r ${CLUSTERCONFIGFILE} ] && source ${CLUSTERCONFIGFILE}

	if [ -z "${OCPINSTALLVERSION}" ]
	then 
		VERSIONINUSE="NONE"
	else 
		VERSIONINUSE=${OCPINSTALLVERSION}
	fi

	OCPDOWNLOADS=$(ls -c ${IMAGEREPO} 2>/dev/null | grep "^[4-5]" | grep -v ${VERSIONINUSE}  2>/dev/null)

	if  [ -z "${OCPDOWNLOADS}" ]
	then
		echo "There are no downloaded OCP images available for purging."
		if [ ${VERSIONINUSE} != "NONE" ]
		then
			echo "${OCPINSTALLVERSION} is currently in use and thus cannot be deleted."
		fi
		echo
	else
		echo "The following unused images presently reside on disk:" 

		for OCPDOWNLOADIMAGES in ${OCPDOWNLOADS}
		do
			echo ${OCPDOWNLOADIMAGES}: $(du -hs ${IMAGEREPO}/${OCPDOWNLOADIMAGES} 2>/dev/null | awk '{ print $1 }')
		done
		echo

		ask-user "Delete OCP images listed" Y
		if [ $? -eq 0 ]
		then
			cd ${IMAGEREPO}
			if [ ${PWD} == ${IMAGEREPO} ]
			then
				# The above check is to ENSURE we don't blow up the wrong thing. Past learnings :)
				for OCPDOWNLOADIMAGES in ${OCPDOWNLOADS}
				do
					echo Deleting ${OCPDOWNLOADIMAGES} 
					do-remove-directory ${OCPDOWNLOADIMAGES}
				done
				echo Done!
			fi
			cd ${YAKKODIRECTORY}
		fi
	fi
}

check-registry-type() {

	# This little function checks whether a NFS registry is active or a local registry is active...
	REGISTRYPOD=$(${OCCOMMAND} get pods -n openshift-image-registry 2>/dev/null | grep image-registry | grep -v operator | grep Running | awk '{print $1}')

	if [ -z "${REGISTRYPOD}" ]
	then
		echo none # there is no pod, so it's unmanaged
	else
		${OCCOMMAND} -n openshift-image-registry rsh ${REGISTRYPOD} mount 2>/dev/null | grep registry | grep nfs &>/dev/null
		if [ $? -eq 0 ]
		then 
			echo nfs 
		else
			echo local 
		fi
	fi
}

check-oauth-httpasswd-type() {

	# This little function sets the OAUTHTYPE and returns 0 if its htpasswd and 1 if not
	OAUTHTYPE=$(${OCCOMMAND} get OAuth -o jsonpath="{.items[].spec.identityProviders[].type}" 2>/dev/null)

	if [ "$OAUTHTYPE" == "HTPasswd" ]
	then
		return 0
	else 
		return 1
	fi
}

create-nfs-pvc() {

	# This routine handles the test and creation of a NFS mountpoint to hand to OpenShift
	# https://docs.openshift.com/container-platform/4.9/storage/understanding-persistent-storage.html
	
	NFSNAME=$1
	NFSSERVER=$2
	NFSSHARE=$3
	NAMESPACE=$4
	PVCSIZE=$5

	# We test that the share is there and has the right permissions
	# eg /mnt/ocptestregistry *(rw,sync,no_wdelay,no_root_squash,insecure)
	# and mount point needs to be 777

	# We check that if it exists already...
	${OCCOMMAND} get pv | grep pv-${NFSNAME} | grep pv-${NFSNAME} &>/dev/null
	if [ $? -eq 0 ]
	then
		print-in-colour red "The requested PV [pv-${NFSNAME}] already exists - cannot continue!"
		cleanup-and-exit 1
	fi

	# We create a PV from an NFS share
	cat <<NFSPVDEF | ${OCCOMMAND} create -f - 
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-${NFSNAME}
spec:
  capacity:
    storage: ${PVCSIZE}Gi
  accessModes:
  - ReadWriteMany
  nfs:
    path: ${NFSSHARE}
    server: ${NFSSERVER}
  persistentVolumeReclaimPolicy: Retain
NFSPVDEF
	check-for-error-and-exit $? "Could not create PV (name: pv-${NFSNAME})"

	# We create a PVC from the above PV
	cat <<NFSPVCDEF | ${OCCOMMAND} create -f - 
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc-${NFSNAME}
  namespace: ${NAMESPACE}
spec:
  capacity:
    storage: ${PVCSIZE}Gi 
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: ${PVCSIZE}Gi
NFSPVCDEF
	check-for-error-and-exit $? "Could not create PVC (name: pvc-${NFSNAME})"
}

mount-nfs-share() {

	echo "If you want to use a share from the ${YAKKONAME} host, use IP address ${CLUSTERPROXY}"
	echo

	while true
	do
		echo -n "Enter the hostname or IP address of an existing NFS server [${CLUSTERPROXY}]: "
		read RESPONSE

		if [ -z "${RESPONSE}" ]
		then 
			RESPONSE=${CLUSTERPROXY}
		fi

		if [[ $RESPONSE =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]
		then
			NFSSERVER=$RESPONSE

			echo -n "Getting available shares from [${NFSSERVER}] - this may take a while..."

			showmount -e ${NFSSERVER} &>/dev/null
			RESULT=$?

			blank-line

			if [ $RESULT -ne 0 ]
			then
				echo "Unable to obtain any shares from [${NFSSERVER}] via showmount (error $RESULT)"
				echo
				continue
			else
				echo
				showmount -e ${NFSSERVER}  2>&1
				break
			fi
		else
			echo "That's not a valid IP address!"
		fi

		echo
	done

	NFSTESTDIR=/mnt/yakkonfstest.$$

	while true
	do
		echo
		echo -n "Select a share directory from above to mount (copy/paste path): "
		read NFSSHARE
		echo

		[ -z "${NFSSHARE}" ] && continue

		echo "Testing share..."
		sleep 1
		mkdir ${NFSTESTDIR} 2>/dev/null
		mount -t nfs ${NFSSERVER}:/${NFSSHARE} ${NFSTESTDIR}

		NFSMOUNTTESTRESULT=$?

		if [ ${NFSMOUNTTESTRESULT} -eq 0 ]
		then
			echo "Share mounted successfully, testing permissions..."
			sleep 1
			# Mount is successful, but is it writeable?
			# Just in case we test it's writeable by world
			PERMISSIONS=$(stat -c "%A" ${NFSTESTDIR})
			PERMISSIONOTHER=${PERMISSIONS:8:1}
			if [ "$PERMISSIONOTHER" == "-" ]
			then
				umount ${NFSTESTDIR}
				echo
				echo "ERROR: ${NFSSERVER}:/${NFSSHARE} does not have write permissions for the world (it has \"${PERMISSIONS}\")"
				echo "       This will prevent writing to the share unless user permissions match."
				echo "       To continue, change the permissions - you can always tune later!"
				cleanup-and-exit 1
			fi	

			echo "Share mounted successfully, testing write..."
			touch ${NFSTESTDIR}/testfile

			if [ $? -eq 0 ]
			then
				echo "NFS share tested successfully."
				rm ${NFSTESTDIR}/testfile &>/dev/null
				umount ${NFSTESTDIR}
				sleep 1
				rmdir ${NFSTESTDIR}
				break
			else
				echo
				echo "ERROR: Test write failed - could not write to share."
				echo "       Ideally, export options of share on host should be: *(rw,sync,no_wdelay,no_root_squash,insecure)"
				cleanup-and-exit 1
			fi

		else
			echo
			echo "Failed to mount ${NFSSERVER}://${NFSSHARE} ${NFSTESTDIR} on test dir [${NFSTESTDIR}] - Code [${NFSMOUNTTESTRESULT}]"
			echo "Try again! (or CTRL-C to exit)"
			echo
		fi
	done
}

update-yakko-host-ip() {

	sed -i "/YAKKOHOSTIP/c\YAKKOHOSTIP=${YAKKOHOSTIP}" ${CLUSTERCONFIGFILE} &>/dev/null
}

update-haproxy-access() {

	# $1 is 0 for open access and 1 for closed access (host only)
	HAPROXYACCESS=$1
	sed -i "/HAPROXYACCESS/c\HAPROXYACCESS=${HAPROXYACCESS}" ${CLUSTERCONFIGFILE} &>/dev/null
}

update-dnsmasq-config-file() {

	# We set the state to the parameter passed and then adjust files accordingly
	# $1 can be
	# 0 - build the dnsmasq file with OPEN access 
	# 1 - build the dnsmasq file with CLOSED access
	# 2 - build the dnsmasq file with the current HAPROXYACCESS value 

	# There should be no DNSmasq conf file if we are not using DNSmasq locally
	if [ ${USEYAKKODNSMASQ} == Y ]
	then
		if [ $1 == 0 ]
		then
			cat ${STUBFILES}/dnsmasq.conf | sed -e "s/,STRINGYAKKOHOSTIP/,${YAKKOHOSTIP}/" -e "s/\/STRINGYAKKOHOSTIP/\/${YAKKOHOSTIP}/" > ${SYSTEMSTUBFILE_DNSMASQ}
		fi
		if [ $1 == 1 ]
		then
			cat ${STUBFILES}/dnsmasq.conf | sed -e "s/,STRINGYAKKOHOSTIP//" -e "s/\/STRINGYAKKOHOSTIP/\/${CLUSTERPROXY}/" > ${SYSTEMSTUBFILE_DNSMASQ}
		fi
	fi

}

build-haproxy-config-section() {

	# This is just to avoid repetion and errors

	SECTIONNAME=$1
	PORT=$2
	NODETYPE=$3

	if [ ${HAPROXYACCESS} -eq 0 ]
	then 
		# We have open access to the cluster
		HAPROXYVALUE=""
	else
		# We have restricted access to the cluster
		HAPROXYVALUE=${CLUSTERPROXY}
	fi

	echo "listen ${CLUSTERNAME}-${SECTIONNAME}-${PORT}"
	echo "    bind ${HAPROXYVALUE}:${PORT}"
	echo "    mode tcp"
	echo "    balance source"

	if [ -n "${NODETYPE}" ]
	then
		# Specifying nodetype means we will depend on what the cluster already has
		#for NODENAME in $(${OCCOMMAND} get nodes | grep ${NODETYPE} | awk '{ print $1 }')
		for NODENAME in $(virsh list --all | grep ${YAKKOID} | awk '{ print $2 }')
		do
			#echo "    server ${NODENAME}.${CLUSTERFQDN} $(dig +short ${NODENAME}.${CLUSTERFQDN}):${PORT} check inter 1s"
			get-node-ip-address ${NODENAME}

			# This ensures that the node does have a valid ip address before adding to HAProxy
			# as eg if a new node has had issues joining the cluster, it may not even have a valid IP address
			# echo "    server ${NODEIPADDRESS} ${NODEIPADDRESS}:${PORT} check inter 1s"
			[ -n "${NODEIPADDRESS}" ] && echo "    server ${NODEIPADDRESS} ${NODEIPADDRESS}:${PORT} check inter 1s"
		done
	fi
	echo
}

update-haproxy-config-file() {

	# See the below for loadbalancer info
	# https://docs.openshift.com/container-platform/4.1/installing/installing_bare_metal/installing-bare-metal.html#installation-network-user-infra_installing-bare-metal

	# this creates a new haproxy loadbalancer config file based on the state of the cluster
	# infra nodes are accounted for as workers (called node-*) so they can be used for 80/443

	#BTW, see this for the importance of updated HAProxy
	#https://bugzilla.redhat.com/show_bug.cgi?id=2025555

	# We check if the cluster is just masters or masters and workers
	#WORKERNODESAVAILABLE=$(${OCCOMMAND} get nodes | grep -c "^node-")
	WORKERNODESAVAILABLE=$(virsh list --all | grep ${YAKKOID} | grep -c node)

	echo "Rebuilding HAProxy config file..."
	sleep 1

	# Defaults example at
	# https://docs.openshift.com/container-platform/4.8/installing/installing_bare_metal/installing-bare-metal-network-customizations.html
	# Scroll to "Example load balancer configuration for user-provisioned clusters" section!

	{
		echo "defaults"
		echo "    mode http"
		echo "    option http-server-close"
		echo "    option redispatch"
		echo "    option dontlognull"
		echo "    timeout connect          10s"
		echo "    timeout client           1m"
		echo "    timeout server           1m"
		echo "    timeout queue            1m"
		echo "    timeout http-request     10s"
		echo "    timeout http-keep-alive  10s"
		echo "    retries                  3"
		echo "    timeout check            10s"
		echo "    maxconn                  3000"
		echo

		build-haproxy-config-section api-server 6443 master
		build-haproxy-config-section machine-config-server 22623 master

	} > ${STUBFILES}/haproxy.cfg

	if [ ${WORKERNODESAVAILABLE}  -eq 0 ]
	then
		#deprecated the call below because in 'infra' calls, you should not expect the use of 'oc'
		#${OCCOMMAND} get nodes | grep "^master-" | grep worker &>/dev/null
		
		virsh list --all | grep ${YAKKOID} | grep "^master-" | grep worker &>/dev/null
		if [ $? -ne 0 ]
		then
			echo
			echo "ATTENTION: The cluster has no worker nodes. When required, masters"
			echo "           can be made schedulable by issuing 'yakko ops mastersched'"
			echo
		fi

		{		
			build-haproxy-config-section ingress-router 80 master
			build-haproxy-config-section ingress-router 443 master
		} >> ${STUBFILES}/haproxy.cfg
	else
		{		
			build-haproxy-config-section ingress-router 80 worker
			build-haproxy-config-section ingress-router 443 worker
		} >> ${STUBFILES}/haproxy.cfg
	fi
	
	# The above leaves the latest file in play for later
	cp ${STUBFILES}/haproxy.cfg ${SYSTEMSTUBFILE_HAPROXY}

	echo "Restarting HAProxy"
	process-system-service-state restart haproxy 
	echo "HAProxy restarted."
}

snap-inactive-cluster() {

	local TAGREQUEST=""

	echo "This cluster is currently shutdown. Taking a snapshot of a quiesced cluster will"
	echo "address time drift as the cluster will ecover in a consistent fashion."
	echo "As always however, starting the cluster may take a long time."
	echo
	ask-user "Do you want to snapshot the cluster now" ${SNAPCLUSTERONINSTALL}
	[ $? -ne 0 ] && return 1

	echo -n "Enter a tag to append to the snapshot (no spaces - enter to leave blank): "
	read TAGREQUEST
	[ -n "$TAGREQUEST"  ] && TAGREQUEST="-$(echo $TAGREQUEST | tr -s ' ' '-')"
	SNAPSHOTTAG="$(date +%y-%m-%d@%H%M)-$TAGREQUEST"

	start-virtual-network
	echo
	print-in-colour lightblue "Taking snapshots of all nodes:"
	echo
	for DOMAIN in $(virsh list --all --name | grep ${YAKKOID})
	do 
		echo "Snapshotting node $DOMAIN:"
		start-spinner "(node $(get-node-fqdn $DOMAIN))"
		virsh snapshot-create-as ${DOMAIN} ${SNAPSHOTTAG} --atomic &>/dev/null
		if [ $? -ne 0 ]
		then
			print-in-colour orange "ERROR: Failed to snapshot node $(get-node-fqdn $DOMAIN)"
		fi
		stop-spinner 
	done
	stop-virtual-network
}

snap-active-cluster() {

	local TAGREQUEST=$1

	echo "Snapshotting an ACTIVE cluster can cause issues upon restoring, in particular"
	echo "with large time drift between both actions. It does however lend itself"
	echo "to fast testing and prototyping. If you want to take a snapshot of a quiesced"
	echo "cluster, be sure to issue 'yakko stopcluster shutdown' and come back!"
	echo 
	ask-user "Do you want to snapshot the cluster now" ${SNAPCLUSTERONINSTALL}
	[ $? -ne 0 ] && return 1

	if [ -z "$TAGREQUEST" ]
	then
		echo -n "Enter a tag to append to the snapshot (no spaces - enter to leave blank): "
		read TAGREQUEST
		[ -n "$TAGREQUEST"  ] && TAGREQUEST="-$(echo $TAGREQUEST | tr -s ' ' '-')"
	fi
	SNAPSHOTTAG="$(date +%y-%m-%d@%H%M)$TAGREQUEST"

	echo "Snapshotting the cluster. All active VMs will be suspended/resumed:"
	print-in-colour orange "You should not interrupt / CTRL-C this process."
	echo

	process-system-service-state restart virtqemud
	print-in-colour ${YAKKOTEXTCOLOUR} "Suspending all active nodes:"
	echo 

	local ACTIVEVMLIST=""
	for DOMAIN in $(virsh list --name | grep ${YAKKOID})
	do
		# Although snapshotting suspends VMs, we want to suspend them as close as we can to each other
		# so we can't take advantage of that here
		virsh suspend $DOMAIN # We are suspending all as fast as we can. We'll see...
		ACTIVEVMLIST="$ACTIVEVMLIST $DOMAIN"
	done

	SNAPSHOTTAG="$(date +%y-%m-%d@%H%M)-$TAGREQUEST"

	print-in-colour ${YAKKOTEXTCOLOUR} "Taking snapshots of all nodes:"
	echo 
	for DOMAIN in $(virsh list --all --name | grep ${YAKKOID})
	do
		echo "Snapshotting node ${DOMAIN}:"
		start-spinner "(node $(get-node-fqdn $DOMAIN))"
		virsh snapshot-create-as ${DOMAIN} ${SNAPSHOTTAG} --atomic &>/dev/null
		SNAPRESULT=$?
		stop-spinner

		if [ $SNAPRESULT -eq 0 ]
		then
			echo "Snapshot succeeded for $DOMAIN with TAG [${SNAPSHOTTAG}]"
		else
			print-in-colour red "Snapshot failed for node $DOMAIN with error code [$SNAPRESULT]"
		fi
	done
	echo

	if [ -n "${ACTIVEVMLIST}" ]
	then
		print-in-colour ${YAKKOTEXTCOLOUR} "Resuming nodes :"
		echo 
		for ACTIVEVM in ${ACTIVEVMLIST}
		do
			virsh resume $ACTIVEVM
		done
	fi

	print-in-colour green "All nodes have been resumed"
}


time-sync-all-nodes() {
	echo 
	print-in-colour lightblue "Restoring time sync for all nodes:"
	echo
	for DOMAIN in $(virsh list --all --name | grep ${YAKKOID})
	do
		get-node-ip-address $DOMAIN

		start-spinner "Syncing $(get-node-fqdn $DOMAIN)"
		# sadly, chronyc -a makestep did not seem to work 
		ssh -i ${OCPSSHKEY} -o "StrictHostKeyChecking no" -t core@${NODEIPADDRESS} sudo "systemctl restart chronyd" 2>/dev/null
		stop-spinner "$(get-node-fqdn $DOMAIN) should now be time accurate"
	done
	echo
}


##########################################################################################################
### YAKKO INFRA 
##########################################################################################################

print-yakko-infra-operations-menu() {

	# Catchall for any other passed parameter at this point
	echo "    USAGE: ${YAKKOSCRIPTNAME} infra <OPTION> [parameters]" 
	echo "    OPTION is one of:"
	echo "        - startcluster    ->  Start up an existing cluster"
	echo "        - stopcluster     ->  Shutdown or suspend the cluster in memory"
	echo "        - addnode         ->  Grow the cluster compute capacity by adding a new compute/infra node"
	echo "        - deletenode      ->  Remove a running node from the cluster"
	echo "        - nodelogs        ->  Display the logs of a particular node"
	echo "        - sshtonode       ->  Provide terminal access to an individual cluster node"
	echo "        - changeaccess    ->  Enable/disable OpenShift access by other clients in your network"
	echo "        - updateservices  ->  Update supporting services for cluster (virt network/HAproxy/virtqemud)"
	echo "        - listresources   ->  Print a summary of services and files in use by the (${YAKKONAME}) cluster"
	echo "        - listclusters    ->  Print a list of all ${YAKKONAME} clusters installed on this host"
	echo "        - describehw      ->  Describe the harware supporting the installation"
	echo "        - resizeram       ->  Change the RAM size of a node"
	echo "        - purgedownloads  ->  Delete all downloaded OCP images on disk"
	echo "        - nfsshare        ->  Setup a directory as NFS share for creating a PVC for registry or NS store"
	echo "        - snaptake        ->  Take a snapshot of a cluster"
	echo "        - snaprestore     ->  Restore a snapshot of a cluster"
	echo "        - installcomplete ->  Mark a cluster build as completed even if the installer refuses to say it is"
	echo "        - deletecluster   ->  Delete entire cluster and all infrastructure (add 'force' to avoid questions - CAREFUL!)"
}

yakko-infra-operations() {

	# We're here bacause 'yakko infra' was invoked

	# $1 is an op listed in $YAKKOINFRAOPTIONS
	# YAKKOINFRAOPTIONS is defined at the top with the list of valid ops on an existing cluster	

	OPTION=$1
	shift

	echo "${YAKKOINFRAOPTIONS}" | grep " ${OPTION} " >/dev/null
	if [ $? -ne 0 -o -z "${OPTION}" ]
	then
		print-yakko-infra-operations-menu
		cleanup-and-exit 0
	fi

	if [ "${OPTION}" == "startcluster" ]
	then
		#infrastartcluster

		print-option-header infra "Start cluster [${CLUSTERFQDN}]"

		#check-for-other-yakko-cluster-files
		check-cluster-power
		CLUSTERSTATE=$?

		if [ $CLUSTERSTATE -eq 0 ]
		then
			echo "Cluster [${CLUSTERFQDN}] is already running."
			cleanup-and-exit 0
		fi

		if [ $CLUSTERSTATE -eq 5 ]  # 5 = Cluster is in RAM and suspended
		then
			get-yakko-host-ip notifychange 
			update-services start
			echo
			print-in-colour white "Resuming (from in-memory) all cluster nodes"
			echo

			get-node-list all

			for NODE in ${NODELIST}
			do
				virsh list --all | grep ${NODE} | grep running &>/dev/null
				if [ $? -eq 0 ] 
				then
					echo  "Node [${NODE}] is already in \"running\" state"
					echo
				else
					virsh resume $NODE 
					[ $? -ne 0 ] && echo "Failed to resume node [${NODE}]"
				fi
			done
			sleep 1
			print-in-colour green "All nodes are now active. Check 'oc get nodes'."

		else  # Cluster is shutdown
			check-for-other-yakko-cluster-files
			get-yakko-host-ip notifychange 
			update-services start

			echo
			print-in-colour white "Starting up all cluster nodes"
			echo
			get-node-list all
	
			for NODENAME in ${NODELIST}
			do
				#virsh setmaxmem ${NODENAME} ${MAXMEMBALOONSIZE}M &>/dev/null
				echo "Starting up: ${NODENAME}"
				NODESTATE=$(virsh dominfo ${NODENAME} | grep State: | awk '{print $2}')
				if [ ${NODESTATE} == paused ]
				then
					virsh resume ${NODENAME}
				else
					virsh start ${NODENAME}
				fi
				sleep 1
			done

			echo "You can check:"
			echo "- virsh list --all | grep ${CLUSTERFQDN} - to see if all nodes are running"
			echo "- oc get nodes - to check if all nodes become Ready"
			echo "- oc get co - to check cluster operator status"
			echo "- oc get clusterversion - to check cluster status"
			echo "- yakko - for a general update"
			echo
	
			print-in-colour green "Cluster has begun boot-up - time: $(date +%H:%M%p)"

			CLUSTERAVAILABLE=N
			TIMEDOWNCOUNTER=30 #That's how long we are willing to wait for cluster to come up
			while [ $TIMEDOWNCOUNTER -ne 0 ]
			do
				wait-for-stable-operators 1 &>/dev/null
				if [ $? -eq 0 ]
				then
					echo "Cluster appears ready. Attempting login..."
					if [ ${LOGINFILEHASPASSWORD} -eq 1 ] 
					then
						echo -n "To allow ${YAKKONAME} to report on the cluster state, please enter the password for admin user \"${YAKKOADMIN}\": "
						read -s ADMINPASSWORD
						${OCCOMMAND} login --insecure-skip-tls-verify=true -u ${YAKKOADMIN} -p ${ADMINPASSWORD} https://api.${CLUSTERFQDN}:6443 &>/dev/null
					else
						source ${CLUSTERLOGINFILE} &>/dev/null
					fi
	
					${OCCOMMAND} whoami &>/dev/null
					[ $? -eq 0 ] && {
						echo "Now logged in to OCP as $(${OCCOMMAND} whoami)"
						CLUSTERAVAILABLE=Y
					}
					break
				fi
				((TIMEDOWNCOUNTER--))
			done
			
			if [ $CLUSTERAVAILABLE == N ]
			then
				PENDINGCSRS=$(${OCCOMMAND} get csr 2>/dev/null | grep Pending | awk '{ print $1 }')
				if [ -n "${PENDINGCSRS}" ]
				then
					set $PENDINGCSRS
					echo
					print-in-blink "ALERT: There are [$#] Pending Certificate Signing Requests (CSRs) that need approval!"
					echo "You will need to issue 'yakko ops approvecsrs' to allow the cluster to come up."
				else
					echo "Not waiting any longer for administrative login. "
					print-in-colour orange "The cluster may still be coming up."
					echo
					echo "To inspect status you may want to try issuing:"
					echo "- 'oc get co'"
					echo "- 'oc login -u <admin>  https://api.${CLUSTERFQDN}:6443'"
					echo "- 'yakko ops emergency' (when all else fails)"
				fi
				cleanup-and-exit 1
			fi
	
			print-in-colour green "Cluster is now up - time: $(date +%H:%M%p)"
			echo "API endpoint https://api.${CLUSTERFQDN}:6443 is now available."
			echo "Web console may take a little longer."
		fi
	fi

	if [ ${OPTION} == "stopcluster" ]
	then
		#infrastopcluster

		print-option-header infra "Stop cluster [${CLUSTERFQDN}]"

		check-cluster-power exit

		if [ -n "$1" ]
		then
			if [ "$1" == "suspend" ]
			then
				STOPCLUSTEROPTION=1
			elif [ "$1" == "shutdown" ]
			then
				STOPCLUSTEROPTION=2
			else
				echo "Invalid option [$1] - cannot proceed with stopping the cluster."
				echo
				exit
			fi
		else
			echo "This option lets you shutdown a cluster OR suspend it in memory."
			echo "You can pass an additional parameter to specify the behaviour"
			echo "through the command line (useful in cronjobs for example):"
			echo "  - yakko stopcluster shutdown"
			echo "  - yakko stopcluster suspend"
			echo
	
			while true
			do
				echo "What do you want to do?"
				echo "(1) Suspend cluster"
				echo "(2) Shutdown cluster"
				echo
				echo -n "Select (1) or (2): "
	
				read STOPCLUSTEROPTION
				if [ ${STOPCLUSTEROPTION} == "1" -o ${STOPCLUSTEROPTION} == "2" ]
				then
					break
				else
					echo "You must enter 1 or 2".
					echo
				fi
			done
			echo
		fi

		#The reporting of the below would require that infra can run 'oc' and that's for now not clear
		#print-in-blink "ATTENTION: Cluster certificates will expire on: $(get-cluster-certificate-expiry)"

		sleep 1
		get-node-list active # Fills variable NODELIST to be consumed below

		if [ ${STOPCLUSTEROPTION} == "1" ]
		then
			print-in-colour white "Suspending (in-memory) all cluster nodes"
			echo
	
			for NODE in ${NODELIST}
			do
				virsh list --all | grep ${NODE} | grep paused &>/dev/null
				if [ $? -eq 0 ] 
				then
					echo  "Node [${NODE}] is already in \"pause\" state"
					echo
				else
					virsh suspend  ${NODE} # & will make them stop more or less at the same time...
					[ $? -ne 0 ] && { echo  "Failed to suspend node [${NODE}]"; echo; }
				fi
			done
			sleep 1
			print-in-colour orange "All nodes are now suspended."
		else
			# User picked 2...
			print-in-colour white "Shutting down all nodes, please wait a few moments."
			echo

			for NODE in ${NODELIST}
			do
				echo "Shutting down: ${NODE}"
				#4.30+
				#ssh -i ${OCPSSHKEY} -o "StrictHostKeyChecking no" core@${NODE} sudo shutdown -h 1
				virsh destroy --graceful ${NODE}
				[ $? -ne 0 ] && echo "There was a problem with node [${NODE}], you should check the state of the cluster as the shutdown progresses".
			done
	
			while true
			do
				[ $(virsh list --all | grep ${YAKKOID} | grep -c running) -eq 0 ] && break
				sleep 2
				echo -n "."
			done
			[ -n "$CLUSTERCERTSEXPIRY" ] && print-in-blink "ALERT: Your cluster certificates will expire on: $CLUSTERCERTSEXPIRY"
			print-in-colour orange "All cluster nodes are now powered off."
		fi

		update-services stop
	fi

	if [ "${OPTION}" == "snaptake" ]
	then
		#infrasnaptake
		
		print-option-header infra "Snapshot cluster [${CLUSTERFQDN}]"
		print-in-colour orange "This feature is EXPERIMENTAL. Snap running clusters and restore to running clusters only".
		print-in-colour orange "Try stopped clusters at your own peril!"
		echo

		check-cluster-power
		if [ $? -eq 4 ] # The cluster is powered off
		then
			snap-inactive-cluster
		else
			snap-active-cluster
		fi
	fi

	if [ "${OPTION}" == "snaprestore" ]
	then
		print-option-header infra "Restore cluster [${CLUSTERFQDN}]"
		print-in-colour orange "This feature is EXPERIMENTAL. Snap running clusters and restore to running clusters only."  
		print-in-colour orange "Try stopped clusters at your own peril!"

		# We test if there are snapshots registered...
		[ -z "$(virsh snapshot-list --name master-0.${CLUSTERFQDN}.${YAKKOID})" ] && cleanup-and-exit 1 "There are no snapshots registered for this cluster"

		echo
		LATESTSNAP=$(virsh snapshot-list --name master-0.${CLUSTERFQDN}.${YAKKOID} | grep . | tail -n 1)
		echo "The following snapshots are available for the cluster nodes:"
		virsh snapshot-list --name master-0.${CLUSTERFQDN}.${YAKKOID} | grep . | tac
		echo

		while true
		do
			echo -n "Please select a snapshot from above (copy/paste) to restore [$LATESTSNAP]: " 
			read SNAPSHOTTORESTORE

			if [ -z "$SNAPSHOTTORESTORE" ]
			then
				SNAPSHOTTORESTORE=$LATESTSNAP
			fi

			RESULT=$(virsh snapshot-list --name master-0.${CLUSTERFQDN}.${YAKKOID} | grep $SNAPSHOTTORESTORE)

			if [ "$RESULT" != "$SNAPSHOTTORESTORE" ]
			then	
				echo "Invalid entry."
				echo
				continue
			else
				break
			fi
		done

		ask-user "Are you sure you want to restore the cluster to snapshot set [${SNAPSHOTTORESTORE}]" Y
		if [ $? -eq 0 ]
		then
			local CLUSTERPOWER
			check-cluster-power
			CLUSTERPOWER=$?

			echo
			if [ $CLUSTERPOWER -eq 4 ]
			then # Cluster is powered off
				print-in-colour orange "Cluster is powered OFF"
				start-virtual-network
			else
				print-in-colour green "Cluster is powered ON"
				echo
				print-in-colour lightblue "Suspending all nodes:"
				echo
				for DOMAIN in $(virsh list --all --name | grep ${YAKKOID})
				do 
					start-spinner "Suspending node $DOMAIN"
					virsh suspend $DOMAIN
					stop-spinner 
				done
			fi

			echo
			print-in-colour lightblue "Restoring snapshot of all nodes:"
			echo
			for DOMAIN in $(virsh list --all --name | grep ${YAKKOID})
			do 
				echo "Restoring node $DOMAIN:"
				start-spinner "(node $(get-node-fqdn $DOMAIN))"
				if [ $CLUSTERPOWER -eq 4 ]
				then
					virsh snapshot-revert --snapshotname ${SNAPSHOTTORESTORE} --domain $DOMAIN
				else
					virsh snapshot-revert --snapshotname ${SNAPSHOTTORESTORE} --paused --domain $DOMAIN
				fi
				stop-spinner 
			done

			if [ $CLUSTERPOWER -eq 4 ]
			then # Cluster is powered off
				stop-virtual-network
			else
				print-in-colour lightblue "Resuming all nodes:"
				echo
				for DOMAIN in $(virsh list --all --name | grep ${YAKKOID})
				do 
					virsh resume $DOMAIN
				done

				virsh list --all --name | grep ${YAKKOID} | grep master-0 &>/dev/null
				if [ $? -eq 0 ]
				then
					# master-0 is running, let's update time sync
					echo "Restoring a snapshot brings up a cluster that is out of time sync."
					echo "Syncing time may disrupt the cluster state depending on the time gap."
					ask-user "Do you want to NTP time sync the node(s)" Y
					if [ $? -eq 0 ]
					then
						time-sync-all-nodes
					fi
				fi
			fi

			sleep 5
			print-in-colour green "Cluster snapshot restored."
			cleanup-and-exit 0 
		else
			cleanup-and-exit 1 white "No action taken, cluster will remain under the current snapshot"
		fi
	fi

	if [ "${OPTION}" == "addnode" ]
	then
		#infraaddnode
		
		print-option-header infra "Add a new worker node to the cluster"

		# We dont want to have two addnodes running
		check-if-yakko-running
		
		check-oc-credentials-and-state

		echo "NOTE 1: ${YAKKONAME} will NOT TEST for capacity to handle this request, proceed with caution"
		echo
		echo "NOTE 2: You can also call addnode with parameters for automatic node addition:"
		echo "        - spec: yakko infra addnode <# workers> <# cpuspernode> <RAM in MiB>"
		echo "        - e.g.: yakko infra addnode 3 2 6000"
		echo

		WORKERNODECOUNT=1
		if [ -n "$1" -a -n "$2" -a -n "$3" ]
		then
			# Automation: 
			AUTOSETUP=Y

			# We use alternative variables to perform checks. RAM only for now
			PARAMWORKERNODECOUNT=$1
			PARAMWORKERVCPUS=$2
			PARAMWORKERRAMSIZE=$3

			if [ $PARAMWORKERRAMSIZE -lt $MINWORKERRAMSIZE ]
			then
				echo
				echo "ERROR: RAM size needs to be at least $MINWORKERRAMSIZE"
				cleanup-and-exit 1
			fi
			WORKERNODECOUNT=$PARAMWORKERNODECOUNT
			WORKERVCPUS=$PARAMWORKERVCPUS
			WORKERRAMSIZE=$PARAMWORKERRAMSIZE
		else
			# For now we will use the stock configuration, add query for RAM and CPU?
			while true
			do
				echo -n "How many cores should be allocated to this node [${WORKERVCPUS}]: "
				read VALUE
				if [ -n "$VALUE" ]
				then
					if ! [[ $VALUE =~ $NUMBERRE ]] ; then
						echo "Error: Not a number. Try again..."
						continue
					elif [ $VALUE -gt ${MAXNODEVCPUS} ]
					then
						echo "Error: Cannot assign more than ${MAXNODEVCPUS}"
						continue
					elif [ $VALUE -eq 0 ]
					then
						echo "Error: Cannot assign ZERO CPUs"
						continue
					else
						WORKERVCPUS=$VALUE
					fi
				fi
				break
			done
			echo
	
			while true
			do
				echo -n "How much RAM (MiB) should be allocated to this node (min: ${MINWORKERRAMSIZE}) [${DEFAULTWORKERRAMSIZE}]: "
				read VALUE
				[ -z "$VALUE" ] && VALUE=${WORKERRAMSIZE} 
				
				if ! [[ $VALUE =~ $NUMBERRE ]] ; then
					echo "Error: Not a number. Try again..."
					continue
				else
					AVAILRAM=$(free -m | grep Mem:|awk '{ print $7 }')
					echo "Your system has $AVAILRAM MiB RAM currently available"
					if [ $VALUE -lt ${MINWORKERRAMSIZE} -o $VALUE -gt $(($AVAILRAM)) ]
					then
						echo "RAM size needs to be between ${MINWORKERRAMSIZE} and ideally no more than available RAM"
						ask-user "Continue with RAM limitation" "Y" noauto
						[ $? -eq 0 ] && break
						continue
					else
						WORKERRAMSIZE=$VALUE
					fi
				fi
				break
			done
		fi

		process-system-service-state restart virtqemud

		YAKKOSTAGE=0 # This is to artificially use the process-stage framework
		process-stage-build-ocp-workernodes progress

		# This sets CSRAPPROVALPID for later use below
		csr-approval start ${WORKERNODECOUNT}

		trap 'echo;echo "Node [${NEWNODENAME}] has not joined the cluster - deleting..."; delete-kvm-machine ${NEWNODENAME}; cleanup-and-exit 1' SIGINT

		echo "Node(s) ready to begin integration into the cluster. This will take a few minutes..."
		echo "This process will timeout in ${ADDNODETIMEOUT} seconds." 
		echo
		echo "To observe node progress you can run, on another terminal:"
		echo "- oc get nodes "
		echo "- ${YAKKOSCRIPTNAME} infra nodelogs"
		echo

		# We'll start the timeout in case this fails - using ADDNODETIMEOUT
		# NEWNODELIST was populated during process-stage-build-ocp-workernodes

		CHECKINTERVAL=15
		ADDNODETIMEOUT=$((${ADDNODETIMEOUT} * ${WORKERNODECOUNT}))

		print-in-colour lightblue  "Waiting up to $(($ADDNODETIMEOUT /60)) minutes to complete the node addition(s) - (Time start: $(date +%H:%M%p))"
		echo

		while [ -n "${NEWNODELIST}" ]
		do 
			for EACHNODE in ${NEWNODELIST}
			do
				${OCCOMMAND} get node ${EACHNODE} 2>/dev/null  | grep -v NAME | grep -v "NotReady" | grep Ready  &>/dev/null
				if [ $? -eq 0 ]
				then 
					echo "Node (${EACHNODE}) has been added to the cluster and is in READY state "
					echo
					NEWNODELIST=$(echo ${NEWNODELIST} | sed -e "s/\ *${EACHNODE}//")
				fi
				sleep ${CHECKINTERVAL}

				# We will timedown the success of this stage - hit 0 and bail out
				ADDNODETIMEOUT=$((ADDNODETIMEOUT - CHECKINTERVAL))

				if [ ${ADDNODETIMEOUT} -le 0 ]
				then
					# process-stage-build-ocp-workernodes uses NEWNODELIST to know what to roll-back
					print-in-colour red  "ERROR: timed out trying to complete node addition to cluster [${CLUSTERNAME}]"
					process-stage-build-ocp-workernodes rollback
					NEWNODELIST=""
					echo
				fi
			done
		done 
		echo "Reconfiguring HAProxy..."
		update-haproxy-config-file

		csr-approval stop
		sleep ${CHECKINTERVAL} # we wait a cycle for the sleep to let go + 1 second

		if [ ${ADDNODETIMEOUT} -le 0 ]
		then
			print-in-colour red "- Check  'oc get node'  to understand your current cluster configuration"
			print-in-colour red "- Have you assigned enough RAM to the nodes? You requested ${WORKERRAMSIZE} MiB"
			print-in-colour red "- If your system is slow, perhaps you may want to increase ADDNODETIMEOUT in yakko" 
		else
			print-time-elapsed
		fi
		echo
	fi

	if [ "${OPTION}" == "deletenode" ]
	then
		#infradeletenode
		
		print-option-header infra "Delete an existing worker node from the cluster"

		check-oc-credentials-and-state

		echo "Deleting a node may cause unintended consequences and prevent some workloads from"
		echo "restarting, depending on their dependencies and the resources left in the cluster"
		echo "Use at your own risk!"
		echo

		if [ -n "$1" ]
		then
			# Here's hoping the user knows what he's doing
			NODENAME=$1

			echo "Deleting node [${NODENAME}]"
			echo

			${OCCOMMAND} get nodes | awk '{print $1}' | grep "^${NODENAME}$"
			[ $? -ne 0 ] && {
				echo
				echo "Invalid node name [${NODENAME}]. Exiting..."
				cleanup-and-exit 1
			}
		else
			CURRENTNODES=$(${OCCOMMAND} get nodes | awk '{print $1}' | grep "^node-")
		
			if [ -z "${CURRENTNODES}" ]
			then
				echo "There are no worker/infra nodes defined, nothing to delete!"
				cleanup-and-exit 1
			fi

			if [ -z "${CURRENTNODES}" ]
			then
				echo "There are no nodes available for deletion!"
				cleanup-and-exit 1
			fi

			while true
			do
				echo "The following nodes are available for deletion: "
				for EACHNODE in ${CURRENTNODES}
				do
					echo ${EACHNODE}
				done
				echo
	
				echo -n "Enter the name of the node you want to delete from the cluster: "
				read NODENAME
	
				${OCCOMMAND} get nodes | awk '{print $1}' | grep "^${NODENAME}$"
				[ $? -eq 0 ] && break
	
				echo "Invalid node name."
			done
		fi

		# Drain the node...
		${OCCOMMAND} adm drain ${NODENAME} --force=true --ignore-daemonsets
		${OCCOMMAND} delete node ${NODENAME}

		# Delete the VM
		delete-kvm-machine ${NODENAME}

		# Update the virtual network
		echo "Restarting virtual network"

		cat ${NETWORKXML} | grep ${NODENAME} > ${DHCPXMLTMPFILE} #It's way too hard to pass this as an argument below!
		sed -i "/${NODENAME}/d" ${NETWORKXML}
		restart-virtual-network delete ip-dhcp-host # this knows of ${DHCPXMLTMPFILE}

		#and we update the haproxy
		echo
		update-haproxy-config-file
		check-for-error-and-exit $? "Could not start HA Proxy, the cluster cannot function without this."
		echo
	fi


	if [ "${OPTION}" == "resizeram" ]
	then
		#infraresizeram

		print-option-header infra "Resize node RAM"
	
		echo "Nodes in cluster [${CLUSTERNAME}] are:"
		echo "- masters  (you must resize all masters equally)"
		WORKERLIST=" masters "
		for EACHWORKER in $(virsh list --all | grep "node-" | grep ${YAKKOID} | awk '{print $2}' | cut -f1 -d.)
		do
			echo "-" ${EACHWORKER}
			WORKERLIST=" ${WORKERLIST} ${EACHWORKER} "
		done
		echo

		while true
		do
			echo -n "Pick a node name to resize RAM (copy/paste): "
			read NODETORESIZE

			echo ${WORKERLIST} | grep ${NODETORESIZE} &>/dev/null
			if [ $? -eq 0 ] 
			then
				break
			else
				echo "Invalid node, try again."
			fi
		done
		
		if [ ${NODETORESIZE} == masters ]
		then
			NODETORESIZERAM=$(virsh dominfo master-0.${CLUSTERFQDN}.${YAKKOID} | grep Used | awk '{print $3}')
			NODETORESIZERAM=$((NODETORESIZERAM/1024))
			echo Master nodes are defined with ${NODETORESIZERAM} MiB 
		else
			NODETORESIZERAM=$(virsh dominfo ${NODETORESIZE}.${CLUSTERFQDN}.${YAKKOID} | grep Used | awk '{print $3}')
			NODETORESIZERAM=$((NODETORESIZERAM/1024))
			echo Node [${NODETORESIZE}] is defined with ${NODETORESIZERAM} MiB
		fi
		echo

		while true
		do
			echo -n "Enter the new RAM size (MiB) for node \"${NODETORESIZE}\": "
			read NEWRAMSIZE

			[ -z "$NEWRAMSIZE" ] && contrinue

			! [[ $NEWRAMSIZE =~ $NUMBERRE ]] && {
				echo "Error: Not a number. Try again..."
				continue
			}

			if [ ${NEWRAMSIZE} -lt 2000 -o ${NEWRAMSIZE} -gt 64000 ]
			then 
				echo "Invalid RAM size - try your luck between 2000 and 64000 MiB!"
				echo
			else	
				break
			fi
		done
		# virsh setmaxmem takes KiB, so we multiply times 1024
		NEWRAMSIZE=$((NEWRAMSIZE*1024))
		echo

		if [ ${NODETORESIZE} == masters ]
		then
			echo "Changing VM definition for master-0" 
			virsh setmem --live --config --size ${NEWRAMSIZE} master-0.${CLUSTERFQDN}.${YAKKOID} 
			get-node-ip-address master-0
			ssh -i ${OCPSSHKEY} -o "StrictHostKeyChecking no" -q core@${NODEIPADDRESS} "sudo systemctl restart kubelet"
			sleep 10

			if [ ${MASTERNODECOUNT} -eq 3 ]
			then	
				echo "Changing VM definition for master-1" 
				virsh setmem --live --config --size ${NEWRAMSIZE} master-1.${CLUSTERFQDN}.${YAKKOID}
				get-node-ip-address master-1
				ssh -i ${OCPSSHKEY} -o "StrictHostKeyChecking no" -q core@${NODEIPADDRESS} "sudo systemctl restart kubelet"
				sleep 10

				echo "Changing VM definition for master-2" 
				virsh setmem --live --config --size ${NEWRAMSIZE} master-2.${CLUSTERFQDN}.${YAKKOID}
				get-node-ip-address master-2
				ssh -i ${OCPSSHKEY} -o "StrictHostKeyChecking no" -q core@${NODEIPADDRESS} "sudo systemctl restart kubelet"
				sleep 10
			fi
		else
			echo "Changing VM definition for ${NODETORESIZE}"
			virsh setmem --live --config --size ${NEWRAMSIZE} ${NODETORESIZE}.${CLUSTERFQDN}.${YAKKOID}
			get-node-ip-address ${NODETORESIZE}
			ssh -i ${OCPSSHKEY} -o "StrictHostKeyChecking no" -q core@${NODEIPADDRESS} "sudo systemctl restart kubelet"
			sleep 10
		fi
		sleep 1
		echo "Resizing completed. Check 'oc adm top nodes'. Depending on your OCP version"
		echo "you may need to reboot the node to take the change!"
	fi


	if [ "${OPTION}" == "nodelogs" ]
	then
		#infranodelogs

		print-option-header infra "Display logs for a cluster node"

		if [ -n "$1" ]
		then
			# Surely the user knows what he's doing...
			check-ip-address-is-valid $1
			if [ $? -eq 0 ]
			then 
				# this so that remote nodes work by ip address ;)
				NODENAME=$1
				NODEIPADDRESS=$1
			else
				NODENAME=$(get-node-fqdn $1)
				get-node-ip-address ${NODENAME}
				check-for-error-and-exit "$?" "Node $NODENAME doesn't appear to be available for network access"
			fi
		else
			pick-a-node "Select the node name whose logs you want to follow"
			check-for-error-and-exit "$?" "Node $NODENAME doesn't appear to be available for network access"
		fi

		echo
		echo "Displaying logs for node [${NODENAME}] - (CTRL-C to disconnect when done)"
		echo
		ssh -i ${OCPSSHKEY} core@${NODEIPADDRESS}  journalctl -b -f -u crio.service
	fi

	if [ "${OPTION}" == "sshtonode" ]
	then
		#infrasshtonode

		print-option-header infra "SSH to a cluster node"

		if [ -n "$1" ]
		then
			# Surely the user knows what he's doing... He's passed an IP address to connect to
			check-ip-address-is-valid $1
			if [ $? -eq 0 ]
			then 
				# this so that remote nodes work by ip address ;)
				NODENAME=$1
				NODEIPADDRESS=$1
			else
				NODENAME=$(get-node-fqdn $1)
				get-node-ip-address ${NODENAME}
				check-for-error-and-exit "$?" "Node $NODENAME doesn't appear to be available for network access"
			fi
		else
			# Pick a node fills NODENAME and NODEIPADDRESS
			pick-a-node "Select the node you want to ssh into"
			check-for-error-and-exit "$?" "Node $NODENAME doesn't appear to be available for network access"
		fi

		echo
		echo "Establishing SSH session to node [${NODEIPADDRESS}] - (CTRL-D to disconnect when done)"
		echo
		print-in-colour green "To use oc within, as root (sudo / sudo bash):"
		print-in-colour green "- pass to oc....: --kubeconfig=/var/lib/kubelet/kubeconfig as parameter to oc OR" 
		print-in-colour green "- set in bash...: export KUBECONFIG=/var/lib/kubelet/kubeconfig" 
		print-in-colour green "- emergency.....: export KUBECONFIG=/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/node-kubeconfigs/lb-int.kubeconfig"
		print-in-colour green "  Or use 'yakko ops emergency' commands"
		echo
		echo SSH COMMAND IS: ssh -i ${OCPSSHKEY} -o \"StrictHostKeyChecking no\" core@${NODEIPADDRESS}
		echo
		ssh -i ${OCPSSHKEY} -o "StrictHostKeyChecking no" core@${NODEIPADDRESS}
	fi

	if [ "${OPTION}" == "changeaccess" ]
	then
		#infrachangeaccess

		print-option-header infra "Change external access to cluster with FQDN [${CLUSTERFQDN}]"

		check-cluster-power exit

		if [ ${HAPROXYACCESS} -eq 0 ]
		then
			PROXYACCESSSTATUS=ENABLED
			PROXYCHANGESTATUS=DISABLED
		else
			PROXYACCESSSTATUS=DISABLED
			PROXYCHANGESTATUS=ENABLED
		fi			

		echo -n "ACCESS STATUS: "
		if [ ${PROXYACCESSSTATUS} == "ENABLED"  ]
		then
			print-in-colour green "External access is ENABLED"
		else
			print-in-colour orange "External access is DISABLED" 

			echo
			echo "Enabling \"${OPTION}\" will permit access to your cluster from external clients in "
			echo "your network. Disabling restricts access to ONLY the server running the cluster."
			echo "Open access is achieved by changing the haproxy configuration and by enabling"
			echo "wildcard DNS in your network configuration to provide access to all sub-domains"
			echo "created by OpenShift/Kubernetes for projects/namespaces."
			echo 
			echo "HOW \"${OPTION}\" WORKS ON YOUR LAN:"
			echo
			echo "   - After installation, ${YAKKONAME} permits access to OpenShift to all clients in your network."
			echo "     This is achieved by allowing HAproxy to listen on all networks, via ports 80/443/6443/22623."
			echo
			echo "   - For other clients to know of your server, you need to extend a DNS wildcard:"
			echo
			echo "     1) You can use a DNS wildcard lookup facility served from this host *if needed*."
			echo "        For home/lab purposes, DNSMASQ is a great tool with this capability. "
			echo "        ${YAKKONAME} can deploy a DNS workaround on this server. OR..."
			echo 
			echo "     2) If you choose to use your own DNS facility, you need to add a wildcard pointing"
			echo "        to this host's OCP entrypoint. If you already use DNSmasq, just add this line "
			echo "        to your DNSmasq configuration (be sure to replace the IP address if not correct):"
			echo
			echo "             address=/${CLUSTERFQDN}/${YAKKOHOSTIP}"
			echo
		fi
		echo

		ANSWER="N"
		if [ -z "$1" ]
		then
			ask-user "Set OpenShift Cluster external access to [${PROXYCHANGESTATUS}]"  "Y" noauto
			ANSWER=$?
		else
			ANSWER=$1
		fi

		if [ "$ANSWER" == "1" -o "$ANSWER" == "n" -o "$ANSWER" == "N" ] 
		then
			echo
			echo "No changes were made. You can only access OpenShift from this server."
			cleanup-and-exit 0
		fi

		echo

		# We update the haproxy file to contain bind with restricted ports

		if [ ${PROXYCHANGESTATUS} == "ENABLED" ]
		then
			get-yakko-host-ip update
			update-haproxy-access 0
			update-dnsmasq-config-file 0 # This will set HAPROXYACCESS to 0, which will be ENABLED
		else
			# when disabling external access via haproxy, the YAKKOHOSTIP becomes fixed to the virt network proxy address
			YAKKOHOSTIP=${CLUSTERPROXY}
			update-yakko-host-ip # this is just an update on the clusterconfig file
			update-haproxy-access 1
			update-dnsmasq-config-file 1 # This will set HAPROXYACCESS to 1, which will be DISABLED
		fi

		update-haproxy-config-file 

		echo "Restarting NetworkManager (with DNSmasq plugin)"
		process-system-service-state restart NetworkManager quiet
		echo

		if [ ${PROXYCHANGESTATUS} == "ENABLED" ]
		then
			print-in-colour green "External access is now ENABLED: To access this cluster from another system"
			print-in-colour green "on your network add [${YAKKOHOSTIP}] as a DNS server to that system"
		else
			print-in-colour orange "External access is now DISABLED: Only this system can access this cluster."
		fi
	fi


	if [ ${OPTION} == "updateservices" ]
	then
		#infraupdateservices

		print-option-header infra "Update Services: Virtual Network/HAproxy/virtqemud"

		echo "Updating services allows the cluster to adapt to changes in your host:"
		echo "- change of IP address, e.g. when your laptop changes wireless/physical networks"
		echo "- after a hard stop of a cluster (e.g. unintended reboot) to remove any suspected"
		echo "  services that may still be running (also see 'listresources')"
		echo "- issues that cascade from manually manipulating virtual networking, such as"
		echo "  HAproxy and virtqemud. These can also become 'stale' when making changes in"
		echo "  SElinux and firewalld. 'updateservices' refreshes these in coordination."
		echo

		check-cluster-power
		CLUSTERSTATE=$?
		if [ $CLUSTERSTATE -eq 4 -o $CLUSTERSTATE -eq 5 ]
		then
			print-in-colour orange  "Cluster [${CLUSTERFQDN}] is not currently active."
			echo
			ask-user "Attempt stopping/removing all supporting services" Y
			if [ $? -eq 0 ]
			then
				update-services stop
			fi
			cleanup-and-exit 0
		fi

		ask-user "Update all supporting services" Y
		if [ $? -eq 1 ]
		then
			echo
			echo "Update services aborted."
			cleanup-and-exit 1
		fi

		get-yakko-host-ip notifychange 
		update-services restart
	fi


	if [ ${OPTION} == "listresources" ]
	then
		#infralistresources

		print-option-header infra "Manage services introduced in your system by YAKKO"

		echo "This option helps you understand what services and files ${YAKKONAME} has added or"
		echo "activated in your system, for better understanding and control. To deactivate"
		echo "any service, delete the associated file and run 'systemctl restart <service>'."
		echo "To restart/reset all services, issue 'yakko infra updateservices'. "
		echo
		echo "Note that stopping a cluster with ${YAKKONAME} will remove associated system "
		echo "files and stop associated services while the cluster is not in use."
		echo
		echo "There is one permanent change: to run on the host, ${YAKKONAME} comments out the" 
		echo "Listen directive on port 80 in /etc/httpd/conf/httpd.conf"
		echo "_________________________________________________________________________"
		echo
		echo "The following ${YAKKONAME} configuration/storage files are present"
		echo "in this host for cluster '${CLUSTERFQDN}', ID '${YAKKOID}'"
		echo

		FILESINUSE=N
		[ -e "${SYSTEMSTUBFILE_HAPROXY}" ] && {
			FILESINUSE=Y
			print-in-colour lightblue  "- service: HAProxy"
			echo "  ${SYSTEMSTUBFILE_HAPROXY}"
			echo
		}

		[ -e "${SYSTEMSTUBFILE_HTTPD}" ] && {
			FILESINUSE=Y
			print-in-colour lightblue  "- service: httpd"
			echo "  ${SYSTEMSTUBFILE_HTTPD}"
			echo
		}

		[ -e "${SYSTEMSTUBFILE_RESOLVED}" ] && { 
			FILESINUSE=Y
			print-in-colour lightblue "- service: systemd-resolved"
			echo "  ${SYSTEMSTUBFILE_RESOLVED}"
			echo
		}

		[ -e "${SYSTEMSTUBFILE_NETWORKMANAGER}" ] && {
			FILESINUSE=Y
			print-in-colour lightblue  "- service: NetworkManager"
			echo "  ${SYSTEMSTUBFILE_NETWORKMANAGER}"
			echo
		}

		[ -e "${SYSTEMSTUBFILE_DNSMASQ}" ] && {
			FILESINUSE=Y
			print-in-colour lightblue  "- service: DNSmasq/NetworkManager"
			echo "  ${SYSTEMSTUBFILE_DNSMASQ}"
			find /var/lib/libvirt/dnsmasq/ -name \*${YAKKOID}\* | sed "s/^/  /"
			echo
		}

		if [ "${FILESINUSE}" == "N" ]
		then
			echo "There are no files in use by any services at the moment."
			echo
		fi

		print-in-colour lightblue "- Storage: the following files are in use by the VM(s) of the cluster:"
		find "${OCPVMDISKDIR}/" -name \*${YAKKOID}\* | sed "s/^/  /"
	fi

	if [ ${OPTION} == "listclusters" ]
	then
		#infralistclusters

		print-option-header infra "List all ${YAKKONAME} clusters residing on this host"

		CLUSTERLIST=$(virsh list --all | grep master-0 | awk '{ print $2}')

		for EACHCLUSTER in $CLUSTERLIST
		do
			THISCLUSTERFQDN=$(virsh desc ${EACHCLUSTER}| grep CLUSTERFQDN | cut -f2 -d=)
			THISCLUSTERDIRECTORY=$(virsh desc ${EACHCLUSTER} | grep YAKKODIRECTORY | cut -f2 -d=)
			THISCLUSTERID=${EACHCLUSTER##*.}  # see https://mywiki.wooledge.org/BashFAQ/100
			THISCLUSTERBASENETWORK=$( virsh desc ${EACHCLUSTER} | grep BASENETWORK | cut -f2 -d=)
			THISCLUSTERPURPOSE=$(cat $THISCLUSTERDIRECTORY/$CLUSTERNOTES | sed '/--/,$ d' | sed '/^ *$/d')
			THISCLUSTERSTATE=$(virsh list --all | grep master-0 | grep ${THISCLUSTERID} | awk '{ print $3}')

			case ${THISCLUSTERSTATE} in
				running)
					PRINTCLUSTERSTATE=$(print-in-colour green ACTIVE)
					ACTIVECLUSTERNAME=${THISCLUSTERFQDN}
					ACTIVECLUSTERDIR=${THISCLUSTERDIRECTORY};;
				paused)
					PRINTCLUSTERSTATE=$(print-in-colour yellow SUSPENDED)
					ACTIVECLUSTERNAME=${THISCLUSTERFQDN}
					ACTIVECLUSTERDIR=${THISCLUSTERDIRECTORY};;
				shut)
					PRINTCLUSTERSTATE=$(print-in-colour orange shutdown);;
			esac
			echo "Cluster FQDN:  " ${THISCLUSTERFQDN} 
			echo "${YAKKONAME} ID:      " ${THISCLUSTERID}
			echo "Cluster state: " ${PRINTCLUSTERSTATE}
			echo "Directory:     " ${THISCLUSTERDIRECTORY}
			echo "Purpose:       " ${THISCLUSTERPURPOSE}
			echo "Virt. Network: " ${THISCLUSTERBASENETWORK}.0
			echo
		done

		if [ -z "$CLUSTERLIST" ]
		then
			echo "No clusters are installed on this host."
		else
			if [ -z "$ACTIVECLUSTERNAME" ] 
			then
				echo "No cluster is currently active." 
			else
				print-in-colour green "Cluster ${ACTIVECLUSTERNAME} at ${ACTIVECLUSTERDIR} is currently in memory."
			fi
		fi
	fi
			

	if [ ${OPTION} == "purgedownloads" ]
	then
		#infrapurgedownlaods

		print-option-header infra "Purge all OpenShift images on disk"

		purge-downloads
	fi 

	if [ "${OPTION}" == "describehw" ]
	then
		#infradescribehw

		echo
		print-option-header infra "Describe this computer's hardware"

		if [ -n "$(virt-what)" ]
		then
			print-in-colour orange "NOTE: This is a virtualised system"
			echo
		fi

		print-in-colour green  "Computer info:"
		lshw | sed -n "2,4p" | sed -e "s/^ \+//g"
		MANUFACTURER="uknown"
		cat /proc/cpuinfo | grep vendor_id | uniq | awk '{ print $3 }' | tr 'A-Z' 'a-z' | grep "intel" &>/dev/null
		[ $? -eq 0 ] && MANUFACTURER=intel
		cat /proc/cpuinfo | grep vendor_id | uniq | awk '{ print $3 }' | tr 'A-Z' 'a-z' | grep "amd" &>/dev/null
		[ $? -eq 0 ] && MANUFACTURER=amd
		
		if [ $MANUFACTURER == "unknown" ]
		then
			print-in-colour red "CPU MANUFACTURER IS UNKNOWN"
		else
			print-in-colour white "CPU CLASS: $MANUFACTURER"
		fi

		echo

		print-in-colour green  "CPU info:"
		lscpu | head -n 15
		echo

		print-in-colour green  "Memory info:"
		lshw | grep -A 8 "\*-memory$" | sed "1d" | sed -e "s/^ \+//g" | grep -v bank
		echo

		print-in-colour green  "CPU passthrough info:"
		NESTEDVIRTSTATE="$(cat /sys/module/kvm_$MANUFACTURER/parameters/nested)"
		if [ "$NESTEDVIRTSTATE" == Y -o "$NESTEDVIRTSTATE" == "1" ]
		then
			echo "Nested Virtualization is ENABLED"
		else
			echo "Nested Virtualization is DISABLED"
			echo "See https://docs.fedoraproject.org/en-US/quick-docs/using-nested-virtualization-in-kvm/"
		fi
	fi
	
	if [ ${OPTION} == "nfsshare" ]
	then
		#infranfsshare

		print-option-header infra "Configure NFS Share on ${YAKKONAME} server"

		echo "This option allows you to setup a NFS share with OPEN permissions 777 to enable"
		echo "the share to be mounted as the registry store or as a store for a designated"
		echo "namespace to use with either of:"
		echo "    - yakko ops nfsregistry "
		echo "    - yakko ops nfsmap"
		echo

		install-package-if-missing nfs-utils
		systemctl enable nfs-server.service
		process-system-service-state start nfs-server exitonfail

		if [ -n "$1" ]
		then
			NFSSHARE=$1
			DOAUTO=Y
		fi

		while true
		do
			if [ -z "$DOAUTO" ]
			then
				echo -n "Enter a directory on this server you want to share as NFS: "
				read NFSSHARE
			fi

			if [ ${NFSSHARE:0:1} != "/" ]
			then
				echo "You must enter an absolute path, starting with \"/\". "
				[ "$DOAUTO" == "Y" ] && cleanup-and-exit 1 
				echo
				continue
			fi

			if [ ${NFSSHARE: -1} == "/" ]
			then
				# Remove trailing /
				NFSSHARE=${NFSSHARE::-1}
			fi

			echo "Testing the directory for establishing a NFS share..."
			sleep 1

			if [ -d ${NFSSHARE} ]
			then 
				echo "Directory ${NFSSHARE} already exists"
			else
				mkdir -p ${NFSSHARE} &>/dev/null
				if [ $? -ne 0 ]
				then
					echo "Could not create/access directory [${NFSSHARE}]. Try again..."
					continue
				else 
					echo "Created directory ${NFSSHARE} successfully"
				fi
			fi

			cat /etc/exports | grep "${NFSSHARE}" &>/dev/null
			if [ $? -eq 0 ]
			then
				echo "[${NFSSHARE}] is already in the exports list for this server, see /etc/exports"
				echo "You may want to check for permissions, ideally they should be:"
				echo "     *(rw,sync,no_wdelay,no_root_squash,insecure)"
				cleanup-and-exit 0 white "Share was already available"
			fi
			
			chmod 777 "${NFSSHARE}" &>/dev/null
			if [ $? -ne 0 ]
			then
				echo "Could not change mode of [${NFSSHARE}] to all-rw (777). Try again..."
				[ "$DOAUTO" == "Y" ] && cleanup-and-exit 1 
				echo
				continue
			fi

			touch ${NFSSHARE}/testfile &>/dev/null
			if [ $? -ne 0 ]
			then
				echo "Could not create test file  [${NFSSHARE}/testfile]. "
				[ "$DOAUTO" == "Y" ] && cleanup-and-exit 1 
				echo
				continue
			else
				rm ${NFSSHARE}/testfile &>/dev/null
				break
			fi
		done

		echo "Directory [${NFSSHARE}] tested successfully. Setting up NFS share."
		sleep 1

		if (echo "${NFSSHARE} *(rw,sync,no_wdelay,no_root_squash,insecure)" >> /etc/exports) 2>/dev/null
		then
			echo "Added [${NFSSHARE} *(rw,sync,no_wdelay,no_root_squash,insecure)] to /etc/exports"
			echo
		else 
			echo "Could not add share to /etc/exports. Cannot continue!"
			cleanup-and-exit 1
		fi

		exportfs -a &>/dev/null
		showmount -e | grep "${NFSSHARE}" &>/dev/null
		if [ $? -ne 0 ]
		then
			echo "Failed to export [${NFSSHARE}] (see exportfs -a and showmount -e). Cannot continue!"
			cleanup-and-exit 1
		else
			print-in-colour green "NFS share [${NFSSHARE}] established successfully!"
		fi
	fi 

	if [ ${OPTION} == "installcomplete" ]
	then
		#inframarkcomplete

		if [ -n "${CLUSTERCOMPLETE}" ]
		then
			print-in-colour green "This cluster has already been marked as COMPLETED for install."
			echo
			exit
		fi

		print-option-header infra "Mark cluster install as COMPLETED. Use at your own risk!"

		echo "Should an install not complete but leave you with a cluster that is largely operational"
		echo "and in a condition that you can fix, just proceed!"
		echo

		ask-user "Do you want to mark the cluster installation as COMPLETED" "Y"
		if [ "$?" == "0" ]
		then
			echo  -n "OK, marking the cluster as completed..."
			mark-cluster-complete MANUAL  # This last word goes into the string in .clusterconfig as a reference
			sleep 1
			echo "Done!"
			echo
		fi
	fi 

	if [ ${OPTION} == "deletecluster" ]
	then

		#infradeletecluster

		# Danger Will Robinson!
		echo
		print-in-colour red "ALERT: DELETE CLUSTER REQUEST"
		echo

		if  [ "$1" == "force" ]
		then
			# Someone's feeling lucky
			print-in-colour red "FORCE REQUESTED - NO QUESTIONS ASKED!"
			DELETECLUSTERMODE=0
			DELETECLUSTERFORCE=0
			DELETECLUSTERNAME=${CLUSTERFQDN}
			yakko-process-stages rollback
		fi

		if  [ "$1" == "${CLUSTERFQDN}" ]
		then
			echo "You have requested to DELETE the current cluster: [${CLUSTERFQDN}]"
			echo
			echo -n "Please confirm by entering the cluster name again: "
			read DELETECLUSTERNAME
			if [ "${DELETECLUSTERNAME}" == "${CLUSTERFQDN}" ]
			then
				# We signal that this is happening in case it's needed to know in rollbacks
				DELETECLUSTERMODE=0
				DELETECLUSTERFORCE=1
				yakko-process-stages rollback
			else
				echo
				echo "ERROR: incorrect cluster name, delete not confirmed."
			fi
		else
			echo "ALERT: To delete cluster [${CLUSTERFQDN}] and all associated ${YAKKONAME} configuration, you also need to pass the full cluster name" 
			echo "RUN:   yakko infra deletecluster ${CLUSTERFQDN}"
		fi
	fi

	cleanup-and-exit 1

}


##########################################################################################################
### YAKKO OPS 
##########################################################################################################

print-yakko-ops-operations-menu() {

	# Catchall for any other passed parameted at this point
	echo "    USAGE: ${YAKKOSCRIPTNAME} ops <OPTION> [parameters]" 
	echo "    OPTION is one of:"
	echo "        - htpasswd        ->  Deploy local password access and a new administrator"
	echo "        - useradd         ->  Add a new user to local htpasswd DB"
	echo "        - userdelete      ->  Delete an existing user from the local htpasswd DB"
	echo "        - mastersched     ->  Enable/disable master scheduling"
	echo "        - approvecsrs     ->  Approve any outstanding CSRs (Certificate Signing Requests)"
	echo "        - nodelabel       ->  Change the label of a node between worker <-> infra"
	echo "        - localregistry   ->  Enable localstorage registry (volatile)"
	echo "        - nfsregistry     ->  Enable an existing NFS share as registry (persistent)"
	echo "        - nfsmap          ->  Map an existing NFS share to a namespace"
	echo "        - ingresscert     ->  Install an existing wildcard certificate"
	echo "        - emergency       ->  Retrieve certain aspects of state from master node"
	echo "        - yakkotest       ->  Deploy the 'yakkotest' app on your cluster, to test the lot!!"
}

yakko-ops-operations() {

	# This is just nice stuff to have after the install is done
	# we're here because the user called "yakko ops"

	OPTION=$1
	shift 

	echo "${YAKKOCLUSTEROPTIONS}" | grep " ${OPTION} " >/dev/null
	if [ -z "${OPTION}" -o $? -ne 0 ]
	then
		print-yakko-ops-operations-menu
		cleanup-and-exit 0
	fi

	if [ ${OPTION} == "htpasswd" ]
	then
		#opshtpasswd

		print-option-header ops "Enable ADMIN and local passwords"

		check-oc-credentials-and-state

		# $1 - new administrator username
		# $2 - new administrator password
		# $3 - Y or N for disable kubeadmin
		# $4 - Y or N for permitting the new admin password in the ${LOGINCOMMANDFILE} command

		# Need htpasswd from httpd-tools
		install-package-if-missing httpd-tools 

		check-oauth-httpasswd-type
		if [ $? -ne 0 ]
		then
			if [ -z "$1" ]
			then
				NEWUSER=administrator
				echo "You must enter a new administrator who will be granted cluster-admin role."
				echo -n "Enter a new admin username to add to the HTPasswd provider [administrator]: "
				read NEWUSER
				[ -z "${NEWUSER}" ] && NEWUSER="administrator"	
			else
				NEWUSER="$1"
			fi

			if [ -z "$2" ]
			then
				echo
				echo -n "Enter password for user '$NEWUSER': "
				read -s NEWPASSWORD
				echo
				echo -n "Retype password for confirmation: "
				read -s CONFIRMPASSWORD
				echo
				if [ "$NEWPASSWORD" != "$CONFIRMPASSWORD" ]
				then
					echo "Passwords didn't match! Exiting..."
					cleanup-and-exit 1
				fi
			else
				NEWPASSWORD="$2"
			fi

			TMPOAUTHCONFIGFILE=/tmp/oauth-config-$$.yaml

			{
				echo "apiVersion: config.openshift.io/v1"
				echo "kind: OAuth"
				echo "metadata:"
				echo "  name: cluster"
				echo "spec:"
				echo "  identityProviders:"
				echo "  - name: Local Password"
				echo "    mappingMethod: claim"
				echo "    type: HTPasswd"
				echo "    htpasswd:"
				echo "      fileData:"
				echo "        name: htpass-secret"
			} > ${TMPOAUTHCONFIGFILE}

			${OCCOMMAND} apply -f ${TMPOAUTHCONFIGFILE} &>/dev/null
			check-for-error-and-exit $? "Could not apply OAuth Custom Resource for HTaccess (see ${TMPOAUTHCONFIGFILE})" 

			htpasswd -c -B -b ${HTPASSWDFILE} $NEWUSER $NEWPASSWORD
			${OCCOMMAND} create secret generic htpass-secret --from-file=htpasswd=${HTPASSWDFILE} -n openshift-config
			sleep 3

			${OCCOMMAND} adm policy add-cluster-role-to-user cluster-admin $NEWUSER
			check-for-error-and-exit $? "Could not enable $NEWUSER as a user." 
			echo
			echo "Added [$NEWUSER] admin user with cluster-admin role successfuly"
			echo
			YAKKOADMIN=${NEWUSER}
			echo "YAKKOADMIN=${NEWUSER}" >> ${CLUSTERCONFIGFILE}

			if [ -z "$3" ]
			then
				echo "You can choose to disable the 'kubeadmin' account. Note However"
				echo "that ${YAKKONAME} will require a login to provide full cluster info."
				ask-user "Disable 'kubeadmin' account" Y 
				ANSWER=$?
			else
				ANSWER=$3
			fi

			if [ "$ANSWER" == "0" -o "$ANSWER" == "Y" -o "$ANSWER" == "y" ]
			then
				echo "Deleting secret for 'kubeadmin' account" 
				${OCCOMMAND} --user=admin delete secret kubeadmin -n kube-system
				echo "Note that the system:admin account is still available"
				echo
				echo "Waiting up to 5 minutes to test login with new administrator user"
				echo

				COUNTER=300
				while [ ${COUNTER} -gt 0 ]
				do
					((COUNTER-=10))
					sleep 10 # We let ocp settle the change and spin a "Running" container
	
					oc login -u ${YAKKOADMIN} -p ${NEWPASSWORD} --insecure-skip-tls-verify=true  https://api.${CLUSTERFQDN}:6443 &>/dev/null
					if [ $? -eq 0 ]
					then
						print-in-colour green "New admin user [${YAKKOADMIN}] successfully logged in."
						break
					fi
				done

				if [ ${COUNTER} -eq 0 ]
				then
					print-in-colour red "Failed to login as new admin user [${YAKKOADMIN}]"
				fi
			fi

			if [ -z "$4" ]
			then
				# Ask to generate the new $LOGINCOMMANDFILE with login command
				echo
				echo "${YAKKONAME} will generate a new file [${LOGINCOMMANDFILE}] with a login command."
				echo "This file can also be used by ${YAKKONAME} to present its default text dashboard output."
				echo "Note that otherwise, ${YAKKONAME} will not keep any copy of your new admin password!"
				ask-user "Would you like for this command to include the password for [$YAKKOADMIN]" Y
				LOGINFILEHASPASSWORD=$?
				sed -i "s/LOGINFILEHASPASSWORD=.*/LOGINFILEHASPASSWORD=${LOGINFILEHASPASSWORD}/" ${CLUSTERCONFIGFILE} &>/dev/null 
			else
				# Auto generate, Y is include password, N is don't
				if [ $4 == Y -o $4 == 0 ]
				then
					# This is default already, but here for clarity
					LOGINFILEHASPASSWORD=0
				else
					LOGINFILEHASPASSWORD=1
					sed -i "s/LOGINFILEHASPASSWORD.*/LOGINFILEHASPASSWORD=1/" ${CLUSTERCONFIGFILE} &>/dev/null 
				fi
			fi

			echo
			generate-login-command-file $NEWUSER $NEWPASSWORD 
			echo "NOTE: New login command file [${LOGINCOMMANDFILE}] generated."
		else
			echo "Local passwords have already been enabled."
		fi

		# and ... the webpage
		sed -i "s/kubeadmin/${YAKKOADMIN}/" ${IMAGEREPO}/index.html
		sed -i "/Password:/d" ${IMAGEREPO}/index.html
		compose-html-cluster-report noadmin
	fi

	if [ ${OPTION} == "useradd" ]
	then
		#opsuseradd

		print-option-header ops "Add a local htpasswd user"

		check-oc-credentials-and-state

		check-oauth-httpasswd-type
		check-for-error-and-exit $? "You need to first configure Local Passwords via \"$YAKKOSCRIPTNAME ops htpasswd\"" 

		if [ -z "$1" ]
		then
			echo -n "Enter the name for a new user to add to the HTPasswd provider: "
			read NEWUSER
		else
			NEWUSER="$1"
		fi
		
		if [ -z "$2" ]
		then
			echo -n "Enter password for user '$NEWUSER': "
			read -s NEWPASSWORD
			echo
			echo -n "Retype password for confirmation: "
			read -s CONFIRMPASSWORD
			echo
			if [ "$NEWPASSWORD" != "$CONFIRMPASSWORD" ]
			then
				echo "Passwords didn't match! Exiting..."
				cleanup-and-exit 1
			fi
		else
			NEWPASSWORD=$2
		fi

		${OCCOMMAND} get secret htpass-secret -n openshift-config -o jsonpath="{.data.htpasswd}" | base64 -d > ${HTPASSWDFILE}
		htpasswd -Bb ${HTPASSWDFILE} ${NEWUSER} "${NEWPASSWORD}"
		${OCCOMMAND} patch secret htpass-secret -n openshift-config -p "{\"data\":{\"htpasswd\":\"$(base64 -w0 ${HTPASSWDFILE})\"}}"
		check-for-error-and-exit $? "Could not retrieve existing htpasswd file from the cluster" 

		${OCCOMMAND} adm policy add-cluster-role-to-user self-provisioner $NEWUSER
		check-for-error-and-exit $? "Could not assign self-provisioner role to $NEWUSER" 

		rm ${HTPASSWDFILE} &>/dev/null

		echo
		echo "Success: added user '$NEWUSER' and assigned self-provisioner role."
		
		wait-for-stable-operators 6
	fi

	if [ "${OPTION}" == "userdelete" ]
	then
		#opsuserdelete

		print-option-header ops "Delete a local htpasswd user"

		[ -z "$1" ] && 
			cleanup-and-exit "You need to pass a USERNAME for the username to delete - $YAKKOSCRIPTNAME ops userdelete <username>"

		DELUSER=$1

		check-oc-credentials-and-state
		check-oauth-httpasswd-type
		check-for-error-and-exit $? "There is no local HTPasswd configured, cannot delete anyone yet!"

		${OCCOMMAND} get secret htpass-secret -n openshift-config -o jsonpath="{.data.htpasswd}" | base64 -d > ${HTPASSWDFILE}

		cat ${HTPASSWDFILE} | grep $DELUSER >/dev/null
		if [ $? -eq 0 ]
		then
			htpasswd -D ${HTPASSWDFILE} $DELUSER
			${OCCOMMAND} patch secret htpass-secret -n openshift-config -p "{\"data\":{\"htpasswd\":\"$(base64 -w0 ${HTPASSWDFILE})\"}}"
			check-for-error-and-exit $? "Could not update password file in OCP, user not deleted"

			echo "It may take a while for this change to become effective."
			echo
		else
			echo "User [$DELUSER] not found in OCP, could not delete."	
		fi
	fi
		
	if [ "${OPTION}" == "localregistry" ]
	then
		#opslocalregistry

		print-option-header ops "Enable local registry"

		check-oc-credentials-and-state

		if [ $(check-registry-type) == local ]
		then
			echo "Local Registry is already configured!"
			echo "But can be replaced with NFS - yakko ops nfsregistry"
			cleanup-and-exit 0
		fi

		if [ $(check-registry-type) == nfs ]
		then
			print-in-blink "ALERT: NFS Registry is already configured! Continue to replace." 
		fi

		# The below is for automating by issuing "yakko ops localregistry Y"
		ANSWER=N
		if [ -z "$1" ]
		then
			ask-user "Enable local registry (images will be lost on registry restart)" "Y" noauto
			ANSWER=$?
		else
			ANSWER=$1
		fi

		if [ "$ANSWER" == 0 -o "$ANSWER" == "Y" -o "$ANSWER" == "y" ]
		then
			# This first line is just so can change from NFS to local if you are already on NFS. It also lets me test quickly :)
			${OCCOMMAND} patch configs.imageregistry.operator.openshift.io cluster --type json -p='[{"op": "remove", "path": "/spec/storage/pvc"}]' &>/dev/null
			${OCCOMMAND} patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"storage":{"emptyDir":{}}}}'
			${OCCOMMAND} patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"managementState":"Managed"}}'

			#We clean up any remaining nfs mounts for the cluster registry - it doesn't matter if there are none
			if [ $(check-registry-type) == nfs ]
			then
				echo "Deleting existing NFS persistent volume and claim for registry..."
				${OCCOMMAND} delete pvc pvc-ocpclusterregistry -n openshift-image-registry &>/dev/null
				${OCCOMMAND} delete pv pv-ocpclusterregistry &>/dev/null
			fi

			COUNTER=300
			echo
			echo "Waiting up to 5 minutes to allow image-registry operator to become locally available..."
			echo

			while [ ${COUNTER} -gt 0 ]
			do
				((COUNTER-=10))
				sleep 10 # We let ocp settle the change and spin a "Running" container

				if [ $(check-registry-type) == local ]
				then
					print-in-colour green "Local registry is now enabled. Check 'oc get co' to observe operator progress"
					break
				fi
			done

			if [ ${COUNTER} -eq 0 ]
			then
				print-in-colour red "Local registry is NOT operational - check image-registry pod in namespace openshift-image-registry"
			fi
		fi
	fi

	if [ "${OPTION}" == "nfsregistry" ]
	then
		#opsnfsregistry

		print-option-header ops "Enable NFS registry"

		check-oc-credentials-and-state

		if [ $(check-registry-type) == nfs ]
		then
			echo "NFS Registry is already configured!"
			echo "To replace it, move the registry to local - yakko ops localregistry"
			cleanup-and-exit 0
		fi

		if [ $(check-registry-type) == local ]
		then
			print-in-blink "ALERT: Local Registry is already configured! Continue to replace."
		fi

		ANSWER=N
		NFSAUTO=N

		if [ -z "$1" ]
		then
			ask-user "Enable NFS registry" "Y" noauto
			ANSWER=$?
		else
			if [ $# -ne 3 ]
			then 
				echo "USAGE: yakko ops nfsregistry <SERVER> <SHARE> <CAPACITY in Gib>"
			else
				ANSWER=Y
				NFSSERVER=$1
				NFSSHARE=$2
				NFSCAPACITY=$3

				NFSAUTO=Y
			fi
		fi

		if [ "$ANSWER" == 0 -o "$ANSWER" == "Y" -o "$ANSWER" == "y" ]
		then

			if [ "$NFSAUTO" == "N" ]
			then
				mount-nfs-share # This populates $NFSSERVE and $NFSHARE

				echo
				echo "Capacity availability on the selected share will not be tested."
				while true
				do
					echo -n "What capacity should the PVC request have in GiB [100]? "
					read NFSCAPACITY
					if [ -z "${NFSCAPACITY}" ] 
					then
						NFSCAPACITY=100
					fi
					if ! [[ ${NFSCAPACITY} =~ $NUMBERRE ]] ; then
						echo "Error: Not a number. Try again..."
						continue
					fi
					if [[ ${NFSCAPACITY} -lt 10 ]] ; then
						echo "That's not very big... up to you!"
						continue
					fi 
					break
				done
			fi

			create-nfs-pvc ocpclusterregistry "${NFSSERVER}" "${NFSSHARE}" openshift-image-registry ${NFSCAPACITY} 
			${OCCOMMAND} patch configs.imageregistry.operator.openshift.io cluster --type json -p='[{"op": "remove", "path": "/spec/storage/emptyDir"}]' &>/dev/null
			${OCCOMMAND} patch configs.imageregistry.operator.openshift.io/cluster --type merge --patch '{"spec":{"managementState": "Managed","storage":{"managementState": "Unmanaged","pvc":{"claim":"pvc-ocpclusterregistry"}}}}' 

			COUNTER=300
			echo
			echo "Waiting up to 5 minutes to allow image-registry operator to mount NFS share..."
			echo

			while [ ${COUNTER} -gt 0 ]
			do
				((COUNTER-=10))
				sleep 10 # We let ocp settle the change and spin a "Running" container

				if [ $(check-registry-type) == nfs ]
				then
					print-in-colour green "NFS Mount for registry is now operational"
					echo "You may have to wait for the change to register across all operators - check 'oc get co'"
					break
				fi
			done

			# Testing the NFS mount is writable
			${OCCOMMAND} project openshift-image-registry
			REGISTRYPOD=$(${OCCOMMAND} | grep "^image-registry" | awk '{ print $1 }')

			#We test if the docker ir is there
			${OCCOMMAND} rsh ${REGISTRYPOD} ls /registry/docker &>/dev/null
			if [ $? -eq 2 ]
			then
				# the docker dir does not exist, this is good because the registry 
				# will create it with the right permissions
				echo "Docker directory will be created by the registry operator on NFS mount"
			else
				# Ok, the registry is there, 
				# echo "Docker directory exists already. Testing if it is writable with cluster permissions"
				${OCCOMMAND} rsh ${REGISTRYPOD} touch /registry/docker/yakko-registry-test &>/dev/null
				RESULT=$?
				sleep 1
				echo
				if [ $RESULT -eq 0 ]
				then
					echo "Docker directory tested OK."
					${OCCOMMAND} rsh ${REGISTRYPOD} rm /registry/docker/yakko-registry-test &>/dev/null
				else
					echo "NOTE:"
					echo "Docker directory does not appear writeable."
					echo "This can happen if you are reusing the mountpoint on a new cluster"
					echo "as user IDs may be different."
					echo "TO fix this easily, delete the docker directory on the mountpoint"
					echo
				fi
			fi

			if [ ${COUNTER} -eq 0 ]
			then
				print-in-colour red "NFS Mount for registry is NOT operational - check image-registry pod in namespace openshift-image-registry"
			fi
		fi
	fi

	if [ "${OPTION}" == "nfsmap" ]
	then
		#opsnfsmap

		#Lots of good stuff here:
		#https://docs.openshift.com/container-platform/4.13/storage/persistent_storage/persistent-storage-nfs.html

		print-option-header ops "Map an existing NFS share to a namespace"

		check-oc-credentials-and-state

		echo "This utility lets you use an existing NFS share to map and mount to a namespace."
		echo
		echo "If you don't have a share yet, you can create a new share on this server by issuing:"
		echo "    - yakko infra nfsshare"

		ANSWER=N
		NFSAUTO=N

		if [ -z "$1" ]
		then
			echo
			ask-user "Map (mount) an existing NFS share on a namespace" "Y" noauto
			ANSWER=$?
		else
			if [ $# -ne 2 ]
			then 
				echo "USAGE: yakko ops nfsregistry <SERVER> <SHARE>"
			else
				ANSWER=Y
				NFSSERVER=$1
				NFSSHARE=$2
				NFSCAPACITY=$3
				NFSAUTO=Y
			fi
		fi
		echo

		if [ "$ANSWER" == 0 -o "$ANSWER" == "Y" -o "$ANSWER" == "y" ]
		then

			if [ "$NFSAUTO" == "N" ]
			then
				mount-nfs-share # This populates $NFSSERVE and $NFSHARE

				echo
				echo -n "Enter a base name for the persistent volume / claim that will appear in OpenShift: "
				read PVCNAME
				echo
				while true
				do
					echo -n "Enter the namespace that you want to map this NFS share to: "
					read NAMESPACE
	
					oc get projects | awk '{ print $1 }' | grep ${NAMESPACE} &>/dev/null
					if [ $? -ne 0 ]
					then
						echo "That namespace (project) does not exist, try again..."
						echo
						continue
					fi
					break
				done
	
				echo
				echo "Capacity availability on the selected share will not be tested."
				while true
				do
					echo -n "What capacity should the PVC request have in GiB [100]? "
					read NFSCAPACITY
					if [ -z "${NFSCAPACITY}" ] 
					then
						NFSCAPACITY=100
					fi
					if ! [[ ${NFSCAPACITY} =~ $NUMBERRE ]] ; then
						echo "Error: Not a number. Try again..."
						continue
					fi
					if [[ ${NFSCAPACITY} -lt 10 ]] ; then
						echo "That's not very big... up to you!"
						continue
					fi 
					break
				done
			fi

			create-nfs-pvc ${PVCNAME} "${NFSSERVER}" "${NFSSHARE}" ${NAMESPACE} ${NFSCAPACITY} 

			echo
			print-in-colour green "NFS share [${NFSSHARE}] should now be available in namespace [${NAMESPACE}]"

			# REF: https://infohub.delltechnologies.com/l/deployment-guide-red-hat-openshift-container-platform-4-2/creating-a-pod-using-nfs-pvc-5
			echo
			echo "If you want to test this, you can create the following pod as pod.yaml"
			echo
			echo "apiVersion: v1"
			echo "kind: Pod"
			echo "metadata:"
			echo "  name: nfspod"
			echo "spec:"
			echo "  containers:"
			echo "  - name: myfrontend"
			echo "    image: nginx"
			echo "    volumeMounts:"
			echo "    - mountPath: \"/var/www/html\""
			echo "      name: nfsshare"
			echo "  volumes:"
			echo "  - name: nfsshare"
			echo "    persistentVolumeClaim:"
			echo "      claimName: pvc-${PVCNAME}"
			echo 
			echo "and finally run:   oc apply -f pod.yaml"
			echo
			echo "If you are not in a privileged account, you may want to help nginx along:"
			echo "oc adm policy add-scc-to-user anyuid system:serviceaccount:${NAMESPACE}:default"
			echo
			echo "This will mount your share on /var/www/html of the pod - create an index.html file in your share!"
			echo "You can also issue 'oc get pods <namespace>' and then 'oc rsh nfspod'"
			echo "Once in the pod, simply call 'mount' and you should see your NFS mount there"
		fi
	fi


	if [ "${OPTION}" == "mastersched" ]
	then
		#opsmastersched

		print-option-header ops "Change MASTER node(s) scheduling state"

		# We check that you can still go on after cred check
		check-oc-credentials-and-state

		echo "This is an important change that may affect the behaviour of your workloads"
		echo "and is simply being provided by ${YAKKONAME} as a mechanism to change new nodes quickly."
		echo "Use at your own risk!"
		echo

		echo -n "Masters are currently "
		${OCCOMMAND} get nodes | grep master-0 | grep worker &>/dev/null
		if [ $? -eq 0 ] #Masters are schedulable because they read 'worker'
		then
			print-in-colour green "SCHEDULABLE"
			echo
			if [ $(${OCCOMMAND} get nodes | grep "node-" | grep -v NotReady | grep -c Ready) -eq 0 ] 
			then
				echo 
				print-in-blink "ATTENTION: There are no worker nodes available! Proceed with caution."
				echo
			fi
			ask-user "Change masters to [NOT SCHEDULABLE]" Y noauto
			[ $? -eq 0 ] && 
				${OCCOMMAND} patch schedulers.config.openshift.io/cluster  --type merge --patch '{"spec": {"mastersSchedulable": false}}'
		else
			print-in-colour orange "NOT SCHEDULABLE"
			echo
			ask-user "Change masters to [SCHEDULABLE]" Y noauto
			[ $? -eq 0 ] && 
				${OCCOMMAND} patch schedulers.config.openshift.io/cluster  --type merge --patch '{"spec": {"mastersSchedulable": true}}'
		fi

		# Do not add anything between the above and the below!
		if [ $? -eq 0 ] 
		then
			echo "Master scheduling updated"
			update-haproxy-config-file
		else
			echo "This operation was not successful"
		fi
	fi

	if [ "${OPTION}" == "nodelabel" ]
	then
		#opsnodelabel
		# This one is for fun, has a cute little hack

		print-option-header ops "Change node label: WORKER ←→ INFRA"

		check-oc-credentials-and-state

		CURRENTNODES=" $(${OCCOMMAND} get nodes | grep "^node-" | awk '{print $1}') "

		if [ -z "${CURRENTNODES}" ]
		then
			echo "There are no worker/infra nodes defined, nothing to change!"
			cleanup-and-exit 0
		fi


		if [ -z "$(${OCCOMMAND} get nodes | grep "^node-" | awk '{print $1, $3}')" ]
		then
			echo "There are no nodes available for relabeling!"
			cleanup-and-exit 0
		fi

		echo "This is an important change that may affeect the behaviour of your workloads"
		echo "and is simply being provided by ${YAKKONAME} as a mechanism to change new nodes quickly."
		echo "Use at your own risk!"
		echo

		echo "The following nodes are available for relabeling: "
		${OCCOMMAND} get nodes | grep "^node-" | awk '{print $1, $3}'

		while true
		do
			echo -n "Enter the name of the node you want to relabel: "
			read NODENAME
			
			echo ${CURRENTNODES} | grep ${NODENAME} &>/dev/null
			[ $? -ne 0 ] && {
				echo "Invalid node name"
				echo
				continue
			}
			break
		done

		NODELABEL=$(${OCCOMMAND} get nodes | grep ${NODENAME}" "| awk '{print $3}')

		if [ ${NODELABEL} == "worker" ]
		then
			NEWNODELABEL="infra"
		else
			NEWNODELABEL="worker"
		fi
		
		# Little hack...
		export KUBE_EDITOR="sed -i s+node-role.kubernetes.io/${NODELABEL}+node-role.kubernetes.io/${NEWNODELABEL}+"

		echo
		ask-user "Change [${NODENAME}] label from [${NODELABEL}] to [${NEWNODELABEL}]" Y noauto
		if [ $? -eq 0 ]
		then
			${OCCOMMAND} edit node ${NODENAME}
			[ $? -ne 0 ] &&
				echo "This operation was not succssful"
		else
			echo "No changes were made./"
		fi
	fi

	if [ "${OPTION}" == "ingresscert" ]
	then
		#opsingresscert

		print-option-header ops "Install an ingress wildcard certificate"

		check-oc-credentials-and-state

		AUTOSETUP=N
		if [ -n "$1" ]
		then
			CERTBUNDLEPATH=$1
			AUTOSETUP=Y

			if [ ! -r ${CERTBUNDLEPATH}/fullchain.pem -o ! -r ${CERTBUNDLEPATH}/privkey.pem ]
			then
				cleanup-and-exit 1 "$1 is not a valid certificate bundle directory - check files fullchain.pem and privkey.pem and permissions!"
			fi
		else
			CERTBUNDLEPATH=/etc/letsencrypt/live/apps.${CLUSTERFQDN}

			echo "ATTENTION: To proceed you must:" 
			echo "- own your own domain [${CLUSTERDOMAIN}] - DO YOU?"
			echo "- have admin access to the domain's control panel"
			echo "- provide a wildcard certificate for apps.${CLUSTERFQDN} as a certificate bundle in your filesystem"

			echo
			print-in-colour green "GUIDELINES FOR USING letsencrypt.com AS A CERTIFICATE SOURCE"
			echo
			echo "  1) Obtain a certificate from this server using the free 'letsencrypt.com' service"
			echo "     you will need to install  certbot, e.g.  dnf install certbot"
			echo 
			echo "     For RHEL you may require adding EPEL repos: "
			echo "     dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm"
			echo
			echo "  2) Issue a request like:  certbot -d '*.apps.${CLUSTERFQDN}' --manual --preferred-challenges dns certonly"
			echo
			echo "  3) Follow the instructions above and use the following to test if the DNS challenge is resolving"
			echo "     before certbot checks the challenge!"
			echo "     https://dnschecker.org/#TXT/_acme-challenge.apps.${CLUSTERFQDN}"
			echo 
			echo "  4) This will generate four files in $CERTBUNDLEPATH:"
			echo "     - fullchain.pem - which bundles:"
			echo "       - chain.pem and "
			echo "       - cert.pem"
			echo "     - privkey.pem - the private key (do not make public)"
			echo "     We will only require fullchain.pem and privkey.pem"
			echo 
			echo "  NOTE: Visit for help: https://stephennimmo.com/securing-openshift-ingress-with-lets-encrypt/"
			echo "  NOTE: See here for expired certificates: https://dentrassi.de/2021/01/18/recovering-from-an-expired-openshift-certificate/"
			echo

			ask-user "Are you ready to proceed?" Y auto
			[ $? -ne 0 ] && cleanup-and-exit 0 "Run this command again when all requirements are met"
			echo

			while true
			do
				echo -n "Enter the DIRECTORY where the certificate bundle resides [$CERTBUNDLEPATH]: "
				read CERTBUNDLEALTPATH
				[ -z "${CERTBUNDLEALTPATH}" ] && CERTBUNDLEALTPATH=${CERTBUNDLEPATH}
				CERTBUNDLEALTFILE=$CERTBUNDLEALTPATH/fullchain.pem
	
				if [ -r ${CERTBUNDLEALTFILE} ]
				then
					CERTBUNDLEPATH=${CERTBUNDLEALTPATH}
					CERTBUNDLEFILE=${CERTBUNDLEALTFILE}
					break
				else
					echo "Invalid certificate bundle / directory (could not access fullchain.pem"
					echo
					continue
				fi
			done
		fi

		if [ -r ${CERTBUNDLEPATH}/privkey.pem ]
		then
			echo "Private key [privkey.pem] found at ${CERTBUNDLEPATH} - continuing..."
		else
			echo "Private key [privkey.pem] was expected at ${CERTBUNDLEPATH} but not found there. Exiting!"
			cleanup-and-exit 0
		fi

		echo

		${OCCOMMAND} create configmap custom-ca --from-file=ca-bundle.crt=${CERTBUNDLEFILE} -n openshift-config

		## Test on V4.30+
		#${OCCOMMAND} patch proxy/cluster --type=merge  --patch='{"spec":{"trustedCA":{"name":""}}}'
		${OCCOMMAND} patch proxy/cluster --type=merge  --patch='{"spec":{"trustedCA":{"name":"custom-ca"}}}'
		check-for-error-and-exit $? "Unable to apply patched config map in / custom-ca!"

		${OCCOMMAND} create secret tls custom-ca-secret --cert=${CERTBUNDLEFILE} --key=${CERTBUNDLEPATH}/privkey.pem -n openshift-ingress
		${OCCOMMAND} patch ingresscontroller.operator default \
			--type=merge -p '{"spec":{"defaultCertificate": {"name": "custom-ca-secret"}}}' -n openshift-ingress-operator
		check-for-error-and-exit $? "Unable to apply patched private key in / custom ca!"

		if [ "${AUTOSETUP}" == "Y" ]
		then
			sleep 60
			oc patch proxy.config.openshift.io/cluster --type=merge -p '{"spec":{"trustedCA":{"name":""}}}'
		else
			# How to patch the file?
			# oc patch proxy.config.openshift.io/cluster --type=merge -p '{"spec":{"trustedCA":{"name":""}}}'
			echo
			echo "NOTE: If the 'network' and/or 'machine-config' operator goes into degraded mode, run 'oc edit proxy.config.openshift.io cluster'  and:"
			echo "      - clear field trustedCA: "
			echo "      - change 'name:' field to \"\" "
			echo "      - save changes"
			echo "      - oc describe co/network should show an error message that describes the issue"
		fi
	fi

	# VERSION 1.1 - Approve outstanding CSRs
	if [ "${OPTION}" == "approvecsrs" ]
	then
		#opsapprovecsrs

		print-option-header ops "Pending Certificate Signing Request (CSR) approval" 

		check-oc-credentials-and-state

		PENDINGCSRS=$(${OCCOMMAND} get csr 2>/dev/null | grep Pending | awk '{ print $1 }')

		set ${PENDINGCSRS} >/dev/null

		if [ $# -gt 0 ]
		then
			#ask-user "There are [$#] CSRs in PENDING state. Approve" Y

			#if [ $? -eq 0 ]
			#then
				CURRENTCSRNUM=0

				for CSRNAME in ${PENDINGCSRS}
				do
					((CURRENTCSRNUM+=1))
					echo -n "${CURRENTCSRNUM}: "
					${OCCOMMAND} adm certificate approve ${CSRNAME}
				done
			#fi
			echo
			echo "CSR approval can cascade for additional CSRs. Be sure to check again."
		else
			echo
			echo "There are no pending CSRs to approve"
		fi
	fi

	if [ "${OPTION}" == "emergency" ]
	then
		#opsemergency

		print-option-header ops "Emergency commands!"

		OPTIONARG=$1

		start-spinner "Testing if host 'master-0' is reachable"
		ping -c 10 -i 0.1 ${MASTER0IP} &>/dev/null
		RESULT=$?
		[ $RESULT -ne 0 ] && cleanup-and-exit $RESULT red "Host master-0 appears to be unavailable, could not ping [${MASTER0IP}]"
		stop-spinner 

		if [ -z "$OPTIONARG" ] # No parameter was passed
		then
			echo "These options can help understand the current state of the cluster from WITHIN node 'master-0'."
			echo
		fi

		while true 
		do
			if [ -z "$OPTIONARG" ] # No parameter was passed
			then
				echo '------------------------------------------------------------'
				echo
				echo "Choose for analysis:"
				echo "O. List cluster Operators state"
				echo "P. List any CSRs Pending approval"
				echo "A. Approve any CSRs pending approval"
				echo "T. Check Time (for ntp drift)"
				echo "S. Run time Sync against ntp"
				echo "L. Login to master-0 via SSH"
				echo "E. Exit"
				echo
				echo -n "Enter Option letter: "
				read OPTIONNUMBER
			else
				OPTIONNUMBER=$OPTIONARG
			fi

			case $OPTIONNUMBER in

				o|O)	echo 
					ssh -i ${OCPSSHKEY} -o "StrictHostKeyChecking no" -t core@${MASTER0IP} sudo "oc get co --kubeconfig=/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/node-kubeconfigs/lb-int.kubeconfig" 2>/dev/null ;;

				p|P)	echo 
					ssh -i ${OCPSSHKEY} -o "StrictHostKeyChecking no" -t core@${MASTER0IP} sudo "oc get csr --kubeconfig=/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/node-kubeconfigs/lb-int.kubeconfig | grep Pending" 2>/dev/null ;;

				a|A)	echo
					PENDINGCERTIFICATES=$(ssh -i ${OCPSSHKEY} -o "StrictHostKeyChecking no" -t core@${MASTER0IP} sudo "oc get csr --kubeconfig=/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/node-kubeconfigs/lb-int.kubeconfig | grep ^csr | grep Pending | cut -f1 -d' ' " 2>/dev/null)
					if [[ "$PENDINGCERTIFICATES" =~ "No resources found".* ]]
					then
						echo "There are no certificates in 'Pending' state"
					else
						echo "Approving pending certificates from within master-0:"
						for CERTIFICATE in $PENDINGCERTIFICATES
						do
							ssh -i ${OCPSSHKEY} -o "StrictHostKeyChecking no" -t core@${MASTER0IP} sudo "oc adm certificate approve ${CERTIFICATE:0:9} --kubeconfig=/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/node-kubeconfigs/lb-int.kubeconfig" 2>/dev/null
						done
					fi ;;

				t|T)	echo 
					ssh -i ${OCPSSHKEY} -o "StrictHostKeyChecking no" -t core@${MASTER0IP} sudo "date" 2>/dev/null ;;

				s|S)	echo 
						time-sync-all-nodes;;

				l|L)	echo 
					echo "You will be logged in to master-0, type 'exit' to leave. For other nodes, use 'yakko infra sshtonode'."
					echo
					echo "KUBECONFIG has been set as follows: "	
					print-in-colour orange "export KUBECONFIG=/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/node-kubeconfigs/lb-int.kubeconfig"
					echo
					ssh -t -i ${OCPSSHKEY} -o "StrictHostKeyChecking no" core@${MASTER0IP} "export KUBECONFIG=/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/node-kubeconfigs/lb-int.kubeconfig; export PS1='master-0# ';sudo -E bash";;

				e|E)	cleanup-and-exit;;

				*) echo "Invalid option.";;
			esac
			echo

			if [ -n "$OPTIONARG" ] 
			then
				break
			else
				wait-for-any-key "Press any key to continue..."
			fi
		done
	fi

	if [ "${OPTION}" == "yakkotest" ]
	then
		#opsyakkotest

		print-option-header ops "Deploy the ${YAKKONAME} test application"

		check-oc-credentials-and-state

		if [ $(check-registry-type) == "none" ]
		then
			echo "Cannot deploy ${YAKKONAME} test app as there is no registry defined."
			echo "First, run 'yakko ops localregistry' or 'yakko ops nfsregistry'"
			cleanup-and-exit 0
		fi

		${OCCOMMAND} new-project yakkotest
		check-for-error-and-exit $? "Could not create project 'yakkotest' in OpenShift"
		${OCCOMMAND} new-app httpd:latest~https://github.com/ozchamo/yakko-test.git --name=yakko
		check-for-error-and-exit $? "could not create new application 'yakko' in OpenShift"
		# Long form: oc new-app --image-stream httpd:latest https://github.com/ozchamo/yakko-test.git --name=yakko
		# Except this does not work because Language Detection is enabled and... it doesn't detect!
		${OCCOMMAND} expose service yakko --hostname=yakkotest.apps.${CLUSTERFQDN}
		check-for-error-and-exit $? "Could not expose route for 'yakkotest.apps.${CLUSTERFQDN}'"

		echo ${SEPARATIONLINE}
		echo
		echo
		echo "OpenShift will begin building the project"
		echo "Inspect progress by issuing 'oc get pods -n yakkotest'"
		echo
		print-in-colour white "Once yakkotest is up, point your browser to: http://$(${OCCOMMAND} get routes | grep yakkotest | awk '{print $2}')"
	fi
		
	cleanup-and-exit 0

}


###### STAGE PROCESSORS FOLLOW ################################################
# progress is move forwarwd, configure, install
# rollback is move back, undo, delete
###############################################################################

process-stage-storage() {
	#stagevmdiskstorage

	[ $1 == "progress" ] && {
	
		advance-stage-progression "Storage location and setup" 
		
		mkdir $CLUSTERSETUPDIR &>/dev/null
		mkdir ${STUBFILES} &>/dev/null

		OCPVMDISKDIR="$OCPVMDIR"/YAKKO-${CLUSTERNAME}-${CLUSTERDOMAIN}-${YAKKOID}
		mkdir -p "${OCPVMDISKDIR}" &>/dev/null
		ERROR=$?
		if [ $ERROR -ne 0 ]
		then
			echo "ERROR: Could not create/access directory [${OCPVMDISKDIR}] (mkdir error #$ERROR)"
			echo "       specify another directory and continue."
			cleanup-and-exit 1
		else

			echo "${YAKKONAME} DIRECTORY FOR THIS VM SET IS:  ${YAKKODIRECTORY}" > ${OCPVMDISKDIR}/README.txt

			if [ ${SELINUXSTATE} -eq 0 ]
			then
				# The following was discovered by Wayne Boxall, adequate check
				# https://docs.fedoraproject.org/en-US/Fedora/13/html/Virtualization_Guide/sect-Virtualization-Security_for_virtualization-SELinux_and_virtualization.html

				semanage fcontext -a -t virt_image_t "${OCPVMDISKDIR}(/.*)?" &>/dev/null
				ERROR=$?
				if [ $ERROR -ne 0 -a $ERROR -ne 1 ]
				then
					echo "ERROR: Could not set virt_image_t context on directory [${OCPVMDISKDIR}] (fcontext error #$ERROR)"
					echo "       specify another directory and continue."
					cleanup-and-exit 1
				fi

				restorecon -R -v "${OCPVMDISKDIR}" &>/dev/null
				ERROR=$?
				if [ $ERROR -ne 0 ]
				then
					echo "ERROR: Could not set virt_image_t restorecon context on directory [${OCPVMDISKDIR}] (restorecon error #$ERROR)"
					echo "       specify another directory and continue."
					cleanup-and-exit 1
				fi
			fi
		fi

		echo "Changing permissions for [${OCPVMDISKDIR}] and all paths above (qemu:rw access)."

		cd "${OCPVMDISKDIR}"

		# we now add a r+x touch to the directory hierarchy where the VMs reside
		# This really should be in a separate process-stage now
		chmod o+rx . &>/dev/null
		ERROR=$?
		if [ $ERROR -ne 0 ]
		then
			echo "ERROR: Could not change access to directory [${PWD}] (chmod error #$ERROR)"
			cleanup-and-exit 1
		fi

		cd ${YAKKODIRECTORY} 
	}
	
	[ $1 == "rollback" ] && {
		rollback-stage-progression "Storage location cleanup"
		do-remove-directory ${OCPVMDISKDIR}  
		do-remove-directory ${CLUSTERSETUPDIR}
	}
}

process-stage-libvirt() {
	
	#stagelibvirt

	[ $1 == "progress" ] && {
	
		advance-stage-progression "Libvirt package install/start" 
		# This one is mandatory so there is no && return at the end of the call
		# The thing is, if there is no KVM, there is no hope!

		cat /proc/cpuinfo | grep -E "vmx|svm" &>/dev/null
		check-for-error-and-exit $? "Virtualisation extensions (vmx|smv) are not enabled in this system!"			
		cat /proc/cpuinfo | grep flags | grep nx &>/dev/null
		check-for-error-and-exit $? "NX - No eXecute is disabled in this system!"			
		
		systemctl enable virtqemud --now &>/dev/null
		systemctl status virtqemud --no-pager &>/dev/null
		check-for-error-and-exit $? "Failed to enable [virtqemud]" 

		echo "Libvirt is installed and active"

		# and just in case...
		lsmod | grep kvm >/dev/null
		check-for-error-and-exit $?  "KVM kernel modules are not loaded!"
	}

	# Nothing to rollback
	[ $1 == "rollback" ] && {
		rollback-stage-progression "Libvirt will remain installed"
	}
}

process-stage-pullsecret() {

	#stagepullsecret

	[ $1 == "progress" ] && {

		advance-stage-progression "Load pull secret" && return

		[ -r ${YAKKODIRECTORY}/${PULLSECRETFILE} ] && PULLSECRET=$(cat ${YAKKODIRECTORY}/${PULLSECRETFILE})

		# The below moved to the yakko installer on V5.01, what remains in this stage is precautionary
		# ask-user "Add a new pull secret" N
		# WANTPULLSECRET=$?

		# There is no pull secret on file or user wants a new one now
		if [ -z "${PULLSECRET}" ]
		then
			echo "A Red Hat pull secret is required but not available in ${YAKKODIRECTORY}."
			echo "Please copy/paste pull secret from [ https://cloud.redhat.com/openshift/install/metal/user-provisioned ] or enter the path of a local file with it:"
			read PULLSECRET
			if [ -f $PULLSECRET ]
			then
				PULLSECRET=$(cat $PULLSECRET)
			fi
			echo $PULLSECRET > ${PULLSECRETFILE}
		else
			echo "Using saved pull secret"
		fi
	}

	# Nothing to rollback - we don't want to delete the existing pull secret
	[ $1 == "rollback" ] && {
		rollback-stage-progression "Existing Pull Secret will remain in place"
	}
}

process-stage-sshclient() {

	#stagesshclient

	[ $1 == "progress" ] && {

		advance-stage-progression "SSH key configuration" && return

		ask-user "Create new SSH key for node access" "Y"  && {
			
			#We clear a potential clash for ssh logins in .known_hosts
			sed -i "/bootstrap.${CLUSTERFQDN}/d" /root/.ssh/known_hosts &>/dev/null
			ssh-keygen -t rsa -b 4096 -N '' -f ${OCPSSHKEY}
			check-for-error-and-exit $?  "Failed to create SSH key"
			eval "$(ssh-agent -s)"
			ssh-add ${OCPSSHKEY}
		}
	}

	[ $1 == "rollback" ] && {
		rollback-stage-progression "Deleting ssh key and removing cluster hosts from ssh known hosts"
		rm -r ${OCPSSHKEY} &>/dev/null
		rm -r ${OCPSSHKEY}.pub &>/dev/null

		# it's the IP address that gets logged
		sed -i "/${BASENETWORK}/d" /root/.ssh/known_hosts &>/dev/null
	}
}

process-stage-virtualnetwork() {

	#stagevirtualnetwork

	[ $1 == "progress" ] && {
	
		advance-stage-progression "Virtual Network Configuration" && return

		ask-user "Configure Virtual Network" "Y" && {

			echo Cleaning up network...
			process-system-service-state start virtnetworkd quietfast
			stop-virtual-network undefine

			NETWORKCONFIGURATION=1 # Query when BRIDGE is supported. Not yet ;)
		
			if [ $NETWORKCONFIGURATION == 1 ] # NAT
			then
				echo "${YAKKONAME} will create all infrastructure in the ${BASENETWORK}/24 subnet with preallocated IP addresses:"
				echo Bootstrap: ${BOOTSTRAPIP}	
				if [ ${MASTERNODECOUNT} -eq 1 ]
				then
					echo Master: ${MASTER0IP} 
				else
					echo Masters: ${MASTER0IP} ${MASTER1IP} and ${MASTER2IP}
				fi
				# The below cannot be more than 15 characters!!!

				YAKKOBRIDGE="yakko${YAKKOID}"
				echo
				if [ ${#YAKKOBRIDGE} -gt 15 ]
				then
					print-in-colour red "Could not set the bridge name within 15 characters. Renaming to yakkobr"
					YAKKOBRIDGE=yakkobr
				else
					echo "Using $YAKKOBRIDGE as the bridge name for the virtual network"
				fi
				echo
		
				{
					echo "<network>" 
					echo "	<name>${NETWORKNAME}</name>"
		
					echo "	<forward mode='nat'>"
					echo "		<nat>"
					echo "			<port start='1024' end='65535'/>"
					echo "		</nat>"
					echo "	</forward>"
		
					# echo "  <bridge name='yko$(echo ${BASENETWORK}|cut -f3 -d.)${CLUSTERNAME:0:8}' stp='on' delay='0'/>"
					# renamed with YAKKOID on 8.0
					echo "	<bridge name='$YAKKOBRIDGE' stp='on' delay='0'/>"
		
					echo "	<domain name='${CLUSTERFQDN}' localOnly='yes'/>"
					echo "	<dns>"
					echo "		<forwarder domain='apps.${CLUSTERFQDN}' addr='$(get-dns-forwarder)'/>"
					echo "		<host ip='${CLUSTERPROXY}'>"
					echo "			<hostname>api</hostname>"
					echo "			<hostname>api-int</hostname>"
					echo "		</host>"
					echo "		<host ip='${MASTER0IP}'>"
					echo "			<hostname>master-0</hostname>"
					echo "			<hostname>etcd-0</hostname>"
					echo "		</host>"
					if [ ${MASTERNODECOUNT} -eq 3 ]
					then
						echo "		<host ip='${MASTER1IP}'>"
						echo "			<hostname>master-1</hostname>"
						echo "			<hostname>etcd-1</hostname>"
						echo "		</host>"
						echo "		<host ip='${MASTER2IP}'>"
						echo "			<hostname>master-2</hostname>"
						echo "			<hostname>etcd-2</hostname>"
						echo "		</host>"
					fi

					# SRV Records are not required from OCP 4.4 onwards... But never mind
					echo "		<srv service='etcd-server-ssl' protocol='tcp' domain='${CLUSTERFQDN}' target='etcd-0.${CLUSTERFQDN}' port='2380' priority='0' weight='10'/>"
					if [ ${MASTERNODECOUNT} -eq 3 ]
					then
						echo "		<srv service='etcd-server-ssl' protocol='tcp' domain='${CLUSTERFQDN}' target='etcd-1.${CLUSTERFQDN}' port='2380' priority='0' weight='10'/>"
						echo "		<srv service='etcd-server-ssl' protocol='tcp' domain='${CLUSTERFQDN}' target='etcd-2.${CLUSTERFQDN}' port='2380' priority='0' weight='10'/>"
					fi
					echo "	</dns>"

					echo "	<ip address='${CLUSTERPROXY}' netmask='255.255.255.0'>"
					echo "		<dhcp>"
					echo "			<range start='${BASENETWORK}.5' end='${BASENETWORK}.254'/>"
					echo "			<host mac='${BOOTSTRAPMAC}' name='bootstrap.${CLUSTERFQDN}' ip='${BOOTSTRAPIP}'/>"
					echo "			<host mac='${MASTER0MAC}' name='master-0.${CLUSTERFQDN}' ip='${MASTER0IP}'/>"
					if [ ${MASTERNODECOUNT} -eq 3 ]
					then
						echo "		<host mac='${MASTER1MAC}' name='master-1.${CLUSTERFQDN}' ip='${MASTER1IP}'/>"
						echo "		<host mac='${MASTER2MAC}' name='master-2.${CLUSTERFQDN}' ip='${MASTER2IP}'/>"
					fi
					echo "		</dhcp>"
					echo "	</ip>"
					echo "</network>"
		
				} > $NETWORKXML
			fi

			if [ ${NETWORKCONFIGURATION} == 2 ] # BRIDGED
			then
				# All virtual machines will have LAN IP Addresses
				echo ONE DAY...
			fi

			echo Defining network at $NETWORKXML
			virsh net-define --file $NETWORKXML
			check-for-error-and-exit $? "Could not define virtual network at $NETWORKXML. Check 'virsh net-list --all'"
			
			#echo Setting network to start on boot...
			#virsh net-autostart ${NETWORKNAME}
			#check-for-error-and-exit $? "Could not configure virtual network for auto-start"
		}
		echo "Re/starting network to ensure it is operational..."
		restart-virtual-network
		echo "Virtual network is up"
		virsh net-autostart ${NETWORKNAME} --disable | grep . # The grep rids an empty line that virsh otherwise prints out!
	}

	[ $1 == "rollback" ] && {
		rollback-stage-progression "Deleting virtual network configuration"
		stop-virtual-network undefine

		# This check is in case the above either fails or, had nothing to show for it because the cluster being deleted
		# never got to the stage of building the virtual network in the first place!
		virsh net-list --all | grep ${NETWORKNAME}
		if [ $? -eq 0 ]
		then
			print-in-colour red "Failed to undefined virtual network ${NETWORKNAME}, please remove manually."
		fi

		# We didn't remove libvirtd but we will give it a kick as this has 
		# caused trouble before with the virtual network
		process-system-service-state restart virtqemud exitonfail quiet
	}
}

process-stage-dns() {

	#stagedns
	
	# At this point, user has already  answered the question that sets USEYAKKODNSMASQ=Y for internal DNSmasq

	[ $1 == "progress" ] && {
	
		advance-stage-progression "DNS Configuration" && return

		ask-user "Configure local/external DNS service (dnsmasq/NetworkManager)" "Y" 
 
		if [ $? -eq 0 -a "${USEYAKKODNSMASQ}" == Y ]
		then
			# The above check is different - it tests IF the user wants to run this stage, which entails
			# configuring the internal DNSmasq
			
			systemctl status dnsmasq &>/dev/null
			if [ $? -eq 0 ]
			then
				# DNSMASQ is enabled on this host, we should use this instead of NetworkManager plugin
				# But, this is dangerous, so we have to leave this one to the ADMIN

				echo "${YAKKONAME} has detected that you are not using the dnsmasq plugin for NetworkManager"
				echo "and instead you are using standard DNSMASQ."
				echo
				echo "You will need to add these two addresses to your DNSMASQ configuration before continuing"
				echo "upon which ${YAKKONAME} will test the DNS of your system before continuing"
				echo
				# Version 1.2 changed the CLUSTERPROXY references below to YAKKOHOSTIP
				echo "  server=/${CLUSTERFQDN}/${CLUSTERPROXY}"
				echo "	address=/apps.${CLUSTERFQDN}/${YAKKOHOSTIP}"
				echo "	address=/api.${CLUSTERFQDN}/${YAKKOHOSTIP}"
				echo
				ask-user "Confirm that DNSMASQ has been configured and restarted" "Y" noauto
				echo
			else
				echo Configuring dnsmask plugin in NetworkManager and adding DNSmasq config as
				echo ${SYSTEMSTUBFILE_DNSMASQ}
	
				# New for version 2.2+
				{
					echo "[main]"
					echo "dns = dnsmasq"
				} > ${SYSTEMSTUBFILE_NETWORKMANAGER}
				cp ${SYSTEMSTUBFILE_NETWORKMANAGER} ${STUBFILES}/NetworkManager.conf

				process-system-service-state restart NetworkManager 

				# Trying to see if we can address the systemd-resolved changes in Fedora 33
				# https://fedoramagazine.org/systemd-resolved-introduction-to-split-dns/

				# DNSMASQ will still use 127.0.0.1 as ip for lookups within NetworkManager! (03.01.2023...)

				# Changing this in 5.0...
				# cat /etc/resolv.conf | grep "nameserver 127.0.0.53"
				netstat -tunlp | grep "127.0.0.53:53" &>/dev/null
				if [ $? -eq 0 ]
				then	
					echo
					echo "ATTENTION: This system is using systemd-resolved. ${YAKKONAME} will use a stub file in /etc/systemd/resolved.conf.d/"
					mkdir -p /etc/systemd/resolved.conf.d
					check-for-error-and-exit $? "Could not create /etc/systemd/resolved.conf.d directory for stub file"
					{
						echo "[Resolve]"
						echo "Domains=~${CLUSTERFQDN}"
						echo "DNS=127.0.0.1"
					} > ${STUBFILES}/resolved.conf
					cp ${STUBFILES}/resolved.conf ${SYSTEMSTUBFILE_RESOLVED} 
					process-system-service-state restart systemd-resolved
					process-system-service-state restart NetworkManager 
					sleep 1
				fi

				# Version 1.2 changed the CLUSTERPROXY references below to YAKKOHOSTIP
				# And with 4.0 this creates the boot dnsmask file and...
				{
					# Version 1.2 changed the use of CLUSTERPROXY below
					echo "# Uncomment the following to check yakko queries"
					echo "# log-queries"
					echo "# log-facility=/tmp/dnsmasq.log"
					echo "cache-size=300"
					echo "listen-address=127.0.0.1,${YAKKOHOSTIP}"
					#echo "server=/${CLUSTERFQDN}/${CLUSTERPROXY}"
					#NOTE: it appears that on Fedora 37, dnsmasq hangs asking for an IPV6 address. This shuts it down!
					#NOTE: The below stops dnsmasq from returning IPV6 addresses. This was making F37 consume LARGE amounts of CPU while preventing 3 operators from coming up! (console, authentication, ingress)  the api line is 'insurance' :)
					echo "address=/apps.${CLUSTERFQDN}/${YAKKOHOSTIP}"
					echo "address=/apps.${CLUSTERFQDN}/::"
					echo "address=/api.${CLUSTERFQDN}/${YAKKOHOSTIP}"
					echo "address=/api.${CLUSTERFQDN}/::"
				} > ${SYSTEMSTUBFILE_DNSMASQ}
				# 4.0 also creates an editable version of the dnsmasq - in case you want to change the IP address!
				{
					echo "listen-address=127.0.0.1,STRINGYAKKOHOSTIP"
					echo "address=/apps.${CLUSTERFQDN}/STRINGYAKKOHOSTIP"
					echo "address=/apps.${CLUSTERFQDN}/::"
					echo "address=/api.${CLUSTERFQDN}/STRINGYAKKOHOSTIP"
					echo "address=/api.${CLUSTERFQDN}/::"
				} > ${STUBFILES}/dnsmasq.conf
			fi
		fi

		test-dns
	}

	[ $1 == "rollback" ] && {
		rollback-stage-progression "Deleting DNS configuration and restarting"
		if [ "${USEYAKKODNSMASQ}" == Y ]
		then
			if [ -f "${SYSTEMSTUBFILE_RESOLVED}" ]
			then
				rm ${SYSTEMSTUBFILE_RESOLVED} &>/dev/null
				process-system-service-state restart systemd-resolved quietfast
			fi
			rm ${SYSTEMSTUBFILE_DNSMASQ} &>/dev/null
			rm ${SYSTEMSTUBFILE_NETWORKMANAGER} &>/dev/null

			# It looks like dnsmasq leaves stuff everywhere!
			rm /var/lib/libvirt/dnsmasq/${NETWORKNAME}.* &>/dev/null
			process-system-service-state restart NetworkManager quietfast

		else
			echo "Nothing to rollback - this system is NOT using ${YAKKONAME} dnsmasq facility."
		fi
	}
}
	
process-stage-haproxy() {

	#stagehaproxy

	[ $1 == "progress" ] && {

		advance-stage-progression "Configure Load Balancer "  && return

		ask-user "Configure Load Balancer (HA Proxy) for cluster bootstrap and operation" "Y" && {

			ss -tunlp | grep LISTEN | grep ":80 " &>/dev/null
			PORT80USED=$?

			ss -tunlp | grep LISTEN | grep ":443 " &>/dev/null
			PORT443USED=$?

			if [ $PORT80USED -eq 0 ]
			then
				echo "ATTENTION: Port 80 is in use. Port 80 is required by HAproxy for OpenShift."
			fi
			if [ $PORT443USED -eq 0 ]
			then
				echo "ATTENTION: Port 443 is in use. Port 443 is required by HAproxy for OpenShift."
			fi
			if [ $PORT80USED -eq 0 -o $PORT443USED -eq 0 ]
			then
				echo "           ${YAKKONAME} cannot continue until you make ports 80 and 443 available"
				cleanup-and-exit 1
			fi		

			cat /etc/haproxy/haproxy.cfg | grep bind | awk '{ print $2 }' | cut -f2 -d : | grep 80 &>/dev/null
			if [ $? -eq 0 ]
			then
				echo "The system's /etc/haproxy/haproxy.cfg seems to contain a BIND directive for port 80"
				echo "This will prevent HAproxy working for OpenShift if you expect to run apps over HTTP/port 80."
				ask-user "Do you want to continue with this configuration for HAproxy" Y noauto
				if [ $? -ne 0 ]
				then 
					echo "Exiting - re-run ${YAKKONAME} again to continue from this point."
					echo "If you have changed your haproxy.cfg, you may need to reload/restart the service."
					echo
					cleanup-and-exit 1
				fi
			fi

			# Perhaps HAproxy is running in this system... danger lies ahead
			systemctl status haproxy | grep "active (running)" &>/dev/null
			if [ $? -eq 0 ] 
			then
				echo "HAproxy is currently active. Deactivating for configuration."
				systemctl stop haproxy 
			fi
	
			cat /etc/httpd/conf/httpd.conf | grep "^Listen 80" &>/dev/null
			[ $? -eq 0 ] && {

				echo "ATTENTION: HAproxy needs to run on port 80. Currently, port 80 is marked for listening by httpd."
				ask-user "Disable port 80 on httpd" "Y" noauto
				if [ $? -eq 0 ]
				then		
					# CHANGE TO END USER SYSTEM HERE
					# THIS IS NOT DONE on STUBFILES as it is permanent
					sed -i "/^Listen 80/c\# Listen 80" /etc/httpd/conf/httpd.conf  2>/dev/null
					echo "Added a comment tag '# Listen 80' at /etc/httpd/conf/httpd.conf"
					echo
				else
					echo
					echo "ERROR: Cannot continue until PORT 80 is freed up for HAPROXY. Fix and come back! Exiting..."
					cleanup-and-exit 1
				fi
			}

			#HAPROXY still wants to find a config file in the default place, so in case it's empty...
			touch /etc/haproxy/haproxy.cfg
	
			systemctl show haproxy | grep "CFGDIR=/etc/haproxy/conf.d" &>/dev/null
			if [ $? -ne 0 ]
			then
				# After sooo many issues with haproxy and Fedora 37 / RHEL 9.1
				# small improvement here
				# conf.d is well defined

				# We defined SYSTEMSTUBFILE_HAPROXY during question time - it will reside in the directory below, created if necessary
				mkdir -p /etc/haproxy/conf.d
	
				#but, we can add others, and we do! As a directory, this will make haproxy load any configs in there...
				#this does not get blown away on cluster deletion. Tricky.
				echo "OPTIONS=\"-f /etc/haproxy/conf.d\"" > /etc/sysconfig/haproxy
			else
				# The haproxy config file has conf.d as an option, which will clash with that found in CFGDIR
				# so we delete the line. This came about a change in RHEL/Fedora at some point
				sed  -i "/OPTIONS=\"-f \/etc\/haproxy\/conf.d\"/d" /etc/sysconfig/haproxy
			fi

			# VERSION 1.1 adds opening by default so here we go
			# This value came from QUESTIONS and is later stored in clusterbuilddefaults
			if [ ${HAPROXYACCESS} -eq 0 ]	
			then
				# 0 is yes and yes is open, so no value!
				echo "Setting up HAproxy with OPEN access"
				HAPROXYVALUE=""
			else
				echo "Setting up HAproxy with HOST-ONLY access"
				HAPROXYVALUE=${CLUSTERPROXY}
			fi
			echo "You can change this later with 'yakko infra changeaccess'"

			echo Creating initial HAProxy config file
			
			{
				# SET UP THE PROXY ON THE VIRTUAL NETWORK - FOR THE HOST

				echo "defaults"
				echo "timeout connect 5s"
				echo "timeout client 1m"
				echo "timeout server 1m"
				echo

				echo "listen ${CLUSTERNAME}-api-server-6443"
				echo "    bind ${HAPROXYVALUE}:6443"
				echo "    mode tcp"
				echo "    balance source"
				echo "    server ${MASTER0IP} ${MASTER0IP}:6443 check inter 1s"
				[ ${MASTERNODECOUNT} -eq 3 ] && {
					echo "    server ${MASTER1IP} ${MASTER1IP}:6443 check inter 1s"
					echo "    server ${MASTER2IP} ${MASTER2IP}:6443 check inter 1s"
				}
				echo "    server ${BOOTSTRAPIP} ${BOOTSTRAPIP}:6443 check inter 1s"

				echo 
				echo "listen ${CLUSTERNAME}-machine-config-server-22623"
				echo "    bind ${HAPROXYVALUE}:22623"
				echo "    mode tcp"
				echo "    balance source"
				echo "    server ${MASTER0IP} ${MASTER0IP}:22623 check inter 1s"
				[ ${MASTERNODECOUNT} -eq 3 ] && {
					echo "    server ${MASTER1IP} ${MASTER1IP}:22623 check inter 1s"
					echo "    server ${MASTER2IP} ${MASTER2IP}:22623 check inter 1s"
				}
				echo "    server ${BOOTSTRAPIP} ${BOOTSTRAPIP}:22623 check inter 1s"
				echo 

				echo "listen ${CLUSTERNAME}-ingress-router-80"
				echo "    bind ${HAPROXYVALUE}:80"
				echo "    mode tcp"
				echo "    balance source"
				echo "    server ${MASTER0IP} ${MASTER0IP}:80 check inter 1s"
				[ ${MASTERNODECOUNT} -eq 3 ] && {
					echo "    server ${MASTER1IP} ${MASTER1IP}:80 check inter 1s"
					echo "    server ${MASTER2IP} ${MASTER2IP}:80 check inter 1s"
				}
				echo "    # addingressrouternode80"

				echo 
				echo "listen ${CLUSTERNAME}-ingress-router-443"
				echo "    bind ${HAPROXYVALUE}:443"
				echo "    mode tcp"
				echo "    balance source"
				echo "    server ${MASTER0IP} ${MASTER0IP}:443 check inter 1s"
				[ ${MASTERNODECOUNT} -eq 3 ] && {
					echo "    server ${MASTER1IP} ${MASTER1IP}:443 check inter 1s"
					echo "    server ${MASTER2IP} ${MASTER2IP}:443 check inter 1s"
				}
				echo "    # addingressrouternode443"
			} > ${STUBFILES}/haproxy.cfg

			# Although the creation of HAProxy config file became dynamic with update-haproxy-config-file 
			# we still need a skeleton config to kickstart the cluster
			cp ${STUBFILES}/haproxy.cfg ${SYSTEMSTUBFILE_HAPROXY} 

			setsebool -P haproxy_connect_any 1
			systemctl enable haproxy
			process-system-service-state restart haproxy exitonfail
			check-for-error-and-exit $? "Could not restart haproxy/loadbalancer"
		}
	}

	[ $1 == "rollback" ] && {
		rollback-stage-progression "Deleting and stopping HAproxy load balancer service"
		# YAKKO doesn't check if you were running this initially, so this is a bit extreme...
		systemctl stop haproxy
		# We delete the individual haproxy config for the cluster at hand
		rm ${SYSTEMSTUBFILE_HAPROXY} 2>/dev/null
	}
}

process-stage-downloadocpbinaries() {

	#stagedownloadocp

	# Too bad. You are running multiple clusters? Download multiple times...

	[ $1 == "progress" ] && {

		advance-stage-progression "Obtain OCP binaries (Installer and RHCOS)"  && return

		# This is the directory that the web server will run from
		[ ! -d $IMAGEREPO ] && mkdir -p $IMAGEREPO &>/dev/null
		cd $IMAGEREPO

		if [ ! -d "$OCPVERSION" -o ! -e "$OCPVERSION"/.downloadcomplete ]
		then
			# We test whether we need to download the version. If there is no directory, we need to download.
			# If the directory is there but it doesnt contain a ".downloadcomplete" file, we need to download.
			mkdir $OCPVERSION &>/dev/null
			cd $OCPVERSION 

			if [ -n "${MIRRORSERVER}"  ]
			then
				# if MIRRORSERVER is set it's because we are doing a disconnected install
				# and the value is the registry that will serve OCP container images

				echo "DISCONNECTED install was requested - any necessary files need to exist in $PWD"
				echo

				FILETOCHECK=openshift-install-linux.tar.gz
				if [ ! -e openshift-install -a ! -r $FILETOCHECK ]
				then
					echo "- openshift-install: Not available "
					echo "  please retrieve $OCPDOWNLOADCLIENT/$FILETOCHECK"
					echo
					FILENOTFOUND=Y
				else
					if [ -e openshift-install -a ! -x openshift-install ]
					then
						echo "openshift-install is present but is not executable."
						FILENOTFOUND=Y
					elif [ -e $FILETOCHECK ]
					then
						tar xzf $FILETOCHECK &>/dev/null
						check-for-error-and-exit $? "$FILETOCHECK is available but could not be unpacked"
					fi
				fi

				FILETOCHECK=openshift-client-linux.tar.gz
				if [ ! -x oc -a ! -r $FILETOCHECK ]
				then
					echo "- oc/kubectl: Not available "
					echo "  please retrieve $OCPDOWNLOADCLIENT/$FILETOCHECK"
					echo
					FILENOTFOUND=Y
				else
					tar xzf $FILETOCHECK &>/dev/null
					check-for-error-and-exit $? "$FILETOCHECK is available but could not be unpacked"
				fi

				for FILETOCHECK in rhcos-live-kernel-x86_64 rhcos-live-initramfs.x86_64.img rhcos-live-rootfs.x86_64.img rhcos-metal.x86_64.raw.gz
				do
					if [ ! -r $FILETOCHECK ]
					then
						echo "- $FILETOCHECK: Not available"
						echo "  please retrieve $OCPDOWNLOADIMAGES/$FILETOCHECK"
						echo
						FILENOTFOUND=Y
					fi
				done

				if [ "$FILENOTFOUND" == Y ]
				then
					print-in-colour orange "ERROR: Please download all missing files to $PWD and rerun ${YAKKONAME} when ready"
					cleanup-and-exit 1
				fi

			else

				# Note that this script bundles your client and RHCOS dependencies under the client version number
				# we treat bad errors here differently to try to avoid repeating entire downloads

				echo "DOWNLOADING OPENSHIFT BINARIES:"
	
				if [ "${OCPINSTALLMINORVERSION}" -ge 3 ]
				then
					echo
					echo "Downloading the OCP installer -> $PWD"
					# DOWNLOAD CLIENT STUFF FIRST (as of 4.6 it is common to all versions)
					${WGET} $OCPDOWNLOADCLIENT/openshift-install-linux.tar.gz 
					tar xzf openshift-install-linux.tar.gz
					[ $? -ne 0 ] && { echo "Error downloading *openshift-installer*, exiting..."; cd ..; do-remove-directory ${OCPVERSION}; cleanup-and-exit 1; } 
	
					echo
					echo "Downloading the OCP client -> $PWD"
					${WGET} $OCPDOWNLOADCLIENT/openshift-client-linux.tar.gz 
					tar xzf openshift-client-linux.tar.gz
					[ $? -ne 0 ] && { echo "Error downloading *openshift-client*, exiting..."; cd ..; do-remove-directory ${OCPVERSION}; cleanup-and-exit 1; } 
				else
					echo "Downloading the OCP installer -> $PWD"
					${WGET} $OCPDOWNLOADCLIENT/openshift-install-linux-$OCPVERSION.tar.gz 
					tar xzf openshift-install-linux-$OCPVERSION.tar.gz
					[ $? -ne 0 ] && { echo "Error downloading *openshift-installer*, exiting..."; cd ..; do-remove-directory ${OCPVERSION}; cleanup-and-exit 1; } 
	
					echo "Downloading the OCP client -> $PWD"
					${WGET} $OCPDOWNLOADCLIENT/openshift-client-linux-$OCPVERSION.tar.gz
					tar xzf openshift-client-linux-$OCPVERSION.tar.gz
					[ $? -ne 0 ] && { echo "Error downloading *openshift-client*, exiting..."; cd ..; do-remove-directory ${OCPVERSION}; cleanup-and-exit 1; } 
				fi

				echo
				if [ -z "$AGENTBASEDINSTALLER" ]
				then
					echo "DOWNLOADING RHCOS INSTALLER FILES: "
					echo

					if [ "${OCPINSTALLMINORVERSION}" -ge 6 ]
					then
						##### KERNEL
						${WGET} $OCPDOWNLOADIMAGES/rhcos-live-kernel-x86_64
						[ $? -ne 0 ] && { echo "Error downloading $OCPDOWNLOADIMAGES/rhcos-live-kernel-x86_64, exiting..."; cd ..; do-remove-directory ${OCPVERSION}; cleanup-and-exit 1; } 
					
						##### INITRAMFS
						${WGET} $OCPDOWNLOADIMAGES/rhcos-live-initramfs.x86_64.img
						[ $? -ne 0 ] && { echo "Error downloading $OCPDOWNLOADIMAGES/rhcos-live-initramfs.x86_64.img, exiting..."; cd ..; do-remove-directory ${OCPVERSION}; cleanup-and-exit 1; } 
				
						##### ROOTFS
						${WGET} $OCPDOWNLOADIMAGES/rhcos-live-rootfs.x86_64.img
						[ $? -ne 0 ] && { echo "Error downloading $OCPDOWNLOADIMAGES/rhcos-live-rootfs.x86_64.img, exiting..."; cd ..; do-remove-directory ${OCPVERSION}; cleanup-and-exit 1; } 
				
						##### METAL
						${WGET} $OCPDOWNLOADIMAGES/rhcos-metal.x86_64.raw.gz
						[ $? -ne 0 ] && { echo "Error downloading $OCPDOWNLOADIMAGES/rhcos-metal.x86_64.raw.gz, exiting..."; cd ..; do-remove-directory ${OCPVERSION}; cleanup-and-exit 1; } 
						
					elif [ "${OCPINSTALLMINORVERSION}" -ge 3 ] # Version 4.5 or earlier
					then
						##### KERNEL
						${WGET} $OCPDOWNLOADIMAGES/rhcos-installer-kernel-x86_64
						[ $? -ne 0 ] && { echo "Error downloading $OCPDOWNLOADIMAGES/rhcos-installer-kernel-x86_64, exiting..."; cd ..; do-remove-directory ${OCPVERSION}; cleanup-and-exit 1; } 
					
						##### INITRAMFS
						${WGET} $OCPDOWNLOADIMAGES/rhcos-installer-initramfs.x86_64.img
						[ $? -ne 0 ] && { echo "Error downloading $OCPDOWNLOADIMAGES/rhcos-installer-initramfs.x86_64.img exiting..."; cd ..; do-remove-directory ${OCPVERSION}; cleanup-and-exit 1; } 
				
						##### METAL
						${WGET} $OCPDOWNLOADIMAGES/rhcos-metal.x86_64.raw.gz
						[ $? -ne 0 ] && { echo "Error downloading $OCPDOWNLOADIMAGES/rhcos-metal.x86_64.raw.gz, exiting..."; cd ..; do-remove-directory ${OCPVERSION}; cleanup-and-exit 1; } 
					else
						##### KERNEL
						${WGET} $OCPDOWNLOADIMAGES/rhcos-${RHCOSVERSION}-x86_64-installer-kernel
						[ $? -ne 0 ] && { echo "Error downloading *rhcos-kernel*, exiting..."; cd ..; do-remove-directory ${OCPVERSION}; cleanup-and-exit 1; } 
					
						### INITRAMFS
						${WGET} $OCPDOWNLOADIMAGES/rhcos-${RHCOSVERSION}-x86_64-installer-initramfs.img
						[ $? -ne 0 ] && { echo "Error downloading *rhcos-initramfs*, exiting..."; cd ..; do-remove-directory ${OCPVERSION}; cleanup-and-exit 1; } 
				
						##### METAL
						${WGET} $OCPDOWNLOADIMAGES/rhcos-${RHCOSVERSION}-x86_64-metal-bios.raw.gz
						[ $? -ne 0 ] && { echo "Error downloading *rhcos-metal*, exiting..."; cd ..; do-remove-directory ${OCPVERSION}; cleanup-and-exit 1; } 
					fi
				fi
			fi

			# if we get this far it means that all the files were downloaded successfully
			# although cksum would be ideal. For now, leave a marker in the directory
			touch .downloadcomplete
		else
			echo "Using OCP Version $OCPVERSION already downloaded..."
		fi
	
		cd ${YAKKODIRECTORY}
	}

	[ $1 == "rollback" -a -z "${MIRRORSERVER}" ] && {
		if [ -e "${IMAGEREPO}/${OCPVERSION}/.downloadcomplete" ]
		then 
			rollback-stage-progression "Downloaded binaries will remain in place"
		else
			rollback-stage-progression "Deleting OCP files for version ${OCPVERSION} (Download not completed)"
			# The below :? is JUST IN CASE everything went crazy. We don't want to delete /
			do-remove-directory ${IMAGEREPO:?}/${OCPVERSION}
		fi
	}
}

process-stage-httpserver() {

	#stagehttp

	[ $1 == "progress" ] && {

		advance-stage-progression "Configure HTTP server for installation of all cluster components"  && return

		ask-user "Configure and enable HTTP Server in virtual network for iPXE RHCOS VM installs on this host" "Y" && {

			# First, make sure that nothing is listening already on port ${WEBSERVERPORT}
			BUSYPORTS=" $(lsof -i4 -P -n | grep LISTEN | cut -f2 -d: | awk '{ print $1 }') "
			CANDIDATEPORT=${WEBSERVERPORT} # This is defined at the beginning

			for SYSTEMCANDIDATEPORT in {8080..8900}
			do 
				echo $BUSYPORTS | grep $SYSTEMCANDIDATEPORT &>/dev/null	
				if [ $? -ne 0 ]
				then
					# possible SYSTEMCANDIDATEPORT is not in LISTEN mode => available
					semanage port -l | grep $SYSTEMCANDIDATEPORT &>/dev/null
					if [ $? -ne 0 ]
					then
						# and CANDIDATEPORT is not marked in selinux
						break
					fi
				fi
			done
			# at this point we have in SYSTEMCANDIDATE an unused, un-selinuxed port

			while true 
			do
				PORTAVAILABLE=N  # Checkpointer

				echo $BUSYPORTS | grep "${CANDIDATEPORT}" &>/dev/null
				if [ $? -ne 0 ]
				then
					# The port is not in LISTEN use because it's not in BUSYPORTS
					if [ ${SELINUXSTATE} -eq 0 ] 
					then
						# we test that the port is already SELinux approved...
						semanage port -l | grep http | grep ${CANDIDATEPORT} &>/dev/null
						if [ $? -eq 0 ]
						then
							PORTAVAILABLE=Y
							PORTSELINUXENABLED=Y
						else
							semanage port -l | grep ${CANDIDATEPORT} &>/dev/null
							if [ $? -ne 0 ]
							then
								# Port is NOT registered elsewhere - good, we take it and register it here with SELinux
								PORTAVAILABLE=Y
								break
							fi
						fi
					fi
				fi

				if [ $PORTAVAILABLE == "N" ]
				then
					echo "ERROR: Port ${CANDIDATEPORT} is not available for serving RHCOS images."
					echo "       If this is not something you can change, enter an alternative port"
					echo "       now, or press <CTRL-C> to address."
					echo
					echo -n "Enter alternative (4-digit) port for RHCOS image webserver [$SYSTEMCANDIDATEPORT]: "
					read RESPONSE
					if [ -z "$RESPONSE" ]
					then 
						# We already calculated an available port, so we can bail if user pressed <enter>
						WEBSERVERPORT=$SYSTEMCANDIDATEPORT
						break
					fi
					if [[ ${RESPONSE} =~ ^[0-9]+[0-9]+[0-9]+[0-9]+$ ]]  
					then
						echo "Testing port ${RESPONSE} for availability"
						CANDIDATEPORT=$RESPONSE
						sleep 1
					else
						echo "That's not a port number, try again!"
					fi
				else
					WEBSERVERPORT=${CANDIDATEPORT}
					break
				fi
			done 

			echo "Using port [${WEBSERVERPORT}] for RHCOS image delivery"

			WEBSERVERURL=http://${CLUSTERPROXY}:${WEBSERVERPORT}
			echo "WEBSERVERPORT=${WEBSERVERPORT}" >> ${CLUSTERBUILDDEFAULTS}
			echo "WEBSERVERURL=http://${CLUSTERPROXY}:${WEBSERVERPORT}" >> ${CLUSTERBUILDDEFAULTS}

			# Now that we know what we are running up, we can set the directory to provide the sources
			# From the below dir, things will get cookin'
			OCCOMMAND=${OCPINSTALLSOURCE}/oc
			echo "OCP will be made available by HTTP server from directory $OCPINSTALLSOURCE"
			echo
	
			echo "<BR><BR><H1>The ${YAKKONAME} web server is working!</H1>" > ${IMAGEREPO}/index.html # to have a test file there...
		
			{
				#The below looks a little compromising, but it's only for as long as kubeadmin is in use.
				#once a proper admin is created, the password of the cluster won't be shown. Home lab!
				echo "Listen ${WEBSERVERPORT}"
				echo "<VirtualHost *:${WEBSERVERPORT}>"
				echo "	DocumentRoot ${IMAGEREPO}"
				echo "	<Directory ${IMAGEREPO}>"
				echo "		Options Indexes FollowSymLinks"
				echo "		Require all granted"
				echo "		AllowOverride None"
				echo "	</Directory>"
				echo "</VirtualHost>"
		
			} > ${SYSTEMSTUBFILE_HTTPD}
			cp ${SYSTEMSTUBFILE_HTTPD} ${STUBFILES}/httpd.conf
		
			if [ ${SELINUXSTATE} -eq 0 ]
			then
				# Figure out which of these SELinux values are required and needed to survive a reboot...
				#
				if [ "${PORTSELINUXENABLED}" != "Y" ]
				then
					# semanage doesn't like being told twice on a port
					echo "Setting SELinux permissions on port ${WEBSERVERPORT}"
					semanage port -a -t http_port_t -p tcp ${WEBSERVERPORT} 2>/dev/null
					check-for-error-and-exit $? "Could not assign SELinux permissions to port ${WEBSERVERPORT}.\n(Calling 'semanage port -a -t http_port_t -p tcp ${WEBSERVERPORT}')"
				fi

				chcon --user system_u --type httpd_sys_content_t -Rv $IMAGEREPO
				check-for-error-and-exit $? "Failed to change security context (chcon) for $IMAGEREPO (filesystem type is $(stat -f -c %T $IMAGEREPO))"
				semanage fcontext -a -t httpd_sys_content_t "$IMAGEREPO(/.*)?"
				if [ $? -ne 0 ]
				then
					semanage fcontext -m -t httpd_sys_content_t "$IMAGEREPO(/.*)?"
					check-for-error-and-exit $? "Failed to change security context (semanage fcontext) for files in $IMAGEREPO"
				fi
				restorecon -Rv $IMAGEREPO
				check-for-error-and-exit $? "Failed to restore context (restorecon) for files in $IMAGEREPO"
			fi

			# We move port 80 to port 81 since we know it should not be served via httpd
			# Note that this is done directly on the system, not on the yakko httpd conf file in stubfiles
			cat /etc/httpd/conf/httpd.conf | grep "^Listen 80" &>/dev/null
			if [ $? -eq 0 ]
			then
				echo
				print-in-colour orange "Changing the default HTTP port of this server to port 81"
				print-in-colour orange "in file /etc/httpd/conf/httpd.conf"
				print-in-colour orange "This change will NOT be reverted"
				sed -i "/^Listen 80/cListen 81" /etc/httpd/conf/httpd.conf  2>/dev/null
			fi

			process-system-service-state restart httpd exitonfail
			systemctl enable httpd

			echo "OCCOMMAND=${OCCOMMAND}" >> $CLUSTERCONFIGFILE
		}
	}

	[ $1 == "rollback" ] && {
		rollback-stage-progression "Unconfiguring installation webserver - content will remain in place"
		rm ${SYSTEMSTUBFILE_HTTPD}  2>/dev/null
		rm $IMAGEREPO/index.html  2>/dev/null
		rm -rf $IMAGEREPO/kubeconfig  2>/dev/null
		sed -i "/WEBSERVERPORT/d" ${CLUSTERBUILDDEFAULTS}
		process-system-service-state restart httpd quietfast
	}
}

process-stage-firewall() {

	#stagefirewall

	#If using a firewall on host, don't forget to allow connections to these ports on IP ${CLUSTERPROXY}: 6443, 22623, 80 and 443.

	[ $1 == "progress" ] && {

		advance-stage-progression "Configure Firewall" && return

		firewall-cmd --state &>/dev/null
		if [ $? -eq 252 ]
		then
			echo "Firewall is not running. Configuration is not required."
		else
			ask-user "Change Firewall rules" "Y" && { 

				echo "Changing firewall port for HTTP apps - 80/tcp access"
				firewall-cmd --add-port=80/tcp --permanent
				firewall-cmd --zone=libvirt --add-port=80/tcp --permanent

				echo "Changing firewall port for HTTP infra - ${WEBSERVERPORT}/tcp access"
				firewall-cmd --add-port=${WEBSERVERPORT}/tcp --permanent
				firewall-cmd --zone=libvirt --add-port=${WEBSERVERPORT}/tcp --permanent

				echo "Changing firewall port for HTTPS 443/tcp access"
				firewall-cmd --add-port=443/tcp --permanent
				firewall-cmd --zone=libvirt --add-port=443/tcp --permanent

				echo "Changing firewall port for COCKPIT - 9090/tcp access" 
				firewall-cmd --add-port=9090/tcp --permanent
				firewall-cmd --zone=libvirt --add-port=9090/tcp --permanent

				echo "Changing firewall port for OCP API - 6443/tcp access"
				firewall-cmd --add-port=6443/tcp --permanent
				firewall-cmd --zone=libvirt --add-port=6443/tcp --permanent

				echo "Changing firewall port for OCP comms - 22623/tcp access"
				firewall-cmd --add-port=22623/tcp --permanent
				firewall-cmd --zone=libvirt --add-port=22623/tcp --permanent

				echo "Changing firewall port for OCP comms - 22623/udp access"
				firewall-cmd --add-port=22623/udp --permanent
				firewall-cmd --zone=libvirt --add-port=22623/udp --permanent

				echo "Changing firewall port for DHCP"
				firewall-cmd --zone=libvirt --add-service=dhcp --permanent

				echo "Changing firewall port for DNS / external access"
				firewall-cmd --zone=libvirt --add-service=dns --permanent

				# Courtesy of Richard Hailstone - this to be a part of 4.21+
				# and Andy Yuen with adding --zone=libvirt
				echo "Changing firewall port(s) for NFS / external access"
				firewall-cmd --zone=libvirt --add-service=nfs --permanent
				firewall-cmd --zone=libvirt --add-service=mountd --permanent
				firewall-cmd --zone=libvirt --add-service=rpc-bind --permanent

				firewall-cmd --reload
			}
		fi	
	}

	[ $1 == "rollback" ] && {
		rollback-stage-progression "Firewall will remain unchanged - ports stay open"
	}
}

process-stage-generateocpinstallerconfig() {

	#stagegenerateocpinstaller

	[ $1 == "progress" ] && {

		advance-stage-progression "OCP Configuration for Installation"  && return

		ask-user "Generate OCP cluster manifests and ignition files required for cluster bootstrap" "Y" && {
	
			echo Writing "${OCPSETUPENV}" script for administration. Run \"source ${YAKKODIRECTORY}/${OCPSETUPENV}\" to load post-install...
			{
				# Adding the path at the front so that this oc overrides others for this cluster
				echo export KUBECONFIG=${CLUSTERSETUPDIR}/auth/kubeconfig
				echo PATH=${IMAGEREPO}/${OCPVERSION}:$PATH
			}  > ${OCPSETUPENV}
			chmod +x ${OCPSETUPENV}

			# And we do this for the config file too, which is for the system
			{
				echo export KUBECONFIG=${CLUSTERSETUPDIR}/auth/kubeconfig
			}  >> ${CLUSTERCONFIGFILE}

			#And we set KUBECONFIG from here on too...
			export KUBECONFIG=${CLUSTERSETUPDIR}/auth/kubeconfig
	
			# We load/reload, in case there was an interrupt to the AUTO setup and these values were released
			SSHPUBKEY=$(cat $OCPSSHKEY.pub)
			PULLSECRET=$(cat ${YAKKODIRECTORY}/${PULLSECRETFILE})

			# Check if HyperThreading is enabled, just in case
			SOCKETCOUNT=$(lscpu | grep "Socket(s):" | cut -f2 -d: | awk '{print $1}')
			CORECOUNTPS=$(lscpu | grep "Core(s) per socket:" | cut -f2 -d: | awk '{print $1}')
			CORECOUNT=$((${SOCKETCOUNT} * ${CORECOUNTPS}))
			THREADCOUNTPC=$(lscpu | grep "Thread(s) per core" | cut -f2 -d: | awk '{print $1}')
			THREADCOUNT=$((${THREADCOUNTPC} * ${CORECOUNT}))

			echo "The server has [$CORECOUNT] CPU cores and [$THREADCOUNT] threads"

			if [ ${CORECOUNT} -eq ${THREADCOUNT} ]
			then
				# No HT
				HYPERTHREADING=Disabled
			elif [ $((${CORECOUNT}*2)) -eq ${THREADCOUNT} ]
			then
				# HT is on
				HYPERTHREADING=Enabled
			else
				echo "CANNOT TELL IF HYPER-THREADING IS ENABLED, ASSUMING IT IS NOT"
				HYPERTHREADING=Disabled
			fi

			echo
			echo "Generating INSTALL CONFIG file..."
			
			{
				echo "apiVersion: v1"
				echo "baseDomain: ${CLUSTERDOMAIN}"
				echo "compute:"
				echo "- hyperthreading: ${HYPERTHREADING}"
				echo "  name: worker"
				echo "  replicas: ${WORKERNODECOUNT}"
				if [ "${OCPINSTALLMINORVERSION}" -lt 10 ] # This is an OCP 4.10 thing, not sure use case
				then
					echo "  skipMachinePools: true"
				fi
				echo "controlPlane:"
				echo "  hyperthreading: ${HYPERTHREADING}"
				echo "  name: master"
				echo "  replicas: ${MASTERNODECOUNT}"
				echo "metadata:"
				echo "  name: ${CLUSTERNAME}"
				echo "networking:"
				echo "  clusterNetwork:"
				echo "  - cidr: 10.128.0.0/14 "
				echo "    hostPrefix: 23"
				echo "  machineNetwork:"
				echo "  - cidr: ${BASENETWORK}.0/24 "
				echo "  serviceNetwork:"
				echo "  - 172.30.0.0/16"
				echo "  networkType: ${SDNTYPE}"
				echo "platform:"
				echo "  none: {} "
				echo "fips: false "
				echo "pullSecret: '${PULLSECRET}' "
				echo "sshKey: '${SSHPUBKEY}'"
				if [ -n "${MIRRORSERVER}" ]
				then
					echo "imageContentSources:"
					echo "- mirrors:"
					echo "  - $MIRRORSERVER/openshift/release"
					echo "  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev"
					echo "- mirrors:"
					echo "  - $MIRRORSERVER/openshift/release-images"
					echo "  source: quay.io/openshift-release-dev/ocp-release"
				fi
		
			} > ${CLUSTERSETUPDIR}/install-config.yaml
	
			# we make a copy for later review as this gets deleted by the create-manifests stage
			cp ${CLUSTERSETUPDIR}/install-config.yaml ${CLUSTERSETUPDIR}/install-config.yaml.original
			echo "Making a reference copy of install-config.yaml as install-config.yaml.original"

			if [ "$AGENTBASEDINSTALLER" == "agent" ]
			then
				# The agent based installer requires a agent-config.yaml for the network
				# As YAKKO already has DHCP config builtin, this is all that's required, based on
				# https://docs.openshift.com/container-platform/4.14/installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.html#dhcp
				
				# This next param is for testing the Agent Based installer DHCP feature as explained in
				# https://docs.openshift.com/container-platform/4.14/installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.html#dhcp
				ABIOPTIONALFORDHCP=1
				{
					echo "apiVersion: v1alpha1"
					echo "kind: AgentConfig"
					echo "metadata:"
					echo "  name: ${CLUSTERNAME}"
					echo "rendezvousIP: ${MASTER0IP}"
					if [ $ABIOPTIONALFORDHCP == 0 ]
					then
						echo "hosts:"
						echo "  - hostname: master-0"
						echo "    role: master"
						echo "    interfaces:"
						echo "      - name: enp1s0"
						echo "        macAddress: ${MASTER0MAC}"
						echo "    rootDeviceHints: "
						echo "      deviceName: /dev/vda"
						echo "    networkConfig:"
						echo "      interfaces:"
						echo "        - name: enp1s0"
						echo "          type: ethernet"
						echo "          state: up"
						echo "          mac-address: ${MASTER0MAC}"
						echo "          ipv4:"
						echo "            enabled: true"
						echo "            address:"
						echo "              - ip: ${MASTER0IP}"
						echo "                prefix-length: 23"
						echo "            dhcp: false"
						echo "      dns-resolver:"
						echo "        config:"
						echo "          server:"
						echo "            - ${BASENETWORK}.1"
						echo "      routes:"
						echo "        config:"
						echo "        - destination: 0.0.0.0/0"
						echo "          next-hop-address: ${BASENETWORK}.1"
						echo "          next-hop-interface: enp1s0"
						echo "          table-id: 254"
					fi
				} > ${CLUSTERSETUPDIR}/agent-config.yaml

				# we make a copy for later review as this gets deleted by the create-manifests stage
				cp ${CLUSTERSETUPDIR}/agent-config.yaml ${CLUSTERSETUPDIR}/agent-config.yaml.original
				echo "Making a reference copy of agent-config.yaml as agent-config.yaml.original"
			fi
		}
	}

	[ $1 == "rollback" ] && {
		rollback-stage-progression "Deleting cluster ignition and configuration files"
		rm ${OCPSETUPENV} &>/dev/null
		rm ${CLUSTERSETUPDIR}/install-config.yaml  &>/dev/null
		rm ${CLUSTERSETUPDIR}/install-config.yaml.original  &>/dev/null
		rm $IMAGEREPO/*ign  &>/dev/null
	}
}

process-stage-create-ingestmanifestsandignition() {

	#stageingestmanifest

	[ $1 == "progress" ] && {

		advance-stage-progression "Create OCP Ingest manifest and ignition files"  && return

		if [ ${PAUSEFORCONFIGEDIT} -eq 0 ]
		then
			echo
			print-in-colour orange "ALERT: PAUSE REQUESTED AT THIS POINT TO ALLOW MANUAL EDITING OF install-config.yaml."
			print-in-colour orange "       File is located at:  ${CLUSTERSETUPDIR}/install-config.yaml"
			echo
			wait-for-any-key "<Press any key to continue from here when ready - or CTRL-C and re-issue 'yakko' later>"
		fi
		
		ask-user "Ingest OCP cluster manifests and ignition files required for cluster bootstrap" "Y" && {

			echo "Creating manifests... (with LOGLEVEL: ${OCPINSTLOGLEVEL})"
			${OCPINSTALLSOURCE}/openshift-install create manifests --dir=${CLUSTERSETUPDIR} --log-level "${OCPINSTLOGLEVEL}"
			check-for-error-and-exit $? "Could not create OCP manifests"

			## YAKKO 5.00... Single master clusters seem to want to have schedulable masters, whether workers or not
			if [ ${WORKERNODECOUNT} -gt 0 -a ${MASTERNODECOUNT} -eq 3 ]
			then
				# There are worker nodes to be built, so masters will become non-schedulable
				# But in the case of a single master, we will make it schedulable too...
				sed -i -r 's/(mastersSchedulable: ).*/\1False/' $CLUSTERSETUPDIR/manifests/cluster-scheduler-02-config.yml
			else
				# Only one worker - scheduling is required
				echo
				print-in-colour orange "NOTICE: This configuration requires that master nodes be labelled SCHEDULABLE"
				sed -i -r 's/(mastersSchedulable: ).*/\1True/' $CLUSTERSETUPDIR/manifests/cluster-scheduler-02-config.yml
			fi

			echo
			echo Creating OCP Cluster ignition files required for node configuration
			$OCPINSTALLSOURCE/openshift-install create ignition-configs --dir=$CLUSTERSETUPDIR --log-level "${OCPINSTLOGLEVEL}"
			check-for-error-and-exit $? "Could not create OCP ignition files"
			cp $CLUSTERSETUPDIR/*.ign $IMAGEREPO
			chmod 644 $IMAGEREPO/*.ign
		}
	}

	[ $1 == "rollback" ] && {
		rollback-stage-progression "Manifest and ignition file ingest"
		cp ${CLUSTERSETUPDIR}/install-config.yaml  ${CLUSTERSETUPDIR}/install-config.yaml.edit 2>/dev/null
	}
}

process-stage-build-bootstrapnode() {

	#stagebootstrapnode

	[ $1 == "progress" ] && {

		advance-stage-progression "KVM Bootstrap Host Configuration" && return

		ask-user "Configure OCP bootstrap VM host" "Y" && {
			# Bootstrap node is MAC address is the first to be defined 
			build-ocp-node bootstrap ${BOOTSTRAPMAC} ${BOOTSTRAPNODEVCPUS} ${BOOTSTRAPNODERAMSIZE} 20 bootstrap.ign
			check-for-error-and-exit $? "Could not build VM for node [bootstrap]: virt-install error code [$?], check ~/.cache/virt-manager/virt-install.log"
		}
	}

	[ $1 == "rollback" ] && {
		rollback-stage-progression "Deleting bootstrap node"
		delete-kvm-machine bootstrap.${CLUSTERFQDN}.${YAKKOID} 2>/dev/null
	}
}

process-stage-build-ocp-masternodes() {

	#stagebuildocpmasters

	[ $1 == "progress" ] && {

		advance-stage-progression "KVM Master Node(s) Configuration" && return

		ask-user "Configure OCP master VM hosts" "Y" && {

			build-ocp-node master-0 ${MASTER0MAC} ${MASTERVCPUS} ${MASTERRAMSIZE} ${MASTERDISKSIZE} master.ign 
			check-for-error-and-exit $? "Could not build VM for node [master-0]"

			[ ${MASTERNODECOUNT} -eq 3 ] && {
				# It's either 1 or 3 nodes, never 2 AFAWK in 2020

				build-ocp-node master-1 ${MASTER1MAC} ${MASTERVCPUS} ${MASTERRAMSIZE} ${MASTERDISKSIZE} master.ign 
				check-for-error-and-exit $? "Could not build VM for node [master-1]"

				build-ocp-node master-2 ${MASTER2MAC} ${MASTERVCPUS} ${MASTERRAMSIZE} ${MASTERDISKSIZE} master.ign 
				check-for-error-and-exit $? "Could not build VM for node [master-2]"
			}
		}

	}

	[ $1 == "rollback" ] && {
		rollback-stage-progression "Deleting OCP master nodes"
		for MASTERNODE in $(virsh list --all --name | grep "master-" | grep ${YAKKOID})
		do
			delete-kvm-machine ${MASTERNODE} 2>/dev/null
		done
	}
}

process-stage-build-ocp-workernodes() {

	#stagebuildocpworkers

	[ $1 == "progress" ] && {

		advance-stage-progression "KVM Worker Node(s) Configuration"  && return

		NODESTOBUILD=${WORKERNODECOUNT}

		if [ $NODESTOBUILD -eq 0 ]
		then
			echo "No Worker nodes were requested. Worker nodes can be added later by calling: "
			echo "- yakko infra addnode"
		else
			ask-user "Configure OCP worker VM node(s)" "Y" 
			if [ $? -eq 0 ]
			then
				while [ $NODESTOBUILD -ne 0 ]
				do
					((NODESTOBUILD--))
					((NODECOUNT++))
					sed -i "/NODECOUNT=.*/c\NODECOUNT=${NODECOUNT}" ${CLUSTERCONFIGFILE} 2>/dev/null
		
					NEWNODENAME=node-${NODECOUNT}
					NEWNODELIST="${NEWNODELIST} ${NEWNODENAME}"
		
					build-ocp-node ${NEWNODENAME} auto ${WORKERVCPUS} ${WORKERRAMSIZE} ${WORKERDISKSIZE} worker.ign
					check-for-error-and-exit $? "Could not build VM for node [${NEWNODENAME}]"
				done
			fi
		fi

		# Now that the workers are built, we will have a working haproxy config file
		# Since the file will get updated by update-haproxy-config-file, let's make
		# a first release backup
		
		#echo
	}     

	[ $1 == "rollback" ] && {
		rollback-stage-progression "Deleting OCP worker nodes"

		# Here's a tricky one since this function can be used during additional node build
		# or during a complete "deletecluster"
		# When it's the latter, we know that the DELETECLUSTERNAME must have the clustername set
		if [ "${DELETECLUSTERNAME}" == "${CLUSTERFQDN}" ]
		then
			# Delete ALL worker nodes
			# All other cleanup is done as the cluster gets wiped
			for NODETODELETE in $(virsh list --all --name | grep "node-" | grep ${YAKKOID})
			do
				delete-kvm-machine ${NODETODELETE} 2>/dev/null
			done
		else
			# Delete nodes just added now with addnode
			for NODETODELETE in ${NEWNODELIST} 
			do
				echo "Rollback - deleting node [$NODETODELETE]"
				delete-kvm-machine ${NODETODELETE} 2>/dev/null
				sed -i "/${NODETODELETE}/d" /root/.ssh/known_hosts &>/dev/null

				# And just in case, we tell the cluster that the node is no longer
				${OCCOMMAND} delete node ${NODETODELETE}

				# Update the virtual network
				cat ${NETWORKXML} | grep ${NODETODELETE} > ${DHCPXMLTMPFILE} #It's way too hard to pass this as an argument below!
				if [ $? -eq 0 ]
				then
					restart-virtual-network delete ip-dhcp-host # this knows of ${DHCPXMLTMPFILE}
					sed -i "/${NODETODELETE}/d" ${NETWORKXML}
				fi

				#and we update the haproxy
				echo
				echo "Updating and restarting HAproxy"
				sed -i "/${NODETODELETE}/ d" ${SYSTEMSTUBFILE_HAPROXY} #&>/dev/null
				process-system-service-state restart haproxy fast
			done
		fi
	}
}

process-stage-build-abi-boot-assets() {

	#stagebuildbootassets
	#pxe testing
	
	[ $1 == "progress" ] && {

		advance-stage-progression "Build boot assets for Agent Based Installer"  && return

		# NEWSFLASH! So now the ABI requires oc in the PATH...
		PATH=$PATH:$OCPINSTALLSOURCE 

		ask-user "Build boot assets" "Y" && {

			${OCPINSTALLSOURCE}/openshift-install agent create pxe-files --dir=$CLUSTERSETUPDIR
			mv $CLUSTERSETUPDIR/boot-artifacts/* ${IMAGEREPO}/${OCPINSTALLVERSION} >/dev/null
			rmdir $CLUSTERSETUPDIR/boot-artifacts 

			${OCPINSTALLSOURCE}/openshift-install agent create image --dir=$CLUSTERSETUPDIR
			mv $CLUSTERSETUPDIR/agent.x86_64.iso ${IMAGEREPO}/${OCPINSTALLVERSION} >/dev/null
			check-for-error-and-exit $? "Failed to create Agent-Based Installer boot assets with error code [$?] from openshift-install"
		}
	}		

	[ $1 == "rollback" ] && {
		rollback-stage-progression "Agent Based Installer boot assets"
	}
}

process-stage-reduceprometheusmemory() {

	#stagereducepromtheus

	[ $1 == "progress" ] && {

		advance-stage-progression "Prometheus Memory Footprint"  && return

		ask-user "Reduce Prometheus pod memory allocation" "${REDUCEPROMETHEUS}" && {

			PROMETHEUSPID=0

			if [ ${PROMETHEUSPID} -eq 0 ]
			then
				{ 
					echo "prometheusK8s:" 
					echo "  resources:" 
					echo "    requests:"
					echo "      memory: 256Mi"
				} > $CLUSTERSETUPDIR/prometheus-config.yaml
		
				sleep 20 # Seen issues before...
				${OCCOMMAND} create configmap cluster-monitoring-config --from-file=config.yaml=${CLUSTERSETUPDIR}/prometheus-config.yaml -n openshift-monitoring
			
				{
					trap 'echo; echo "Prometheus pods not deleted for resizing (oc delete pod prometheus-k8s-* -n openshift-monitoring)"; cleanup-and-exit 1' SIGTERM
					sleep 30 #This is what the recipe suggested...
		
					PROMETHEUSTIMER=3600
					while true 
					do
						${OCCOMMAND} get pods -n openshift-monitoring 2>/dev/null | grep "prometheus-k8s" &>/dev/null
						[ $? -eq 0 ] && break

						sleep 15
						PROMETHEUSTIMER=$(($PROMETHEUSTIMER - 15))

						# Time to give up if I am still alive
						[ $PROMETHEUSTIMER -le 0 ] && exit
					done
		
					sleep 10
					${OCCOMMAND} delete pod prometheus-k8s-0 -n openshift-monitoring &>/dev/null
					${OCCOMMAND} delete pod prometheus-k8s-1 -n openshift-monitoring &>/dev/null
					echo "Reconfigured  Prometheus for memory footprint reduction"
		
				} &
				PROMETHEUSPID=$!
			fi
		
			# monitoring the output through the bootstrap requires not deleting it...
			trap 'kill -s SIGTERM $PROMETHEUSPID; sleep 2; echo "Shutting down prometheus memory reduction (NOT DONE), please wait..."; sleep 20; cleanup-and-exit 1' SIGINT
		} || echo "No change to Prometheus memory footprint requested or required."
	}	

	[ $1 == "rollback" ] && [ ${REDUCEPROMETHEUS} == "Y" ] && {
		rollback-stage-progression "Prometheus memory changes"
		kill -s SIGKILL $PROMETHEUSPID &>/dev/null
		rm $CLUSTERSETUPDIR/prometheus-config.yaml &>/dev/null
	}
}

process-stage-startocpbootstrap() {

	#stagebootstrap

	[ $1 == "progress" ] && {

		advance-stage-progression "OCP Cluster Bootstrap"  && return

		ask-user "Start/continue OCP Cluster bootstrap" "Y" && {

			if [ $? -ne 0 ]
			then
				echo
				ask-user "Do you want to continue as is [Y] or exit to fix [N]" "N" noauto 
				if [ $? -ne 0 ]
				then
					echo
					echo "Exiting for now. When ready, call 'yakko' to continue from here."
					cleanup-and-exit 0
				fi
			fi
	
			echo You can observe the output of the bootstrap node at this stage by issuing any of:
			echo "- ssh -i $OCPSSHKEY core@${BOOTSTRAPIP} \"journalctl -b -f -u release-image.service\""
			echo "- ssh -i $OCPSSHKEY core@${BOOTSTRAPIP} \"journalctl -b -f -u bootkube.service\""
			echo "- ssh -i $OCPSSHKEY core@${BOOTSTRAPIP} \"journalctl -b -f -u release-image.service -u bootkube.service\""
			echo "  (this combines the first two)"
			echo 
			echo "You can also use the 'oc' command to observer cluster operator progress:"
			echo "- source ${OCPSETUPENV} ---->  For access to \"oc\" at the command line"
			echo "- oc get clusteroperators ->  To check operator progression, can also be \"oc get co\""
			echo 

			process-system-service-state restart virtqemud exitonfail

			check-if-all-cluster-nodes-up

			csr-approval start $((${MASTERNODECOUNT} + ${WORKERNODECOUNT}))
			$OCPINSTALLSOURCE/openshift-install $AGENTBASEDINSTALLER wait-for bootstrap-complete --dir=$CLUSTERSETUPDIR --log-level "${OCPINSTLOGLEVEL}"
			OCPINSTALLCODE=$?

			if [ $OCPINSTALLCODE -ne 0 ]
			then
				check-system-core-count "NOTE: " # We warn the user if his system is underpowered and use this below
				if [ $? -eq 1 ] 
				then
					print-in-colour green "YAKKO will attempt the bootstrap wait one more time"

					check-if-all-cluster-nodes-up

					echo
					$OCPINSTALLSOURCE/openshift-install $AGENTBASEDINSTALLER wait-for bootstrap-complete --dir=$CLUSTERSETUPDIR --log-level "${OCPINSTLOGLEVEL}"
					OCPINSTALLCODE=$?
				fi
			fi

			if [ $OCPINSTALLCODE -ne 0 ]
			then
				echo
				print-in-colour red ${SEPARATIONLINE}
				echo
				print-in-blink "ERROR: The bootstrap process has not completed successfully. "
				
				check-if-all-cluster-nodes-up 
				if [ $? -eq 0 ]  
				then
					print-in-colour white "This process downloads a lot of images from quay.io and can take a long time."
				fi

				echo
				echo    "Press <ENTER> to re-issue this stage (wait-for bootstrap-complete) and give it some more time, OR... "
				echo -n "Press <CTRL-C> to abort this install and examine then rerun install and return to this point"
				read -p ""
				$OCPINSTALLSOURCE/openshift-install $AGENTBASEDINSTALLER wait-for bootstrap-complete --dir=$CLUSTERSETUPDIR --log-level "${OCPINSTLOGLEVEL}"
				echo
			else
				#the wait-for bootstrap-complete was successful
				virsh list | grep bootstrap.${CLUSTERFQDN}.${YAKKOID} &>/dev/null
				if [ $? -eq 0 ]
				then
					echo "Deleting Bootrap VM..."
					sleep 3
					delete-kvm-machine bootstrap.${CLUSTERFQDN}.${YAKKOID}
				fi
			fi
			csr-approval stop
		}
	}

	[ $1 == "rollback" ] && {
		rollback-stage-progression "OCP boostrap stage"
	}
}

process-stage-waitforocpinstalltocomplete() {

	#stagewaitforinstallertocomplete

	[ $1 == "progress" ] && {

		advance-stage-progression "OCP - Complete Installation"  && return

		ask-user "Wait for OCP install to complete" "Y" && {

			echo "---------------------------------------------------------------------------"
			echo "To debug from within master-0, issue this command in another window:"
			echo "- ssh -i ${OCPSSHKEY} -o \"StrictHostKeyChecking no\" core@${MASTER0IP} \"journalctl -b -f -u kubelet.service\""
			echo "---------------------------------------------------------------------------"
			echo
			echo Some useful commands while waiting:
			echo "- tail -f $CLUSTERSETUPDIR/.openshift_install.log"
			echo "- source ${OCPSETUPENV} ---->  For access to \"oc\" at the command line"
			echo "- oc get clusteroperators ->  To check operator progression, can also be \"oc get co\""
			echo "- oc get clusterversion --->  On build, it shows you % progression, after that, cluster version" 
			echo "- oc get nodes ------------>  To see nodes and node status"
			echo 
			# 4.11 kludge for single masters
			if [ "${OCPINSTALLMINORVERSION}" -eq "11" -a "${MASTERNODECOUNT}" -eq 1 -a "${WORKERNODECOUNT}" -gt 0 ]
			then
				print-in-colour orange "Notes for this installation (OCP 4.11+):"
				echo "You have selected to configure a cluster with single master and multiple workers."
				echo "${YAKKONAME} will make the MASTER node schedulable to guarantee all operators come up."
				echo "Run  'yakko ops mastersched'  after install to make it non-schedulable if required."
				echo
				export KUBE_EDITOR="sed -i s+mastersSchedulable:\ false+mastersSchedulable:\ true+"
				${OCCOMMAND} edit schedulers.config.openshift.io cluster &>/dev/null
			fi
			echo "---------------------------------------------------------------------------"
			echo "Output below tracks command:"
			echo openshift-install --dir=$CLUSTERSETUPDIR wait-for install-complete
			echo "---------------------------------------------------------------------------"
			echo

			check-if-all-cluster-nodes-up 

			csr-approval start $((${MASTERNODECOUNT} + ${WORKERNODECOUNT}))
			$OCPINSTALLSOURCE/openshift-install $AGENTBASEDINSTALLER wait-for install-complete --dir=$CLUSTERSETUPDIR --log-level "${OCPINSTLOGLEVEL}"
			OCPINSTALLCODE=$?

			if [ $OCPINSTALLCODE -ne 0 ]
			then
				AVAILABLEOPERATORS=$(${OCCOMMAND} get co | awk '{ print $3 }' | grep -c True)

				check-system-core-count "ALERT: " # We warn the user if his system is underpowered and use this below
				if [ $AVAILABLEOPERATORS -gt 26 -o $? -eq 1 ] # 26 is a bit arbitrary ;)
				then
					print-in-colour orange "It appears that most operators are up. YAKKO will try openshift-install one more time."
					echo "(You can check operator status by running 'oc get co')"

					check-if-all-cluster-nodes-up 

					$OCPINSTALLSOURCE/openshift-install $AGENTBASEDINSTALLER wait-for install-complete --dir=$CLUSTERSETUPDIR --log-level "${OCPINSTLOGLEVEL}"
					OCPINSTALLCODE=$?
				fi
			fi
			csr-approval stop

			if [ $OCPINSTALLCODE -ne 0 ] # This double check is because we may have run openshift-install again above
			then
				echo
				echo ${SEPARATIONLINE}
				echo

				print-in-colour red "OCP INSTALLATION FAILED OR HAS NOT COMPLETED - $(date)"
				print-in-colour white "The OCP Installer exited with code [ $OCPINSTALLCODE ]"
				echo
				print-in-colour orange "You may want to allow the installation some more time to continue. ${YAKKONAME} will not" 
				print-in-colour orange "mark this cluster complete until the OCP installer exits cleanly."

				# Sometimes, the installer has rebooted a node and the host, having ran out of RAM
				# fails to bring it up and the installation as a whole fails
				echo
				RUNNINGMASTERS=$(virsh list | grep master | grep -c ${YAKKOID})
				echo "The basic cluster state is as follows:"
				if [ $RUNNINGMASTERS -ne $MASTERNODECOUNT ]
				then
					echo "- Running masters: $RUNNINGMASTERS/$MASTERNODECOUNT" 
				else
					print-in-colour red "- Running masters: $RUNNINGMASTERS/$MASTERNODECOUNT - CHECK IF HOST IS OUT OF MEMORY!"
				fi

				check-api-server
				if [ $? -eq 0 ]
				then
					echo "- API Server appears to be healthy (but it may not be available yet)"
				else
					print-in-colour red "- API Server does not seem to be available"
				fi
				echo
				cleanup-and-exit 1
			else
				# We register the cluster ID
				CLUSTERID=$(${OCCOMMAND} get clusterversion -o jsonpath='{.items[].spec.clusterID}')
				echo "CLUSTERID=${CLUSTERID}" >> ${CLUSTERCONFIGFILE}

				# Create the final HAPROXY config file
				echo "Updating HAProxy configuration..."
				update-haproxy-config-file 

				change-console-logo

				# Cluster is done! We report outcome
				print-in-colour ${YAKKOTEXTCOLOUR} ${SEPARATIONLINE}
				echo
				print-in-colour ${YAKKOTEXTCOLOUR}  FINISHED OCP INSTALLATION - $(date)
				# We write the first time we believe the cluster was up, for reference
				# It will also let's us know that there is no further building possible
				print-time-elapsed
				[ -r ${YAKKOTALLY} ] && \
					print-in-colour ${YAKKOTEXTCOLOUR} "Build tally:  " $(cat ${YAKKOTALLY}|wc -l)

				print-in-colour ${YAKKOTEXTCOLOUR} ${SEPARATIONLINE}

				# TRIAL 6.0 -= moving this to afer process-stages
				# This will print the date like 15-06-2021@10:45:46
				mark-cluster-complete ${OCPINSTALLCODE}

				alert-network-dns 
				echo

				# We build the 'last successful config' file for further auto
				{
					echo "CLUSTERNAME=${CLUSTERNAME}"
					echo "CLUSTERDOMAIN=${CLUSTERDOMAIN}"
					echo "OCPVMDIR=${OCPVMDIR}"
					echo "MASTERNODECOUNT=${MASTERNODECOUNT}"
					echo "WORKERNODECOUNT=${WORKERNODECOUNT}"
					echo "MASTERRAMSIZE=${MASTERRAMSIZE}"
					echo "WORKERRAMSIZE=${WORKERRAMSIZE}"
					echo "OCPVERSION=${OCPVERSION}"
					echo "OCPINSTLOGLEVEL=${OCPINSTLOGLEVEL}"
					echo "USEYAKKODNSMASQ=${USEYAKKODNSMASQ}"
					echo "CLUSTERPOSTINSTALL=${CLUSTERPOSTINSTALL}"
					echo "SNAPCLUSTERONINSTALL=${SNAPCLUSTERONINSTALL}"
					echo "AGENTBASEDINSTALLER=${AGENTBASEDINSTALLER}"
					echo "BASENETWORK=${BASENETWORK}"

				} > ${LASTBUILDCONFIG}

				# Tally option, started on 24/11/2020 to keep count of build clusters
				if [ -r ${YAKKOTALLY} ]
				then
					echo "Cluster [${CLUSTERNAME}] built on [$(date)] - Masters: ${MASTERNODECOUNT} Workers: ${WORKERNODECOUNT}" >> ${YAKKOTALLY}
				else
					echo "NOTE: To keep a tally of builds on this host, smply create empty file ${YAKKOTALLY} "
					echo "      and subsequent builds will be logged there in a simple to read text format."
				fi
			fi
		}
	}

	[ $1 == "rollback" ] && {
		rollback-stage-progression "installation of OCP cluster ${CLUSTERNAME}"	
		if [ $DELETECLUSTERMODE -eq 1 ]
		then
			# We are only rolling back THIS stage
			echo "This is a WAIT stage - the cluster is still attempting build in the background."
			echo "Supporting operations already started will run until timing out."
			echo
			echo "Run 'yakko' again to finish this stage when ready or follow prompts to delete cluster."
		else
			rm ${YAKKODIRECTORY}/${LOGINCOMMANDFILE} &>/dev/null
		fi
	}
}

process-stage-continue-clusterconfiguration() {

	#stagecontinueclusterconfiguration

	[ $1 == "progress" ] && {

		advance-stage-progression "Continue Cluster Configuration"

		if [ -n "${CLUSTERCOMPLETE}" ]
		then	
			# if there was an install code registered in ${CLUSTERCONFIGFILE} file then the installer did all it could.
			# this should never happen
			check-cluster-state 
		fi

		echo
		ask-user "Attempt AUTOMATIC configuration of cluster from this point" "Y" noauto
		if [ $? -eq 0 ]
		then 
			AUTOSETUP=Y
		else
			echo
			ask-user "MANUAL CONFIGURATION: Resume where you left off (\"y\") or Start from the begining (\"n\")" "Y" noauto
			if [ $? -ne 0 ]
			then
				YAKKOSTAGE=0
			fi
		fi
	}	

	# NOTE: THIS STAGE MUST PRECEDE yakko-process-stages
	# SEE MAIN AT BOTTOM

	[ $1 == "rollback" ] && {
		rollback-stage-progression "Cluster configuration"
	}
}

process-stage-gatherclusterconfiguration() {

	[ $1 == "progress" ] && {
		advance-stage-progression "Gather Cluster Configuration information"

		# A cluster config does not exist - this should be the first run
		
		# Some of these are more "global" in nature so we store them in ${CLUSTERBUILDDEFAULTS}
		# (which was separate functionality in earlier versions)

		check-for-other-yakko-cluster-files

		if [ "${YAKKOBUILDTEMPLATETYPE}" -ne 0 ]
		then
			### TEMPLATE # startbuildclusterfromtemplate

			# This can only be called with 'yakko rebuildcluster' with no cluster configured
			# And for this to happen we get here with YAKKOBUILDTEMPLATETYPE == 1
			# or YAKKOBUILDTEMPLATETYPE == 2 in which case you are passing a "template"

			MASTERRAMSIZE=0 # This because we need to give the template a chance to populate it and then later we check

			if [ "${YAKKOBUILDTEMPLATETYPE}" -eq 1 ]
			then
				# YAKKOTEMPLATE was already set LASTBUIDLCONFIG when 'rebuildcluster' parameter was detected
				print-in-colour white "REBUILD requested, ${YAKKONAME} will attempt repeating the last known successful cluster configuration"
				source ${YAKKOTEMPLATE} 
			fi

			if [ "${YAKKOBUILDTEMPLATETYPE}" -eq 2 ]
			then
				print-in-colour white "BUILD FROM TEMPLATE requested, using [$YAKKOTEMPLATE] as cluster configuration."

				if [ "${YAKKOTEMPLATE:0:4}" == "http" ]
				then
					${WGET} -O ${OCPWGETTMP}-template ${YAKKOTEMPLATE} &>/dev/null
					if [ $? -eq 0 ]
					then
						echo
						print-in-colour green "Template from URL is available: ${YAKKONAME} will attempt to validate this configuration."
						YAKKOTEMPLATE=${OCPWGETTMP}-template 
					else
						cleanup-and-exit 1 orange "ERROR: Could not download template from URL [${YAKKOTEMPLATE}]"
					fi
				else	
					if [ -r ${YAKKOTEMPLATE} ]
					then	
						echo
						print-in-colour green "Template from file is available: ${YAKKONAME} will attempt to validate this configuration."
					else
						if [[ "$YAKKOTEMPLATE" =~ $NUMBERRE ]]
						then
							echo "NOTE: Template is a number. Did you mean to use 'yakko buildclusterfromdefaults'"
						fi
						cleanup-and-exit 1 orange "ERROR: Could not open template file [${YAKKOTEMPLATE}]"
					fi
				fi

				source ${YAKKOTEMPLATE} 
			fi

			if [ "${YAKKOBUILDTEMPLATETYPE}" -eq 3 ]
			then
				print-in-colour white "BUILD FROM DEFAULTS requested. Configuration will be automatic."
			fi
			echo

			if [ -n "$YAKKOTEMPLATE" ]
			then
				echo "The template contains the following configuration:"
				echo "--------------------------------------------------"
				cat ${YAKKOTEMPLATE} | sed '/^$/d' | grep -v "^#"  # We show the template, but we won't check because we want this AUTOMATIC!
				echo "--------------------------------------------------"
				echo
				ask-user "Continue building this configuration" Y
				[ $? -ne 0 ] && cleanup-and-exit 1 orange "Aborting cluster build"
			fi
			
			# VALIDATE TEMPLATE BEGIN: We check that all needed values are present

			[ -z "$CLUSTERNAME" ] && cleanup-and-exit 1 red "ERROR: CLUSTERNAME needs to be set."
			[ -z "$CLUSTERDOMAIN" ] && cleanup-and-exit 1 red "ERROR: CLUSTERDOMAIN needs to be set."
			[ -z "$OCPVMDIR" ] && cleanup-and-exit 1 red "ERROR: OCPVMDIR needs to be set - the directory where VMs will be created."
			[ -z "$MASTERNODECOUNT" ] && cleanup-and-exit 1 red "ERROR: MASTERNODECOUNT needs to be set - 1 or 3."

			# These are optional, but we remark...
			[ -z "$WORKERNODECOUNT" ] && {
				print-in-colour orange "NOTE: WORKERNODECOUNT was not set, no worker nodes will be configured"
				echo
				WORKERNODECOUNT=0
			}
			[ -z "$OCPVERSION" ] && { 
				print-in-colour orange "NOTE: OCPVERSION was not set, defaulting to 'latest'"
				echo
				OCPVERSION=latest
			}

			MASTERNODECOUNTWRONG=0
			if [[ ! ( $MASTERNODECOUNT -eq 1 || $MASTERNODECOUNT -eq 3 ) ]]
			then
				MASTERNODECOUNTWRONG=1
				echo "ERROR: MASTERNODECOUNT needs to be 1 or 3."
			elif [ ${MASTERRAMSIZE} -eq 0 ] # The template did not specify it
			then
				MASTERRAMSIZE=${SINGLEMASTERRAMSIZE}
				[ ${MASTERNODECOUNT} -eq 3 ] && MASTERRAMSIZE=${THREEMASTERRAMSIZE} 
			fi

			if [ -z "$CLUSTERNAME" -o -z "$CLUSTERDOMAIN" -o -z "$OCPVMDIR" -o -z "$MASTERNODECOUNT" -o "$MASTERNODECOUNTWRONG" -eq 1 ]
			then
				cleanup-and-exit 1 orange "TEMPLATE INCOMPLETE: A template can only be used if the minimum list of values are supplied and correct"
			fi

			[ -z "${YAKKOHOSTIP}" ] && {
				get-yakko-host-ip update
			}

			if [ -z "${BASENETOWRK}" ]
			then	
				find-unused-base-network
			fi

			[ -n "$AGENTBASEDINSTALLER" ] && {
				[ "$AGENTBASEDINSTALLER" == Y ] && AGENTBASEDINSTALLER="agent"
				[ "$AGENTBASEDINSTALLER" == N ] && AGENTBASEDINSTALLER=""
				[ "$AGENTBASEDINSTALLER" != "agent" ] && cleanup-and-exit 1 red "ERROR: AGENTBASEDINSTALLER needs to be 'Y', 'N', 'agent' or empty"
			}

			echo

			if [ "$OCPVERSION" == "latest" ]
			then
				# This also sets OCPVERSION, OCPDOWNLOADCLIENT and OCPDOWNLOADIMAGES properly and no further checks required
				get-openshift-latest
				echo "Latest version of OpenShift is $OCPVERSION"
			else
				if [[ "$OCPVERSION" =~ ^[0-9]+\.[0-9]+$ ]]
				then
					# User passwd a generic version, eg. 4.11
					${WGET} -O $OCPWGETTMP  https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest-$OCPVERSION/release.txt &>/dev/null
					check-for-error-and-exit $? "OpenShift Version $OCPVERSION is not available for download/install in OpenShift mirror"
					OCPVERSION=$(cat $OCPWGETTMP | grep Version: | awk '{ print $2 }')
				fi
				check-if-openshift-version-is-valid doexit
			fi

			set-cluster-purpose-and-notes

			# VALIDATE TEMPLATE END: We check that all needed values are present

			# This will be necessary later and no point in saving an individual value
			if [ -z "$AGENTBASEDINSTALLER" ]
			then
				get-rhcos-dependency # This sets OCPDOWNLOADIMAGES and RHCOS version
			fi

		else
			# THIS SECTION IS ALL ABOUT QUESTIONS 
		
			# Moved from initial load of yakko to here as template builds ignore defaults
			source ${CLUSTERBUILDDEFAULTS} &>/dev/null

			#This is so that we don't have to update if we add questions :)
			#We just count the number of calls to the function... Terrible? Cool... 
			#We filter "(" to avoid the func definition and the counter call below
			QUESTIONSTOTAL=$(cat ${YAKKOEXECUTABLE} | grep "print-question-separator " | grep -v "print-question-separator()" | grep -cv "#print-question-separator")
			QUESTIONNUM=1

			echo "This section will gather relevant information to build an OpenShift cluster on this host."
			echo "Default options are in [brackets], press enter to accept them."

			### QUESTIONS ###QUESTIONS #questionsbegin :: start here
			
			### QUESTION: Domain name ## Stored in BUILD DEFAULTS
			print-question-separator DOMAIN NAME
			while true
			do	
				echo -n "Enter the DOMAIN name to setup your cluster under [\"${CLUSTERDOMAIN}\"]: "
				read RESPONSE
				if [ -z "$RESPONSE" ] 
				then
					break
				fi
				if [ "$RESPONSE" == ""\"\" ] 
				then
					echo "Domain name cannot be blank."
					continue
				else
					CLUSTERDOMAIN=$RESPONSE
					break
				fi
			done
			

			### QUESTION: Cluster name  ## Not stored in BUILD DEFAULTS
			print-question-separator CLUSTER NAME
			while true
			do
				RESPONSE=""
				
				echo "The NAME and the DOMAIN name form the FQDN of the cluster."
				if [ -n "${CLUSTERNAME}" ]
				then
					echo -n "Enter the name of the OpenShift cluster to create [\"${CLUSTERNAME}\"]: "
				else
					echo -n "Enter the name of the OpenShift cluster to create: "
				fi
				read RESPONSE
	
				if [ -z "${RESPONSE}" ]
				then
					if [ -n "${CLUSTERNAME}" ]
					then
						RESPONSE=${CLUSTERNAME}
					else
						echo "Cluster name cannot be blank!"
						echo
						continue
					fi
				fi
		
				if [[ ! ${RESPONSE} =~ ^[a-z0-9]*$ ]]
				then
					echo "Invalid cluster name. Please use lower-case characters and numbers only."
					echo
					continue
				fi

				# Final check - is there another YAKKO cluster on this host?
				# virsh list --all | grep "master-0.${RESPONSE}.${CLUSTERDOMAIN}" &>/dev/null
				check-if-another-yakko-cluster-running

				# For YAKK 7.0... So running a cluster with the same name as the yakko host
				# WITHOUT yakko DNS, leaves 3 operators malfunctioning and I could not debug
				# in the end - having the cluster with the same name as the server... not  all good

				if [ ${RESPONSE} == $(hostname) -o "${RESPONSE}.${CLUSTERDOMAIN}" == $(hostname) ]
				then
					print-in-colour orange "You appear to be trying to set the clustername the same as the ${YAKKONAME} hostname."
					print-in-colour orange "This may work, but you will want to allow ${YAKKONAME} to use its internal DNS resolution."
					print-in-colour orange "You may otherwise find issues with some operators not fully coming up!"
					print-in-colour orange "Ideally, you want to set the clustername with its own hostname."
				fi

				CLUSTERNAME=${RESPONSE}
				break
			done
			

			### QUESTION: What is the purpose of this cluster?
			# This will be written to file $CLUSTERNOTES , where you can also add your own notes under the --
			print-question-separator CLUSTER PURPOSE
			CLUSTERPURPOSE=$(print-cluster-purpose)
			ADDITIONALCLUSTERNOTES=$(cat $CLUSTERNOTES 2>/dev/null | sed -n "/--/,$ p" | sed "1 d" )
			
			NEEDCLUSTERPURPOSE=Y
			if [ -n "${CLUSTERPURPOSE}" ]
			then 
				echo "The following description is already available for this cluster:"
				print-in-colour yellow \"${CLUSTERPURPOSE}\"
				ask-user "Do you want to reuse this description" Y
				if [ $? -eq 0 ]
				then
					NEEDCLUSTERPURPOSE=N
				else 
					CLUSTERPURPOSE=""
				fi
			fi

			if [ "${NEEDCLUSTERPURPOSE}" == Y ]
			then
				echo "Enter a new description or purpose for this cluster, or press return to leave blank:"
				read CLUSTERPURPOSE
			fi

			set-cluster-purpose-and-notes quiet

	
			### QUESTION: Host's IP address on the network  ## Not stored in BUILD DEFAULTS
			# identifying 'this' host - this can be tricky as we are looking for the interface with the cable (hopefully!)
			# we cycle through the physical ports and compare them to those that are up until we nail one
			print-question-separator HOST IP ADDRESS
			echo "This will be used to build the cluster on this host, it's not permanently required."
			echo "If this is a laptop, you may want to apply 'yakko infra changeaccess' when done."
			YAKKOHOSTIP=""
			#The below would be used if the OPEN ACCESS question is reinstated...
			#unset HAPROXYACCESS #This so get-yakko-host-ip doesn't make assumptions yet
			get-yakko-host-ip 


			### QUESTION: basenetwork ## Stored in BUILD DEFAULTS
			print-question-separator BASE VIRTUAL NETWORK

			find-unused-base-network
			echo -n "Enter the SUBNET (/24) inside KVM that you want cluster under [\"${BASENETWORK}\"]: "
			read RESPONSE
			[ -n "$RESPONSE" ] && BASENETWORK=$(echo $RESPONSE | cut -f1-3 -d.)


			### QUESTION: Use external DNS
			print-question-separator DNS SOURCE
			echo "${YAKKONAME} can provide a DNS service with DNSmasq on this host, to meet OpenShift DNS requirements."
			echo "This also enables portability, e.g. when building OpenShift on a laptop."
			ask-user "Do you want to use YAKKO's DNS service?" Y
			if [ $? -eq 0 ]
			then
				USEYAKKODNSMASQ=Y
			else
				USEYAKKODNSMASQ=N
				echo "You will need to add the following records to your DNS for this installation to succeed:"
				echo "- An A or CNAME record for api.${CLUSTERNAME}.${CLUSTERDOMAIN}"
				echo "- a wildcard for apps.${CLUSTERNAME}.${CLUSTERDOMAIN} pointing to ${YAKKOHOSTIP}"
			fi	
		
			
			## QUESTION: Allow open access to the cluster upon creation  # This is recorded only in clusterbuilddefaults
			# YAKKO 6.0 - shaves this question. Not much point for now.
			#print-question-separator OPEN ACCESS TO CLUSTER
			#echo "YAKKO uses HAproxy to loadbalance access to OpenShift nodes, while also allowing"
			#echo "or restricting access to either THIS host only, or clients in your local network." 
			#echo "(You can change this later using 'yakko infra changeaccess')"
			#ask-user "Allow 'open' cluster access from other clients (other than this server)" Y
			#if [ $? -eq 0 ]
			#then
			HAPROXYACCESS=0
			#else
			#	HAPROXYACCESS=1
			#fi
			
			### QUESTION: Disconnected install 
			#print-question-separator "DISCONNECTED INSTALL (EXPERIMENTAL!)"
			#ask-user "Do you want to install from a local mirror registry?" N
			#if [ $? -eq 0 ]
			#then
			#	echo "This requires that you have a mirror registry running in your environment"
			#	echo "and populated with these repositories:"
			#	echo "- openshift/release and"
			#	echo "- openshift/release-images"
			#	echo 
			#	echo "The following blogs can assist in creating the above, using a minimalist"
			#	echo "Red Hat Quay setup:"
			#	echo "- https://cloud.redhat.com/blog/mirroring-openshift-registries-the-easy-way"
			#	echo "- https://cloud.redhat.com/blog/introducing-mirror-registry-for-red-hat-openshift"
			#	echo
			#	echo "You may also need the above to carry a certificate that the OpenShift installer can verify!"

			#	while true
			#	do
			#		DNSDOMAINNAME=$(dnsdomainname)
			#		if [ -z "$DNSDOMAINNAME" ]
			#		then
			#			DNSDOMAINNAME=.localdomain
			#		fi	
			#		EXAMPLEHOSTNAME=$(hostname)${DNSDOMAINNAME}
			#		echo -n "Enter hostname.domainname:port of the localmirror [$EXAMPLEHOSTNAME:8443]: "
			#		read MIRRORSERVER
			#		if [ -z "$MIRRORSERVER" ]
			#		then
			#			MIRRORSERVER=$EXAMPLEHOSTNAME:8443
			#		fi
			#	
			#		MIRRORHOST=$(echo $MIRRORSERVER | cut -f1 -d:)
			#			ping -c 1 $MIRRORHOST &>/dev/null
			#		if [ $? -ne 0 ]
			#		then
			#			echo "Host $MIRRORHOST doesn't appear to be available."
			#			continue
			#		else
			#			break
			#		fi
			#	done

			#	while true
			#	do
			#		echo -n "Enter the OpenShift version (e.g 4.11.18) that is available in the mirror: "
			#		read OCPVERSION
					OCPINSTALLMINORVERSION=$(echo $OCPVERSION | cut -f2 -d.)

			#		# These variables comply with the original download variable name

			#		# PENDING: Haven't checked it's valid, whether the input is a number or the version is in the mirror

			#		break 
			#	done
			#	OCPDOWNLOADIMAGES="$OCPROOT/dependencies/rhcos/4.$OCPINSTALLMINORVERSION/latest" # OCP 4.10 change to layout?

			#	echo "You will need to retrieve the directory with the version number [$OCPVERSION]"
			#	echo "as found in the \"images\" directory of another server that has used ${YAKKONAME} download it."
			#	echo "Simply copy the version number directory from that server to this one under \"images\"."

			#	print-question-skip "OPENSHIFT VERSION (skip): already set as $OCPVERSION"
			#fi

			if [ -z "$OCPVERSION" ]
			then
				# We arrive here because the user did not choose the Agent-Based Installer ("latest")
				# Nor did he provide a version from a mirror, so it's not set.
				### QUESTION - OPENSHIFT VERSION

				MIRRORSERVER=""  # This in case it was setup in clusterbuilddefaults...

				### QUESTION: Cluster version
				print-question-separator OPENSHIFT VERSION
	
				# Now we get on with downloading the OCP binaries
	
				# NOTE: There can be discrepancies between the installer version (OCPVERSION) and  the RHCOS images version (OCPGETIMAGEVERSION)
				# We will download the lot under OCPVERSION to keep a single point reference. This seems to make sense 
				# based on what the OCP mirror offers.
				# HOWEVER, outside of the DOWNLOAD section of the script, the version will be known as OCPINSTALLVERSION
	
				# regular releases are at:
				# INSTALLER: https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest
				# IMAGES: https://mirror.openshift.com/pub/openshift-v4/x86_64/dependencies/rhcos/latest/latest (with OCP 4.10 it seems to be just 'latest')

				# pre-release are at:
				# INSTALLER: https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview/latest
	
				# Latest candidates:
				# INSTALLER: https://mirror.openshift.com/pub/openshift-v4/clients/ocp/candidate/
				# IMAGES: https://mirror.openshift.com/pub/openshift-v4/x86_64/dependencies/rhcos/pre-release/latest/

				get-openshift-latest 
					
				OCPIMAGESONFILE=$(basename -a ${IMAGEREPO}/[0-9]* 2>/dev/null)
				# If there are no images... then basename get that string... "[0-9]*" which is useless
				[ "${OCPIMAGESONFILE}" == "[0-9]*" ] && OCPIMAGESONFILE=""
	
				echo "OpenShift releases are available at https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/"
				while true
				do
					echo "What release version do you want to install:"
					echo "    1) Latest release available ($OCPVERSION)"
					echo "    2) Releases on disk"
					PRUNINGOPTION=N
					for AVAILIMAGE in $OCPIMAGESONFILE
					do
						echo "        - $AVAILIMAGE"
						if [ "${AVAILIMAGE}" != "${OCPVERSION}" -a ${PRUNINGOPTION} == N ]
						then
							PRUNINGOPTION=Y
						fi
					done
					echo "    3) Older releases"
					echo "    4) Latest release candidate (good luck!)"
					echo "    5) Latest pre-release nightly (unknown territory...)"
					echo -n "Pick option number from above (1-5) [1]: "
					read VERSIONRESPONSE
		
					if [ -z "$VERSIONRESPONSE" -o "$VERSIONRESPONSE" == 1 ]
					then
						VERSIONRESPONSE=1
						echo "Installing OpenShift $OCPVERSION"
						if [ "${PRUNINGOPTION}" == Y ]
						then
							ask-user "Delete all other available images" Y
							if [ $? -eq 0 ]
							then
								# Let's prune...
								for AVAILIMAGE in $OCPIMAGESONFILE
								do
									if [ ${AVAILIMAGE} != ${OCPVERSION} ]
									then
										do-remove-directory ${IMAGEREPO}/${AVAILIMAGE}
									fi
								done
							fi
						fi
						break
					elif [ "$VERSIONRESPONSE" == "2" ]
					then
						if [ -z "${OCPIMAGESONFILE}" ]
						then
							echo
							echo "No images have been downloaded, none available!"
							echo
							continue
						fi
						while true
						do
							echo -n "Select image version from above list of on-disk images (copy/paste from above): "
							read OCPVERSION
							if [ -d ${IMAGEREPO}/${OCPVERSION} ]
							then
								break
							else
								echo "Image [${OCPVERSION}] is not a valid/existing image, choose another."
							fi
						done
						break
					elif [ "$VERSIONRESPONSE" == "3" ]
					then
						echo
						echo "You can use the following resources for older versions:"
						echo "- OpenShift Container Platform (OCP) 4 upgrade paths (needs Red Hat login):" 
						echo "  https://access.redhat.com/solutions/4583231"
						echo "- Red Hat OpenShift Container Platform Update Graph (needs Red Hat login)"
						echo "  https://access.redhat.com/labs/ocpupgradegraph/update_channel/"
						echo "- OpenShift Clients Mirror:"
						echo "  https://mirror.openshift.com/pub/openshift-v4/clients/ocp/"
						echo
						# Query what client is desired
						while true
						do
							echo -n  'Enter OCP version you require, e.g. "4.5.6": ' 
							read OCPVERSION

							check-if-openshift-version-is-valid 

							[ $? -eq 0 ] && break
						done
			
						# Query what RHCOS is desired
						get-rhcos-dependency # This searches and sets OCPDOWNLOADIMAGES and RHCOSVERSION
						break
					elif [ "$VERSIONRESPONSE" == "4" ]
					then
						# This is the preview of the upcoming release - typically a RC or release candidate
						OCPDOWNLOADCLIENT=https://mirror.openshift.com/pub/openshift-v4/clients/ocp/candidate
						OCPDOWNLOADIMAGES=https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/pre-release/latest
						${WGET} -O $OCPWGETTMP $OCPDOWNLOADCLIENT/release.txt &>/dev/null
						check-for-error-and-exit $? "Failed to download version file for latest OCP build candidate"
						OCPVERSION=$(cat $OCPWGETTMP | grep Version: | awk '{ print $2 }')
						echo "OCP pre-release version [$OCPVERSION] will be downloaded to ${IMAGEREPO} if required"
						break
					elif [ "$VERSIONRESPONSE" == "5" ]
					then
						# This is the preview of the release after next - the latest is a nightly
						OCPDOWNLOADCLIENT=https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview/latest
						OCPDOWNLOADIMAGES=https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/pre-release/latest
						${WGET} -O $OCPWGETTMP $OCPDOWNLOADCLIENT/release.txt &>/dev/null
						check-for-error-and-exit $? "Failed to download version file for latest pre-build OCP"
						OCPVERSION=$(cat $OCPWGETTMP | grep Version: | awk '{ print $2 }')
						echo "OCP nightly version [$OCPVERSION] will be downloaded to ${IMAGEREPO} if required"
						break
					else
						echo
						echo "Invalid selection, try again!"
						echo
					fi
				done
			else
				print-question-skip "OPENSHIFT VERSION (skip): already set as $OCPVERSION"
			fi
			
			### QUESTION: Use the OpenShift Agent Based Installer
			if [ "$VERSIONRESPONSE" -eq "1" ]
			then
				print-question-separator "OPENSHIFT AGENT BASED INSTALLER (ABI)"

				echo "YAKKO can use the OpenShift Agent Based Installer to create a cluster without"
				echo "a bootstrap host. This is ideal for machines with smaller RAM footprints."
				echo "- This requires masters with 8-cores, which YAKKO will adjust."
				echo "- You won't be able to add worker nodes later"

				check-system-core-count "- "
				
				ask-user "Do you want to leverage the OpenShift Agent-Based Installer?" N
				if [ $? -eq 0 ]
				then
					AGENTBASEDINSTALLER=agent
				else
					AGENTBASEDINSTALLER=""	
				fi
			else
				print-question-skip "OPENSHIFT AGENT BASED INSTALLER (skip) - not building to latest version"
			fi


			### QUESTION: Get repository for VMs ## Stored in BUILD DEFAULTS
			print-question-separator VM STORAGE

			CAPACITYALERT=0

			while true
			do
				echo -n "Enter the directory where you wish to place the OCP VM disks for this cluster [\"${OCPVMDIR}\"]: "
				read RESPONSE
				[ -z "$RESPONSE" ] && RESPONSE=${OCPVMDIR} 
				mkdir -p ${RESPONSE} &>/dev/null
				if [ ! -d "$RESPONSE" ] 
				then
					echo "$RESPONSE is not a valid directory!" 
					continue
				fi
				break
			done

			OCPVMDIR=$RESPONSE
			OCPVMDISKDIR="$OCPVMDIR"/YAKKO-${CLUSTERNAME}-${CLUSTERDOMAIN}-${YAKKOID}
			
			# The next set of questions are intertwined, as they are measured against your system

			while true 
			do
				if [ "${OCPINSTALLMINORVERSION}" -ge 8  ]
				then
					### QUESTION: Master node count 
					print-question-separator MASTER NODE COUNT
					while true
					do
						# The default comes from .clusterbuilddefaults but is version dependent
						echo -n "How many MASTER nodes do you want to configure (1 or 3) [${MASTERNODECOUNT}]: "
		
						read RESPONSE
		
						[ -z "${RESPONSE}" ] && RESPONSE=${MASTERNODECOUNT}

						TOTALCORES=$(( $(lscpu | grep "Core(s)" | awk '{print $4}') * $(lscpu | grep "Socket(s)" | awk '{print $2}') ))
						if [ $RESPONSE == 1 ]
						then
							if [ $TOTALCORES -ge 8 ]
							then
								echo "Your system has 8 or more cores. When building a cluster with a single master"
								echo "it is recommended that it have 8+ cores, or it could constrain further installs"
								ask-user "Configure the master with 8 CPUs (recommended)" Y
								if [ $? -eq 0 ]
								then 
									MASTERVCPUS=8
								fi
							else
								echo "Your system only has $TOTALCORES. You may find this a constraint as you build the cluster"
							fi
							break
						elif [ $RESPONSE == 3 ]
						then
							break
						else
							echo "Invalid master node count, choose 1 or 3."
						fi
					done
					MASTERNODECOUNT=$RESPONSE

					echo ${OCPVERSION} | grep 4.8 >/dev/null
					if [ $? -eq 0 ]
					then
						echo "NOTE: Single Master clusters are experimental with OpenShift 4.8"
						echo "      You will likely see some errors and yet see your cluster progress."
						echo "      If it does not progress after a while, you may want to restart."
					fi
				else	
					MASTERNODECOUNT=3
				fi

				### QUESTION: RAM size confirmation (MASTERS)  ##
				if [ ${MASTERNODECOUNT} -eq 1 ]
				then
					RECMASTERRAMSIZE=${SINGLEMASTERRAMSIZE}
				else
					RECMASTERRAMSIZE=${THREEMASTERRAMSIZE}
				fi

				print-question-separator MASTER NODE RAM
				while true
				do
					echo -n "How much RAM (MiB) should be allocated to MASTER nodes [${RECMASTERRAMSIZE}]: "
					read VALUE
					if [ -n "$VALUE" ]
					then
						if ! [[ $VALUE =~ $NUMBERRE ]] ; then
							echo "Error: Not a number. Try again..."
							continue
						else
							if [ ${VALUE} -lt ${RECMASTERRAMSIZE} ]
							then 
								ask-user "You are requesting less RAM than recommended. Do you want to limit Prometheus RAM usage" Y
								[ $? -eq  0 ] && REDUCEPROMETHEUS=Y
							fi
							MASTERRAMSIZE=$VALUE
						fi
					else
						MASTERRAMSIZE=${RECMASTERRAMSIZE}
					fi
					break
				done

	
				### QUESTION: Add worker nodes at build ##
				if [ -n "$AGENTBASEDINSTALLER" -a ${MASTERNODECOUNT} -eq 1 ]
				then
					print-question-skip "WORKER NODE COUNT (skip): Agent-Based Installer cannot build worker nodes with single master"
					WORKERNODECOUNT=0
				else
					print-question-separator WORKER NODE COUNT
					if [ -z "$WORKERNODECOUNT" ]
					then
						# On first run, there will be no worker node count defined, let's offer 2
						if [ ${MASTERNODECOUNT} -eq 3 ]
						then
							WORKERNODECOUNT=2
						else
							WORKERNODECOUNT=0
						fi
					fi
					while true
					do
						echo "Worker nodes can be built at cluster creation or later."
						echo "To build a cluster with ONLY schedulable MASTER node(s), type '0'"
						echo -n "How many worker nodes do you want to configure at cluster build time [$WORKERNODECOUNT]: "
						read VALUE
						if [ -n "$VALUE" ]
						then
							if ! [[ $VALUE =~ $NUMBERRE ]] 
							then
								echo "Error: Not a number. Try again..."
								continue
							elif [ ${VALUE} -gt ${MAXWORKERNODES} ]
							then
								echo "You need to specify a number of workers up to [${MAXWORKERNODES}]"
								continue
							elif [ $VALUE -eq 0 ]
							then
								echo "No worker nodes were requested. You can add nodes later with YAKKO."
								break
							fi
							break
						else
							# Note that if $VALUE is 0 then we already have WORKERNODECOUNT properly set
							VALUE=$WORKERNODECOUNT
							break
						fi
					done
					WORKERNODECOUNT=${VALUE}
				fi

	
				### QUESTION: RAM size confirmation (WORKERS)  ##
				if [ ${WORKERNODECOUNT} -gt 0 ]
				then 
					print-question-separator WORKER NODE RAM
					while true
					do
						echo -n "How much RAM (MiB) should be allocated to WORKER nodes [${DEFAULTWORKERRAMSIZE}]: "
						read VALUE
						if [ -n "$VALUE" ]
						then
							if ! [[ $VALUE =~ $NUMBERRE ]] 
							then
								echo "Error: Not a number. Try again..."
								continue
							else
								WORKERRAMSIZE=$VALUE
							fi
						fi
						break
					done
				else
					print-question-skip "WORKER NODE RAM CONFIGURATION (skip): there are no worker nodes"
				fi
	
				TOTMASTERSRAM=$(($MASTERNODECOUNT * $MASTERRAMSIZE)) # This is in MB
				TOTWORKERSRAM=$(($WORKERNODECOUNT * $WORKERRAMSIZE)) # This is in MB
				TOTCLUSTERRAM=$(($TOTMASTERSRAM + $TOTWORKERSRAM))
	
				TOTMASTERSDISK=$(($MASTERNODECOUNT * $MASTERDISKSIZE)) # This is in GB
				TOTWORKERSDISK=$(($WORKERNODECOUNT * $WORKERDISKSIZE)) # This is in GB
				TOTCLUSTERDISK=$(($TOTMASTERSDISK + $TOTWORKERSDISK))
	
				# We won't use PHYSICAL system RAM here as a warning mark
				SYSTEMAVAILRAM=$(free -m | grep Mem:| awk '{ print $7 }')

				# QUESTION - not really but we confirm
				print-question-separator TOTAL CAPACITY REQUIREMENTS
				echo "Requested OpenShift configuration requires:"
				echo "- RAM:  ${TOTCLUSTERRAM} MiB "
				echo "- DISK: ${TOTCLUSTERDISK} GiB "
				if [ -z "$AGENTBASEDINSTALLER" ]
				then
					echo
					echo "Additionally you will need to allow some RAM for the bootstrap VM."
					echo "This machine is currently defined with $(( ${BOOTSTRAPNODERAMSIZE}/1000 )) GB RAM, no testing has been done with using swap in its entirety."
				fi

				if [ ${SYSTEMAVAILRAM} -lt ${TOTCLUSTERRAM} ]
				then
					CAPACITYALERT=1
					print-in-colour orange "Not enough free RAM available for your desired configuration:"
					print-in-colour orange "Total requirement is ${TOTCLUSTERRAM} MiB but system only has ${SYSTEMAVAILRAM} MiB free"
				fi
	
				TOTSYSTEMDISK=$(df -BGiB ${OCPVMDIR} | grep -v "^Filesystem" | awk '{print $4}' | cut -f1 -dG) 
				if [ ${TOTSYSTEMDISK} -lt ${TOTCLUSTERDISK} ]
				then
					CAPACITYALERT=1
					print-in-colour orange "Not enough disk space available for you desired configuration:"
					print-in-colour orange "Total requirement is [${TOTCLUSTERDISK}] but ${OCPVMDIR} only has [${TOTSYSTEMDISK}]"
				fi
				
				if [ ${CAPACITYALERT} -eq 0 ]
				then
					ask-user "Accept this configuration for cluster build" Y
				else
					ask-user "Accept the above configuration anyway" Y
				fi

				if [ $? -eq 0 ]
				then
					break
				else
					CAPACITYALERT=0
					continue
				fi
			done

			### QUESTION: DEBUG LEVEL OF OUTPUT FOR INSTALLER##
			print-question-separator OUTPUT LOG LEVEL OF OCP INSTALLER
			echo "The following strings are available for OpenShift installer output verbosity (lower to higher):"
			echo "    - error"
			echo "    - warn"
			echo "    - info (default)"
			echo "    - debug (use this if chasing problems!)"
			while true
			do
				echo -n "Indicate the desired log verbosity to observe [info]: "
				read OCPINSTLOGLEVEL
				if [ -z "${OCPINSTLOGLEVEL}" ]
				then
					OCPINSTLOGLEVEL="info"
				fi
	
				echo " debug info warn error " | grep " ${OCPINSTLOGLEVEL} " >/dev/null 
				if [ $? -eq 0 ]
				then 
					break
				else
					echo "Invalid option, try again."
					continue
				fi
			done
			
			### QUESTION: POST-INSTALL SNAPSHOT
			print-question-separator POST-INSTALL SNAPSHOT
			echo "For rapid reverting to point-of-install, ${YAKKONAME} can take a snapshot of the cluster"
			echo "immediately upon completion of the installation. Note that fresh clusters can be"
			echo "difficult to restart - after 24H you may want to take a newer snapshot."
			ask-user "Do you want to take a snapshot after cluster install" Y
			[ $? -eq 0 ] && SNAPCLUSTERONINSTALL=Y

			### QUESTION: POST-INSTALL TASKS
			print-question-separator POST-INSTALL TASKS
			echo "After the cluster is operational, ${YAKKONAME} can run a set of your predefined tasks."
			echo "These tasks can come from:"
			echo "- a local file (the default is \"$CLUSTERPOSTINSTALL\")"
			echo "- a URL, ideally a RAW github file URL - see some samples here:"
			echo "  https://github.com/ozchamo/cluster-post-installers-for-yakko"
			echo "If you accept the default file, ${YAKKONAME} will simply ignore this if it doesn't exist."
			while true
			do
				echo -n "Enter the target of the post-install task file [${CLUSTERPOSTINSTALL}]: "
				read RESPONSE

				if [ -z "$RESPONSE" ]
				then	
					break
				fi

				if [ "${RESPONSE:0:4}" == "http" ]
				then
					# We'll use some file from the net, eg github raw file
					curl -I $RESPONSE &>/dev/null
					if [ $? -ne 0 ]
					then
						echo "That URL does not appear to be available"
						continue
					else
						CLUSTERPOSTINSTALL=$RESPONSE
						break
					fi
				fi

				if [ ! -e ${RESPONSE} ]
				then
					echo "File [${RESPONSE}] is not valid (needs to exist and be executable)"
				else
					CLUSTERPOSTINSTALL=${RESPONSE}
					break
				fi
			done
		fi


		### QUESTIONS ###QUESTIONS #questionsend :: stop here

		# Is SELinux running?
		set-selinux-state
	
		populate-user-definitions

		if [ ${YAKKOBUILDTEMPLATETYPE} -eq 0 ]
		then
			# V1.1 
			### QUESTION: Allow a PAUSE to edit install-config.yaml
			print-question-separator PAUSE FOR install-config.yaml EDIT
			echo "Although ${YAKKONAME} automates OpenShift cluster creation, you may want to customise the "
			echo "'install-config.yaml' configuration file before cluster bootstrap, for example,"
			echo "when wanting to add a proxy server for indirect connection to the internet."	
			ask-user "Pause for edit of 'install-config.yaml' when file becomes available" N noauto
			PAUSEFORCONFIGEDIT=$?  #0 is Y, so pause in process-stage-generateocpinstallerconfig

			print-question-separator AUTOMATIC CLUSTER BUILD
			ask-user "Attempt AUTOMATIC creation of cluster \"${CLUSTERFQDN}\"" "Y" noauto  && AUTOSETUP=Y
		else
			# 1 is REBUILD same as last cluster
			# 2 is BUILD from a specified TEMPLATE file
			AUTOSETUP=Y
		fi

		populate-cluster-config-file

	}
	# NOTE: THIS STAGE MUST PRECEDE yakko-process-stages
	#       SEE MAIN AT BOTTOM

	[ $1 == "rollback" ] && {
		rollback-stage-progression "Gather cluster configuration"
	}
}

process-stage-postinstall() {

	#stagepostinstall 

	[ $1 == "progress" ] && {

		advance-stage-progression "Post-install / user-defined steps"

		if [ "${SNAPCLUSTERONINSTALL}" == "Y" ]
		then
			print-in-colour ${YAKKOTEXTCOLOUR} "A SNAPSHOT OF THE FRESHLY INSTALLED CLUSTER WAS REQUESTED"
			snap-active-cluster initialbuild
		fi

		if [ -n "${CLUSTERPOSTINSTALL}" ]
		then
			#This is to allow for little text output when calling yakko within yakko, eg during yakko-post-install
			export	PRINTFULLYAKKOHEADER=N 
			
			if [ "${CLUSTERPOSTINSTALL:0:4}" == "http" ]
			then
				print-in-colour white "Runnin Cluster post-install tasks at URL"
				print-in-colour white "${CLUSTERPOSTINSTALL}" 
				${WGET} -O $OCPWGETTMP ${CLUSTERPOSTINSTALL} 
				if [ $? -eq 0 ]
				then
					chmod +x $OCPWGETTMP
					$OCPWGETTMP # Yep, we run it - bash to prevent permission issues
					echo
					print-in-colour ${YAKKOTEXTCOLOUR} "FINISHED POST-INSTALL TASKS - $(date)"
					print-in-colour ${YAKKOTEXTCOLOUR} ${SEPARATIONLINE}
					echo
					ask-user "Do you want to see the current cluster state report" Y noauto
					[ $? -eq 0 ] && { echo; check-cluster-state; }
				else
					print-in-colour orange "ERROR: Could not download cluster-post-install file ${CLUSTERPOSTINSTALL}"
					print-in-colour orange "       No post installation process performed"
					echo
				fi
			else	
				if [ -r ${CLUSTERPOSTINSTALL} ]
				then	
					print-in-colour white  "Running cluster post-install tasks at file ${CLUSTERPOSTINSTALL}" 
					bash ${CLUSTERPOSTINSTALL} # Yep, we run it - bash to prevent permission issues
					echo
					print-in-colour ${YAKKOTEXTCOLOUR} "FINISHED POST-INSTALL TASKS - $(date)"
					print-in-colour ${YAKKOTEXTCOLOUR} ${SEPARATIONLINE}
					echo
					ask-user "Do you want to see the current cluster state report" Y noauto
					[ $? -eq 0 ] && { echo; check-cluster-state; }
				else	
					echo "Post-installation file [${CLUSTERPOSTINSTALL}] not available for processing"
					echo
				fi
			fi
		else
			echo "Post-install user-defined steps file not provided. Nothing to do."
			echo
		fi
	}

	[ $1 == "rollback" ] && {
		rollback-stage-progression "Post-install user-defined steps"
	}

}

yakko-process-stages() {

	#stages ##stages #processtages

	ACTION=$1 # progress or rollback

	if [ "${ACTION}" == "rollback" -a ${DELETECLUSTERFORCE} -eq 1 ]
	then
		# This questioning is bypassed if DELETECLUSTERFORCE is 0
		echo
		ask-user "*** CONFIRM *** - Deleting cluster [${CLUSTERFQDN}] @ [$YAKKODIRECTORY]" "N" noauto
		[ $? -ne 0 ] && { echo; echo "ATTENTION: No action taken. Exiting."; cleanup-and-exit 0; }
		
		# User wants the cluster gone!
		AUTOSETUP=N
		DELETECLUSTERMODE=0 # We are destroying everything
	fi
	
	process-stage-pullsecret ${ACTION}
	process-stage-downloadocpbinaries ${ACTION}
	process-stage-libvirt ${ACTION}
	process-stage-sshclient ${ACTION}
	process-stage-storage ${ACTION}

	#changed these two around for 6.0
	process-stage-virtualnetwork ${ACTION}
	process-stage-dns ${ACTION}

	process-stage-httpserver ${ACTION}
	process-stage-haproxy ${ACTION}
	process-stage-firewall ${ACTION}
	process-stage-generateocpinstallerconfig ${ACTION}

	if [ -z "$AGENTBASEDINSTALLER" ]
	then
		# this is the original YAKKO with no agent based installer support
		process-stage-create-ingestmanifestsandignition ${ACTION}
		process-stage-build-bootstrapnode ${ACTION}
		process-stage-build-ocp-masternodes ${ACTION}
		process-stage-build-ocp-workernodes ${ACTION}
	else
		# We are using the agent based installer!
		process-stage-build-abi-boot-assets ${ACTION}
		process-stage-build-ocp-masternodes ${ACTION}
		process-stage-build-ocp-workernodes ${ACTION}
	fi
	process-stage-startocpbootstrap ${ACTION}
	process-stage-reduceprometheusmemory ${ACTION}
	process-stage-waitforocpinstalltocomplete ${ACTION}

	if [ "${ACTION}" == "progress" ]
	then
		print-in-colour orange ${SEPARATIONLINE}
		echo
		print-in-colour orange "IMPORTANT:"
		print-in-colour orange " This cluster is freshly built. Some services may still be starting."
		print-in-colour orange " - To enable the OCP internal registry >>  yakko ops localregistry"
		print-in-colour orange " - To create the user htpasswd database >>  yakko ops htpasswd administrator  &  yakko ops useradd <user>"
		print-in-colour orange " - If the cluster is shutdown within 24 hours, please refer to these KB articles to update certs:"
		print-in-colour orange "   >  https://access.redhat.com/solutions/5542981 - is the cluster past the initial 24H Cert Expiry period?"
		print-in-colour orange "   >  https://access.redhat.com/solutions/5953441 - renewing the master node certificates"
		print-in-colour orange ${SEPARATIONLINE}
		echo
		check-cluster-state firstcall
		process-stage-postinstall ${ACTION}
	else
		# Only if the cluster completes, do we run the below.

		#This last one actually deletes the clusterconfig file
		#And when this happens, yakko no longer believes that a cluster exists
		#So this must be done AFTER all stages are cleared
		process-stage-gatherclusterconfiguration rollback
		echo
		echo "Cluster [${CLUSTERFQDN}] and associated configuration have been deleted."
		check-if-yakko-running # This guy will delete any background yakkos if DELETECLUSTERMODE == 0
		mv ${CLUSTERCONFIGFILE} ${CLUSTERCONFIGFILE}.old
	fi
	cleanup-and-exit 0
}
						

######################################################################################################
########## MAIN ###MAIN :)
##########  If this were a different programming language, you would call this a "main()".... ########
######################################################################################################

# We define a set of key config variables and files now that we know where we are running from
# Moved some of these around with YAKKO 5.01
YAKKODIRECTORY=$(dirname $(realpath $0))

# This is a unique identifier, used to avoid CLUSTERFQDN conflicts for when two or more clusters reuse the same CLUSTERFQDN
YAKKOID=$(ls -id $YAKKODIRECTORY | awk '{print $1}') 

# AND any other yakko becomes READ ONLY using this, to avoid clobbering the original code
YAKKOEXECUTABLE=$(realpath $0)
[ $YAKKOID -ne 8650753 ] && chmod 554 $YAKKOEXECUTABLE

# These cannot be set until YAKKODIRECTORY is set
IMAGEREPO=${YAKKODIRECTORY}/images # The webserver will serve from here. oc and openshift-install are here already
CLUSTERCONFIGFILE=${YAKKODIRECTORY}/.clusterconfig # Filename where all defaults for the cluster you are building are kept
LASTBUILDCONFIG=${YAKKODIRECTORY}/.lastclusterbuild
CLUSTERBUILDDEFAULTS=${YAKKODIRECTORY}/.clusterbuilddefaults # Filename where all defaults for YAKKO are kept
PULLSECRETFILE=.pullsecret  # We don't preface this with a directory because the name is used on installs before the dir exists

if [ -z "${PRINTFULLYAKKOHEADER}" ]
then
	# YAKKO header - if called from within YAKKO for post-install then this will be exported as N by yakko there
	PRINTFULLYAKKOHEADER=Y 
fi

set-selinux-state  # Identify this from the get go

if [ "$1" == "version" ]
then
	echo
	echo "${YAKKONAME} version::${YAKKOVERSION} (${YAKKODATE})"
	echo
	echo "Copyright (C) 2020 - Daniel Cifuentes"
	echo "This is free software and comes with ABSOLUTELY NO WARRANTY."
	echo "You are welcome to redistribute it under certain conditions." 
	echo "Feel free to post comments via GitHub - https://github.com/ozchamo/YAKKO"

	cleanup-and-exit 0
fi

if [ $(whoami) != 'root' ]
then 
	echo
	print-in-colour orange "ATTENTION: You must be user <root> to run ${YAKKOSCRIPTNAME}"
	cleanup-and-exit 1
fi

if [ "$1" == "backup" ]
then
	# This is action 0, the developer wants to make a backup
	# There will be no cluster built, nothing
	yakko-backup $*
fi

if [ "$1" == describehw -o "$2" == describehw ]
then
	yakko-infra-operations describehw
fi


if [ "$1" == "runcommand" ]
then
	# This is to test functions in yakko from outside. The world doesn't need to know.
	
	ask-user "Run in full DEBUG: 'set -x' + no spinner" Y
	[ $? -eq 0 ] && { set -x; RUNCOMMANDDEBUG=Y; }

	source $CLUSTERCONFIGFILE

	shift
	echo "Calling $*"
	eval $*
	RESULT=$?
	echo Output was [$RESULT]
	cleanup-and-exit $RESULT 
fi
	
print-yakko-header

if [ "$1" == "usage" ]
then
	#usage
	print-in-colour ${YAKKOTEXTCOLOUR}  "When NO CLUSTER is configured you can call: "
	print-yakko-nocluster-menu
	echo
	print-in-colour ${YAKKOTEXTCOLOUR}  "When a CLUSTER IS CONFIGURED you can call:"
	echo "    yakko  (no params)    -> show running cluster state and configuration"
	echo "    yakko startcluster    -> startup or resume the cluster (same as yakko infra startcluster)"
	echo "    yakko stopcluster     -> shutdown or suspend (in-memory) the cluster"
	echo "    yakko deletecluster   -> delete the running or stopped cluster (same as yakko infra deletecluster)"
	echo "    yakko infra <options> -> make infrastructure changes offered by yakko (see below)" 
	echo "    yakko ops <options>   -> make operational changes offered by yakko (see below)"
	echo
	print-in-colour ${YAKKOTEXTCOLOUR}  "At any time, you can call:"
	echo "    yakko addcluster      -> add a new cluster (this will setup ${YAKKONAME} in a new directory)"
	echo "    yakko purgedownloads  -> delete downloaded OCP images"
	echo "    yakko version         -> prints yakko information" 
	echo
	print-in-colour ${YAKKOTEXTCOLOUR}  "Calling 'yakko infra' (with no options) will always remind you of the following:"
	print-yakko-infra-operations-menu
	echo
	print-in-colour ${YAKKOTEXTCOLOUR}  "Calling 'yakko ops' (with no options) will always remind you of the following:"
	print-yakko-ops-operations-menu
	cleanup-and-exit 0
fi

if [ -e "${YAKKODIRECTORY}/.yakkohome" -a ! -w "${YAKKODIRECTORY}" -a "$1" != "addcluster" ]
then
	# This is so I can share with other computers safely
	echo
	print-in-colour orange "ATTENTION: Calling ${YAKKOSCRIPTNAME} from a read-only directory."
	echo
	ask-user "Would you like to install ${YAKKONAME} in a different directory" Y noauto
	if [ $? -eq 0 ]
	then	
		DOYAKKOINSTALL=Y
	else
		exit
	fi
fi

if [ ! -e "${YAKKODIRECTORY}/.yakkohome" -o "${DOYAKKOINSTALL}" == "Y" ]
then
	while true
	do
		# This is not even installed!

		if [ -z "${DOYAKKOINSTALL}" ]
		then
			echo
			echo "${YAKKONAME} is not installed in [${YAKKODIRECTORY}]."
			echo
		fi

		if [ ! -e /${YAKKONAME} ]
		then
			echo -n "Enter the directory where you want to install ${YAKKOSCRIPTNAME} [/${YAKKONAME}]: "
			read CANDIDATEYAKKODIRECTORY
			if [ -z "${CANDIDATEYAKKODIRECTORY}" ]
			then
				CANDIDATEYAKKODIRECTORY=/${YAKKONAME}
			fi
		else
			while true
			do
				echo -n "Enter the directory where you want to install ${YAKKOSCRIPTNAME}: "
				read CANDIDATEYAKKODIRECTORY
				if [ -z "$CANDIDATEYAKKODIRECTORY" ]
				then 
					echo "Please enter a valid directory name"
					continue
				else
					break
				fi
			done

		fi

		mkdir ${CANDIDATEYAKKODIRECTORY} &>/dev/null
		RESULT=$?

		[ $RESULT -ne 0 ] && {

			if [ $RESULT -eq 1 ] 
			then
				# The directory already exists
				if [ $(ls -la ${CANDIDATEYAKKODIRECTORY} | wc -l) -gt 3  ] 
				then
					# And - it has files in it.
					echo
					echo  "Directory [$CANDIDATEYAKKODIRECTORY] already exists and contains files. "
					ask-user "Continue installing ${YAKKONAME} in this directory" "N" noauto
					if [ $? -eq 1 ] 
					then
						continue
					else
						break
					fi
				else
					# It's empty so we can continue
					break
				fi
			fi

			echo "Could not create directory [${CANDIDATEYAKKODIRECTORY}]. Try again."
			echo
			continue
		}

		break
	done

	if [ -e "${CANDIDATEYAKKODIRECTORY}/${YAKKOSCRIPTNAME}" ]
	then
		if [ $(ls -i "${CANDIDATEYAKKODIRECTORY}/${YAKKOSCRIPTNAME}" | awk '{ print $1 }') -eq $(ls -i ${YAKKOEXECUTABLE} | awk '{ print $1 }') ]
		then
			# We're probably just running yakko from what will be the destination directory
			echo "You are running ${YAKKOSCRIPTNAME} from the destination directory - that's OK"
		fi
	else
		cp ${YAKKOEXECUTABLE} ${CANDIDATEYAKKODIRECTORY}
		check-for-error-and-exit $? "Could not copy ${YAKKOSCRIPTNAME} to ${CANDIDATEYAKKODIRECTORY}"
	fi

	chmod +x ${CANDIDATEYAKKODIRECTORY}/${YAKKOSCRIPTNAME}
	check-for-error-and-exit $? "Could not make ${CANDIDATEYAKKODIRECTORY}/${YAKKOSCRIPTNAME} executable"

	# Now we check/install packages!
	install-required-yakko-packages

	# We enable/check the required services - YAKKO 8.0
	install-libvirt-modular-services

	# YAKKO 5.01 moves the pullsecret stage to an installer question!
	
	WANTPULLSECRET=0 # We begin with the conception that there is no pull secret, 0 means YES I want one

	echo "A Red Hat pull secret is required for Openshift downloads."
	if [ -r ${CANDIDATEYAKKODIRECTORY}/${PULLSECRETFILE} ] 
	then
		ask-user "A pull secret already exists in ${CANDIDATEYAKKODIRECTORY}, do you want to replace it" N
		WANTPULLSECRET=$?
		
		if [ ${WANTPULLSECRET} -eq 1 ]
		then
			PULLSECRET=$(cat ${CANDIDATEYAKKODIRECTORY}/${PULLSECRETFILE})
			echo "There was a problem reading the existing pull secret. A new one will be requested."
		fi
	else
		if [ -r ${YAKKODIRECTORY}/${PULLSECRETFILE} ]
		then
			# I am installing from a directory that has a pullsecret or using addcluster
			ask-user "A pull secret already exists in ${YAKKODIRECTORY}, do you want to use for this install" Y
			if [ $? -eq 0 ]
			then
				cp ${YAKKODIRECTORY}/${PULLSECRETFILE} ${CANDIDATEYAKKODIRECTORY}/${PULLSECRETFILE}
				PULLSECRET=$(cat ${CANDIDATEYAKKODIRECTORY}/${PULLSECRETFILE})
				WANTPULLSECRET=1
			else
				WANTPULLSECRET=0
			fi
		else
			WANTPULLSECRET=0
		fi
	fi

	# There is no pull secret on file or user wants a new one now
	if [ -z "${PULLSECRET}" -o "${WANTPULLSECRET}" -eq 0 ]
	then
		while true
		do
			echo "Please copy/paste pull secret from [ https://cloud.redhat.com/openshift/install/metal/user-provisioned ] or enter the path of a local file with it:"
			read PULLSECRET

			if [ -f $PULLSECRET ]
			then
				PULLSECRET=$(cat $PULLSECRET)
			fi
			
			echo $PULLSECRET | grep '{"auths":{"cloud.openshift.com":' &>/dev/null
			if [ $? -eq 0 ]
			then
				break
			else
				echo "Invalid pull secret, try again."
			fi
		done

		echo $PULLSECRET > ${CANDIDATEYAKKODIRECTORY}/${PULLSECRETFILE}
	else
		echo "Using saved pull secret"
	fi

	hostname >  ${CANDIDATEYAKKODIRECTORY}/.yakkohome
	check-for-error-and-exit $? "Could not create installation stub in ${CANDIDATEYAKKODIRECTORY}"


	if [ -r ${YAKKODIRECTORY}/images ]
	then
		ask-user "Do you want to copy available images for OpenShift" Y noauto
		[ $? -eq 0 ] && cp -R ${YAKKODIRECTORY}/images ${CANDIDATEYAKKODIRECTORY}
	fi

	echo
	echo "${YAKKOSCRIPTNAME} is now installed. Run again from directory [${CANDIDATEYAKKODIRECTORY}] to continue!"
	cleanup-and-exit 0
fi

# Now that we know where we stand, we can offer a new YAKKO landing place for a second, third etc cluster
cd ${YAKKODIRECTORY} &>/dev/null # Just change to the directory of action from hereon
if [ "$1" == addcluster ]
then
	# New with ~2.5?
	echo "To add a new cluster, you will need to run ${YAKKOSCRIPTNAME} from a new directory altogether."
	while true
	do
		echo -n  "Enter a new directory to create and install ${YAKKOSCRIPTNAME} in: "
		read NEWYAKKODIRECTORY
		if [ -z "$NEWYAKKODIRECTORY" ]
		then
			echo "ERROR: Directory name cannot be empty."
			continue
		fi
		
		mkdir ${NEWYAKKODIRECTORY} 2>/dev/null
		if [ $? -ne 0 ]
		then
			echo "ERROR: could not create new directory - try again"
			continue
		fi
		# There is no reason for the below to fail
		mkdir ${NEWYAKKODIRECTORY}/images 2>/dev/null
		break
	done

	if [ -d images ]
	then
		ask-user "Do you want to make available the existing OpenShift images to the new cluster" Y
		if [ $? -eq 0 ]
		then
			(cd images; cp -R 4* ${NEWYAKKODIRECTORY}/images)
		fi
	fi

	cp yakko ${NEWYAKKODIRECTORY}
	if [ "$(cat .yakkohome)" != $(hostname) ]
	then
		# You may have run 'yakko' from a different host via NFS, and so
		# the hostname in yakkohome won't agree. We care because we may need 
		# to check that all packages are installed in this new host
		install-required-yakko-packages
	fi

	hostname > ${NEWYAKKODIRECTORY}/.yakkohome # this marks it as 'installed'
	chmod 544 ${NEWYAKKODIRECTORY}/yakko
	cp .pullsecret ${NEWYAKKODIRECTORY}

	echo
	echo "NOTES:"
	echo "  - ${YAKKONAME} cannot run both clusters at the same time as HAProxy allows only one cluster "
	echo "    through the same ports (80,443,6443,22623)"
	echo "  - To ensure separation, always use a different terminal when interacting with different"
	echo "    clusters - else you may find that your KUBECONFIG variable will cause problems."
	echo "  - Each ${YAKKONAME} directory keeps its own images, so be sure to purge accordingly"
	echo
	echo "Done - change directory to [${NEWYAKKODIRECTORY}] to start installing your new cluster!"
	cleanup-and-exit 0
fi


# We load BUILD DEFAULTS whether they exist... or not.
#source ${CLUSTERBUILDDEFAULTS} &>/dev/null

# HERE IT ALL BEGINS
# This is the last code group - a cluster config file exists or it doesn't

# if the user passed a parameter, let's capture it here... it could be "infra" or "ops"
YAKKOCALLOPTION=$1

if [[ ( "${YAKKOCALLOPTION}" == infra && "$2" == purgedownloads ) || "${YAKKOCALLOPTION}" == purgedownloads ]]
then
	yakko-infra-operations purgedownloads
fi
	
if [[ ( "${YAKKOCALLOPTION}" == infra && "$2" == listclusters ) || "${YAKKOCALLOPTION}" == listclusters ]]
then
	yakko-infra-operations listclusters
fi

if [ ! -r "${CLUSTERCONFIGFILE}" ]
then
	# We check if the user is already messing with another cluster
	if [ -v KUBECONFIG ]
	then
		echo "There is no cluster configured but KUBECONFIG is already set." 
		echo "To run up a new cluster, first 'unset KUBECONFIG'"
		echo
		echo "For further usage, type 'yakko usage'"
		cleanup-and-exit 1
	fi

	# Make sure you don't launch it twice
	check-if-yakko-running

	# We check if there are any other clusters running?
	check-if-another-yakko-cluster-running

	print-in-colour white "THERE IS CURRENTLY NO CLUSTER BUILT"
	if [ -n "${YAKKOCALLOPTION}" ] 
	then
		print-in-colour ${YAKKOTEXTCOLOUR} ${SEPARATIONLINE}
		echo

		if [ "${YAKKOCALLOPTION}" == "rebuildcluster" ] 
		then
			#rebuildcluster
			if [ -f "${LASTBUILDCONFIG}" ]
			then
				YAKKOBUILDTEMPLATETYPE=1
				YAKKOTEMPLATE=$LASTBUILDCONFIG
			else
				echo
				echo "You can't rebuild a prior cluster config since there is no known configuration stored"
				cleanup-and-exit 1
			fi
		elif [ "${YAKKOCALLOPTION}" == "buildclusterfromtemplate" ]
		then
			#buildclusterfromtemplate
			YAKKOBUILDTEMPLATETYPE=2
			shift
			YAKKOTEMPLATE=$1 # It's $2 at this point - a number signifies all defauls and build number of Masters
			if [ -z "$YAKKOTEMPLATE" ]
			then
				print-in-colour ${YAKKOTEXTCOLOUR} "USAGE: yakko buildclusterfromtemplate <filename or URL>"
				echo
				echo "Pass a filename or a URL as a parameter to automatically build a cluster."
				echo
				echo "The file format is based on the same content at what ${YAKKONAME} creates when"
				echo "building a cluster - it is left behind as ${LASTBUILDCONFIG}"
				echo
				echo "A small library of templates (use the URL for raw!) is available at:"
				echo "https://github.com/ozchamo/yakko-build-templates"
				echo
				echo "At a BARE minimum, YAKKO requires the node count, so passing two numbers will build"
				echo "a cluster with ALL defaults including the cluster name FQDN as the host name and the"
				echo "host domain or in its absence, \"localdomain\"!"
				
				echo
				ask-user "Do you want to see the complete list of configurable parameters" Y
				if [ $? -eq 0 ]
				then
					echo
					echo "The following is a list of all configurable options that you can assign in a template:"
					echo "-------------------------------------------------------------------"
					print-yakko-defaults
				fi
				cleanup-and-exit 1
			fi
		elif [ "${YAKKOCALLOPTION}" == "buildclusterfromdefaults" ]
		then
			#buildclusterfromdefaults
			YAKKOBUILDTEMPLATETYPE=3
			shift
			if [[ "$1" =~ $NUMBERRE ]] && [[ "$2" =~ $NUMBERRE ]]
			then 
				MASTERNODECOUNT=$1
				if [[ ! ( $MASTERNODECOUNT -eq 1 || $MASTERNODECOUNT -eq 3 ) ]]
				then
					cleanup-and-exit 1 orange "ERROR: 'buildclusterfromdefaults': master node count must be 1 or 3"
				fi
				WORKERNODECOUNT=$2
				if [ $WORKERNODECOUNT -lt 0 -o $WORKERNODECOUNT -gt 5 ]
				then
					cleanup-and-exit 1 orange "ERROR: 'buildclusterfromdefaults': worker node count must be between 0 and 5"
				fi

				CLUSTERNAME="$(hostname 2>/dev/null)"
				if [ -z "$CLUSTERNAME" ]
				then
					CLUSTERNAME="test"
				fi

				CLUSTERDOMAIN=$(hostname -d 2>/dev/null)
				if [ -z "$CLUSTERDOMAIN" ]
				then
					CLUSTERDOMAIN=localdomain
				fi

				echo "You have requested to build a DEFAULT cluster, which is comprised of: "
				echo "- Cluster Name: $CLUSTERNAME.$CLUSTERDOMAIN"
				echo "- # of Masters: $MASTERNODECOUNT"
				echo "- # of Workers: $WORKERNODECOUNT"
				echo 
				ask-user "Do you want to build this cluster" Y
				[ $? -ne 0 ] && cleanup-and-exit 1 "OK, no further action."
			else
				echo "You must call 'buildclusterfromdefaults' with two numbers:"
				echo "the number of masters (1 or 3) and the numer of workers (up to 5)"
				echo
				echo "Example: yakko buildclusterfromdefaults 3 2"
				cleanup-and-exit 1
			fi
		else
			echo "No cluster is configured. To begin, choose from the options below: "
			echo
			print-yakko-nocluster-menu
			cleanup-and-exit 0
		fi
	fi
	
	echo "${TESTEDPLATFORMS}" | grep "${YAKKOHOSTPLATFORM}" &>/dev/null
	if [ $? -ne 0 ]
	then
		echo "NOTE: This system is using [${YAKKOHOSTPLATFORM}], which has not been tested."
		echo "      This version of ${YAKKONAME} has only been tested against ${TESTEDPLATFORMS}"
	fi

	process-stage-gatherclusterconfiguration progress
	yakko-process-stages progress

else
	# We know we are root, but are we logged in as the administrator into the OpenShift cluster
	if [ -z "${KUBECONFIG}" ]
	then
		NOTSETKUBECONFIG=0
	fi

	source ${CLUSTERBUILDDEFAULTS}
	source ${CLUSTERCONFIGFILE} # Load config variables that this script accumulates

	# Emergency checks after loading CLUSTERCONFIGFILE
	# To curb strange behaviours seen before
	if [ -z "${CLUSTERNAME}" ]
	then
		echo "ERROR: Reading cluster configuration file, CLUSTERNAME is empty!"
		if [ -z "${CLUSTERCOMPLETE}" ]
		then
			echo "       Since there is no cluster, you should start this build from scratch."
		fi
		echo "       Exiting."
		cleanup-and-exit 1
	fi

	# Check the cluster yakko version vs the script yakko version
	# Check if we have notified this already...

	echo ${NOTICEYAKKOVERSION} | grep ${YAKKOVERSION} &>/dev/null
	if [ $? -ne 0 ] # We haven't notified that this version is different to the build
	then
		if [ "$(echo $BUILTWITHYAKKOVERSION | cut -f1 -d.)" != "$(echo $YAKKOVERSION | cut -f1 -d.)" ]
		then
			echo
			print-in-colour red "ALERT: This cluster was built using ${YAKKONAME} version $BUILTWITHYAKKOVERSION."
			print-in-colour red "       You are using a different ${YAKKONAME} version - $YAKKOVERSION."
			echo
			print-in-colour red "       VERSION 8 is not backwards compatible! DO NOT USE ON OLD YAKKO CLUSTERS!"
			echo
			echo                "       This message will not be repeated for this version"
			echo
			echo "VISIT: https://github.com/ozchamo/YAKKO"
			echo 
			wait-for-any-key '<Press any key to continue>'
			echo
			NOTICEYAKKOVERSION="\"${NOTICEYAKKOVERSION} ${YAKKOVERSION}\""
			sed -i "s/NOTICEYAKKOVERSION=.*/NOTICEYAKKOVERSION=${NOTICEYAKKOVERSION}/" ${CLUSTERCONFIGFILE}
			echo
		fi
	fi

	# OK - the user wants to complete back out
	if [ "${YAKKOCALLOPTION}" == infra -a "$2" == deletecluster ]
	then
		yakko-infra-operations deletecluster $3
	fi

	if [ "${YAKKOCALLOPTION}" == deletecluster  ]
	then
		yakko-infra-operations deletecluster $2
	fi

	if [ "${YAKKOCALLOPTION}" == buildclusterfromtemplate -o "${YAKKOCALLOPTION}" == rebuildcluster  ]
	then
		echo "You cannot build a new cluster before deleting the current one!"
		cleanup-and-exit 1
	fi

	# We check if there are any other clusters running?
	check-if-another-yakko-cluster-running

	# $CLUSTERCOMPLETE is defined if THERE IS a cluster configured
	if [ -n "${CLUSTERCOMPLETE}" ] 
	then
		export KUBECONFIG=${CLUSTERSETUPDIR}/auth/kubeconfig
		if [ $# -eq 0 ] # parameters go here when there is a cluster - see above and (backup: for developers)
		then
			check-cluster-power exit
			get-yakko-host-ip notifychange && {
				update-services refresh
				#sleep 30
				print-yakko-header # This to refresh the above update-services call
			}
			check-cluster-state  # yakko is called on an existing cluster - report on it!
			cleanup-and-exit 0
		fi

		if [[ ( "${YAKKOCALLOPTION}" == infra &&  "$2" == startcluster ) || "${YAKKOCALLOPTION}" == startcluster ]]
		then	
			[ "${YAKKOCALLOPTION}" == infra ] && shift
			shift
			yakko-infra-operations startcluster $*
		fi

		if [[ ( "${YAKKOCALLOPTION}" == infra &&  "$2" == stopcluster ) || "${YAKKOCALLOPTION}" == stopcluster ]]
		then	
			[ "${YAKKOCALLOPTION}" == infra ] && shift
			shift
			yakko-infra-operations stopcluster $*
		fi

		if [ "$YAKKOCALLOPTION" == "infra" ]
		then
			shift # we get rid of "infra"
			yakko-infra-operations $* # always exits
		fi

		if [ "$YAKKOCALLOPTION" == "ops" ]
		then
			shift # we get rid of "ops"
			yakko-ops-operations $* # always exits
		fi

		echo "ERROR: Invalid argument passed [$YAKKOCALLOPTION]. "
		echo
		echo "USAGE: $YAKKOSCRIPTNAME [ops <OPTION> [params] | infra <OPTION> [params]]"
		echo 

		cleanup-and-exit 1
	else
		# This cluster is NOT OPERATIONAL - it's not technically a cluster at this point

		if [[ ( "${YAKKOCALLOPTION}" == infra &&  "$2" == sshtonode ) || "${YAKKOCALLOPTION}" == installcomplete ]]
		then
			# Something may be going wrong so we allow a pass at this stage
			yakko-infra-operations sshtonode
		fi

		check-if-yakko-running

		if [[ ( "${YAKKOCALLOPTION}" == infra &&  "$2" == installcomplete ) || "${YAKKOCALLOPTION}" == installcomplete ]]
		then	
			yakko-infra-operations installcomplete
		fi

		echo "There is no fully configured/operational OpenShift cluster."
		echo "You can mark this cluster's intall as COMPLETED with: 'yakko infra installcomplete'"
		if [ -n "${YAKKOCALLOPTION}" ]
		then
			cleanup-and-exit 1 orange "You cannot call 'yakko' with any other options while configuring a cluster" 
		fi
		echo

		ask-user "Continue configuring cluster [${CLUSTERFQDN}]" "Y" noauto
		if [ $? -eq 0 ]
		then
			process-stage-continue-clusterconfiguration progress
			yakko-process-stages progress
		else
			# Since there is no cluster, offer to delete
			ask-user "Delete existing configuration progress for [${CLUSTERFQDN}]" "Y" noauto
			if [ $? -eq 0 ]
			then
				# In case there is any doubt, this clears, it - all must go!
				DELETECLUSTERNAME=${CLUSTERFQDN}
				yakko-process-stages rollback
			else
				cleanup-and-exit 0
			fi
		fi
	fi
fi

####################################################################################
#####################                 YAKKO END!             #######################
####################################################################################