# Copyright (c) 2015 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Include OS-specific packages variables.
  include_vars: "{{ item }}"
  with_first_found:
    - "../defaults/required_defaults_{{ ansible_distribution }}.yml"
    - "../defaults/required_defaults_{{ ansible_os_family }}.yml"
- name: "Update Package Cache"
  apt: update_cache=yes
  when: ansible_os_family == 'Debian'
- name: "Install packages"
  action: "{{ ansible_pkg_mgr }} name={{ item }}"
  with_items: required_packages
# Step required for Ubuntu 14.10
- name: "Install 14.10 packages"
  action: "{{ ansible_pkg_mgr }} name={{ item }}"
  with_items:
    - pxelinux
  when: ansible_distribution_version|version_compare('14.10', '>=') and ansible_distribution == 'Ubuntu'
# NOTE(TheJulia) While we don't necessarilly require /opt/stack any longer
# and it should already be created by the Ansible setup, we will leave this
# here for the time being.
- name: "Ensuring /opt/stack is present"
  file: name=/opt/stack state=directory owner=root group=root
- name: "Ironic Client - Install from source if configured to do so."
  command: pip install --force-reinstall {{ ironicclient_git_folder }}
  when: skip_install is not defined and ((ironicclient_source_install is defined and ironicclient_source_install == true) or ci_testing == true)
- name: "Ironic Client - Install from pip"
  pip: name=python-ironicclient state=present
  when: skip_install is not defined and (ironicclient_source_install is not defined or ironicclient_source_install == false) and (ci_testing == false)
- name: "proliantutils - Install from pip"
  pip: name=proliantutils state=present
  when: skip_install is not defined and testing | bool != true
- name: "UcsSdk - Install from pip"
  pip: name=UcsSdk version=0.8.1.9
  when: skip_install is not defined and testing | bool != true
- name: "Shade - Install from source if configured to do so"
  command: pip install --force-reinstall {{ shade_git_folder }}
  when: skip_install is not defined and ((shade_source_install is defined and shade_source_install == true) or ci_testing == true)
- name: "Shade - Installing patched shade library."
  pip: name=shade state=latest
  when: skip_install is not defined and (shade_source_install is not defined or shade_source_install == false) and (ci_testing == false)
- name: "dib-utils - install from pip"
  pip: name=dib-utils state=present
  when: skip_install is not defined and create_image_via_dib == true
- name: "Include diskimage-builder installation"
  include: dib_install.yml
  when: create_image_via_dib == true
- name: "Starting database service"
  service: name={{ mysql_service_name }} state=started
- name: "Starting rabbitmq-server"
  service: name=rabbitmq-server state=started
- name: "RabbitMQ - Testing if hostname is defined firsts in /etc/hosts"
  command: grep -i "127.0.0.1.*{{ ansible_hostname }}\ localhost" /etc/hosts
  ignore_errors: yes
  register: test_grep_fix_hostname
- name: "RabbitMQ - Fixing /etc/hosts"
  command: sed -i 's/localhost/{{ ansible_hostname }} localhost/' /etc/hosts
  when: test_grep_fix_hostname.rc != 0
- name: "Ensuring guest user is removed from rabbitmq"
  rabbitmq_user: user=guest state=absent force=yes
- name: "Creating Ironic user in RabbitMQ"
  rabbitmq_user: user=ironic password={{ ironic_db_password }} force=yes state=present configure_priv=.* write_priv=.* read_priv=.*
  no_log: true
- name: "MySQL - Creating DB"
  mysql_db: login_user={{ mysql_username }} login_password={{ mysql_password }} name=ironic state=present encoding=utf8
  register: test_created_db
- name: "MySQL - Creating user for Ironic"
  mysql_user: login_user={{ mysql_username }} login_password={{ mysql_password }} name=ironic password={{ ironic_db_password }} priv=ironic.*:ALL state=present
- name: "Install Ironic using pip"
  pip: name={{ ironic_git_folder }} state=latest
  when: skip_install is not defined
- name: "Creating an ironic service group"
  group: name=ironic
- name: "Creating an ironic service user"
  user: name=ironic group=ironic
- name: "Ensure /etc/ironic exists"
  file: name=/etc/ironic state=directory owner=ironic group=ironic mode=0755
- name: "Generate Ironic Configuration"
  include: ironic_config.yml
- name: "Place Ironic IPA Agent PXE configuration file"
  template: src=agent_config.template.j2 dest=/etc/ironic/agent_config.template owner=ironic group=ironic mode=0644
- name: "Copy policy.json to /etc/ironic"
  copy: src="{{ ironic_git_folder }}/etc/ironic/policy.json" dest=/etc/ironic/ owner=ironic group=ironic mode=0644
- name: "Creating Ironic DB Schema"
  command: ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
  when: test_created_db.changed == true
- name: "Upgrading Ironic DB Schema"
  command: ironic-dbsync --config-file /etc/ironic/ironic.conf upgrade
  when: test_created_db.changed == false
- name: "Create libvirt group on RedHat/Centos"
  group: name=libvirt
  when: ansible_os_family == 'RedHat'
# NOTE(TheJulia): Modify the supplied libvirtd config as by default,
# access to libvirt is restricted to the root group via polkit.
- name: "Update libvirt configuration file on RedHat/CentOS so the user"
  lineinfile: dest=/etc/libvirt/libvirtd.conf regexp=^unix_sock_group line='unix_sock_group = "libvirt"'
  when: ansible_os_family == 'RedHat'
- name: "Changing libvirt authentication to none as RedHat/CentOS use polkit by default"
  lineinfile: dest=/etc/libvirt/libvirtd.conf regexp=^auth_unix_rw line='auth_unix_rw = "none"'
  when: ansible_os_family == 'RedHat'
- name: "Changing libvirt socket permissions to be restricted on on RedHat/CentOS"
  lineinfile: dest=/etc/libvirt/libvirtd.conf regexp=^unix_sock_rw_perms line='unix_sock_rw_perms = "0770"'
  when: ansible_os_family == 'RedHat'
- name: "Adding ironic user to virtualization group"
  user: name=ironic group="{{ virt_group }}" append=yes
  when: testing == true
- name: "Creating SSH directory for ironic user"
  local_action: file path=/home/ironic/.ssh owner=ironic group=ironic mode=0700 state=directory
  when: testing == true
- name: "Checking for ironic user SSH key"
  local_action: stat path=/home/ironic/.ssh/id_rsa
  register: test_ironic_pvt_key
- name: "Generating SSH key for ironic user"
  local_action: command ssh-keygen -f /home/ironic/.ssh/id_rsa -N ""
  when: testing == true and test_ironic_pvt_key.stat.exists == false
- name: "Setting ownership on ironic SSH private key"
  local_action: file name=/home/ironic/.ssh/id_rsa owner=ironic group=ironic mode=0600 state=file
  when: testing == true and test_ironic_pvt_key.stat.exists == false
- name: "Setting ownership on ironic SSH public key"
  local_action: file name=/home/ironic/.ssh/id_rsa.pub owner=ironic group=ironic mode=0644 state=file
  when: testing == true and test_ironic_pvt_key.stat.exists == false
- name: "Creating authorized_keys file for ironic user"
  command: cp -p /home/ironic/.ssh/id_rsa.pub /home/ironic/.ssh/authorized_keys
  when: testing == true
- name: "Placing services"
  template: src={{ init_template }} dest={{ init_dest_dir }}{{item.service_name}}{{ init_ext }} owner=root group=root
  with_items:
    - { service_name: 'ironic-api', username: 'ironic', args: '--config-file /etc/ironic/ironic.conf'}
    - { service_name: 'ironic-conductor', username: 'ironic', args: '--config-file /etc/ironic/ironic.conf'}
- name: "Reload systemd configuration"
  command: systemctl daemon-reload
  when: ansible_os_family == 'RedHat'
- name: "Start ironic-conductor"
  service: name=ironic-conductor state=started
- name: "Start ironic-api"
  service: name=ironic-api state=started
- name: "Start ironic-conductor"
  service: name=ironic-conductor state=restarted
- name: "Start ironic-api"
  service: name=ironic-api state=restarted
- name: "Create and populate /tftpboot"
  include: create_tftpboot.yml
- name: "Deploy dnsmasq configuration file"
  template: src=dnsmasq.conf.j2 dest=/etc/dnsmasq.conf
  when: "{{include_dhcp_server|bool}}"
# NOTE(Shrews) When testing, we want to use our custom dnsmasq.conf file,
# not the one supplied by libvirt. And the libvirt started dnsmasq processes
# are not controlled by upstart, so we need to manually kill those.
- name: "Looking for libvirt dnsmasq config"
  stat: path=/etc/dnsmasq.d/libvirt-bin
  register: test_libvirt_dnsmasq
  when: "{{include_dhcp_server|bool}}"
- name: "Disabling libvirt dnsmasq config"
  command: mv /etc/dnsmasq.d/libvirt-bin /etc/dnsmasq.d/libvirt-bin~
  when: "{{include_dhcp_server|bool and test_libvirt_dnsmasq.stat.exists|bool and testing|bool}}"
- name: "Stopping existing libvirt dnsmasq processes"
  command: killall -w dnsmasq
  when: "{{testing|bool and include_dhcp_server|bool}}"
# NOTE(Shrews) We need to enable ip forwarding for the libvirt bridge to
# operate properly with dnsmasq. This should be done before starting dnsmasq.
- name: "Enabling IP forwarding in sysctl"
  sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes state=present reload=yes
  when: testing == true
# NOTE(Shrews) Ubuntu packaging+apparmor issue prevents libvirt from loading
# the ROM from /usr/share/misc.
- name: "Looking for sgabios in {{ sgabios_dir }}"
  stat: path={{ sgabios_dir }}/sgabios.bin
  register: test_sgabios_qemu
- name: "Looking for sgabios in /usr/share/misc"
  stat: path=/usr/share/misc/sgabios.bin
  register: test_sgabios_misc
- name: "Place sgabios.bin"
  command: cp /usr/share/misc/sgabios.bin /usr/share/qemu/sgabios.bin
  when: test_sgabios_qemu == false and test_sgabios_misc == true and testing == true
- name: "Deploying nginx configuration file for serving HTTP requests"
  template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
- name: "Ensuring services are running with current config"
  service: name={{ item }} state=restarted
  with_items:
    - xinetd
    - nginx
- name: "Ensuring dnsmasq is running with current config"
  service: name={{ item }} state=restarted
  with_items:
    - dnsmasq
  when: "{{include_dhcp_server|bool}}"
- name: "Sending services a reload signal"
  service: name={{ item }} state=reloaded
  with_items:
    - xinetd
    - nginx
- name: "Sending services a force-reload signal"
  service: name=dnsmasq state=restarted
  when: "{{include_dhcp_server|bool}}"
- name: "Download Ironic Python Agent CoreOS kernel & image"
  include: download_ipa_coreos.yml
- name: "Download cirros to use for deployment if requested"
  get_url: url={{ cirros_deploy_image_upstream_url }} dest="{{ deploy_image }}"
  when: "{{use_cirros|bool}}"
- name: "Explicitly permit nginx port (TCP) for file downloads from nodes to be provisioned"
  command: iptables -I INPUT -p tcp --dport {{nginx_port}} -i {{network_interface}} -j ACCEPT
- name: "Explicitly permit TCP/6385 for IPA callback"
  command: iptables -I INPUT -p tcp --dport 6385 -i {{network_interface}} -j ACCEPT