---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Download tempest image
  get_url:
    url: "{{ tempest_img_url }}"
    dest: "/var/tmp/{{ tempest_img_url | basename }}"
  when: tempest_service_available_glance | bool

- name: Ensure tempest image
  os_image:
    cloud: default
    endpoint_type: internal
    validate_certs: "{{ keystone_service_internaluri_insecure | ternary(false, true) }}"
    name: "{{ tempest_img_name }}"
    filename: "/var/tmp/{{ tempest_img_url | basename }}"
    container_format: bare
    disk_format: "{{ tempest_img_disk_format }}"
    is_public: True
  register: tempest_image_create
  until: tempest_image_create | success
  retries: 5
  delay: 15
  when: tempest_service_available_glance | bool

# This fact is used in tempest.conf.j2; we set an empty string if it doesn't get
# set above to ensure the template will parse correctly.
- name: Store tempest image id
  set_fact:
    tempest_glance_image_id: "{{ tempest_service_available_glance | ternary(tempest_image_create.id, '') }}"

- name: Ensure alt tempest image
  os_image:
    cloud: default
    endpoint_type: internal
    validate_certs: "{{ keystone_service_internaluri_insecure | ternary(false, true) }}"
    name: "{{ tempest_img_name }}_alt"
    filename: "/var/tmp/{{ tempest_img_url | basename }}"
    container_format: bare
    disk_format: "{{ tempest_img_disk_format }}"
    is_public: True
  register: tempest_image_alt_create
  when: tempest_service_available_glance | bool

# This fact is used in tempest.conf.j2; we set an empty string if it doesn't get
# set above to ensure the template will parse correctly.
- name: Store alt tempest image id
  set_fact:
    tempest_glance_image_alt_id: "{{ tempest_service_available_glance | ternary(tempest_image_alt_create.id, '') }}"

- name: Ensure tempest tenants
  keystone:
    command: ensure_tenant
    tenant_name: "{{ item }}"
    description: "{{ item }} Tenant"
    endpoint: "{{ keystone_service_adminurl }}"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
  register: add_service
  until: add_service|success
  retries: 5
  delay: 10
  with_items:
    - demo
    - alt_demo

- name: Ensure tempest users
  keystone:
    command: ensure_user
    tenant_name: "{{ item }}"
    user_name: "{{ item }}"
    password: "{{ item }}"
    description: "{{ item }} User"
    endpoint: "{{ keystone_service_adminurl }}"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
  register: add_service
  until: add_service|success
  retries: 5
  delay: 10
  with_items:
    - demo
    - alt_demo

- name: Ensure tempest users have heat_stack_owner role
  keystone:
    command: ensure_user_role
    tenant_name: "{{ item }}"
    user_name: "{{ item }}"
    role_name: heat_stack_owner
    endpoint: "{{ keystone_service_adminurl }}"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
  register: add_service
  until: add_service|success
  retries: 5
  delay: 10
  when: tempest_service_available_heat | bool
  with_items:
    - demo
    - alt_demo

- name: Ensure reseller_admin role
  keystone:
    command: ensure_role
    endpoint: "{{ keystone_service_adminurl }}"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    role_name: "reseller_admin"
    insecure: "{{ keystone_service_adminuri_insecure }}"
  register: add_service
  until: add_service|success
  retries: 5
  delay: 10

- name: Ensure remote_image role exists
  keystone:
    command: ensure_role
    role_name: remote_image
    endpoint: "{{ keystone_service_adminurl }}"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
  register: add_service
  until: add_service|success
  retries: 5
  delay: 10

- name: Get demo tenant id
  keystone:
    command: get_tenant
    tenant_name: demo
    endpoint: "{{ keystone_service_adminurl }}"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
  register: add_service
  until: add_service|success
  retries: 5
  delay: 10

- name: Store demo tenant id
  set_fact:
    keystone_demo_tenant_id: "{{ keystone_facts.id }}"

- name: Ensure private network exists
  neutron:
    command: create_network
    openrc_path: /root/openrc
    net_name: "{{ tempest_private_net_name }}"
    provider_network_type: "{{ tempest_private_net_provider_type }}"
    provider_segmentation_id: "{{ tempest_private_net_seg_id | default(omit) }}"
    tenant_id: "{{ keystone_demo_tenant_id }}"
    insecure: "{{ keystone_service_internaluri_insecure }}"
  when: tempest_service_available_neutron | bool

- name: Store neutron private network id
  set_fact:
    tempest_neutron_private_network_id: "{{ neutron_networks.private.id }}"
  when: tempest_service_available_neutron | bool

- name: Ensure public network exists
  neutron:
    command: create_network
    openrc_path: /root/openrc
    net_name: "{{ tempest_public_net_name }}"
    provider_network_type: "{{ tempest_public_net_provider_type }}"
    provider_physical_network: "{{ tempest_public_net_physical_type | default(omit) }}"
    provider_segmentation_id: "{{ tempest_public_net_seg_id | default(omit) }}"
    router_external: "{{ tempest_public_router_external }}"
    tenant_id: "{{ keystone_demo_tenant_id }}"
    insecure: "{{ keystone_service_internaluri_insecure }}"
  when: tempest_service_available_neutron | bool

- name: Store neutron public network id
  set_fact:
    tempest_neutron_public_network_id: "{{ neutron_networks.public.id }}"
  when: tempest_service_available_neutron | bool

# This fact is used in tempest.conf.j2; we set an empty string if it doesn't get
# set above to ensure the template will parse correctly.
- name: Store empty tempest_neutron_public_network_id fact
  set_fact:
    tempest_neutron_public_network_id: ''
  when: not tempest_service_available_neutron | bool

- name: Ensure private subnet exists
  os_subnet:
    cloud: default
    endpoint_type: internal
    validate_certs: "{{ keystone_service_internaluri_insecure | ternary(false, true) }}"
    network_name: "{{ tempest_private_net_name }}"
    name: "{{ tempest_private_subnet_name }}"
    cidr: "{{ tempest_private_subnet_cidr }}"
    project: "{{ keystone_demo_tenant_id }}"
  when: tempest_service_available_neutron | bool

- name: Ensure public subnet exists
  os_subnet:
    cloud: default
    endpoint_type: internal
    validate_certs: "{{ keystone_service_internaluri_insecure | ternary(false, true) }}"
    network_name: "{{ tempest_public_net_name }}"
    name: "{{ tempest_public_subnet_name }}"
    cidr: "{{ tempest_public_subnet_cidr }}"
    allocation_pool_start: "{{ tempest_public_subnet_allocation_pools.split('-')[0] | default(omit) }}"
    allocation_pool_end: "{{ tempest_public_subnet_allocation_pools.split('-')[1] | default(omit) }}"
  when: tempest_service_available_neutron | bool

- name: Create router
  os_router:
    cloud: default
    endpoint_type: internal
    validate_certs: "{{ keystone_service_internaluri_insecure | ternary(false, true) }}"
    name: router
    network: public
    interfaces:
      - "{{ tempest_private_subnet_name }}"
    project: "{{ keystone_demo_tenant_id }}"
  when: tempest_service_available_neutron | bool

- name: Create tempest flavors
  os_nova_flavor:
    cloud: default
    endpoint_type: internal
    validate_certs: "{{ keystone_service_internaluri_insecure | ternary(false, true) }}"
    name: "{{ item.name }}"
    flavorid: "{{ item.id }}"
    ram: "{{ item.ram }}"
    disk: "{{ item.disk }}"
    vcpus: "{{ item.vcpus }}"
  with_items: "{{ tempest_flavors }}"
  when: tempest_service_available_nova | bool