---
# Copyright kubeinit contributors
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: Install and configure cri-o
  block:
    #
    # cri-o repos
    #

    - name: Download cri-o (kubeinit) repos
      ansible.builtin.shell: |
        curl -L -o /etc/yum.repos.d/kubeinit.repo https://download.opensuse.org/repositories/home:/kubeinit/CentOS_9_Stream/home:kubeinit.repo
      args:
        executable: /bin/bash
      register: _result
      changed_when: "_result.rc == 0"

    #
    # cri-o config
    #

    - name: Install the latest version of cri-o
      ansible.builtin.package:
        name: cri-o
        state: present

    - name: Install the latest version of crun
      ansible.builtin.package:
        name: crun
        state: present

    - name: Make sure cri-o binary is reachable and the configuration is correct
      ansible.builtin.shell: |
        yum install -y jq
        # Make sure crio binary is reachable
        ln -s /usr/bin/crio /usr/local/bin/crio
        tmp=$(mktemp)
        crioconf=$(ls /etc/cni/net.d/87-crio-bridge* | xargs realpath)
        jq '.plugins[0].ipam.ranges[0][0].subnet = "{{ kubeinit_k8s_pod_network }}/{{ kubeinit_k8s_pod_subnet_len }}"' "$crioconf" > "$tmp" && mv -f "$tmp" "$crioconf"
        # jq '.type = "flannel"' /etc/cni/net.d/87-crio-bridge.conf > "$tmp" && mv -f "$tmp" /etc/cni/net.d/87-crio-bridge.conf
        # rm -rf /etc/cni/net.d/87-crio-bridge.conf
        # echo '{"name": "crio","type": "flannel"}' > /etc/cni/net.d/10-crio.conf
        cp /etc/crio/crio.conf /etc/crio/crio.conf.backup
        sed -i s/^.*default_runtime\ =\ .*$/default_runtime\ =\ \"crun\"/g /etc/crio/crio.conf

        # There is no example config for crun anymore
        #sed -i "s/^\#\[crio\.runtime\.runtimes\.crun.*\]/[crio.runtime.runtimes.crun]/g" /etc/crio/crio.conf
        cat << EOF >> /etc/crio/crio.conf
        [crio.runtime.runtimes.crun]
        runtime_path = "/usr/bin/crun"
        runtime_type = "oci"
        runtime_root = "/run/crun"
        EOF
      args:
        executable: /bin/bash
      register: _result
      changed_when: "_result.rc == 0"

    - name: Enable/start/status cri-o
      ansible.builtin.shell: |
        systemctl enable crio
        systemctl start crio
        systemctl status crio
      args:
        executable: /bin/bash
      register: _result
      changed_when: "_result.rc == 0"
  when: kubeinit_k8s_container_runtime == "cri-o"

- name: Install and configure containerd
  block:
    - name: Deploy containerd
      ansible.builtin.shell: |
        set -o pipefail
        modprobe overlay
        modprobe br_netfilter
        cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
        overlay
        br_netfilter
        EOF
        cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
        net.bridge.bridge-nf-call-iptables = 1
        net.ipv4.ip_forward = 1
        net.bridge.bridge-nf-call-ip6tables = 1
        EOF
        sysctl --system
        dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
        dnf update
        dnf install -y containerd
        mkdir -p /etc/containerd
        containerd config default | sudo tee /etc/containerd/config.toml
        sed -i "s/SystemdCgroup = false/SystemdCgroup = true/g" /etc/containerd/config.toml
      args:
        executable: /bin/bash
      register: _result
      changed_when: "_result.rc == 0"

    - name: Enable/start/status containerd
      ansible.builtin.shell: |
        systemctl enable containerd
        systemctl start containerd
        systemctl status containerd
      args:
        executable: /bin/bash
      register: _result
      changed_when: "_result.rc == 0"
  when: kubeinit_k8s_container_runtime == "containerd"

#
# kubernetes repos
#

- name: Remove repo before adding it
  ansible.builtin.file:
    path: /etc/yum.repos.d/kubernetes.repo
    state: absent

- name: Creating a repository file for Kubernetes
  ansible.builtin.file:
    path: /etc/yum.repos.d/kubernetes.repo
    state: touch
    mode: '0644'

- name: Adding repository details in Kubernetes repo file.
  ansible.builtin.blockinfile:
    path: /etc/yum.repos.d/kubernetes.repo
    block: |
      [kubernetes]
      name=Kubernetes
      baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch
      enabled=1
      gpgcheck=1
      repo_gpgcheck=1
      gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
      exclude=kubelet kubeadm kubectl

#
# Kubernetes config
#

- name: Install requirements
  ansible.builtin.command: dnf install -y kubelet-{{ kubeinit_k8s_kubernetes_version }}.* kubeadm-{{ kubeinit_k8s_kubernetes_version }}.* kubectl-{{ kubeinit_k8s_kubernetes_version }}.* --disableexcludes=kubernetes
  register: _result
  changed_when: "_result.rc == 0"

- name: Enable kubelet
  ansible.builtin.systemd:
    state: restarted
    name: kubelet
    enabled: yes

#
# Install additional packages
#

- name: Install common requirements
  ansible.builtin.package:
    name: "{{ kubeinit_k8s_common_dependencies }}"
    state: present
  when: kubeinit_k8s_common_dependencies is defined