---
# Copyright kubeinit contributors
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: Deploy the cluster bootstrap and any other extra nodes requested
  ansible.builtin.include_role:
    name: kubeinit.kubeinit.kubeinit_libvirt
    tasks_from: deploy_{{ hostvars[kubeinit_deployment_node_name].os }}_guest.yml
    public: yes
  loop: "{{ groups['all_extra_nodes'] }}"
  loop_control:
    loop_var: kubeinit_deployment_node_name
  vars:
    kubeinit_deployment_delegate: "{{ hostvars[kubeinit_deployment_node_name].target }}"
    kubeinit_ignition_name: "{{ 'bootstrap' if kubeinit_deployment_node_name == 'bootstrap' else omit }}"
    kubeinit_coreos_initrd: "{{ kubeinit_openshift_coreos_initrd if kubeinit_deployment_node_name == 'bootstrap' else omit }}"
    kubeinit_coreos_raw: "{{ kubeinit_openshift_coreos_raw if kubeinit_deployment_node_name == 'bootstrap' else omit }}"
    kubeinit_coreos_rootfs: "{{ kubeinit_openshift_coreos_rootfs if kubeinit_deployment_node_name == 'bootstrap' else omit }}"

- name: Deploy the cluster controller nodes
  ansible.builtin.include_role:
    name: kubeinit.kubeinit.kubeinit_libvirt
    tasks_from: deploy_coreos_guest.yml
    public: yes
  loop: "{{ groups['all_controller_nodes'] }}"
  loop_control:
    loop_var: kubeinit_deployment_node_name
  vars:
    kubeinit_deployment_delegate: "{{ hostvars[kubeinit_deployment_node_name].target }}"
    kubeinit_ignition_name: master
    kubeinit_coreos_initrd: "{{ kubeinit_openshift_coreos_initrd }}"
    kubeinit_coreos_raw: "{{ kubeinit_openshift_coreos_raw }}"
    kubeinit_coreos_rootfs: "{{ kubeinit_openshift_coreos_rootfs }}"

- name: Verify that controller nodes are ok
  ansible.builtin.shell: |
    set -o pipefail
    export KUBECONFIG=~/install_dir/auth/kubeconfig; \
    oc get nodes | grep master | grep " Ready"
  args:
    executable: /bin/bash
  register: _result
  changed_when: "_result.rc == 0"
  retries: 60
  delay: 60
  delegate_to: "{{ kubeinit_provision_service_node }}"
  until: _result.stdout_lines | default([]) | list | length == kubeinit_controller_count|int

- name: Use single node cluster
  ansible.builtin.shell: |
    set -o pipefail
    export KUBECONFIG=~/install_dir/auth/kubeconfig
    oc get nodes
    oc patch etcd cluster -p='{"spec": {"unsupportedConfigOverrides": {"useUnsupportedUnsafeNonHANonProductionUnstableEtcd": true }}}' --type=merge
    oc patch authentications.operator.openshift.io cluster -p='{"spec": {"unsupportedConfigOverrides": {"useUnsupportedUnsafeNonHANonProductionUnstableOAuthServer": true }}}' --type=merge
  args:
    executable: /bin/bash
  register: _result
  changed_when: "_result.rc == 0"
  delegate_to: "{{ kubeinit_provision_service_node }}"
  when: kubeinit_controller_count|int == 1

# This can take a lot of time until the cluster converges
- name: Wait for bootstrap to complete
  ansible.builtin.shell: |
    openshift-install gather --dir install_dir bootstrap --bootstrap {{ hostvars[groups['all_extra_nodes'][0]].ansible_host }} \
        {% for node in groups['all_controller_nodes'] %}{% raw %} --master {% endraw %}{{ hostvars[node].ansible_host }}{% endfor %}

    openshift-install --dir=install_dir/ wait-for bootstrap-complete --log-level info
  args:
    executable: /bin/bash
  register: _result
  changed_when: "_result.rc == 0"
  retries: 5
  delay: 20
  delegate_to: "{{ kubeinit_provision_service_node }}"
  until: _result.rc == 0

- name: Remove bootstrap node from haproxy config
  ansible.builtin.command: |
    podman --remote --connection {{ hostvars[kubeinit_haproxy_service_node].target }} exec {{ kubeinit_haproxy_service_name }} sed -i '/bootstrap/s/^/#/' /usr/local/etc/haproxy/haproxy.cfg
  register: _result
  changed_when: "_result.rc == 0"
  delegate_to: localhost

- name: Restart haproxy container
  ansible.builtin.systemd:
    name: "{{ kubeinit_haproxy_service_name }}"
    state: restarted
    enabled: yes
    scope: user
  delegate_to: "{{ hostvars[kubeinit_haproxy_service_node].target }}"

# To run in the hypervisor where the bootstrap machine is deployed
- name: Remove boostrap node
  block:

    - name: Destroy bootstrap node VM
      community.libvirt.virt:
        name: "{{ hostvars[kubeinit_deployment_node_name].guest_name }}"
        command: destroy

    - name: Undefine bootstrap node VM
      community.libvirt.virt:
        name: "{{ hostvars[kubeinit_deployment_node_name].guest_name }}"
        command: undefine

    - name: Remove bootstrap node VM storage
      ansible.builtin.file:
        state: absent
        path: "{{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}.qcow2"

  vars:
    kubeinit_deployment_node_name: "{{ groups['all_extra_nodes'][0] }}"
  delegate_to: "{{ hostvars[kubeinit_deployment_node_name].target }}"

- name: Deploy the cluster compute nodes
  ansible.builtin.include_role:
    name: kubeinit.kubeinit.kubeinit_libvirt
    tasks_from: deploy_coreos_guest.yml
    public: yes
  loop: "{{ groups['all_compute_nodes'] | default([]) }}"
  loop_control:
    loop_var: kubeinit_deployment_node_name
  vars:
    kubeinit_deployment_delegate: "{{ hostvars[kubeinit_deployment_node_name].target }}"
    kubeinit_ignition_name: worker
    kubeinit_coreos_initrd: "{{ kubeinit_openshift_coreos_initrd }}"
    kubeinit_coreos_raw: "{{ kubeinit_openshift_coreos_raw }}"
    kubeinit_coreos_rootfs: "{{ kubeinit_openshift_coreos_rootfs }}"

- name: Complete the cluster deployment on the provision service node
  block:

    - name: Wait until all nodes are ready
      ansible.builtin.shell: |
        set -o pipefail
        export KUBECONFIG=~/install_dir/auth/kubeconfig; \
        oc get csr -o json | jq -r '.items[] | .metadata.name' | xargs oc adm certificate approve >/dev/null 2>&1; \
        oc get nodes | grep " Ready"
      args:
        executable: /bin/bash
      register: _result
      changed_when: "_result.rc == 0"
      retries: 60
      delay: 60
      until: _result.stdout_lines | default([]) | list | length == kubeinit_cluster_node_count|int

    - name: Copy the kubeconfig
      ansible.builtin.shell: |
        cp ~/install_dir/auth/kubeconfig ~/.kube/config
      args:
        executable: /bin/bash
      register: _result
      changed_when: "_result.rc == 0"

    - name: Install kustomize
      ansible.builtin.shell: |
        curl -sL https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.1.0/kustomize_v5.1.0_linux_amd64.tar.gz > kustomize.tar.gz
        tar xzf ./kustomize.tar.gz
        mv ./kustomize /bin/
      args:
        executable: /bin/bash
      register: _result
      changed_when: "_result.rc == 0"

    - name: Get some final cluster information
      ansible.builtin.shell: |
        set -eo pipefail
        export KUBECONFIG=~/install_dir/auth/kubeconfig
        oc get nodes
      args:
        executable: /bin/bash
      ignore_errors: yes
      register: _result_cluster_info
      changed_when: "_result_cluster_info.rc == 0"

    - name: Display final debug info
      ansible.builtin.debug:
        var: _result_cluster_info

    - name: Print some final data
      vars:
        msg: |
          Get the kubeadmin password from the services machine
            cat ~/install_dir/auth/kubeadmin-password
          The OpenShift UI endpoint is:
            console-openshift-console.apps.{{ kubeinit_cluster_fqdn }}
      ansible.builtin.debug:
        msg: "{{ msg.split('\n') }}"

  vars:
    kubeinit_deployment_node_name: "{{ kubeinit_provision_service_node }}"
  delegate_to: "{{ kubeinit_deployment_node_name }}"