##############################################################################
# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
#
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
---
# install all packages
- name: install keystone packages
  shell: apt-get install -y python-pip unzip

# download master.zip
- name: get image http server
  shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
  register: http_server

- name: download keystone-moon packages
  get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/moon/master.zip"  dest=/tmp/master.zip mode=0444

- name: extract keystone-moon packages
  unarchive: src=/tmp/master.zip dest=/tmp copy=no

# install all dependencies
- name: copy scripts
  copy:  src=get_deb_depends.py dest=/tmp/get_deb_depends.py

- name: install keystone-moon dependencies
  shell: "apt-get install `python /tmp/get_deb_depends.py /tmp/moon-bin-master/*.deb`"
  when: ansible_os_family == "Debian"

- name: delete configuration file
  shell: >
    rm -f {{ apache_config_dir }}/sites-enabled/wsgi-keystone.conf;
    rm -f {{ apache_config_dir }}/sites-available/wsgi-keystone.conf;

# install keystone moon
- name: copy scripts
  copy:  src=deb.conf dest=/tmp/deb.conf

- name: install keystone moon
  shell: >
    export DEBIAN_FRONTEND="noninteractive";
    sudo -E dpkg -i /tmp/moon-bin-master/*moon*.deb;

#- name: install keystone moon
#  shell: >
#    export DEBIAN_FRONTEND="noninteractive";
#    sudo -E debconf-set-selections python-keystone < /tmp/deb.conf;
#    sudo -E dpkg -i /tmp/moon-bin-master/*moon*.deb;

- name: stop keystone task
  shell: >
    service keystone stop;
    mv /etc/init.d/keystone /home/;
    mv /etc/init/keystone.conf /home/;
    mv /lib/systemd/system/keystone.service /home/;

# config keystone and apache2
- name: delete sqlite database
  file:
    path: /var/lib/keystone/keystone.db
    state: absent

#- name: update keystone conf
#  template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes


#- name: assure listen port exist
#  lineinfile:
#    dest: '{{ apache_config_dir }}/ports.conf'
#    regexp: '{{ item.regexp }}'
#    line: '{{ item.line}}'
#  with_items:
#    - regexp: "^Listen {{ internal_ip }}:5000"
#      line: "Listen {{ internal_ip }}:5000"
#    - regexp: "^Listen {{ internal_ip }}:35357"
#      line: "Listen {{ internal_ip }}:35357"

- name: update apache2 configs
  template:
    src: wsgi-keystone.conf.j2
    dest: '{{ apache_config_dir }}/sites-available/wsgi-keystone.conf'
  when: ansible_os_family == 'Debian'

- name: enable keystone server
  file:
    src: "{{ apache_config_dir }}/sites-available/wsgi-keystone.conf"
    dest: "{{ apache_config_dir }}/sites-enabled/wsgi-keystone.conf"
    state: "link"
  when: ansible_os_family == 'Debian'

#- name: keystone source files
#  template: src={{ item }} dest=/opt/{{ item }}
#  with_items:
#    - admin-openrc.sh
#    - demo-openrc.sh

# keystone paste ini
- name: keystone paste ini 1
  shell: sudo cp /etc/keystone/keystone-paste.ini /etc/keystone/keystone-paste.ini.bak;

- name: keystone paste ini 2
  shell: sudo sed "3i[pipeline:moon_pipeline]\npipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension moon_service\n\n[app:moon_service]\nuse = egg:keystone#moon_service\n" /etc/keystone/keystone-paste.ini > /tmp/keystone-paste.ini;

- name: keystone paste ini 3
  shell: sudo cp /tmp/keystone-paste.ini /etc/keystone/keystone-paste.ini;

- name: keystone paste ini 4
  shell: sudo sed "s/use = egg:Paste#urlmap/use = egg:Paste#urlmap\n\/moon = moon_pipeline/" /etc/keystone/keystone-paste.ini > /tmp/keystone-paste.ini;

- name: keystone paste ini 5
  shell: sudo cp /tmp/keystone-paste.ini /etc/keystone/keystone-paste.ini;

# moon log
- name: moon log
  shell: >
    sudo mkdir /var/log/moon/;
    sudo chown keystone /var/log/moon/;
    sudo addgroup moonlog;
    sudo chgrp moonlog /var/log/moon/;
    sudo touch /var/log/moon/keystonemiddleware.log;
    sudo touch /var/log/moon/system.log;
    sudo chgrp moonlog /var/log/moon/keystonemiddleware.log;
    sudo chgrp moonlog /var/log/moon/system.log;
    sudo chmod g+rw /var/log/moon;
    sudo chmod g+rw /var/log/moon/keystonemiddleware.log;
    sudo chmod g+rw /var/log/moon/system.log;
    sudo adduser keystone moonlog;
    # sudo adduser swift moonlog;
    sudo adduser nova moonlog;


# keystone db sync
- name: keystone db sync
  shell: >
    sudo /usr/bin/keystone-manage db_sync;
    sudo /usr/bin/keystone-manage db_sync --extension moon;
  when: inventory_hostname == haproxy_hosts.keys()[0]


#############################################
- name: wait for keystone ready
  wait_for: port=35357 delay=3 timeout=10 host={{ internal_ip }}

#- name: cron job to purge expired tokens hourly
#  cron:
#    name: 'purge expired tokens'
#    special_time: hourly
#    job: '/usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1'

#############################################
# moon workaround
- name: copy scripts
  copy:  src=controllers.py dest=/usr/lib/python2.7/dist-packages/keystone/contrib/moon/controllers.py

# apache2 restart
- name: restart apache2
  service: name={{ item }} state=restarted enabled=yes
  with_items: services | union(services_noarch)

# install moonclient
- name: install moon client
  shell: sudo pip install /tmp/moon-bin-master/python-moonclient-0.1.tar.gz

###################################################


#- name: add tenants
#  keystone_user:
#    token: "{{ ADMIN_TOKEN }}"
#    endpoint: "http://{{ internal_ip }}:35357/v2.0"
#    tenant: "{{ item.tenant }}"
#    tenant_description: "{{ item.tenant_description }}"
#  with_items: "{{ os_users }}"
#  when: inventory_hostname == groups['controller'][0]
#
#- name: add users
#  keystone_user:
#    token: "{{ ADMIN_TOKEN }}"
#    endpoint: "http://{{ internal_ip }}:35357/v2.0"
#    user: "{{ item.user }}"
#    tenant: "{{ item.tenant }}"
#    password: "{{ item.password }}"
#    email: "{{ item.email }}"
#  with_items: "{{ os_users }}"
#  when: inventory_hostname == groups['controller'][0]
#
#- name: grant roles
#  keystone_user:
#    token: "{{ ADMIN_TOKEN }}"
#    endpoint: "http://{{ internal_ip }}:35357/v2.0"
#    user: "{{ item.user }}"
#    role: "{{ item.role }}"
#    tenant: "{{ item.tenant }}"
#  with_items: "{{ os_users }}"
#  when: inventory_hostname == groups['controller'][0]
#
#- name: add endpoints
#  keystone_service:
#    token: "{{ ADMIN_TOKEN }}"
#    endpoint: "http://{{ internal_ip }}:35357/v2.0"
#    name: "{{ item.name }}"
#    type: "{{ item.type }}"
#    region: "{{ item.region}}"
#    description: "{{ item.description }}"
#    publicurl: "{{ item.publicurl }}"
#    internalurl: "{{ item.internalurl }}"
#    adminurl: "{{ item.adminurl }}"
#  with_items: "{{ os_services }}"
#  when: inventory_hostname == groups['controller'][0]


###################################################

- name: update api-paste.ini
  template: src=api-paste.ini dest=/etc/nova/api-paste.ini backup=yes

#- name: update proxy-server conf
#  template: src=proxy-server.conf dest=/etc/swift/proxy-server.conf backup=yes

# restart nova
- name: restart nova
  service: name={{ item }} state=restarted enabled=yes
  with_items:
    - nova-api
    - nova-cert
    - nova-conductor
    - nova-consoleauth
    - nova-scheduler

# restart swift
#- name: restart swift
#  service: name={{ item }} state=restarted enabled=yes
#  with_items:
#    - swift-proxy
#    - memcached