---
# SPDX-license-identifier: Apache-2.0
##############################################################################
# Copyright (c) 2017 Ericsson AB and others.
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
- hosts: opnfv
  remote_user: root
  vars_files:
    - "{{ xci_path }}/xci/var/opnfv.yml"
    - "{{ xci_path }}/xci/installer/osa/files/openstack_services.yml"

  environment:
    http_proxy: "{{ lookup('env','http_proxy') }}"
    https_proxy: "{{ lookup('env','https_proxy') }}"
    no_proxy: "{{ lookup('env','no_proxy') }}"
    HTTP_PROXY: "{{ lookup('env','http_proxy') }}"
    HTTPS_PROXY: "{{ lookup('env','https_proxy') }}"
    NO_PROXY: "{{ lookup('env','no_proxy') }}"
  pre_tasks:
    - name: Load distribution variables
      include_vars:
        file: "{{ item }}"
      with_items:
        - "{{ xci_path }}/xci/var/{{ ansible_os_family }}.yml"
        - "{{ xci_flavor_ansible_file_path }}/flavor-vars.yml"
    - name: Set facts for remote deployment
      set_fact:
        remote_xci_path: "{{ ansible_env.HOME }}/releng-xci"
        remote_xci_flavor_files: "{{ ansible_env.HOME }}/releng-xci/xci/installer/{{installer_type}}/files/{{ xci_flavor }}"
        remote_xci_playbooks: "{{ ansible_env.HOME }}/releng-xci/xci/playbooks"

  roles:
    - role: bootstrap-host
      configure_network: xci_flavor != 'aio'
    - role: peru.proxy_settings
      proxy_settings_http_proxy: "{{ lookup('env','http_proxy') }}"
      proxy_settings_https_proxy: "{{ lookup('env','https_proxy') }}"
      proxy_settings_ftp_proxy: "{{ lookup('env','ftp_proxy') }}"
      proxy_settings_no_proxy: "{{ lookup('env','no_proxy') }}"

  tasks:
    - name: Configure SSH key for root user
      user:
        name: root
        generate_ssh_key: yes
        ssh_key_bits: 2048
        ssh_key_comment: xci
        ssh_key_type: rsa
        state: present

    - name: Copy releng-xci to remote host
      synchronize:
        src: "{{ xci_path }}/"
        dest: "{{ remote_xci_path }}"
        recursive: yes
        delete: yes

    - name: Re-create OpenStack-Ansible /etc directory
      file:
        path: "{{ openstack_osa_etc_path }}"
        state: "{{ item }}"
      with_items:
        - absent
        - directory

    - name: Remove upstream OpenStack-Ansible files
      file:
        path: "{{ openstack_osa_path }}/playbooks/{{ item }}"
        state: absent
      with_items:
        - inventory
        - setup-openstack.yml

    - name: Copy OpenStack-Ansible configuration files
      command: "/bin/cp -rf {{ item.src }} {{ item.dest }}"
      args:
        creates: "{{ item.dest }}/{{ item.src | basename }}"
      with_items:
        - { src: "{{ openstack_osa_path }}/etc/openstack_deploy/env.d", dest: "{{ openstack_osa_etc_path }}" }
        - { src: "{{ openstack_osa_path }}/etc/openstack_deploy/conf.d", dest: "{{ openstack_osa_etc_path }}" }
        - { src: "{{ openstack_osa_path }}/etc/openstack_deploy/user_secrets.yml", dest: "{{ openstack_osa_etc_path }}" }
        - { src: "{{ remote_xci_flavor_files }}/inventory", dest: "{{ remote_xci_playbooks }}" }
        - { src: "{{ remote_xci_flavor_files }}/openstack_user_config.yml", dest: "{{ openstack_osa_etc_path }}" }
        - { src: "{{ remote_xci_flavor_files }}/user_variables.yml", dest: "{{ openstack_osa_etc_path }}" }
        - { src: "{{ remote_xci_flavor_files }}/ceph.yml", dest: "{{ openstack_osa_etc_path }}/conf.d/", cond: xci_ceph_enabled }
        - { src: "{{ remote_xci_flavor_files }}/user_ceph.yml", dest: "{{ openstack_osa_etc_path }}/user_ceph.yml", cond: xci_ceph_enabled }
        - { src: "{{ remote_xci_flavor_files }}/user_variables_ceph.yml", dest: "{{ openstack_osa_etc_path }}/user_variables_ceph.yml", cond: xci_ceph_enabled }
        - { src: "{{ remote_xci_path }}/xci/installer/osa/files/cinder.yml", dest: "{{ openstack_osa_etc_path }}/env.d" }
        - { src: "{{ remote_xci_path }}/xci/installer/osa/files/user_variables_proxy.yml", dest: "{{ openstack_osa_etc_path }}/user_variables_proxy.yml", cond: "{{ lookup('env', 'http_proxy') != '' }}" }
        - { src: "{{ remote_xci_path }}/xci/installer/osa/files/setup-openstack.yml", dest: "{{ openstack_osa_path }}/playbooks" }
        - { src: "{{ remote_xci_path }}/xci/installer/osa/files/ansible-role-requirements.yml", dest: "{{openstack_osa_path}}/ansible-role-requirements.yml", cond: openstack_osa_version != "master" }
        - { src: "{{ remote_xci_path }}/xci/installer/osa/files/global-requirement-pins.txt", dest: "{{openstack_osa_path}}/global-requirement-pins.txt", cond: openstack_osa_version != "master" }
        - { src: "{{ remote_xci_path }}/xci/installer/osa/files/openstack_services.yml", dest: "{{ openstack_osa_path }}/playbooks/defaults/repo_packages/openstack_services.yml", cond: openstack_osa_version != "master" }
      when: item.cond is not defined or (item.cond is defined and item.cond | bool)
      loop_control:
        label: "{{ item.src }}"

    - name: Configure OpenStack-Ansible components
      lineinfile:
        path: "{{ openstack_osa_etc_path }}/user_variables.yml"
        line: "{{ item.component }}: {{ item.value }}"
        state: present
      with_items:
        - { component: "tempest_install", value: "{{ run_tempest | bool }}" }
        - { component: "tempest_run", value: "{{ run_tempest | bool }}" }
        - { component: "core_openstack", value: "{{ core_openstack_install | bool }}" }

    - name: "Configure http_proxy_env_url"
      lineinfile:
        path: "{{openstack_osa_etc_path}}/user_variables_proxy.yml"
        regexp: "^http_proxy_env_url:.*"
        line: "{{ 'http_proxy_env_url: ' + lookup('env','http_proxy') }}"
      when:
        - lookup('env','http_proxy') != ""

    - include: "{{ xci_path }}/xci/playbooks/bootstrap-scenarios.yml"
    - name: bootstrap ansible on opnfv host
      command: "/bin/bash ./scripts/bootstrap-ansible.sh"
      changed_when: True
      args:
        chdir: "{{openstack_osa_path}}"
    - name: install opnfv pip required packages
      pip:
        name: "{{ item }}"
        state: present
        extra_args: '-c https://raw.githubusercontent.com/openstack/requirements/{{ requirements_git_install_branch }}/upper-constraints.txt'
      with_items:
        - pyyaml
        - python-neutronclient
        - python-openstackclient
    - name: Install ARA callback plugin in OSA virtualenv
      pip:
        name: ara
        state: present
        extra_args: '-c https://raw.githubusercontent.com/openstack/requirements/{{ requirements_git_install_branch }}/upper-constraints.txt'
        executable: '/opt/ansible-runtime/bin/pip'
    - name: Determine ARA callback location
      command: "/opt/ansible-runtime/bin/python -c 'import os,ara; print(os.path.dirname(ara.__file__))'"
      changed_when: False
      register: _ara_install_dir
    - name: Create local Ansible plugins directory
      file:
        path: "{{ ansible_env.HOME }}/.ansible/plugins/callback/ara"
        state: directory
    - name: Configure ARA callback
      file:
        path: "{{ ansible_env.HOME }}/.ansible/plugins/callback/ara/callbacks"
        src: "{{ _ara_install_dir.stdout }}/plugins/callbacks"
        force: yes
        state: link
    - name: generate password token
      command: "python pw-token-gen.py --file {{openstack_osa_etc_path}}/user_secrets.yml"
      args:
        chdir: "{{openstack_osa_path}}/scripts"
      changed_when: True
    - name: check if certificate directory /etc/ssl/certs exists already
      stat: path=/etc/ssl/certs
      register: check_etc_ssl_certs
    - name: create certificate directory /etc/ssl/certs
      file:
        path: "/etc/ssl/certs"
        state: directory
      when: check_etc_ssl_certs.stat.exists == false
    - name: create key directory /etc/ssl/private
      file:
        path: "/etc/ssl/private"
        state: directory
    - name: copy certificate to /etc/ssl/certs
      copy:
        src: "/etc/ssl/certs/xci.crt"
        dest: "/etc/ssl/certs/"
    - name: read remote key from /etc/ssl/private
      set_fact:
        xci_ssl_key: "{{ lookup('pipe', 'sudo cat /etc/ssl/private/xci.key' ) }}"
    - name: copy key to /etc/ssl/private
      copy:
        content: "{{ xci_ssl_key }}"
        dest: "/etc/ssl/private/xci.key"
      become: true
    - name: fetch xci environment
      copy:
        src: "{{ xci_path }}/.cache/xci.env"
        dest: /root/xci.env

    - name: Reload OpenStack-Ansible variables
      include_vars:
        file: "{{ xci_flavor_ansible_file_path }}/user_variables.yml"

    - name: Generate openrc
      include_role:
        name: "openstack-ansible-openstack_openrc"

    - name: add extra insecure flag to generated openrc
      blockinfile:
          dest: "{{ ansible_env.HOME }}/openrc"
          block: |
              export OS_INSECURE=true

    - name: fetch generated openrc
      fetch:
        src: "{{ ansible_env.HOME }}/openrc"
        dest: "{{ xci_path }}/.cache/openrc"
        flat: true

    - name: Determine local user
      become: no
      local_action: command whoami
      changed_when: False
      register: _ansible_user

    - name: Fetch local SSH key
      delegate_to: localhost
      become: no
      slurp:
        src: "/home/{{ _ansible_user.stdout }}/.ssh/id_rsa.pub"
      register: _local_ssh_key

    - name: Configure OPNFV authorized_keys file
      authorized_key:
        exclusive: yes
        user: root
        state: present
        manage_dir: yes
        comment: "{{ _ansible_user.stdout }} key"
        key: "{{ _local_ssh_key['content'] | b64decode }}"