- hosts: "review:!disabled"
  name: "Configure gerrit"
  roles:
    - iptables
    - install-docker
    - gerrit

# NOTE(ianw) 2021-03-30 : This is just temporary to facilitate bulk
# data transfer of data between the old and new server.
- hosts: "review01.openstack.org"
  name: Setup remote gerrit
  tasks:
    - name: Install rrsync
      shell:
        cmd: |
            mkdir /home/gerrit2/bin/
            gunzip /usr/share/doc/rsync/scripts/rrsync.gz -c > /home/gerrit2/bin/rrsync
            chmod a+x /home/gerrit2/bin/rrsync
        creates: '/home/gerrit2/bin/rrsync'

    - name: Install review02.opendev.org copying key
      authorized_key:
        user: gerrit2
        state: present
        key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVuhTMAz1H2Jr9AC3py9A0vlNna6Sdt4yrvZOayxukPqQ7GPZd+Mo7MVyypxLD479N2mA09JAdsbq1eTiPP8ksEkB+dNxZzw8mY1653R/IXSW6J9xPcoDa88HF2s/xHN24IWzgiDjNNe79AQ+sKleByEQZ++xXny3MRpy258hKUvAtjjOLOnM1PBs8JNOzBL+UPgWRgSX6GG0qywJZqjD1Qx5kvH9RTRLi+tcMhEi4laN7BYvn4csY0sYzTzPG4ZTu3ootIJoRlQGtQ0LmoFO1vSwyEJUags6/ZZGjgy3jl3kwcU/b8ZnFlF4MDw1OB1QqMb4r6bMHbXNIupp4zJbz'
        key_options: 'command="/home/gerrit2/bin/rrsync -ro /home/gerrit2",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty'

# NOTE(ianw) 2021-04-09 This is a workaround for RA leaks seen in
# vexxhost which is currently unresolved. This pins the ipv6 config
# and ensures we don't listen to RA's.  See:
#  http://lists.opendev.org/pipermail/service-discuss/2021-April/000200.html
#  https://launchpad.net/bugs/1844712
- hosts: "review02.opendev.org"
  tasks:
    - name: Install RA rejection
      copy:
        dest: '/etc/netplan/50-cloud-init.yaml'
        owner: 'root'
        group: 'root'
        mode: '0644'
        content: |
          network:
            version: 2
            ethernets:
              ens3:
                dhcp4: true
                dhcp6: false
                accept-ra: false
                addresses:
                  - '2604:e100:1:0:f816:3eff:fe52:22de/64'
                routes:
                  - to: '::/0'
                    via: 'fe80::ce2d:e0ff:fe0f:74af'
                    metric: 100
                  - to: '::/0'
                    via: 'fe80::ce2d:e0ff:fe5a:d84e'
                    metric: 100
                match:
                    macaddress: fa:16:3e:52:22:de
                mtu: 1500
                set-name: ens3