---
- import_tasks: register.yml
  when: ironic_enable_keystone_integration | bool

- import_tasks: config-host.yml

- import_tasks: config.yml

- import_tasks: check-containers.yml

- include_tasks: clone.yml
  when: ironic_dev_mode | bool

- import_tasks: bootstrap.yml

- name: Flush handlers
  meta: flush_handlers

# NOTE(mgoddard): If inspector was previously configured to use the iptables
# PXE filter, it may leave rules in place that block inspection. Clean them up.
# The iptables Ansible module is not idempotent - it fails if the chain does
# not exist, so use a command instead.
- name: Flush and delete ironic-inspector iptables chain
  become: true
  command: iptables --{{ item }} ironic-inspector
  register: ironic_inspector_chain
  with_items:
    - flush
    - delete-chain
  when: ironic_inspector_pxe_filter != 'iptables'
  changed_when: ironic_inspector_chain.rc == 0
  failed_when:
    - ironic_inspector_chain.rc != 0
    - "'No chain/target/match by that name' not in ironic_inspector_chain.stderr"