---
- hosts: all
  any_errors_fatal: true
  vars:
    logs_dir: "/tmp/logs"
  roles:
    - configure-ephemeral
    - multi-node-firewall
    - role: multi-node-vxlan-overlay
      vars:
        vxlan_interface_name: "{{ api_interface_name }}"
        vxlan_vni: 10000
    - role: multi-node-managed-addressing
      vars:
        managed_interface_name: "{{ api_interface_name }}"
        managed_network_prefix: "{{ api_network_prefix }}"
        managed_network_prefix_length: "{{ api_network_prefix_length }}"
        managed_network_address_family: "{{ address_family }}"
    # NOTE(yoctozepto): no addressing for neutron_external_interface in here
    # because it is enslaved by a bridge
    - role: multi-node-vxlan-overlay
      vars:
        vxlan_interface_name: "{{ neutron_external_vxlan_interface_name }}"
        vxlan_vni: 10001
    - role: bridge
      vars:
        bridge_name: "{{ neutron_external_bridge_name }}"
        bridge_member_name: "{{ neutron_external_vxlan_interface_name }}"
    - role: multi-node-vxlan-overlay
      vars:
        vxlan_interface_name: "{{ external_api_interface_name }}"
        vxlan_vni: 10002
      when: external_api_interface_name is defined
    - role: multi-node-managed-addressing
      vars:
        managed_interface_name: "{{ external_api_interface_name }}"
        managed_network_prefix: "{{ external_api_network_prefix }}"
        managed_network_prefix_length: "{{ external_api_network_prefix_length }}"
        managed_network_address_family: "{{ address_family }}"
      when: external_api_interface_name is defined
    # TODO(mnasiadka): Update ipv6 jobs to test ipv6 in Neutron
    - role: multi-node-managed-addressing
      vars:
        managed_interface_name: "{{ neutron_external_bridge_name }}"
        managed_network_prefix: "{{ neutron_external_network_prefix }}"
        managed_network_prefix_length: "{{ neutron_external_network_prefix_length }}"
        managed_network_address_family: "ipv4"
    - role: veth
      vars:
        veth_pair:
          - "veth-{{ neutron_external_bridge_name }}"
          - "veth-{{ neutron_external_bridge_name }}-ext"
        bridge_name: "{{ neutron_external_bridge_name }}"
  tasks:
    # NOTE(yoctozepto): we use gawk to add time to each logged line
    # outside of Ansible (e.g. for init-runonce)
    - name: Install gawk and required Python modules
      become: true
      package:
        name:
          - gawk
          - python3-pip
          - python3-setuptools

    - name: Install lvm on storage scenarios
      become: true
      package:
        name: lvm2
      when: scenario in ['cephadm', 'zun', 'swift']

    - name: Ensure /tmp/logs/ dir
      file:
        path: "{{ logs_dir }}"
        state: "directory"

    - name: Ensure /tmp/logs/pre dir
      file:
        path: "{{ logs_dir }}/pre"
        state: "directory"

    - name: Run diagnostics script
      environment:
        LOG_DIR: "{{ logs_dir }}/pre"
        KOLLA_INTERNAL_VIP_ADDRESS: "{{ kolla_internal_vip_address }}"
        CONTAINER_ENGINE: "{{ container_engine }}"
      script: get_logs.sh
      register: get_logs_result
      become: true
      failed_when: false

    - name: Print get_logs output
      debug:
        msg: "{{ get_logs_result.stdout }}"

    - name: Ensure node directories
      file:
        path: "{{ logs_dir }}/{{ item }}"
        state: "directory"
        mode: 0777
      with_items:
        - "container_logs"
        - "kolla_configs"
        - "system_logs"
        - "kolla"
        - "ansible"

    # NOTE(yoctozepto): let's observe forwarding behavior
    - name: Iptables - LOG FORWARD
      become: true
      iptables:
        state: present
        action: append
        chain: FORWARD
        jump: LOG
        log_prefix: 'iptables FORWARD: '

    - name: Set new hostname based on ansible inventory file
      hostname:
        name: "{{ inventory_hostname }}"
        use: systemd
      become: true

    - name: Wait for ntp time sync
      command: timedatectl status
      register: timedatectl_status
      changed_when: false
      until: "'synchronized: yes' in timedatectl_status.stdout"
      retries: 90
      delay: 10

    # TODO(mnasiadka): Remove when both podman and cephadm packages get promoted to usual repos
    - name: Enable noble-proposed repository on Ubuntu 24.04
      apt_repository:
        repo: "deb http://archive.ubuntu.com/ubuntu/ noble-proposed restricted main multiverse universe"
        state: present
      become: true
      when:
        - container_engine in ['cephadm', 'podman']
        - ansible_facts.distribution == "Ubuntu"
        - ansible_facts.distribution_release == "noble"

    # TODO(mnasiadka): Remove once ceph release is out with patched https://tracker.ceph.com/issues/66389
    - name: Handling for cephadm apparmor bug on Ubuntu Noble 24.04
      when:
        - ansible_facts.distribution == "Ubuntu"
        - ansible_facts.distribution_release == "noble"
        - scenario == "cephadm"
      block:
        - name: Install AppArmor on Ubuntu Noble 24.04
          apt:
            name: apparmor
          become: true

        - name: Disable MongoDB Compass AppArmor profile
          command:
            cmd: "apparmor_parser -R /etc/apparmor.d/MongoDB_Compass"
          become: true