kolla-ansible/ansible/roles/baremetal/tasks/install.yml

---
- name: Update apt cache
  apt:
    update_cache: yes
  become: True
  when: ansible_facts.os_family == 'Debian'

# TODO(inc0): Gates don't seem to have ufw executable, check for it instead of ignore errors
- name: Set firewall default policy
  become: True
  ufw:
    state: disabled
    policy: allow
  when: ansible_facts.os_family == 'Debian'
  ignore_errors: yes

- name: Check if firewalld is installed
  command: rpm -q firewalld
  register: firewalld_check
  changed_when: false
  failed_when: firewalld_check.rc > 1
  args:
    warn: false
  when: ansible_facts.os_family == 'RedHat'

- name: Disable firewalld
  become: True
  service:
    name: "{{ item }}"
    enabled: false
    state: stopped
  with_items:
    - firewalld
  when:
    - ansible_facts.os_family == 'RedHat'
    - firewalld_check.rc == 0

# Upgrading docker engine may cause containers to stop. Take a snapshot of the
# running containers prior to a potential upgrade of Docker.

- name: Check which containers are running
  command: docker ps -f 'status=running' -q
  become: true
  # If Docker is not installed this command may exit non-zero.
  failed_when: false
  changed_when: false
  register: running_containers

# APT starts Docker engine right after installation, which creates
# iptables rules before we disable iptables in Docker config

- name: Check if docker systemd unit exists
  stat:
    path: /etc/systemd/system/docker.service
  register: docker_unit_file

- name: Mask the docker systemd unit on Debian/Ubuntu
  file:
    src: /dev/null
    dest: /etc/systemd/system/docker.service
    owner: root
    group: root
    state: link
  become: true
  when:
    - ansible_facts.os_family == 'Debian'
    - not docker_unit_file.stat.exists

- name: Install apt packages
  package:
    name: "{{ (debian_pkg_install | join(' ')).split() }}"
    state: present
  become: True
  when: ansible_facts.os_family == 'Debian'
  register: apt_install_result

- name: Install deltarpm packages
  package:
    name: drpm
    state: present
    update_cache: yes
  become: True
  when: ansible_facts.os_family == 'RedHat'

- name: Install RPM packages
  package:
    name: "{{ (redhat_pkg_install | join(' ')).split() }}"
    state: present
    update_cache: yes
  become: True
  when: ansible_facts.os_family == 'RedHat'
  register: rpm_install_result

# If any packages were updated, and any containers were running, wait for the
# daemon to come up and start all previously running containers.

- block:
    # At some point (at least on CentOS 7) Docker CE stopped starting
    # automatically after an upgrade from legacy docker . Start it manually.
    - name: Start docker
      systemd:
        name: docker
        state: started
        enabled: yes
        masked: no
      become: True

    - name: Wait for Docker to start
      command: docker info
      become: true
      changed_when: false
      register: result
      until: result is success
      retries: 6
      delay: 10

    - name: Ensure containers are running after Docker upgrade
      command: "docker start {{ running_containers.stdout }}"
      become: true
  when:
    - install_result is changed
    - running_containers.rc == 0
    - running_containers.stdout != ''
  vars:
    install_result: "{{ rpm_install_result if ansible_facts.os_family == 'RedHat' else apt_install_result }}"

- name: Install latest pip in the virtualenv
  pip:
    # NOTE(hrw) pip 19.3 is first version complaining about being run with Python 2
    name: pip>19.3
    virtualenv: "{{ virtualenv }}"
    virtualenv_site_packages: "{{ virtualenv_site_packages }}"
    virtualenv_python: "python{{ host_python_version }}"
  become: True
  when: virtualenv is not none

- name: Install docker SDK for python
  pip:
    # NOTE(hrw) docker 2.4.2 is in kolla-ansible requirements
    # NOTE(mnasiadka): docker 5.0.0 lacks six in deps but requires it
    name: docker>=2.4.2,<5.0.0
    executable: "{{ virtualenv is none | ternary('pip3', omit) }}"
    virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}"
    virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}"
    virtualenv_python: "{{ virtualenv is none | ternary(omit, 'python' ~ host_python_version) }}"
  become: True

- name: Remove packages
  package:
    name: "{{ (ubuntu_pkg_removals | join(' ')).split() }}"
    state: absent
  become: True
  when: ansible_facts.os_family == 'Debian'

- name: Remove packages
  package:
    name: "{{ (redhat_pkg_removals | join(' ')).split() }}"
    state: absent
  become: True
  when: ansible_facts.os_family == 'RedHat'