---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Check for lxc volume group
  shell: "(which vgs > /dev/null && vgs | grep -o '{{ lxc_container_vg_name }}') || false"
  register: vg_result
  failed_when: false
  changed_when: vg_result.rc != 0
  delegate_to: "{{ physical_host }}"
  tags:
    - lxc-container-vg-detect

- name: Set container backend "dir" if "lvm" not found
  set_fact:
     lxc_container_backing_store: dir
  when: vg_result.rc != 0
  tags:
    - lxc-container-vg-detect

- name: Container service directories
  file:
    path: "{{ item }}"
    state: "directory"
  with_items:
    - "/openstack/{{ inventory_hostname }}"
    - "/openstack/backup/{{ inventory_hostname }}"
    - "/openstack/log/{{ inventory_hostname }}"
    - "{{ lxc_container_directory }}/{{ inventory_hostname }}"
  delegate_to: "{{ physical_host }}"
  tags:
    - lxc-container-directories

- name: LXC autodev setup
  template:
    src: "autodev.j2"
    dest: "/var/lib/lxc/{{ inventory_hostname }}/autodev"
    owner: "root"
    group: "root"
    mode: "0755"
  delegate_to: "{{ physical_host }}"
  tags:
    - lxc-container-autodev

- name: Create container
  lxc_container:
    name: "{{ inventory_hostname }}"
    container_log: "true"
    config: "{{ properties.container_config|default(lxc_container_config) }}"
    template: "{{ properties.container_template|default(lxc_container_template) }}"
    state: started
    backing_store: "{{ properties.container_backing_store|default(lxc_container_backing_store) }}"
    directory: "{{ lxc_container_rootfs_directory }}"
    fs_size: "{{ properties.container_fs_size|default(lxc_container_fs_size) }}"
    fs_type: "{{ properties.container_fs_type|default(lxc_container_fs_type) }}"
    vg_name: "{{ properties.container_vg_name|default(lxc_container_vg_name) }}"
    template_options: "{{ lxc_container_template_options }}"
    container_command: |
      if [ -f  "/usr/lib/systemd/system/poweroff.target" ];then
        ln -sf /usr/lib/systemd/system/poweroff.target /etc/systemd/system/sigpwr.target || true
      fi
      ln -s /dev/null /etc/systemd/system/systemd-udevd.service || true
      ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket || true
      ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket || true
      ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount || true
      echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/network/interfaces
    container_config:
      - "lxc.autodev=1"
      - "lxc.pts=1024"
      - "lxc.kmsg=0"
      - "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev"
  delegate_to: "{{ physical_host }}"
  tags:
    - lxc-container-create

- name: Load container service mounts and profile
  lxc_container:
    name: "{{ inventory_hostname }}"
    container_command: |
      mkdir -p /var/backup
      mkdir -p /var/log/{{ properties.service_name }}
    container_config:
      - "lxc.mount.entry=/openstack/backup/{{ inventory_hostname }} var/backup none defaults,bind,rw 0 0"
      - "lxc.mount.entry=/openstack/log/{{ inventory_hostname }} var/log/{{ properties.service_name }} none defaults,bind,rw 0 0"
  when: properties.service_name is defined
  delegate_to: "{{ physical_host }}"
  tags:
    - lxc-container-service-config

- name: Container network interfaces
  lxc_container:
    name: "{{ inventory_hostname }}"
    container_command: |
      if [ ! -d "/etc/network/interfaces.d" ];then
        mkdir -p /etc/network/interfaces.d
      fi
      configmd5sum=$(md5sum /etc/network/interfaces.d/{{ item.value.interface }}.cfg 2>/dev/null)
      echo -e '{{ lxc_container_interface }}' | tee /etc/network/interfaces.d/{{ item.value.interface }}.cfg
      if ! md5sum -c --status <<< "$configmd5sum" 2>/dev/null; then
        ifdown {{ item.value.interface }}
        ifup {{ item.value.interface }}
      fi
  with_dict: "{{ container_networks|default({}) }}"
  delegate_to: "{{ physical_host }}"
  tags:
    - lxc-container-networks

- name: LXC host config for container networks
  template:
    src: "container-interface.ini.j2"
    dest: "/var/lib/lxc/{{ inventory_hostname }}/{{ item.value.interface }}.ini"
    owner: "root"
    group: "root"
    mode: "0644"
  with_dict: "{{ container_networks|default({}) }}"
  notify:
    - Lxc container restart
  delegate_to: "{{ physical_host }}"
  tags:
    - lxc-container-networks

# NOTE(major): the lxc.network.veth.pair line must appear *immediately* after
# the lxc.network.name congfiguration line or it will be ignored.  That's why
# you'll find a "insertafter" in this YAML block.
- name: Add veth pair name to match container name
  lineinfile:
    dest: "/var/lib/lxc/{{ inventory_hostname }}/config"
    line: "lxc.network.veth.pair = {{ inventory_hostname[-8:].replace('-', '').replace('_', '') }}_eth0"
    insertafter: "^lxc.network.name"
    backup: "true"
  delegate_to: "{{ physical_host }}"
  tags:
    - lxc-container-networks

- name: Container network includes
  lineinfile:
    dest: "/var/lib/lxc/{{ inventory_hostname }}/config"
    line: "lxc.include = /var/lib/lxc/{{ inventory_hostname }}/{{ item.value.interface }}.ini"
    backup: "true"
  with_dict: "{{ container_networks|default({}) }}"
  when:
    - item.value.interface is defined
  notify:
    - Lxc container restart
  delegate_to: "{{ physical_host }}"
  tags:
    - lxc-container-networks

# Adds post-down and pre-start hooks
- name: Drop veth cleanup script
  template:
    src: "veth-cleanup.sh.j2"
    dest: "/var/lib/lxc/{{ inventory_hostname }}/veth-cleanup.sh"
    owner: "root"
    group: "root"
    mode: "0755"
  delegate_to: "{{ physical_host }}"
  tags:
    - lxc-container-networks

# This is being defined due to an issue with dangling veth pairs.
#  TODO(someone) This should be removed once an upstream patch has
#  been submitted to either the kernel or LXC to fix the veth issues.
#  Container restart is not happening here because it's not needed.
- name: Defines a pre and post hook script
  lineinfile:
    dest: "/var/lib/lxc/{{ inventory_hostname }}/config"
    line: "{{ item }}"
    backup: "true"
  with_items:
    - "lxc.hook.pre-start = /var/lib/lxc/{{ inventory_hostname }}/veth-cleanup.sh"
    - "lxc.hook.post-stop = /var/lib/lxc/{{ inventory_hostname }}/veth-cleanup.sh"
  delegate_to: "{{ physical_host }}"
  tags:
    - lxc-container-networks

# Flush the handlers to ensure the container and networking is online.
- meta: flush_handlers

# Resets the container user's password using lxc_container because Python2.7
#  may not be installed at this point.
- name: Force container user password set
  lxc_container:
    name: "{{ inventory_hostname }}"
    container_command: |
      getent passwd "{{ lxc_container_user_name }}" &&
      echo "{{ lxc_container_user_name }}:{{ lxc_container_user_password }}" | chpasswd
  delegate_to: "{{ physical_host }}"
  no_log: True
  tags:
    - lxc-container-user-password-regen

# Setup proxy configs, this is done here to ensure that we have our container proxy setup
#  prior to running online commands. This is using lxc_container because python2.7 may not be
#  installed at this point.
- name: Run proxy config
  lxc_container:
    name: "{{ inventory_hostname }}"
    container_command: |
      if ! grep '{{ item.key }}={{ item.value }}' /etc/environment; then
        echo '{{ item.key }}={{ item.value }}' | tee -a /etc/environment
      fi
  with_dict: "{{ global_environment_variables | default({}) }}"
  delegate_to: "{{ physical_host }}"
  tags:
    - lxc-container-proxy