---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Test whether the role produced expected results
  hosts: localhost
  user: root
  become: true
  tasks:
    - name: List the running LXC containers present on the host
      command: lxc-ls -1 --fancy --fancy-format name,ipv4 --running
      register: lxc_container_list

    - name: Verify that the expected containers are present with the correct addresses
      # Example stdout:
      # NAME        IPV4
      # ---------------------------------------
      # container1  172.16.12.3, 10.100.100.2
      # container2  10.100.100.3, 172.16.12.4
      assert:
        that:
          - lxc_container_list.stdout | search("container1\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.2(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+")
          - lxc_container_list.stdout | search("container2\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.3(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+")
          - lxc_container_list.stdout | search("container3\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.4(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+")

    - name: Check for the presence of the right aa_profile for container1
      command: grep "^lxc.aa_profile = lxc-openstack$" /var/lib/lxc/container1/config
      register: container1_profile
      failed_when: container1_profile.rc != 0

    - name: Check for the presence of the right aa_profile for container2
      command: grep "^lxc.aa_profile = unconfined$" /var/lib/lxc/container2/config
      register: container2_profile
      failed_when: container2_profile.rc != 0

    - name: Check for the lack of presence of an aa_profile for container3
      command: grep "lxc.aa_profile" /var/lib/lxc/container3/config
      register: container3_profile
      failed_when: container3_profile.rc == 0

    - name: Check for the presence of the right bound mount for container1
      command: grep "lxc.mount.entry = /openstack/container1 opt/test1 none bind 0 0" /var/lib/lxc/container1/config

    - name: Check for the presence of the right bound mount for container2
      command: grep "lxc.mount.entry = {{ development_repo_directory }} {{ development_repo_directory | relpath('/') }} none bind 0 0" /var/lib/lxc/container2/config

    - name: Check for the presence of the default bound mount for container3
      command: grep "lxc.mount.entry = /openstack/backup/container3" /var/lib/lxc/container3/config

  vars_files:
    - common/test-vars.yml

- name: Check for the bind mount in container1
  hosts: container1
  remote_user: root
  tasks:
    - name: Check for the presence of /opt/test1
      command: ls -1 /opt/test1
      register: container1_test_dir
      failed_when: container1_test_dir.rc != 0

- name: Test the containers themselves
  hosts: all_containers
  remote_user: root
  tasks:
    - name: Open /etc/environment file
      slurp:
        src: /etc/environment
      register: environment_file
    - name: Set /etc/environment contents fact
      set_fact:
        environment_content: "{{ environment_file.content | b64decode }}"
    - name: Check /etc/enviroment matches expectations
      assert:
        that:
          - "'foo=bar' in environment_content"
    - name: Test connectivity to external address
      shell: ping -i 5 -c 6 8.8.8.8
      register: ping_external_address
      failed_when: false
    - name: Verify connectivity to external address
      assert:
        that:
          - ping_external_address.rc == 0

# TODO(evrardjp): Move this to testinfra
- name: Apply a sysctl to test if it can be applied consistenty
  hosts: container3
  tasks:
    - name: Allow consuming apps to bind on non local addresses
      sysctl:
        name: net.ipv4.ip_nonlocal_bind
        value: 1
        sysctl_set: yes
        state: present

- name: Bump the container state
  hosts: localhost
  user: root
  become: true
  tasks:
    - name: Stop container
      command: "lxc-stop -n container3"
      changed_when: false
    - name: Start container
      command: "lxc-start -d -n container3"
      changed_when: false

- name: Check if the sysctl was well applied
  hosts: container3
  tasks:
    - name: Check the sysctl is persistent
      command: sysctl -n net.ipv4.ip_nonlocal_bind
      register: nonlocalbind
      changed_when: false
    - debug:
        var: nonlocalbind
    - name: Verify the sysctl is set
      assert:
        that:
          - "'1' in nonlocalbind.stdout"