---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Ensure the lxc dnsmasq user exists
  user:
    name: "{{ lxc_net_dnsmasq_user }}"
    comment: "LXC dnsmasq"
    system: "yes"
    shell: "/bin/false"
    home: "/var/lib/lxc"
  tags:
    - lxc-dnsmasq-user

- name: Drop base config file(s)
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ item.owner|default('root') }}"
    group: "{{ item.group|default('root') }}"
    mode: "{{ item.mode|default('0644') }}"
  with_items:
    - { src: lxc-openstack.conf.j2, dest: "/etc/lxc/lxc-openstack.conf" }
    - { src: lxc-net.default.j2, dest: "{{ system_config_dir }}/lxc-net", mode: "0644" }
    - { src: lxc.default.j2, dest: "{{ system_config_dir }}/lxc", mode: "0644" }
    - { src: lxc-system-manage.j2, dest: "/usr/local/bin/lxc-system-manage", mode: "0755" }
  tags:
    - lxc-files
    - lxc-config

- name: Drop lxc veth check script
  copy:
    src: "lxc-veth-check.sh"
    dest: "/usr/local/bin/lxc-veth-check"
    owner: "root"
    group: "root"
    mode: "0755"
  tags:
    - lxc-files
    - lxc-config

- name: Set systemd DefaultTasksMax value
  lineinfile:
    dest: /etc/systemd/system.conf
    state: present
    regexp: "^.*DefaultTasksMax.*$"
    line: "DefaultTasksMax={{ lxc_default_tasks_max }}"
  when:
    - ansible_facts['service_mgr'] == 'systemd'
  notify:
    - Reload systemd units
  tags:
    - lxc-config

- name: Set sshd MaxSessions
  lineinfile:
    dest: /etc/ssh/sshd_config
    state: present
    regexp: "^#?MaxSessions.*$"
    line: "MaxSessions 50"
  notify:
    - Restart sshd
  tags:
    - lxc-config

- name: Tuning kernel for lxc
  sysctl:
    name: "{{ item.key }}"
    value: "{{ item.value }}"
    sysctl_set: "{{ item.set|default('yes') }}"
    state: "{{ item.state|default('present') }}"
    reload: "{{ item.reload|default('yes') }}"
  failed_when: false
  with_items: "{{ lxc_kernel_options }}"