---
# Copyright 2018, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- import_playbook: run-setup.yml

- name: Basic setup
  hosts: "all"
  become: true

  environment:
    # ZUUL_PROJECT is used by tests/get-ansible-role-requirements to
    # determine when CI provided repos should be used.
    ZUUL_PROJECT: "{{ zuul.project.short_name }}"
    ANSIBLE_PACKAGE: "{{ ansible_package | default('') }}"
    ANSIBLE_HOST_KEY_CHECKING: "False"
    ANSIBLE_LOG_PATH: "/tmp/osquery-logs/ansible-osquery-test.log"
    ANSIBLE_ACTION_PLUGINS: "${HOME}/ansible_venv/repositories/roles/config_template/action"
    ANSIBLE_CONNECTION_PLUGINS: "${HOME}/ansible_venv/repositories/roles/plugins/connection"
    ANSIBLE_ROLES_PATH: "${HOME}/ansible_venv/repositories/roles"

  vars:
    inventory_file: "inventory/test-{{ (container_inventory | bool) | ternary('container', 'metal') }}-inventory.yml"

  pre_tasks:
    - name: Create swap file
      command: "dd if=/dev/zero of=/swap.img bs=1M count=4096"
      args:
        creates: /swap.img
      register: swap_create

    - name: Format the swap file
      command: mkswap /swap.img
      when:
        - swap_create is changed
      tags:
        - swap-format
        - skip_ansible_lint

    - name: Enable swap file
      command: swapon /swap.img
      failed_when: false
      tags:
        - swap-format
        - skip_ansible_lint

    - name: Set system swappiness
      sysctl:
        name: vm.swappiness
        value: 10
        state: present
        reload: "yes"
        sysctl_file: /etc/sysctl.d/99-osquery.conf

    - name: Create tmp osquery dir
      file:
        path: "/tmp/osquery-logs"
        state: directory

    - name: Flush iptables rules
      command: "{{ item }}"
      args:
        creates: "/tmp/osquery-logs/iptables.flushed"
      with_items:
        - "iptables -F"
        - "iptables -X"
        - "iptables -t nat -F"
        - "iptables -t nat -X"
        - "iptables -t mangle -F"
        - "iptables -t mangle -X"
        - "iptables -P INPUT ACCEPT"
        - "iptables -P FORWARD ACCEPT"
        - "iptables -P OUTPUT ACCEPT"
        - "touch /tmp/osquery-logs/iptables.flushed"

    - name: First ensure apt cache is always refreshed
      apt:
        update_cache: yes
      when:
        - ansible_pkg_mgr == 'apt'

  tasks:
    - name: Run embedded ansible installation
      become: yes
      become_user: root
      command: "./bootstrap-embedded-ansible.sh"
      args:
        chdir: "src/{{ current_test_repo }}/osquery"

    - name: Run ansible-galaxy (tests)
      become: yes
      become_user: root
      command: "${HOME}/ansible_venv/bin/ansible-galaxy install --force --ignore-errors --roles-path=${HOME}/ansible_venv/repositories/roles -r ansible-role-requirements.yml"
      args:
        chdir: "src/{{ current_test_repo }}/osquery/tests"

    - name: Run ansible-galaxy (osquery)
      become: yes
      become_user: root
      command: "${HOME}/ansible_venv/bin/ansible-galaxy install --force --ignore-errors --roles-path=${HOME}/ansible_venv/repositories/roles -r ansible-role-requirements.yml"
      args:
        chdir: "src/{{ current_test_repo }}/osquery"

    - name: Run environment setup
      become: yes
      become_user: root
      command: "${HOME}/ansible_venv/bin/ansible-playbook -i {{ inventory_file }} -e @test-vars.yml _key-setup.yml"
      environment:
        ANSIBLE_LOG_PATH: "/tmp/osquery-logs/ansible-osquery-test-container-setup.log"
      args:
        chdir: "src/{{ current_test_repo }}/osquery/tests"
      when:
        - ansible_service_mgr != 'systemd' or
          not (container_inventory | bool)

    - name: Run environment setup
      become: yes
      become_user: root
      command: "${HOME}/ansible_venv/bin/ansible-playbook -i {{ inventory_file }} -e @test-vars.yml _container-setup.yml"
      environment:
        ANSIBLE_LOG_PATH: "/tmp/osquery-logs/ansible-osquery-test-container-setup.log"
      args:
        chdir: "src/{{ current_test_repo }}/osquery/tests"
      when:
        - ansible_service_mgr == 'systemd'
        - container_inventory | bool

    - name: Wait 15 seconds
      command: "sleep 15"
      changed_when: false
      when:
        - ansible_service_mgr == 'systemd'

    - name: Run functional test
      become: yes
      become_user: root
      command: "${HOME}/ansible_venv/bin/ansible-playbook -i tests/{{ inventory_file }} -e @tests/test-vars.yml site.yml"
      environment:
        ANSIBLE_LOG_PATH: "/tmp/osquery-logs/ansible-osquery-test-deployment.log"
      args:
        chdir: "src/{{ current_test_repo }}/osquery"