---
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Find installed kernels
  find:
    paths: '/boot'
    patterns: 'vmlinuz-*'
  register: kernels

- name: Determine latest installed kernel
  set_fact:
    latest_kernel: "{{ kernels.files | map(attribute='path') | sort(reverse=True) | first }}"

- name: Latest kernel readable to nova group/user
  command: 'dpkg-statoverride --update --add root nova 0640 {{ latest_kernel }}'
  register: dpkg_statoverride_result
  changed_when: >
    'an override for \'{{ latest_kernel }}\' already exists; aborting'
    not in dpkg_statoverride_result.stderr
  failed_when: >
    (dpkg_statoverride_result.rc != 0) and
    ('an override for \'{{ latest_kernel }}\' already exists; aborting'
    not in dpkg_statoverride_result.stderr)

- name: Script installed to make future kernels readable to nova group/user
  copy:
    src: 'nova_kernel_permissions.sh'
    dest: '/etc/kernel/postinst.d/nova_kernel_permissions.sh'
    mode: '0755'