---
# Copyright 2018, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Gather variables for each operating system
  ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
  vars:
    params:
      files:
        - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml"
        - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
        - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
        - "{{ ansible_facts['distribution'] | lower }}.yml"
        - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml"
        - "{{ ansible_facts['os_family'] | lower }}.yml"
      paths:
        - "{{ role_path }}/vars"
  tags:
    - always

- name: Importing zun_pre_install tasks
  ansible.builtin.import_tasks: zun_pre_install.yml
  tags:
    - zun-install

- name: Create and install SSL certificates
  ansible.builtin.include_role:
    name: pki
    tasks_from: main_certs.yml
    apply:
      tags:
        - zun-config
        - pki
  vars:
    pki_setup_host: "{{ zun_pki_setup_host }}"
    pki_dir: "{{ zun_pki_dir }}"
    pki_create_certificates: "{{ zun_user_ssl_cert is not defined and zun_user_ssl_key is not defined }}"
    pki_regen_cert: "{{ zun_pki_regen_cert }}"
    pki_certificates: "{{ zun_pki_certificates }}"
    pki_install_certificates: "{{ zun_pki_install_certificates }}"
  when:
    - zun_backend_ssl
  tags:
    - always

# NOTE(jrosser)
# kuryr-lib appears in u-c and the new pip resolver will fail to install
# if two contradictory constraints are given which will always happen
# with a source install and wheels built on the repo server. We must
# filter kuryr-lib out of u-c.
- name: Retrieve the constraints URL
  ansible.builtin.uri:
    url: "{{ zun_upper_constraints_url }}"
    return_content: true
  register: _u_c_contents

- name: Install the python venv
  ansible.builtin.import_role:
    name: "python_venv_build"
  vars:
    venv_python_executable: "{{ zun_venv_python_executable }}"
    venv_build_constraints: "{{ _u_c_contents.content.split('\n') | reject('match', '^kuryr-lib=') | list }}"
    venv_install_destination_path: "{{ zun_bin | dirname }}"
    venv_install_distro_package_list: "{{ zun_distro_packages }}"
    venv_pip_install_args: "{{ zun_pip_install_args }}"
    venv_pip_packages: "{{ zun_pip_packages }}"
    venv_facts_when_changed:
      - section: "zun"
        option: "venv_tag"
        value: "{{ zun_venv_tag }}"
  tags:
    - zun-install

- name: Including osa.mq_setup role
  ansible.builtin.include_role:
    name: openstack.osa.mq_setup
    apply:
      tags:
        - common-mq
        - zun-config
  when:
    - _zun_is_first_play_host
  vars:
    _oslomsg_rpc_setup_host: "{{ zun_oslomsg_rpc_setup_host }}"
    _oslomsg_rpc_userid: "{{ zun_oslomsg_rpc_userid }}"
    _oslomsg_rpc_password: "{{ zun_oslomsg_rpc_password }}"
    _oslomsg_rpc_vhost: "{{ zun_oslomsg_rpc_vhost }}"
    _oslomsg_rpc_transport: "{{ zun_oslomsg_rpc_transport }}"
    _oslomsg_rpc_policies: "{{ zun_oslomsg_rpc_policies }}"
    _oslomsg_notify_setup_host: "{{ zun_oslomsg_notify_setup_host }}"
    _oslomsg_notify_userid: "{{ zun_oslomsg_notify_userid }}"
    _oslomsg_notify_password: "{{ zun_oslomsg_notify_password }}"
    _oslomsg_notify_vhost: "{{ zun_oslomsg_notify_vhost }}"
    _oslomsg_notify_transport: "{{ zun_oslomsg_notify_transport }}"
    _oslomsg_configure_notify: "{{ (zun_ceilometer_enabled | bool) or (zun_designate_enabled | bool) }}"
    _oslomsg_notify_policies: "{{ zun_oslomsg_notify_policies }}"
    _oslomsg_notify_configure: "{{ zun_oslomsg_notify_configure }}"
  tags:
    - always

- name: Including osa.db_setup role
  ansible.builtin.include_role:
    name: openstack.osa.db_setup
    apply:
      tags:
        - common-db
        - zun-config
  vars:
    _oslodb_setup_host: "{{ zun_db_setup_host }}"
    _oslodb_ansible_python_interpreter: "{{ zun_db_setup_python_interpreter }}"
    _oslodb_setup_endpoint: "{{ zun_galera_address }}"
    _oslodb_setup_port: "{{ zun_galera_port }}"
    _oslodb_databases:
      - name: "{{ zun_galera_database }}"
        users:
          - username: "{{ zun_galera_user }}"
            password: "{{ zun_galera_password }}"
  when:
    - _zun_is_first_play_host
  tags:
    - always

- name: Including osa.service_setup role
  ansible.builtin.include_role:
    name: openstack.osa.service_setup
    apply:
      tags:
        - common-service
        - zun-config
  vars:
    _service_adminuri_insecure: "{{ keystone_service_adminuri_insecure }}"
    _service_in_ldap: "{{ zun_service_in_ldap }}"
    _service_setup_host: "{{ zun_service_setup_host }}"
    _service_setup_host_python_interpreter: "{{ zun_service_setup_host_python_interpreter }}"
    _service_project_name: "{{ zun_service_project_name }}"
    _service_region: "{{ zun_service_region }}"
    _service_users:
      - name: "{{ zun_service_user_name }}"
        password: "{{ zun_service_password }}"
        role: "{{ zun_service_role_names }}"
      - name: "{{ zun_kuryr_service_username }}"
        password: "{{ zun_kuryr_service_password }}"
        role: "{{ zun_service_role_names }}"
    _service_endpoints:
      - service: "{{ zun_service_name }}"
        interface: "public"
        url: "{{ zun_service_publicurl }}"
      - service: "{{ zun_service_name }}"
        interface: "internal"
        url: "{{ zun_service_internalurl }}"
      - service: "{{ zun_service_name }}"
        interface: "admin"
        url: "{{ zun_service_adminurl }}"
    _service_catalog:
      - name: "{{ zun_service_name }}"
        type: "{{ zun_service_type }}"
        description: "{{ zun_service_description }}"
  when:
    - _zun_is_first_play_host
  tags:
    - always

- name: Importing zun_post_install tasks
  ansible.builtin.import_tasks: zun_compute.yml
  when:
    - "zun_services['zun-compute']['group'] in group_names"
  tags:
    - zun-compute

- name: Importing zun_post_install tasks
  ansible.builtin.import_tasks: zun_post_install.yml
  tags:
    - zun-config
    - post-install

- name: Import uwsgi role
  ansible.builtin.import_role:
    name: uwsgi
  vars:
    uwsgi_services: "{{ uwsgi_zun_services }}"
    uwsgi_install_method: "source"
  tags:
    - zun-config
    - uwsgi

- name: Run the systemd service role
  ansible.builtin.import_role:
    name: systemd_service
  vars:
    systemd_user_name: "{{ zun_system_user_name }}"
    systemd_group_name: "{{ zun_system_group_name }}"
    systemd_tempd_prefix: openstack
    systemd_slice_name: "{{ zun_system_slice_name }}"
    systemd_lock_dir: "{{ zun_lock_dir }}"
    systemd_service_cpu_accounting: true
    systemd_service_block_io_accounting: true
    systemd_service_memory_accounting: true
    systemd_service_tasks_accounting: true
    systemd_services: "{{ filtered_zun_services }}"
  tags:
    - zun-config
    - systemd-service