---
- name: Ensure legacy workspace directory
  file:
    path: '{{ workspace }}'
    state: directory

- name: Setup docker registry
  when:
    - ansible_distribution|lower != 'redhat'
    - ansible_distribution_major_version is version('8', '<')
  block:
    - name: Set registry_deploy to true only when needed
      set_fact:
        registry_deploy: true
      when:
        - push_containers is defined and push_containers | bool
        - "'127.0.0.1' in push_registry or push_registry.split(':')[0] in ansible_all_ipv4_addresses"

    - name: Configure docker registry
      include_role:
          name: ansible-role-container-registry
      vars:
        container_registry_docker_options: "--log-driver=journald --signature-verification=false --iptables=true --live-restore"
        container_registry_port: "{{ push_registry_port | default('8787') }}"
        container_registry_deploy_docker_distribution: "{{ registry_deploy | default(false) }}"
        container_registry_deployment_user: "{{ ansible_user }}"

    - include_tasks: reset_connection.yaml
      when: not use_buildah | default(false) | bool

- name: Prepare Buildah
  become: true
  when: use_buildah | default(false) | bool
  block:
    - name: Install Buildah
      package:
        name: buildah
        state: present

    - name: Configure insecure registry
      ini_file:
        path: /etc/containers/registries.conf
        section: 'registries.insecure'
        option: registries
        value:
          - "localhost:{{ push_registry_port }}"

- name: Setup repo web service
  become: true
  when: ansible_distribution|lower != 'redhat'
  block:
    - name: Install apache
      package:
        name: httpd
        state: present

    - name: Start apache
      service:
        name: httpd
        state: started

    - name: Fetch delorean repos if present
      shell: |
          set -ex
          find /etc/yum.repos.d/ -name delorean\* | xargs -I {} cp {} /var/www/html/

    - name: Add http iptables rules from containers
      command: iptables -I openstack-INPUT 1 -p tcp --dport 80 -s 172.17.0.0/16 -j ACCEPT
      become: true

- name: Setup tripleo registry
  when:
    - ansible_distribution|lower != 'redhat'
    - ansible_distribution_major_version is version('8', '>=')
    - use_buildah | default(false) | bool
  block:
    - name: Enable ports for httpd
      seport:
        ports:
          - '80'
          - "{{ push_registry_port | string }}"
        proto: tcp
        setype: http_port_t
        state: present
    - name: Setup Listen on default port for serving repo files
      copy:
        dest: /etc/httpd/conf.d/repos.conf
        content: "Listen 80"
    - name: set tripleo image serve role name for train
      set_fact:
        tripleo_image_serve_role: tripleo-image-serve
      when:
        (release is defined and release == 'train')
         or (branch_override is defined and branch_override == 'stable/train')
    - name: Configure tripleo registry
      include_role:
          name: "{{ tripleo_image_serve_role | default('tripleo_image_serve') }}"
      vars:
        tripleo_container_registry_port: "{{ push_registry_port | default('8787') }}"
  become: true