---
- name: Ensure required ansible version
  assert:
    that: ansible_version.major == 2 and ansible_version.minor >= 1
  run_once: true

- name: "Wait for all hosts"
  local_action: wait_for host={{ ansible_host | default(access_ip | default(ip)) }} port=22 state=started timeout=30
  become: false

# bug from bugs.debian.org/843783
- name: "Install latest pyopenssl as workaround"
  raw: pip install -U pyopenssl

- name: Gather facts
  setup:

- name: Gather local SSH pubkeys
  local_action: shell ssh-add -L
  become: false
  register: ssh_pubkeys
  changed_when: false
  failed_when: false

- name: Add SSH pubkey to authorized_keys
  authorized_key:
    user: "{{ ansible_ssh_user }}"
    key: "{{ item }}"
    state: present
  with_items: "{{ ssh_pubkeys.stdout_lines }}"
  when: ssh_pubkeys.rc == 0

- include: process_certificates.yml
  when: trust_self_signed_certs|bool

- name: Set correct /etc/hosts entry
  register: updated_etc_hosts
  lineinfile:
    dest: /etc/hosts
    regexp: "^(127.0.1.1|{{ ip }})\t.*"
    line: "{{ ip }} {{ inventory_hostname }}"
    insertafter: "^127.0.0.1 localhost"
    state: present

- name: Set atop interval
  copy:
    dest: /etc/default/atop
    content: "INTERVAL={{ atop_interval }}"
    mode: 0755
    owner: root
    group: root

- name: Ensure required packages are installed
  apt:
    name: "{{ item }}"
    state: latest
  when: ansible_os_family == "Debian"
  with_items:
   - atop
   - dnsutils
   - ntp
   - netcat
   - dbus

- name: Set hostname
  hostname:
    name: "{{ inventory_hostname }}"

# FIXME(mattymo): Opts are set too late (https://github.com/kubespray/kargo/issues/487)
- name: Set Docker options early
  template:
    src: docker.j2
    dest: /etc/default/docker
    owner: root
    group: root
    mode: 0644