---
# Disable swap
- import_tasks: swapoff.yml
  when: disable_swap

- import_tasks: verify-settings.yml
  tags:
    - asserts

# This is run before bin_dir is pinned because these tasks are run on localhost
- import_tasks: pre_upgrade.yml
  run_once: true
  tags:
    - upgrade

- name: Force binaries directory for Container Linux by CoreOS
  set_fact:
    bin_dir: "/opt/bin"
  when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
  tags:
    - facts

- name: check bin dir exists
  file:
    path: "{{bin_dir}}"
    state: directory
    owner: root
  become: true
  tags:
    - bootstrap-os

- import_tasks: set_facts.yml
  tags:
    - facts

- name: gather os specific variables
  include_vars: "{{ item }}"
  with_first_found:
    - files:
        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
        - "{{ ansible_distribution|lower }}.yml"
        - "{{ ansible_os_family|lower }}.yml"
        - defaults.yml
      paths:
        - ../vars
      skip: true
  tags:
    - facts

- name: Create kubernetes directories
  file:
    path: "{{ item }}"
    state: directory
    owner: kube
  when: inventory_hostname in groups['k8s-cluster']
  tags:
    - kubelet
    - k8s-secrets
    - kube-controller-manager
    - kube-apiserver
    - bootstrap-os
    - apps
    - network
    - master
    - node
  with_items:
    - "{{ kube_config_dir }}"
    - "{{ kube_config_dir }}/ssl"
    - "{{ kube_manifest_dir }}"
    - "{{ kube_script_dir }}"

- name: check cloud_provider value
  fail:
    msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', or external"
  when:
    - cloud_provider is defined
    - cloud_provider not in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', 'external']
  tags:
    - cloud-provider
    - facts

- name: Create cni directories
  file:
    path: "{{ item }}"
    state: directory
    owner: kube
  with_items:
    - "/etc/cni/net.d"
    - "/opt/cni/bin"
    - "/var/lib/calico"
  when:
    - kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv", "cilium"]
    - inventory_hostname in groups['k8s-cluster']
  tags:
    - network
    - cilium
    - calico
    - weave
    - canal
    - contiv
    - bootstrap-os

- name: Create local volume provisioner directories
  file:
    path: "{{ item }}"
    state: directory
    owner: kube
  with_items:
    - "{{ local_volume_provisioner_base_dir }}"
    - "{{ local_volume_provisioner_mount_dir }}"
  when:
    - inventory_hostname in groups['k8s-cluster']
    - local_volume_provisioner_enabled
  tags:
    - persistent_volumes

- import_tasks: resolvconf.yml
  when:
    - dns_mode != 'none'
    - resolvconf_mode == 'host_resolvconf'
  tags:
    - bootstrap-os
    - resolvconf

- name: Update package management cache (YUM)
  yum:
    update_cache: yes
    name: '*'
  register: yum_task_result
  until: yum_task_result|succeeded
  retries: 4
  delay: "{{ retry_stagger | random + 3 }}"
  when:
    - ansible_pkg_mgr == 'yum'
    - ansible_distribution != 'RedHat'
    - not is_atomic
  tags: bootstrap-os

- name: Expire management cache (YUM) for Updation - Redhat
  shell: yum clean expire-cache
  register: expire_cache_output
  until: expire_cache_output|succeeded
  retries: 4
  delay: "{{ retry_stagger | random + 3 }}"
  when:
    - ansible_pkg_mgr == 'yum'
    - ansible_distribution == 'RedHat'
    - not is_atomic
  tags: bootstrap-os

- name: Update package management cache (YUM) - Redhat
  shell: yum makecache
  register: make_cache_output
  until: make_cache_output|succeeded
  retries: 4
  delay: "{{ retry_stagger | random + 3 }}"
  when:
    - ansible_pkg_mgr == 'yum'
    - ansible_distribution == 'RedHat'
    - expire_cache_output.rc == 0
    - not is_atomic
  tags: bootstrap-os

- name: Update package management cache (zypper) - SUSE
  shell: zypper -n --gpg-auto-import-keys ref
  register: make_cache_output
  until: make_cache_output|succeeded
  retries: 4
  delay: "{{ retry_stagger | random + 3 }}"
  when:
    - ansible_pkg_mgr == 'zypper'
  tags: bootstrap-os

- name: Update package management cache (APT)
  apt:
    update_cache: yes
    cache_valid_time: 3600
  when: ansible_os_family == "Debian"
  tags:
    - bootstrap-os

- name: Install python-dnf for latest RedHat versions
  command: dnf install -y python-dnf yum
  register: dnf_task_result
  until: dnf_task_result|succeeded
  retries: 4
  delay: "{{ retry_stagger | random + 3 }}"
  when:
    - ansible_distribution == "Fedora"
    - ansible_distribution_major_version|int > 21
    - not is_atomic
  changed_when: False
  tags:
    - bootstrap-os

- name: Install epel-release on RedHat/CentOS
  yum:
    name: epel-release
    state: present
  when:
    - ansible_distribution in ["CentOS","RedHat"]
    - not is_atomic
    - epel_enabled|bool
  tags:
    - bootstrap-os

- name: Install packages requirements
  action:
    module: "{{ ansible_pkg_mgr }}"
    name: "{{ item }}"
    state: latest
  register: pkgs_task_result
  until: pkgs_task_result|succeeded
  retries: 4
  delay: "{{ retry_stagger | random + 3 }}"
  with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
  when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
  tags:
    - bootstrap-os

# Todo : selinux configuration
- name: Confirm selinux deployed
  stat:
    path: /etc/selinux/config
  when: ansible_os_family == "RedHat"
  register: slc

- name: Set selinux policy
  selinux:
    policy: targeted
    state: "{{ preinstall_selinux_state }}"
  when:
    - ansible_os_family == "RedHat"
    - slc.stat.exists == True
  changed_when: False
  tags:
    - bootstrap-os

- name: Disable IPv6 DNS lookup
  lineinfile:
    dest: /etc/gai.conf
    line: "precedence ::ffff:0:0/96  100"
    state: present
    backup: yes
  when:
    - disable_ipv6_dns
    - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
  tags:
    - bootstrap-os

- name: Stat sysctl file configuration
  stat:
    path: "{{sysctl_file_path}}"
  register: sysctl_file_stat
  tags:
    - bootstrap-os

- name: Change sysctl file path to link source if linked
  set_fact:
    sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
  when:
    - sysctl_file_stat.stat.islnk is defined
    - sysctl_file_stat.stat.islnk
  tags:
    - bootstrap-os

- name: Enable ip forwarding
  sysctl:
    sysctl_file: "{{sysctl_file_path}}"
    name: net.ipv4.ip_forward
    value: 1
    state: present
    reload: yes
  tags:
    - bootstrap-os

- import_tasks: etchosts.yml
  tags:
    - bootstrap-os
    - etchosts

- import_tasks: dhclient-hooks.yml
  when:
    - dns_mode != 'none'
    - resolvconf_mode == 'host_resolvconf'
    - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
  tags:
    - bootstrap-os
    - resolvconf

- import_tasks: dhclient-hooks-undo.yml
  when:
    - dns_mode != 'none'
    - resolvconf_mode != 'host_resolvconf'
    - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
  tags:
    - bootstrap-os
    - resolvconf

- name: Check if we are running inside a Azure VM
  stat:
    path: /var/lib/waagent/
  register: azure_check
  tags:
    - bootstrap-os

- import_tasks: growpart-azure-centos-7.yml
  when:
    - azure_check.stat.exists
    - ansible_distribution in ["CentOS","RedHat"]
  tags:
    - bootstrap-os

- name: Write cacert file
  copy:
    content: "{{ openstack_cacert }}"
    dest: "{{ kube_config_dir }}/openstack-cacert.pem"
    group: "{{ kube_cert_group }}"
    mode: 0640
  when:
    - inventory_hostname in groups['k8s-cluster']
    - cloud_provider is defined
    - cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
    - openstack_cacert is defined
  tags:
    - cloud-provider