---
- name: ensure containerd repository public key is installed
  action: "{{ containerd_repo_key_info.pkg_key }}"
  args:
    id: "{{ item }}"
    url: "{{ containerd_repo_key_info.url }}"
    state: present
  register: keyserver_task_result
  until: keyserver_task_result is succeeded
  retries: 4
  delay: "{{ retry_stagger | d(3) }}"
  with_items: "{{ containerd_repo_key_info.repo_keys }}"
  when:
    - ansible_os_family in ['Ubuntu', 'Debian']
    - not is_atomic

- name: ensure containerd repository is enabled
  action: "{{ containerd_repo_info.pkg_repo }}"
  args:
    repo: "{{ item }}"
    state: present
  with_items: "{{ containerd_repo_info.repos }}"
  when:
    - ansible_os_family in ['Ubuntu', 'Debian']
    - not is_atomic
    - containerd_repo_info.repos|length > 0

# This is required to ensure any apt upgrade will not break kubernetes
- name: Set containerd pin priority to apt_preferences on Debian family
  template:
    src: "apt_preferences.d/debian_containerd.j2"
    dest: "/etc/apt/preferences.d/containerd"
    owner: "root"
    mode: 0644
  when:
    - ansible_os_family in ['Ubuntu', 'Debian']
    - not is_atomic

- name: ensure containerd repository public key is installed
  action: "{{ containerd_repo_key_info.pkg_key }}"
  args:
    id: "{{ item }}"
    url: "{{ containerd_repo_key_info.url }}"
    state: present
  register: keyserver_task_result
  until: keyserver_task_result is succeeded
  retries: 4
  delay: "{{ retry_stagger | d(3) }}"
  with_items: "{{ containerd_repo_key_info.repo_keys }}"
  when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic)

- name: ensure containerd repository is enabled
  action: "{{ containerd_repo_info.pkg_repo }}"
  args:
    repo: "{{ item }}"
    state: present
  with_items: "{{ containerd_repo_info.repos }}"
  when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (containerd_repo_info.repos|length > 0)

- name: Configure containerd repository on Fedora
  template:
    src: "fedora_containerd.repo.j2"
    dest: "{{ yum_repo_dir }}/containerd.repo"
  when: ansible_distribution == "Fedora" and not is_atomic

- name: Configure containerd repository on RedHat/CentOS
  template:
    src: "rh_containerd.repo.j2"
    dest: "{{ yum_repo_dir }}/containerd.repo"
  when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic

- name: check if container-selinux is available
  yum:
    list: "container-selinux"
  register: yum_result
  when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic

- name: Configure extras repository on RedHat/CentOS if container-selinux is not available in current repos
  yum_repository:
    name: extras
    description: "CentOS-7 - Extras"
    state: present
    baseurl: "{{ extras_rh_repo_base_url }}"
    file: "extras"
    gpgcheck: yes
    gpgkey: "{{ extras_rh_repo_gpgkey }}"
    keepcache: "{{ containerd_rpm_keepcache | default('1') }}"
    proxy: " {{ http_proxy | default('_none_') }}"
  when:
    - ansible_distribution in ["CentOS","RedHat"] and not is_atomic
    - yum_result.results | length == 0

- name: Copy yum.conf for editing
  copy:
    src: "{{ yum_conf }}"
    dest: "{{ containerd_yum_conf }}"
    remote_src: yes
  when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic

- name: Edit copy of yum.conf to set obsoletes=0
  lineinfile:
    path: "{{ containerd_yum_conf }}"
    state: present
    regexp: '^obsoletes='
    line: 'obsoletes=0'
  when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic