---
- name: Ensure Management Bridge Interface
  become: yes
  command: ifconfig mgmtbr
  register: have_mgmtbr
  failed_when: false
  changed_when: false

- fail: msg="The head node must have a network bridge named 'mgmtbr' to continue the deployment. Please see docuemataiton at 'http://github.com/opencord/cord`."
  when: have_mgmtbr.rc != 0

- name: Install Prerequisites
  become: yes
  apt: name={{ item }} state=latest force=true
  with_items:
    - git
    - bridge-utils
    - curl
    - python-pycurl
    - python-pip
    - ethtool
    - jq

- name: Install Python Prerequisites
  become: yes
  pip: name={{ item }} state=latest
  with_items:
    - docker-py

- name: Stop Containers
  become: yes
  docker:
    name: "{{ item.name }}"
    image: "{{ item.image }}"
    state: absent
  with_items:
    - { name: "storage", image: "docker-registry:5000/consul:{{ docker.image_version }}" }
    - { name: "allocator", image: "docker-registry:5000/cord-ip-allocator:{{ docker.image_version }}" }
    - { name: "provisioner", image: "docker-registry:5000/cord-provisioner:{{ docker.image_version }}" }
    - { name: "switchq", image: "docker-registry:5000/cord-maas-switchq:{{ docker.image_version }}" }
    - { name: "automation", image: "docker-registry:5000/cord-maas-automation:{{ docker.image_version }}" }
    - { name: "generator", image: "docker-registry:5000/config-generator:{{ docker.image_version }}" }
    - { name: "harvester", image: "docker-registry:5000/cord-dhcp-harvester:{{ docker.image_version }}" }

- name: MAAS Repository
  become: yes
  apt_repository:
    repo: ppa:maas/stable
    update_cache: yes
    state: present

- name: MAAS
  become: yes
  apt:
    name: maas=1.9.*
    state: present
    force: yes
    update_cache: yes
    allow_unauthenticated: yes

- name: MAAS Configuration Directory
  become: yes
  file:
    path: /etc/maas
    owner: maas
    group: maas
    mode: 0755
    state: directory

- name: MAAS Automation Storage
  become: yes
  file:
    path: /etc/maas/automation/storage
    owner: maas
    group: maas
    mode: 0777
    state: directory

- name: Host Name Mapping File
  become: yes
  copy:
    src: files/mappings.json
    dest: /etc/maas/mappings.json
    owner: maas
    group: maas
    mode: 0644

- name: Verify MAAS admin User
  become: yes
  shell: maas-region-admin apikey --username=admin 2>/dev/null | wc -l
  register: maas_admin_user_exists
  changed_when: false

- name: MAAS admin User
  become: yes
  command: maas-region-admin createadmin --username=admin --password=admin --email={{ maas.admin_email }}
  when: maas_admin_user_exists.stdout == '0'

- name: Verify MAAS User
  become: yes
  shell: maas-region-admin apikey --username={{ maas.user }} 2>/dev/null | wc -l
  register: maas_user_exists
  changed_when: false

- name: MAAS User
  become: yes
  command: maas-region-admin createadmin --username={{ maas.user }} --password={{ maas.user_password }} --email={{ maas.user_email }}
  when: maas_user_exists.stdout == '0'

- name: MAAS User API Key
  become: yes
  command: maas-region-admin apikey --username={{ maas.user }}
  register: apikey
  changed_when: false

- name: Verify Default Virsh Network
  shell: virsh net-list | grep default | wc -l
  register: virsh_default_network_exists
  changed_when: false

- name: Default Virsh Network Absent
  become: yes
  command: virsh net-destroy default
  when: virsh_default_network_exists.stdout != '0'

- name: Network Masquerading (NAT)
  become: yes
  template:
    src: templates/nat.j2
    dest: /etc/network/if-pre-up.d/nat
    owner: root
    group: root
    mode: 0755

- name: Ensure Masquerading (NAT)
  become: yes
  command: /etc/network/if-pre-up.d/nat report-changed
  register: masq_changed
  changed_when: masq_changed.stdout == 'true'

- name: Management Interface IP Address
  shell: ifconfig {{ interfaces.management }} 2>&1 | grep "inet addr:" | sed -e 's/.*:\([.0-9]*\)[ ]*Bcast.*/\1/g'
  register: mgmt_ip_address
  changed_when: false
  failed_when: mgmt_ip_address.rc != 0 or mgmt_ip_address.stdout == ""

- name: Switch Resource
  include: download.yml
  with_items:
    - { url : "{{ accton_as6712_32x }}", dest : "onie-installer-x86_64-accton_as6712_32x-r0" }
    - { url : "{{ accton_as5712_54x }}", dest : "onie-installer-x86_64-accton_as5712_54x-r0" }
  tags:
    - switch_support

- name: Disable Proxy Access To All
  become: yes
  replace:
    dest: /usr/share/maas/maas-proxy.conf
    regexp: '^(acl localnet src all.*)$'
    replace: '# \1'

- name: Only Allow Proxy Access To POD Management Network
  become: yes
  lineinfile:
    insertafter: '^# acl localnet src all'
    line: "acl localnet src {{ networks.management }} # Only allow the POD management network to use proxy"
    dest: /usr/share/maas/maas-proxy.conf
    state: present

- name: Restart MAAS Services
  become: yes
  service:
    name={{ item }}
    state=restarted
  with_items:
    - maas-proxy
    - maas-regiond
    - maas-clusterd
    - maas-dhcpd
    - bind9
  tags:
    - maas_restart

- name: Wait for MAAS to Intialize (start)
  pause:
    seconds=30
  changed_when: false
  tags:
    - maas_restart

- name: MAAS Accepting API Requests
  action: get_url url=http://{{ mgmt_ip_address.stdout }}/MAAS/api/1.0/maas/ dest=/tmp
  register: api_test
  until: api_test.status_code is defined and api_test.status_code == 403
  retries: 5
  delay: 60
  failed_when: api_test.status_code is not defined or api_test.status_code != 403

- name: Configure MAAS
  become: yes
  command: docker run docker-registry:5000/cord-maas-bootstrap:{{ docker.image_version }} --apikey='{{apikey.stdout}}' --sshkey='{{maas.user_sshkey}}' --url='http://{{mgmt_ip_address.stdout}}/MAAS/api/1.0' --network='{{networks.management}}' --interface='{{interfaces.management}}' --zone='administrative' --cluster='Cluster master' --domain='{{maas.domain}}' --bridge='{{networks.bridge_name}}' --bridge-subnet='{{networks.bridge}}'
  register: maas_config_result
  changed_when: maas_config_result.stdout.find("CHANGED") != -1
  failed_when: "maas_config_result.rc != 0 or 'ERROR' in maas_config_result.stdout"

- name: Custom MAAS Configuration Template
  become: yes
  copy:
    src: files/{{ item.src }}
    dest: "{{ item.dest }}"
    owner: maas
    group: maas
    mode: 0644
  with_items:
    - { src: 'dhcpd.blacklist', dest: '/etc/dhcp' }
    - { src: 'dhcpd.reservations', dest: '/etc/dhcp' }
    - { src: 'dhcp_harvest.inc', dest: '/etc/bind/maas' }
    - { src: 'cnames.inc', dest: '/etc/bind/maas' }
    - { src: 'named.conf.options.inside.maas', dest: '/etc/bind/maas' }
    - { src: 'dhcpd.conf.template', dest: '/etc/maas/templates/dhcp' }
    - { src: 'dhcp_harvest.inc', dest: '/etc/maas/templates/dns' }
    - { src: 'zone.template', dest: '/tmp' }

- name: Ensure RNDC Listens
  become: yes
  lineinfile:
    dest: /etc/bind/maas/named.conf.rndc.maas
    regexp: 'inet .* port 954'
    line: '        inet 0.0.0.0 port 954'
    state: present

- name: Ensure ENDC Allows Trusted
  become: yes
  lineinfile:
    dest: /etc/bind/maas/named.conf.rndc.maas
    regexp: 'allow { .* } keys { "rndc-maas-key"; };'
    line: '                allow { trusted; } keys { "rndc-maas-key"; };'
    state: present

- name: Custom DNS Zone Template
  become: yes
  script: files/update_dns_template.sh {{ networks.management }} {{ maas.domain }}
  register: dns_template_changed
  changed_when: dns_template_changed.stdout == 'true'

- name: Ensure Nameserver
  become: yes
  lineinfile:
    dest: /etc/resolvconf/resolv.conf.d/head
    state: present
    insertafter: EOF
    line: "nameserver {{ mgmt_ip_address.stdout }}"
  register: ns_nameserver

- name: Ensure Domain Search
  become: yes
  lineinfile:
    dest: /etc/resolvconf/resolv.conf.d/base
    state: present
    insertafter: EOF
    line: 'search cord.lab'
  register: ns_search

- name: Ensure DNS Config
  become: yes
  command: resolvconf -u
  when: ns_nameserver.changed or ns_search.changed

- name: Restart MAAS Services
  become: yes
  service:
    name={{ item }}
    state=restarted
  with_items:
    - maas-proxy
    - maas-regiond
    - maas-clusterd
    - maas-dhcpd
  tags:
    - maas_restart

- name: Wait for MAAS to Intialize (start)
  pause:
    seconds=30
  changed_when: false
  tags:
    - maas_restart

- name: Ensure DNS
  become: yes
  service:
    name=bind9
    state=restarted
  when: ns_nameserver.changed or ns_search.changed

- name: MAAS Accepting API Requests
  action: get_url url=http://{{ mgmt_ip_address.stdout }}/MAAS/api/1.0/maas/ dest=/tmp
  register: api_test2
  until: api_test2.status_code is defined and api_test2.status_code == 403
  retries: 5
  delay: 60
  failed_when: api_test2.status_code is not defined or api_test2.status_code != 403

- name: Ensure Boot Resource Import Started
  become: yes
  shell: maas login cord http://localhost/MAAS/api/1.0/ "{{apikey.stdout}}" && maas cord boot-resources import && maas logout cord

- name: Ensure VirtualBox Power Management
  include: virtualbox.yml
  when: virtualbox_support is defined

- name: Ensure MAAS Ansible Config Directory
  become: yes
  file:
    path=/etc/maas/ansible
    owner=maas
    group=maas
    state=directory

- name: Ensure SSH keys for Ansible
  become: yes
  command: cp {{ ansible_env['PWD'] }}/.ssh/id_rsa /etc/maas/ansible/id_rsa

- name: Ensure SSH Key Permissions
  become: yes
  file:
    path: /etc/maas/ansible/id_rsa
    owner: root
    group: root
    mode: 0400

- name: Initialize Interface Configuration Fact
  set_fact:
    interface_config: 0

- name: Set Interface Configuration Fact
  set_fact:
    interface_config: 1
  tags:
    - interface_config

- name: Default VirtualBox Host
  become: no
  set_fact:
    virtualbox_host: "{{ virtualbox.power_helper_host }}"
  when: virtualbox_support is defined
  changed_when: false

- name: Override VirtualBox Host
  become: no
  set_fact:
    virtualbox_host: "{{ discovered_vbox_host.stdout }}"
  when: virtualbox_support is defined and virtualbox_host == ''
  changed_when: false

- name: Custom Automation Compose Configurations
  become: yes
  template:
    src: templates/{{ item }}.j2
    dest: /etc/maas/{{ item }}
    owner: maas
    group: maas
    mode: 0644
  with_items:
    - automation-compose.yml
    - harvest-compose.yml

- name: Automation
  become: yes
  command: docker-compose -f /etc/maas/{{ item }} up -d
  with_items:
    - automation-compose.yml
    - harvest-compose.yml

- name: Wait For Image Download
  shell: maas login cord http://localhost/MAAS/api/1.0/ "{{apikey.stdout}}" > /dev/null 2>&1 && maas cord boot-resources read | jq 'map(select(.type != "Synced"))' && maas  logout  cord > /dev/null 2>&1
  register: images_synced
  until: images_synced.stdout == "[]"
  retries: 5
  delay: 60
  failed_when: images_synced.stdout != "[]"