---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Usage:
#  This common task will update lxc containers to use the lxc-openstack
#  app-armor profile by default however this profile can be changed as needed.

#  This will also load in a list of bind mounts for a given container. To load
#  in a list of bind mounts the variable, "list_of_bind_mounts" must be used
#  containing at least one dictionary with the keys "bind_dir_path",
#  "relative_bind_dir_path", and "mount_path".
#    * bind_dir_path = Container path used in a bind mount
#    * mount_path = Local path on the physical host used for a bind mount

#  If extra container configurations are desirable set the
#  "extra_container_config" list to strings containing the options needed.

- name: Set default bind mounts (bind var/log)
  ansible.builtin.set_fact:
    lxc_default_bind_mounts: '{{ lxc_default_bind_mounts | default([{"bind_dir_path": "/var/log", "mount_path": "/openstack/log/" ~ inventory_hostname}]) }}'
  when:
    - default_bind_mount_logs | bool
  tags:
    - common-lxc

- name: Ensure mount directories exists
  ansible.builtin.file:
    path: "{{ item['mount_path'] }}"
    state: "directory"
  with_items:
    - "{{ lxc_default_bind_mounts | default([]) }}"
    - "{{ list_of_bind_mounts | default([]) }}"
  when:
    - item.create | default('dir') == 'dir'
  delegate_to: "{{ physical_host }}"
  tags:
    - common-lxc

- name: Add bind mount configuration to container
  ansible.builtin.lineinfile:
    dest: "/var/lib/lxc/{{ inventory_hostname }}/config"
    line: "lxc.mount.entry = {{ item['mount_path'] }} {{ item['bind_dir_path'].lstrip('/') }} none bind,create={{ item.create | default('dir') }} 0 0"
    insertbefore: "^lxc.mount.entry = .*\\s{{ item['bind_dir_path'].lstrip('/') | regex_replace('/', '\/') }}.*"
    backup: "true"
  with_items:
    - "{{ lxc_default_bind_mounts | default([]) }}"
    - "{{ list_of_bind_mounts | default([]) }}"
  delegate_to: "{{ physical_host }}"
  register: _mc
  tags:
    - common-lxc

- name: Extra lxc config
  ansible.builtin.lineinfile:
    path: "/var/lib/lxc/{{ inventory_hostname }}/config"
    regexp: "^{{ item.split('=')[0] }} ="
    line: "{{ item.split('=')[0] }} = {{ item.split('=', 1)[1] }}"
    backup: "true"
  with_items: "{{ extra_container_config | default([]) }}"
  delegate_to: "{{ physical_host }}"
  register: _ec
  tags:
    - common-lxc

- name: Extra lxc config no restart
  ansible.builtin.lineinfile:
    path: "/var/lib/lxc/{{ inventory_hostname }}/config"
    regexp: "^{{ item.split('=')[0] }} ="
    line: "{{ item.split('=')[0] }} = {{ item.split('=', 1)[1] }}"
    backup: "true"
  with_items: "{{ extra_container_config_no_restart | default(['lxc.start.order=100']) }}"
  delegate_to: "{{ physical_host }}"
  tags:
    - common-lxc

- name: Check container state
  ansible.builtin.command: "lxc-info -n {{ inventory_hostname }} --state"
  changed_when: false
  delegate_to: "{{ physical_host }}"
  register: _lxc_container_state
  until: _lxc_container_state is success
  retries: 3
  delay: 5
  when:
    - (_mc is defined and _mc is changed) or (_ec is defined and _ec is changed)

# Due to https://github.com/ansible/ansible-modules-extras/issues/2691
# this uses the LXC CLI tools to ensure that we get logging.
# TODO(odyssey4me): revisit this once the bug is fixed and released
# NOTE(cloudnull): The `lxc-stop` command will have an RC of 2 if the command
#                  fails due to a container already being in a stopped state.
- name: Lxc container restart
  ansible.builtin.command: >
    lxc-stop --name {{ inventory_hostname }}
    --logfile {{ lxc_container_log_path }}/lxc-{{ inventory_hostname }}.log
    --logpriority {{ (debug | bool) | ternary('DEBUG', 'INFO') }}
  delegate_to: "{{ physical_host }}"
  register: container_stop
  until: container_stop is success
  retries: 3
  failed_when:
    - container_stop.rc not in [0, 2]
  when:
    - lxc_container_allow_restarts | default(True) | bool
    - (_mc is defined and _mc is changed) or (_ec is defined and _ec is changed)
    - _lxc_container_state.stdout.find('RUNNING') != -1
  tags:
    - common-lxc

# Due to https://github.com/ansible/ansible-modules-extras/issues/2691
# this uses the LXC CLI tools to ensure that we get logging.
# TODO(odyssey4me): revisit this once the bug is fixed and released
- name: Start Container
  ansible.builtin.command: >
    lxc-start --daemon --name {{ inventory_hostname }}
    --logfile {{ lxc_container_log_path }}/lxc-{{ inventory_hostname }}.log
    --logpriority {{ (debug | bool) | ternary('DEBUG', 'INFO') }}
  delegate_to: "{{ physical_host }}"
  register: container_start
  until: container_start is success
  retries: 3
  when:
    - (_mc is defined and _mc is changed) or (_ec is defined and _ec is changed)
  tags:
    - common-lxc

- name: Wait for container tmpfiles-setup finish
  ansible.builtin.raw: systemctl list-units systemd-tmpfiles-setup.service --no-legend | grep 'exited' >/dev/null
  register: systemd_tmpfiles
  until: systemd_tmpfiles.rc == 0
  retries: 20
  delay: 2
  changed_when: false

- name: Wait for container connectivity
  ansible.builtin.wait_for_connection:
    connect_timeout: "{{ lxc_container_wait_params.connect_timeout | default(omit) }}"
    delay: "{{ lxc_container_wait_params.delay | default(omit) }}"
    sleep: "{{ lxc_container_wait_params.sleep | default(omit) }}"
    timeout: "{{ lxc_container_wait_params.timeout | default(omit) }}"
  when:
    - (_mc is defined and _mc is changed) or (_ec is defined and _ec is changed)
  tags:
    - common-lxc