---
# SPDX-license-identifier: Apache-2.0
##############################################################################
# Copyright (c) 2018
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
- hosts: localhost
  become: yes
  vars:
    images_file: /tmp/images.yaml
  pre_tasks:
    - name: Load krd variables
      include_vars:
        file: krd-vars.yml
  roles:
    - role: andrewrothstein.kubectl
      kubectl_ver: "v{{ kubectl_version }}"
    - role: geerlingguy.docker
      when: virtlet_source_type == "source"
  tasks:
    - name: create Virtlet binary folder
      file:
        state: directory
        path: "{{ virtlet_dest }}"
    - name: apply virtlet extraRuntime label
      command: "/usr/local/bin/kubectl label node {{ item }} extraRuntime=virtlet --overwrite"
      with_inventory_hostnames: virtlet
    - name: create image translations confimap file
      blockinfile:
        path: "{{ images_file }}"
        create: yes
        block: |
          translations:
            - name: ubuntu/14.04
              url: https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img
            - name: ubuntu/16.04
              url: https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img
            - name: ubuntu/18.04
              url: https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img
            - regexp: 'centos/(\d+)-(\d+)'
              url: 'https://cloud.centos.org/centos/$1/images/CentOS-$1-x86_64-GenericCloud-$2.qcow2'
            - name: fedora
              url: https://download.fedoraproject.org/pub/fedora/linux/releases/27/CloudImages/x86_64/images/Fedora-Cloud-Base-27-1.6.x86_64.qcow2
          {% if lookup('env','http_proxy') != "" %}
          transports:
            "":
              proxy: "{{ lookup('env','http_proxy') }}"
          {% endif %}
    - name: install image translations configmap
      shell: "/usr/local/bin/kubectl create configmap -n kube-system virtlet-image-translations --from-file {{ images_file }} --dry-run -o yaml | /usr/local/bin/kubectl apply -f -"
      ignore_errors: True
    - name: create Virtlet folder
      file:
        state: directory
        path: "{{ virtlet_dest }}"
    - name: getting source code
      block:
      - name: clone Virtlet repo
        git:
          repo: "{{ virtlet_url }}"
          dest: "{{ virtlet_dest }}"
          version: "{{ virtlet_version }}"
          force: yes
      - name: configure proxy values for docker service
        block:
        - name: create docker config folder
          file:
            state: directory
            path: "/etc/systemd/system/docker.service.d"
        - name: Configure docker service to use http_proxy env value
          blockinfile:
            dest: "/etc/systemd/system/docker.service.d/http-proxy.conf"
            create: yes
            block: |
              [Service]
              Environment="HTTP_PROXY={{ lookup('env','http_proxy') }}"
          when:
            - lookup('env','http_proxy') != "fooproxy"
        - name: Configure docker service to use https_proxy env value
          blockinfile:
            dest: "/etc/systemd/system/docker.service.d/https-proxy.conf"
            create: yes
            block: |
              [Service]
              Environment="HTTPS_PROXY={{ lookup('env','https_proxy') }}"
          when:
            - lookup('env','https_proxy') != "fooproxy"
        - name: Configure docker service to use no_proxy env value
          blockinfile:
            dest: "/etc/systemd/system/docker.service.d/no-proxy.conf"
            create: yes
            block: |
              [Service]
              Environment="NO_PROXY={{ lookup('env','no_proxy') }}"
          when:
            - lookup('env','no_proxy') != "fooproxy"
        - name: reload systemd
          command: systemctl daemon-reload
        - name: restart docker service
          service:
            name: docker
            state: restarted
        when: lookup('env','http_proxy') != "fooproxy" or lookup('env','https_proxy') != "fooproxy" or lookup('env','no_proxy') != "fooproxy"
      - name: build virtlet source code
        command: ./cmd.sh build
        args:
          chdir: "{{ virtlet_dest }}/build"
        environment:
          http_proxy: "{{ lookup('env','http_proxy') }}"
          https_proxy: "{{ lookup('env','https_proxy') }}"
          no_proxy: "{{ lookup('env','no_proxy') }}"
      when: virtlet_source_type == "source"
    - name: download virtletctl
      get_url:
        url: "{{ virtlet_url }}"
        dest: "{{ virtlet_dest }}/virtletctl"
      when: virtlet_source_type == "binary"
    - name: set virtletctl execution permissions
      file:
        path: "{{ virtlet_dest }}/virtletctl"
        mode: "+x"
    - name: install virtletctl as kubectl plugin
      command: "{{ virtlet_dest }}/virtletctl install"
    - name: create Virtlet k8s objects
      shell: "/usr/local/bin/kubectl plugin virt gen | /usr/local/bin/kubectl apply -f -"
      ignore_errors: True
    - name: wait for Virtlet daemonset
      shell: "/usr/local/bin/kubectl get ds virtlet -n=kube-system -o=jsonpath --template={.status.numberReady}"
      register: daemonset
      until:
        - '1'
      retries: 6
      delay: 10

- hosts: virtlet
  become: yes
  tasks:
    - name: Load krd variables
      include_vars:
        file: krd-vars.yml
    - name: create CRIProxy binary folder
      file:
        state: directory
        path: "{{ criproxy_dest }}"
    - name: disable AppArmor in all nodes
      service:
        name: apparmor
        state: stopped
        enabled: no
      when: ansible_os_family == "Debian"
    - name: modify args for kubelet service
      lineinfile:
        dest: /etc/systemd/system/kubelet.service
        line: "                --container-runtime=remote --container-runtime-endpoint=unix:///run/criproxy.sock --image-service-endpoint=unix:///run/criproxy.sock --enable-controller-attach-detach=false \\"
        insertafter: '^ExecStart=/usr/local/bin/kubelet *'
        state: present
    - name: create dockershim service
      blockinfile:
        path: /etc/systemd/system/dockershim.service
        create: yes
        block: |
          [Unit]
          Description=dockershim for criproxy

          [Service]
          EnvironmentFile=-/etc/kubernetes/kubelet.env
          ExecStartPre=-/bin/mkdir -p /var/lib/kubelet/volume-plugins
          ExecStart=/usr/local/bin/kubelet --experimental-dockershim --port 11250 \
                $KUBE_LOGTOSTDERR \
                $KUBE_LOG_LEVEL \
                $KUBELET_API_SERVER \
                $KUBELET_ADDRESS \
                $KUBELET_PORT \
                $KUBELET_HOSTNAME \
                $KUBE_ALLOW_PRIV \
                $KUBELET_ARGS \
                $DOCKER_SOCKET \
                $KUBELET_NETWORK_PLUGIN \
                $KUBELET_VOLUME_PLUGIN \
                $KUBELET_CLOUDPROVIDER
          Restart=always
          StartLimitInterval=0
          RestartSec=10

          [Install]
          RequiredBy=criproxy.service
    - name: getting source code
      block:
      - name: clone CRIProxy repo
        git:
          repo: "{{ criproxy_url }}"
          dest: "{{ criproxy_dest }}"
          version: "{{ criproxy_version }}"
          force: yes
      - name: build criproxy source code
        command: ./build-package.sh
        args:
          chdir: "{{ criproxy_dest }}"
      when: criproxy_source_type == "source"
    - name: download CRIproxy package
      get_url:
        url: "{{ criproxy_url }}"
        dest: "{{ criproxy_dest }}/criproxy"
      when: criproxy_source_type == "binary"
    - name: set criproxy execution permissions
      file:
        path: "{{ criproxy_dest }}/criproxy"
        mode: "+x"
    - name: create criproxy service
      blockinfile:
        path: /etc/systemd/system/criproxy.service
        create: yes
        block: |
          [Unit]
          Description=CRI Proxy

          [Service]
          ExecStart={{ criproxy_dest }}/criproxy -v 3 -logtostderr -connect /var/run/dockershim.sock,virtlet.cloud:/run/virtlet.sock -listen /run/criproxy.sock
          Restart=always
          StartLimitInterval=0
          RestartSec=10

          [Install]
          WantedBy=kubelet.service
    - name: start criproxy and dockershim services
      service:
        name: "{{ item }}"
        state: started
        enabled: yes
      with_items:
      - dockershim
      - criproxy
    - name: restart kubelet services
      service:
        name: kubelet
        state: restarted