---
- name: Install Wireguard
  include_role:
    name: wireguard
#  when:
#    - kubernetes_cni == "wireguard"

- name: Import Rancher key
  ansible.builtin.rpm_key:
    state: present
    key: https://rpm.rancher.io/public.key
  when:
    - ansible_os_family == "RedHat"

- name: Install the k3s-selinux rpm from a remote repo for yum distro
  yum:
    name: "https://github.com/k3s-io/k3s-selinux/releases/download/v1.1.stable.1/k3s-selinux-1.1-1.el7.noarch.rpm"
    state: present
  when:
    - ansible_pkg_mgr == "yum"
    - ansible_os_family == "RedHat"
    - ansible_distribution_major_version == '7'

- name: Install the k3s-selinux rpm from a remote repo for dnf distro
  dnf:
    name: "https://github.com/k3s-io/k3s-selinux/releases/download/v1.1.stable.1/k3s-selinux-1.1-1.el8.noarch.rpm"
    state: present
  when:
    - ansible_pkg_mgr == "dnf"
    - ansible_os_family == "RedHat"
    - ansible_distribution_major_version == '8'

- name: Check if /usr/local/bin/k3s already existe
  stat:
    path: /usr/local/bin/k3s
  register: k3s_bin
  changed_when: False

- name: retreive k3s binary for x86_64
  get_url:
    url: "https://github.com/rancher/k3s/releases/download/v1.23.6%2Bk3s1/k3s"
    dest: "/usr/local/bin/k3s"
    group: root
    owner: root
    mode: 0755
  when:
    - not k3s_bin.stat.exists
    - ansible_machine == "x86_64"

- name: retreive k3s binary for arm64
  get_url:
    url: "https://github.com/rancher/k3s/releases/download/v1.23.6%2Bk3s1/k3s-arm64"
    dest: "/usr/local/bin/k3s"
    group: root
    owner: root
    mode: 0755
  when:
    - not k3s_bin.stat.exists
    - ansible_machine == "arm64"

- name: retreive k3s binary for armv6/armv7
  get_url:
    url: "https://github.com/rancher/k3s/releases/download/v1.23.6%2Bk3s1/k3s-armhf"
    dest: "/usr/local/bin/k3s"
    group: root
    owner: root
    mode: 0755
  when:
    - not k3s_bin.stat.exists
    - (ansible_machine == "armv7l") or (ansible_machine == "armv6l")

- name: Create tools link
  file:
    src: "k3s"
    dest: "/usr/local/bin/{{ item }}"
    owner: root
    group: root
    state: link
  with_items:
    - "kubectl"
    - "crictl"
    - "ctr"

- name: Create thin volumes for k3s
  lvol:
    vg: "{{ item.vg }}"
    lv: "{{ item.name }}"
    thinpool: kubernetes
    size: "{{ item.size }}"
  with_items:
    - { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"}

- name: create file system on containerd lv
  filesystem:
    fstype: ext4
    dev: "/dev/{{ item.vg }}/{{ item.name }}"
  with_items:
    - { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"}

- name: mount logical volumes
  mount:
    name: "{{ item.mount_point }}"
    src: "/dev/{{ item.vg }}/{{ item.name }}"
    fstype: ext4
    opts: "{{ item.mount_opts }}"
    state: mounted
  with_items:
    - { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"}

- name: Audit policies directory
  file:
    path: "/etc/kubernetes/policies"
    state: directory
    owner: root
    group: root
    mode: 0700
  when:
    - kubernetes_master|bool

- name: Configure audit policy
  copy:
    src: "etc/kubernetes/policies/audit-policy.yaml"
    dest: "/etc/kubernetes/policies/audit-policy.yaml"
    group: root
    owner: root
    mode: 0644
  when:
    - kubernetes_master|bool

# Check controlers
- name: Check if /etc/rancher/k3s/k3s.yaml already existe
  stat:
    path: /etc/rancher/k3s/k3s.yaml
  register: st
  changed_when: False
  when:
    - kubernetes_master|bool

- name: Create KubernetesMasterConfigured group
  group_by:
    key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }}
  when:
    - kubernetes_master|bool
    - st.stat.exists

# First controler
- name: Configure first controler
#  run_once: true
  block:
  - name: Deploy systemd service
    template:
      src: "{{ item }}.j2"
      dest: "{{ item }}"
      owner: root
      group: root
      mode: 0600
    with_items:
      - "etc/systemd/system/k3s.service"
      - "etc/systemd/system/k3s.service.env"
      - "etc/rancher/k3s/config.yaml"
    when:
      - ansible_service_mgr == "systemd"

  - name: Reload systemd
    ansible.builtin.systemd:
      daemon_reload: yes

  - name: Enable k3s on boot
    service:
      name: k3s
      state: started
      enabled: yes

  - name: Wait for k3s.yaml
    wait_for:
      path: /etc/rancher/k3s/k3s.yaml

  - name: Wait for token
    wait_for:
      path: /var/lib/rancher/k3s/server/token

  - name: Add {{ ansible_hostname }} to KubernetesMasterConfigured group
    group_by:
      key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }}

  when:
    - kubernetes_master|bool
    - vars['KubernetesMasterConfigured_' ~ kubernetes_cluster_name] is not defined



# Manque kubernetes_server_token, kubernetes_master url

#- name: Deploy systemd service
#  template:
#    src: "etc/systemd/system/{{ item }}.j2"
#    dest: "/etc/systemd/system/{{ item }}"
#    owner: root
#    group: root
#    mode: 0600
#  with_items:
#    - "k3s.service"
#    - "k3s.service.env"
#  when:
#    - ansible_service_mgr == "systemd"



- name: Enable k3s on boot
  service:
    name: k3s
    state: started
    enabled: yes