/home/zuul/src/opendev.org/openstack/openstack-ansible-lxc_hosts/tasks/lxc_cache_preparation.yml
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Pull systemd version
  command: "systemctl --version"
  changed_when: false
  register: systemd_version
  tags:
    # Avoid ANSIBLE0006 lint issue: systemctl used in place of systemd module
    - skip_ansible_lint
    - always

- block:
    - name: Create machined proxy override unit directories
      file:
        path: "/etc/systemd/system/{{ item }}"
        owner: root
        group: root
        mode: '0755'
        state: directory
      with_items:
        - systemd-machined.service.d
        - systemd-importd.service.d

    - name: Drop the machined proxy override units
      template:
        src: systemd-proxy-unit.conf.j2
        dest: /etc/systemd/system/{{ item }}/proxy.conf
        owner: root
        group: root
        mode: '0644'
      with_items:
        - systemd-machined.service.d
        - systemd-importd.service.d
  when:
    - (deployment_environment_variables | default({})).keys() | length > 0

- include_tasks: lxc_volume.yml

- include_tasks: "lxc_cache_preparation_systemd_{{ (systemd_version.stdout_lines[0].split()[-1] | int > 219) | ternary('new', 'old') }}.yml"

- name: Set the qgroup limits
  block:
    - name: Set the qgroup size|compression limits on machines
      command: "btrfs qgroup limit {{ item }} {{ lxc_image_cache_path }}"
      changed_when: false
      with_items:
        - "-e {{ lxc_host_machine_qgroup_space_limit }}"
        - "-c {{ lxc_host_machine_qgroup_compression_limit }}"
      when:
        - not lxc_host_machine_quota_disabled
  rescue:
    - name: Notice regarding quota system
      debug:
        msg: >-
          There was an error processing the setup of qgroups. Check the system
          to ensure they're available otherwise disable the quota system by
          setting `lxc_host_machine_quota_disabled` to true.

# NOTE(cloudnull): We're using rsync  and an if block because we've no means
#                  to loop over a block. Re-evaluate this task when/if this is
#                  merged https://github.com/ansible/ansible/issues/13262
- name: Rsyncing files from the LXC host to the container cache
  shell: |
    if [[ -e "{{ item }}" ]]; then
      rsync -av "{{ item }}" "{{ lxc_image_cache_path }}{{ item }}"
    else
      exit 3
    fi
  changed_when: _rsync_container_cache.rc == 0
  failed_when: _rsync_container_cache.rc not in [0, 3]
  register: _rsync_container_cache
  args:
    executable: "/bin/bash"
  with_items: "{{ (lxc_cache_map.copy_from_host | union(lxc_container_cache_files_from_host)) | list }}"

- name: Ensure directories exist for lxc_container_cache_files
  file:
    dest: "{{ lxc_image_cache_path }}{{ item.dest | default(item.src) | dirname }}"
    state: directory
  with_items: "{{ lxc_container_cache_files }}"

- name: Copy files from deployment host to the container cache
  copy:
    src: "{{ item.src }}"
    dest: "{{ lxc_image_cache_path }}{{ item.dest | default(item.src) }}"
    owner: "{{ item.owner | default('root') }}"
    group: "{{ item.group | default('root') }}"
    mode: "{{ item.mode | default('0644') }}"
  with_items: "{{ lxc_container_cache_files }}"

- name: Ensure opt directory exists in container
  file:
    dest: "{{ lxc_image_cache_path }}/opt"
    state: directory

- name: Cached image preparation script
  template:
    src: "{{ lxc_cache_prep_template }}"
    dest: "{{ lxc_image_cache_path }}/opt/cache-prep-commands.sh"
    mode: "0755"

# This task runs several commands against the cached image to speed up the
# lxc_container_create playbook.
- name: Prepare cached image setup commands
  shell: "chroot {{ lxc_image_cache_path }} /opt/cache-prep-commands.sh > /var/log/lxc-cache-prep-commands.log 2>&1"
  changed_when: false
  async: "{{ lxc_cache_prep_timeout | int }}"
  poll: 0
  register: _lxc_cache_prepare_commands

- name: Obtain the deploy system's ssh public key
  set_fact:
    lxc_container_ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
  when: lxc_container_ssh_key is not defined

- name: Deploy ssh public key into the cached image
  lineinfile:
    dest: "{{ lxc_image_cache_path }}/root/.ssh/authorized_keys"
    line: "{{ lxc_container_ssh_key }}"
    create: true

# NOTE(cloudnull): Wait for the cache preparation script has completed before
#                  building the new RootFS
- name: Ensure that the LXC cache has been prepared
  async_status:
    jid: "{{ _lxc_cache_prepare_commands.ansible_job_id }}"
  register: _lxc_cache_prepare_commands_result
  until: _lxc_cache_prepare_commands_result.finished
  delay: 10
  retries: "{{ lxc_cache_prep_timeout | int // 10 }}"

- name: Remove requiretty for sudo on centos
  template:
    dest: "{{ lxc_image_cache_path }}/etc/sudoers.d/openstack-ansible"
    owner: root
    group: root
    mode: "0440"
    src: sudoers.j2
  when:
    - ansible_pkg_mgr == 'yum'

- name: Adjust sshd configuration in container
  lineinfile:
    dest: "{{ lxc_image_cache_path }}/etc/ssh/sshd_config"
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
    state: present
  with_items: "{{ lxc_cache_sshd_configuration }}"