- name: snapd is installed
  apt:
    name: snapd
  become: true

- name: nftables is installed
  apt:
    name: nftables
  become: true
  when: ansible_distribution_release == 'jammy'

- name: allow packets from pod cir
  command: nft insert rule filter openstack-INPUT ip saddr 10.1.0.0/16 accept
  become: true
  when: ansible_distribution_release == 'jammy'

- name: allow packets to pod cir
  command: nft insert rule filter openstack-INPUT ip daddr 10.1.0.0/16 accept
  become: true
  when: ansible_distribution_release == 'jammy'

- name: allow packets to metallb cir
  command: nft insert rule filter openstack-INPUT ip daddr 10.170.0.248/29 accept
  become: true
  when: ansible_distribution_release == 'jammy'

- name: set microk8s related variables
  set_fact:
    microk8s_group: "{{ 'microk8s' if microk8s_classic_mode | default(true) else 'snap_microk8s' }}"
    microk8s_command_escalation: "{{ false if microk8s_classic_mode | default(true) else true }}"

- name: microk8s is installed
  snap:
    name: microk8s
    classic: "{{ microk8s_classic_mode | default(true) }}"
    channel: "{{ microk8s_channel | default('latest/stable') }}"
  become: true

- name: current user is in microk8s group
  user:
    name: "{{ ansible_user }}"
    groups: "{{ microk8s_group }}"
    append: true
  become: true

- name: reset ssh connection to apply permissions from new group
  meta: reset_connection

- name: microk8s status
  block:
    - name: microk8s status
      command:
        cmd: microk8s status --wait-ready --timeout 300
  rescue:
    - name: microk8s inspect
      command:
        cmd: microk8s inspect
      become: "{{ microk8s_command_escalation }}"
    - name: microk8s status
      command:
        # second chance to get status
        cmd: microk8s status

- name: Create docker.io certs dir
  when:
    - docker_mirror is defined
  file:
    path: /var/snap/microk8s/current/args/certs.d/docker.io
    state: directory
    owner: root
    group: "{{ microk8s_group }}"
    mode: '0770'

- name: Render microk8s registry mirror template
  when:
    - docker_mirror is defined
  template:
    src: hosts.j2
    dest: /var/snap/microk8s/current/args/certs.d/docker.io/hosts.toml
    group: "{{ microk8s_group }}"
  vars:
    mirror_location: "{{ docker_mirror }}"
    server: https://docker.io

- name: Check docker.io hosts.toml
  when:
    - docker_mirror is defined
  command:
    cmd: cat /var/snap/microk8s/current/args/certs.d/docker.io/hosts.toml

- name: microk8s is started
  command:
    cmd: microk8s start
  become: "{{ microk8s_command_escalation }}"

- name: microk8s is running and ready
  command:
    cmd: microk8s status --wait-ready
  register: res
  failed_when: '"is running" not in res.stdout'

- name: microk8s dns addon is enabled
  command:
    cmd: microk8s enable dns
  register: res
  changed_when: '"already enabled" not in res.stdout'
  become: "{{ microk8s_command_escalation }}"

- name: microk8s hostpath storage addon is enabled
  command:
    cmd: microk8s enable hostpath-storage
  register: res
  changed_when: '"already enabled" not in res.stdout'
  become: "{{ microk8s_command_escalation }}"

- name: microk8s metallb addon is enabled
  command:
    # ip range is an arbitrary choice; may need to be changed later
    cmd: microk8s enable metallb:10.170.0.248/29
  register: res
  changed_when: '"already enabled" not in res.stdout'
  become: "{{ microk8s_command_escalation }}"

- name: microk8s addons are ready
  command:
    cmd: microk8s status --format short
  register: res
  retries: 18
  delay: 10  # 18 * 10 = 3 minutes
  until: >
    "core/dns: enabled" in res.stdout and
    "core/hostpath-storage: enabled" in res.stdout and
    "core/metallb: enabled" in res.stdout
  changed_when: res.attempts > 1

- name: juju is installed
  snap:
    name: juju
    classic: "{{ juju_classic_mode | default(true) }}"
    channel: "{{ juju_channel | default('latest/stable') }}"
  become: true

- name: Ensure ~/.local/share directory exist
  file:
    path: ~/.local/share
    state: directory

- name: juju is bootstrapped on microk8s
  command:
    cmd: juju bootstrap --config bootstrap-timeout=600 --config caas-image-repo="public.ecr.aws/juju" microk8s microk8s
  register: res
  retries: 3
  delay: 10
  until: >
    "Bootstrap complete" in res.stderr or
    "already exists" in res.stderr
  failed_when: '"ERROR" in res.stderr and "already exists" not in res.stderr'

- name: run microk8s inspect
  command:
    cmd: microk8s inspect
  become: "{{ microk8s_command_escalation }}"
  changed_when: false

- name: current juju controller is microk8s
  command:
    cmd: juju switch microk8s
  register: res
  changed_when: '"no change" not in res.stderr'

- name: Collect snap versions
  command: snap list
  register: snap_out

- name: Show snap versions
  debug: msg="{{ snap_out.stdout }}"