---
# Configure docker for k8s.
- include_tasks: configure_docker.yml

################################################################################
# Install kublet, kudeadm, and kubectl
################################################################################

- name: Install kubectl dependencies.
  package:
    name:
      - apt-transport-https
      - ca-certificates
      - curl
    state: present
  become: true
  when: ansible_os_family == "Debian"

- name: Add GPG key to apt for Ubuntu.
  apt_key:
    url: "{{ apt_gpg_key_url }}"
    id: "{{ apt_gpg_key_fingerprint }}"
    state: present
  become: true
  when: ansible_os_family == "Debian"

- name: Add k8s repository for Debian-like distro.
  apt_repository:
    repo: "{{ apt_repo }}"
    state: present
    update_cache: true
  become: true
  when: ansible_os_family == "Debian"

- name: Add k8s apt preferences file to pin a version.
  template:
    src: apt-preferences-k8s.j2
    dest: /etc/apt/preferences.d/kubernetes
    mode: 0644
  become: true
  when: ansible_os_family == "Debian"

- name: Install kubectl.
  package:
    name:
      - kubectl
      - kubeadm
      - kubelet
    state: present
  become: true
  when: ansible_os_family == "Debian"

- name: Add k8s repo for RedHat-like distro.
  yum_repository:
    name: kubernetes
    description: kubernetes
    baseurl: "{{ rh_yum_base_url }}"
    enabled: true
    gpgcheck: true
    repo_gpgcheck: true
    gpgkey: "{{ rh_yum_gpg_key }}"
    exclude: kubelet kudeadm kubectl
  become: true
  register: yum_repo
  when: ansible_os_family == 'RedHat'

- name: debug
  debug:
    var: kubernetes_role

- name: Set SELinux to permissive mode.
  selinux:
    policy: targeted
    state: permissive
  become: true
  when: ansible_os_family == 'RedHat'

- name: Update SELinux config to set it to permissive mode at boot.
  replace:
    path: /etc/selinux/config
    regexp: '^SELINUX=enforcing$'
    replace: 'SELINUX=permissive'
  become: true
  when: ansible_os_family == 'RedHat'

- name: Install kubelet, kubectl, and kubeadm.
  yum:
    name:
      - kubelet
      - kubectl
      - kubeadm
    state: present
    disable_excludes: kubernetes
  become: true
  when: ansible_os_family == 'RedHat'

################################################################################
# sysctl stuff
# https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#letting-iptables-see-bridged-traffic
################################################################################

- name: Force kernel modules to load.
  copy:
    dest: /etc/modules-load.d/k8s.conf
    content: br_netfilter
    mode: 0644
  become: true

- name: Let iptables see bridged traffic.
  sysctl:
    name: "{{ item }}"
    value: '1'
    state: present
  become: true
  loop:
    - net.bridge.bridge-nf-call-iptables
    - net.bridge.bridge-nf-call-ip6tables

################################################################################

- name: Ensure kubelet is started and enabled at boot.
  service:
    name: kubelet
    state: started
    enabled: true
  become: true

################################################################################

# STARTHERE This command is failing on centos7 machine even though the command
# works manually.
#- name: Get swap status w/ shell.
#  shell: swapon -s
- name: Get swap status.
  command: swapon -s
  # It's unclear why you need to be root for this commend. This command works
  # fine manually as the admin user, but the only way I could get this script to
  # work was to become root.
  become: true
  changed_when: false
  register: swap_status
- name: Disable swap if needed.
  command: swapoff -a
  become: true
  changed_when: true
  when: swap_status.stdout | length > 0
- name: comment out swap in fstab.
  replace:
    path: /etc/fstab
    regexp: '^([^#].*swap.*)$'
    replace: '# \1'
  become: true

################################################################################
# master
################################################################################

- name: Check the docker images currently on machine.
  command: docker images
  # We do this as root because the docker admin will not be able to until we
  # reset the connection. We could just as well do a reset here.
  become: true
  register: docker_images
  changed_when: false

# TODO REM make these images full paths. and vars
# TODO REM check nodes id they hae these images also.
- name: Pre-grab the container images for the static pods.
  command: kubeadm config images pull
  # We do this as root because the docker admin will not be able to until we
  # reset the connection. We could just as well do a reset here.
  become: true
  changed_when: true
  when: >
    ( 'kube-apiserver' not in docker_images.stdout or
      'kube-controller-manager' not in docker_images.stdout or
      'kube-scheduler' not in docker_images.stdout or
      'kube-proxy' not in docker_images.stdout or
      'etcd' not in docker_images.stdout or
      'coredns' not in docker_images.stdout or
      'pause' not in docker_images.stdout )

- name: Initialize Kubernetes master with kubeadm init
  command:
    cmd: "{{ kubeadm_init_command }}"
    creates: /etc/kubernetes/admin.conf
  become: true
  # TODO REM do we need this register?
  register: kubeadmin_init
  ignore_errors: true
  when: kubernetes_role == 'master'

- name: Debug kubectl init.
  debug:
    var: kubeadmin_init
  when: kubernetes_role == 'master'

# TODO REM find a way to copy this file to local machine.
- name: Ensure .kube directory exists.
  file:
    path: ~/.kube
    state: directory
    mode: 0700
  when: kubernetes_role == 'master'

- name: Copy the kubectl admin.conf to ~/.kube/conf.
  copy:
    src: /etc/kubernetes/admin.conf
    remote_src: true
    dest: "/home/{{ ansible_user }}/.kube/config"
    mode: 0600
    owner: "{{ ansible_user }}"
  become: true
  when: kubernetes_role == 'master'

################################################################################
# Join nodes to cluster.
################################################################################

- name: Print the role.
  debug:
    var: kubernetes_role
- name: Get the kubeadm join command from the Kubernetes master.
  command: kubeadm token create --print-join-command
  changed_when: false
  when: kubernetes_role == 'master'
  register: kubernetes_join_command_result

# TODO REM remove this
- name: debug
  debug:
    var: kubernetes_join_command_result

# STARTHERE try to open firewall stuff on centos 7.
# This is not how we want to do this just grab the join command from a mater no
# need to set a fact.
#- name: Set the kubeadm join command globally.
#  set_fact:
#    kubernetes_join_command: "{{ kubernetes_join_command_result.stdout }}"
#  when: kubernetes_join_command_result.stdout is defined
#  delegate_to: "{{ item }}"
#  delegate_facts: true
#  with_items: "{{ groups['all'] }}"
#
#- name: Join node to cluster.
#  command:
#    cmd: "{{ kubernetes_join_command }}"
#    creates: /etc/kubernetes/kubelet.conf
#  become: true
#  when: kubernetes_role == 'worker'
#
#################################################################################
## calico
#################################################################################
#
#- name: Check if calico is already deployed by getting all pods.
#  command: kubectl get pods --all-namespaces
#  ignore_errors: true
#  changed_when: false
#  register: pods
#  when: kubernetes_role == 'master'
#
#- name: Deploy Calico if not already installed.
#  command: "kubectl apply -f {{ calico_manifest_url }}"
#  register: calico_result
#  changed_when: "'created' in calico_result.stdout"
#  when: kubernetes_role == 'master' and 'calico' not in pods.stdout