# Copyright (c) 2022 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: Generate workspace for Atmosphere
  hosts: localhost
  gather_facts: false
  tasks:
    - name: Create folders for workspace
      ansible.builtin.file:
        path: "{{ workspace_path }}/{{ item }}"
        state: directory
      loop:
        - group_vars
        - group_vars/all
        - group_vars/controllers
        - group_vars/cephs
        - group_vars/computes
        - host_vars

- name: Generate Ceph control plane configuration for workspace
  hosts: localhost
  gather_facts: false
  vars:
    _ceph_path: "{{ workspace_path }}/group_vars/all/ceph.yml"
    # Input variables
    ceph_fsid: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
    ceph_public_network: 10.96.240.0/24
  tasks:
    - name: Ensure the Ceph control plane configuration file exists
      ansible.builtin.file:
        path: "{{ _ceph_path }}"
        state: touch

    - name: Load the current Ceph control plane configuration into a variable
      ansible.builtin.include_vars:
        file: "{{ _ceph_path }}"
        name: ceph

    - name: Generate Ceph control plane values for missing variables
      ansible.builtin.set_fact:
        ceph: "{{ ceph | default({}) | combine({item.key: item.value}) }}"
      # NOTE(mnaser): We don't want to override existing Ceph configurations,
      #               so we generate a stub one if and only if it doesn't exist
      when: item.key not in ceph
      # NOTE(mnaser): This is absolutely hideous but there's no clean way of
      #               doing this using `with_fileglob` or `with_filetree`
      with_dict:
        ceph_mon_fsid: "{{ ceph_fsid }}"
        ceph_mon_public_network: "{{ ceph_public_network }}"

    - name: Write new Ceph control plane configuration file to disk
      ansible.builtin.copy:
        content: "{{ ceph | to_nice_yaml(indent=2, width=180) }}"
        dest: "{{ _ceph_path }}"

- name: Generate Ceph OSD configuration for workspace
  hosts: localhost
  gather_facts: false
  vars:
    _ceph_osd_path: "{{ workspace_path }}/group_vars/cephs/osds.yml"
  tasks:
    - name: Ensure the Ceph OSDs configuration file exists
      ansible.builtin.file:
        path: "{{ _ceph_osd_path }}"
        state: touch

    - name: Load the current Ceph OSDs configuration into a variable
      ansible.builtin.include_vars:
        file: "{{ _ceph_osd_path }}"
        name: ceph_osd

    - name: Generate Ceph OSDs values for missing variables
      ansible.builtin.set_fact:
        ceph_osd: "{{ ceph_osd | default({}) | combine({item.key: item.value}) }}"
      # NOTE(mnaser): We don't want to override existing Ceph configurations,
      #               so we generate a stub one if and only if it doesn't exist
      when: item.key not in ceph_osd
      # NOTE(mnaser): This is absolutely hideous but there's no clean way of
      #               doing this using `with_fileglob` or `with_filetree`
      with_dict:
        ceph_osd_devices:
          - /dev/vdb
          - /dev/vdc
          - /dev/vdd

    - name: Write new Ceph OSDs configuration file to disk
      ansible.builtin.copy:
        content: "{{ ceph_osd | to_nice_yaml(indent=2, width=180) }}"
        dest: "{{ _ceph_osd_path }}"

- name: Generate Kubernetes configuration for workspace
  hosts: localhost
  gather_facts: false
  vars:
    _kubernetes_path: "{{ workspace_path }}/group_vars/all/kubernetes.yml"
  tasks:
    - name: Ensure the Kubernetes configuration file exists
      ansible.builtin.file:
        path: "{{ _kubernetes_path }}"
        state: touch

    - name: Load the current Kubernetes configuration into a variable
      ansible.builtin.include_vars:
        file: "{{ _kubernetes_path }}"
        name: kubernetes

    - name: Generate Kubernetes values for missing variables
      ansible.builtin.set_fact:
        kubernetes: "{{ kubernetes | default({}) | combine({item.key: item.value}) }}"
      # NOTE(mnaser): We don't want to override existing Ceph configurations,
      #               so we generate a stub one if and only if it doesn't exist
      when: item.key not in kubernetes
      # NOTE(mnaser): This is absolutely hideous but there's no clean way of
      #               doing this using `with_fileglob` or `with_filetree`
      with_dict:
        kubernetes_hostname: 10.96.240.10
        kubernetes_keepalived_vrid: 42
        kubernetes_keepalived_vip: 10.96.240.10

    - name: Write new Kubernetes configuration file to disk
      ansible.builtin.copy:
        content: "{{ kubernetes | to_nice_yaml(indent=2, width=180) }}"
        dest: "{{ _kubernetes_path }}"

- name: Generate Keepalived configuration for workspace
  hosts: localhost
  gather_facts: false
  vars:
    _keepalived_path: "{{ workspace_path }}/group_vars/all/keepalived.yml"
  tasks:
    - name: Ensure the Keeaplived configuration file exists
      ansible.builtin.file:
        path: "{{ _keepalived_path }}"
        state: touch

    - name: Load the current Keepalived configuration into a variable
      ansible.builtin.include_vars:
        file: "{{ _keepalived_path }}"
        name: keepalived

    - name: Generate Keepalived values for missing variables
      ansible.builtin.set_fact:
        keepalived: "{{ keepalived | default({}) | combine({item.key: item.value}) }}"
      # NOTE(mnaser): We don't want to override existing Keepalived configurations,
      #               so we generate a stub one if and only if it doesn't exist
      when: item.key not in keepalived
      # NOTE(mnaser): This is absolutely hideous but there's no clean way of
      #               doing this using `with_fileglob` or `with_filetree`
      with_dict:
        keepalived_interface: br-ex
        keepalived_vip: 10.96.250.10

    - name: Write new Keepalived configuration file to disk
      ansible.builtin.copy:
        content: "{{ keepalived | to_nice_yaml(indent=2, width=180) }}"
        dest: "{{ _keepalived_path }}"

- name: Generate endpoints for workspace
  hosts: localhost
  vars:
    _endpoints_path: "{{ workspace_path }}/group_vars/all/endpoints.yml"
    # Input variables
    region_name: RegionOne
    domain_name: vexxhost.cloud
  tasks:
    - name: Ensure the endpoints file exists
      ansible.builtin.file:
        path: "{{ _endpoints_path }}"
        state: touch

    - name: Load the current endpoints into a variable
      ansible.builtin.include_vars:
        file: "{{ _endpoints_path }}"
        name: endpoints

    - name: Generate endpoint skeleton for missing variables
      ansible.builtin.set_fact:
        endpoints: |
          {{
            endpoints |
              default({}) |
                combine({item: default_map[item]})
          }}
      # NOTE(mnaser): We don't want to override existing endpoints, so we generate
      #               a stub one if and only if it doesn't exist
      when: item not in endpoints
      # NOTE(mnaser): This is absolutely hideous but there's no clean way of
      #               doing this using `with_fileglob` or `with_filetree`
      with_lines: >
        ls {{ playbook_dir }}/../roles/*/defaults/main.yml |
          xargs grep undef |
            egrep '(_host|region_name)' |
              cut -d':' -f2
      # NOTE(mnaser): We use these variables to generate map of service name to
      #               service type in order to generate the URLs
      vars:
        default_map:
          keycloak_host: "keycloak.{{ domain_name }}"
          kube_prometheus_stack_prometheus_host: "prometheus.{{ domain_name }}"
          kube_prometheus_stack_alertmanager_host: "alertmanager.{{ domain_name }}"
          kube_prometheus_stack_grafana_host: "grafana.{{ domain_name }}"
          openstack_helm_endpoints_region_name: "{{ region_name }}"
          openstack_helm_endpoints_barbican_api_host: "key-manager.{{ domain_name }}"
          openstack_helm_endpoints_cinder_api_host: "volume.{{ domain_name }}"
          openstack_helm_endpoints_designate_api_host: "dns.{{ domain_name }}"
          openstack_helm_endpoints_glance_api_host: "image.{{ domain_name }}"
          openstack_helm_endpoints_heat_api_host: "orchestration.{{ domain_name }}"
          openstack_helm_endpoints_heat_cfn_api_host: "cloudformation.{{ domain_name }}"
          openstack_helm_endpoints_horizon_api_host: "dashboard.{{ domain_name }}"
          openstack_helm_endpoints_ironic_api_host: "baremetal.{{ domain_name }}"
          openstack_helm_endpoints_keystone_api_host: "identity.{{ domain_name }}"
          openstack_helm_endpoints_neutron_api_host: "network.{{ domain_name }}"
          openstack_helm_endpoints_nova_api_host: "compute.{{ domain_name }}"
          openstack_helm_endpoints_nova_novnc_host: "vnc.{{ domain_name }}"
          openstack_helm_endpoints_octavia_api_host: "load-balancer.{{ domain_name }}"
          openstack_helm_endpoints_placement_api_host: "placement.{{ domain_name }}"
          openstack_helm_endpoints_magnum_api_host: "container-infra.{{ domain_name }}"
          openstack_helm_endpoints_magnum_registry_host: "container-infra-registry.{{ domain_name }}"
          openstack_helm_endpoints_rgw_host: "object-store.{{ domain_name }}"
          openstack_helm_endpoints_manila_api_host: "share.{{ domain_name }}"

    - name: Write new endpoints file to disk
      ansible.builtin.copy:
        content: "{{ endpoints | to_nice_yaml(indent=2, width=180) }}"
        dest: "{{ _endpoints_path }}"

    - name: Ensure the endpoints file exists
      ansible.builtin.file:
        path: "{{ _endpoints_path }}"
        state: touch

- name: Generate Neutron configuration for workspace
  hosts: localhost
  gather_facts: false
  vars:
    _neutron_path: "{{ workspace_path }}/group_vars/all/neutron.yml"
    # Input variables
  tasks:
    - name: Ensure the Neutron configuration file exists
      ansible.builtin.file:
        path: "{{ _neutron_path }}"
        state: touch

    - name: Load the current Neutron configuration into a variable
      ansible.builtin.include_vars:
        file: "{{ _neutron_path }}"
        name: neutron

    - name: Generate Neutron values for missing variables
      ansible.builtin.set_fact:
        neutron: "{{ neutron | default({}) | combine({item.key: item.value}) }}"
      # NOTE(mnaser): We don't want to override existing Ceph configurations,
      #               so we generate a stub one if and only if it doesn't exist
      when: item.key not in neutron
      with_dict:
        neutron_networks:
          - name: public
            external: true
            shared: true
            mtu_size: 1500
            port_security_enabled: true
            provider_network_type: flat
            provider_physical_network: external
            subnets:
              - name: public-subnet
                cidr: 10.96.250.0/24
                gateway_ip: 10.96.250.10
                allocation_pool_start: 10.96.250.200
                allocation_pool_end: 10.96.250.220
                enable_dhcp: true

    - name: Write new Neutron configuration file to disk
      ansible.builtin.copy:
        content: "{{ neutron | to_nice_yaml(indent=2, width=180) }}"
        dest: "{{ _neutron_path }}"

- name: Generate Nova configuration for workspace
  hosts: localhost
  gather_facts: false
  vars:
    _nova_path: "{{ workspace_path }}/group_vars/all/nova.yml"
    # Input variables
  tasks:
    - name: Ensure the Nova configuration file exists
      ansible.builtin.file:
        path: "{{ _nova_path }}"
        state: touch

    - name: Load the current Nova configuration into a variable
      ansible.builtin.include_vars:
        file: "{{ _nova_path }}"
        name: nova

    - name: Generate Nova values for missing variables
      ansible.builtin.set_fact:
        nova: "{{ nova | default({}) | combine({item.key: item.value}) }}"
      # NOTE(mnaser): We don't want to override existing Nova configurations,
      #               so we generate a stub one if and only if it doesn't exist
      when: item.key not in nova
      with_dict:
        nova_flavors:
          - name: m1.tiny
            ram: 512
            disk: 1
            vcpus: 1
          - name: m1.small
            ram: 2048
            disk: 20
            vcpus: 1
          - name: "m1.medium"
            ram: 4096
            disk: 40
            vcpus: 2
          - name: "m1.large"
            ram: 8192
            disk: 80
            vcpus: 4
          - name: "m1.xlarge"
            ram: 16384
            disk: 160
            vcpus: 8

    - name: Write new Nova configuration file to disk
      ansible.builtin.copy:
        content: "{{ nova | to_nice_yaml(indent=2, width=180) }}"
        dest: "{{ _nova_path }}"

- name: Generate secrets for workspace
  hosts: localhost
  gather_facts: false
  vars:
    secrets_path: "{{ workspace_path }}/group_vars/all/secrets.yml"
  tasks:
    - name: Ensure the secrets file exists
      ansible.builtin.file:
        path: "{{ secrets_path }}"
        state: touch

    - name: Load the current secrets into a variable
      ansible.builtin.include_vars:
        file: "{{ secrets_path }}"
        name: secrets

    - name: Generate secrets for missing variables
      ansible.builtin.set_fact:
        secrets: "{{ secrets | default({}) | combine({item: lookup('password', '/dev/null chars=ascii_lowercase,ascii_uppercase,digits length=32')}) }}"
      # NOTE(mnaser): We don't want to override existing secrets, so we generate
      #               a new one if and only if it doesn't exist
      when: item not in secrets
      # NOTE(mnaser): This is absolutely hideous but there's no clean way of
      #               doing this using `with_fileglob` or `with_filetree`
      with_lines: >
        ls {{ playbook_dir }}/../roles/*/defaults/main.yml |
          xargs egrep '(undef|^# \w+_keycloak_client_secret)' |
            egrep -v '(_host|region_name|_ssh_key|_vip|_interface|_kek)' |
              cut -d':' -f2 |
                sed 's/^# //'

    - name: Generate base64 encoded secrets
      ansible.builtin.set_fact:
        secrets: "{{ secrets | default({}) | combine({item: lookup('password', '/dev/null chars=ascii_lowercase,ascii_uppercase,digits length=32') | b64encode}) }}"
      # NOTE(mnaser): We don't want to override existing secrets, so we generate
      #               a new one if and only if it doesn't exist
      when: item not in secrets
      # NOTE(mnaser): This is absolutely hideous but there's no clean way of
      #               doing this using `with_fileglob` or `with_filetree`
      with_lines: >
        ls {{ playbook_dir }}/../roles/*/defaults/main.yml |
          xargs grep undef |
            egrep '(_kek)' |
              cut -d':' -f2

    - name: Generate temporary files for generating keys for missing variables
      ansible.builtin.tempfile:
        state: file
        prefix: "{{ item }}"
      register: _ssh_key_file
      # NOTE(mnaser): We don't want to override existing secrets, so we generate
      #               a new one if and only if it doesn't exist
      when: item not in secrets
      # NOTE(mnaser): This is absolutely hideous but there's no clean way of
      #               doing this using `with_fileglob` or `with_filetree`
      with_lines: >
        ls {{ playbook_dir }}/../roles/*/defaults/main.yml |
          xargs grep undef |
            egrep '(_ssh_key)' |
              cut -d':' -f2

    - name: Generate SSH keys for missing variables
      when: item.path is defined
      community.crypto.openssh_keypair:
        path: "{{ item.path }}"
        regenerate: full_idempotence
      register: _openssh_keypair
      loop: "{{ _ssh_key_file.results }}"
      loop_control:
        label: "{{ item.item }}"

    - name: Set values for SSH keys
      when: item.path is defined
      ansible.builtin.set_fact:
        secrets: "{{ secrets | default({}) | combine({item.item: lookup('file', item.path)}) }}"
      loop: "{{ _ssh_key_file.results }}"
      loop_control:
        label: "{{ item.item }}"

    - name: Delete the temporary files generated for SSH keys
      when: item.path is defined
      ansible.builtin.file:
        path: "{{ item.path }}"
        state: absent
      loop: "{{ _ssh_key_file.results }}"
      loop_control:
        label: "{{ item.item }}"

    - name: Write new secrets file to disk
      ansible.builtin.copy:
        content: "{{ secrets | to_nice_yaml }}"
        dest: "{{ secrets_path }}"

    - name: Encrypt secrets file with Vault password
      ansible.builtin.shell:
        ansible-vault encrypt --vault-password-file {{ secrets_vault_password_file }} {{ secrets_path }}
      when:
        - secrets_vault_password_file is defined