# Build and install a docker image for keystone.
---
- name: include secrets
  include_vars:
    file: ../../secrets.yml
    name: secrets

- name: Make persistent directories
  file:
    path: "{{ item }}"
    state: directory
    mode: 0777
  with_items:
    - /srv
    - /srv/keystone
    - /srv/keystone/fernet-keys
    - /srv/keystone/root

- set_fact:
    docker_image: registry.webhosting.rug.nl/hpc/openstack-keystone:latest

- name: pull docker image
  docker_image:
    name: "{{ docker_image }}"
    force: True
  tags: pull

- name: install service file.
  template:
    src: templates/keystone.service
    dest: /etc/systemd/system/keystone.service
    mode: 644
    owner: root
    group: root

- name: install service file
  command: systemctl daemon-reload

- name: start service at boot.
  command: systemctl reenable keystone.service

- name: Initialize db
  script: scripts/initialize_db.sh
  environment:
    MYSQL_ROOT_PASSWORD: "{{ secrets['MYSQL_ROOT_PASSWORD'] }}"
    DB_HOST: "{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
  register: result
  until: result|succeeded
  # sometimes the initial connect fails.
  # Retry until it succeeds.
  retries: 7
  delay: 3
  ignore_errors: yes

- name: keystone manage commands to setup db
  command: >
             /usr/bin/docker run --rm
             --add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
             -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
             -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
             {{ docker_image }} keystone-manage {{ item }}
  with_items:
      - db_sync
      - fernet_setup --keystone-user keystone --keystone-group keystone
      - credential_setup --keystone-user keystone --keystone-group keystone
      - >
          bootstrap --bootstrap-password {{ secrets['OS_PASSWORD'] }}
                    --bootstrap-admin-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/
                    --bootstrap-internal-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/
                    --bootstrap-public-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:5000/v3/
                    --bootstrap-region-id RegionOne

- name: make sure service is started
  systemd:
    name: keystone.service
    state: restarted

- name: Create a domain, projects users and roles
  command: >
             /usr/bin/docker run --rm
             --add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
             -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
             -v /srv/keystone/root:/root
             -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
             -e "OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3"
             -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
             {{ docker_image }} bash /etc/bootstrap.sh

- name: install openstack client for management
  apt:
    name: python-openstackclient
    state: latest
    update_cache: yes

- name: source admin-openrc.sh in root .bashrc
  lineinfile:
    path: /root/.bashrc
    line: 'source /srv/keystone/root/admin-openrc.sh'