---
- name: Create persistent volumes
  hosts: oo_first_master
  tags:
  - hosted
  vars:
    persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}"
    persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}"
  roles:
  - role: openshift_persistent_volumes
    when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0

- name: Create Hosted Resources
  hosts: oo_first_master
  tags:
  - hosted
  pre_tasks:
  - set_fact:
      openshift_hosted_router_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
      openshift_hosted_registry_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
    when: "'master' in hostvars[groups.oo_first_master.0].openshift and 'registry_url' in hostvars[groups.oo_first_master.0].openshift.master"
  roles:
  - role: openshift_cli
  - role: openshift_hosted_facts
  - role: openshift_projects
    # TODO: Move standard project definitions to openshift_hosted/vars/main.yml
    # Vars are not accessible in meta/main.yml in ansible-1.9.x
    openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}"
  - role: openshift_serviceaccounts
    openshift_serviceaccounts_names:
    - router
    openshift_serviceaccounts_namespace: default
    openshift_serviceaccounts_sccs:
    - hostnetwork
    when: openshift.common.version_gte_3_2_or_1_2
  - role: openshift_serviceaccounts
    openshift_serviceaccounts_names:
    - router
    - registry
    openshift_serviceaccounts_namespace: default
    openshift_serviceaccounts_sccs:
    - privileged
    when: not openshift.common.version_gte_3_2_or_1_2
  - role: openshift_hosted
  - role: openshift_metrics
    when: openshift.hosted.metrics.deploy | bool
  - role: cockpit-ui
    when: openshift.common.deployment_subtype == 'registry'

- name: Configure CA certificate for secure registry
  hosts: oo_nodes_to_config
  tags:
  - hosted
  tasks:
  - name: Create temp directory for kubeconfig
    command: mktemp -d /tmp/openshift-ansible-XXXXXX
    register: mktemp
    when: openshift.common.deployment_subtype == 'registry'
    changed_when: false
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  - set_fact:
      openshift_hosted_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
    when: openshift.common.deployment_subtype == 'registry'
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  - name: Copy the admin client config(s)
    command: >
      cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{ openshift_hosted_kubeconfig }}
    when: openshift.common.deployment_subtype == 'registry'
    changed_when: false
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  - name: Retrieve docker-registry route
    command: >
      {{ openshift.common.client_binary }} get route docker-registry
      --template='{{ '{{' }} .spec.host {{ '}}' }}'
      --config={{ openshift_hosted_kubeconfig }}
      -n default
    register: docker_registry_route
    when: openshift.common.deployment_subtype == 'registry'
    changed_when: false
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  - name: Retrieve registry service IP
    command: >
      {{ openshift.common.client_binary }} get service docker-registry
      --template='{{ '{{' }} .spec.clusterIP {{ '}}' }}'
      --config={{ openshift_hosted_kubeconfig }}
      -n default      
    register: docker_registry_service_ip
    when: openshift.common.deployment_subtype == 'registry'
    changed_when: false
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  - name: Create registry CA directories
    file:
      path: "/etc/docker/certs.d/{{ item }}"
      state: directory
    with_items:
    - "{{ docker_registry_service_ip.stdout }}:5000"
    - "{{ docker_registry_route.stdout }}"
    - "docker-registry.default.svc.cluster.local:5000"
    when: openshift.common.deployment_subtype == 'registry'
  - name: Copy CA to registry CA directories
    copy:
      src: "{{ openshift.common.config_base }}/node/ca.crt"
      dest: "/etc/docker/certs.d/{{ item }}"
      remote_src: yes
      force: yes
    with_items:
    - "{{ docker_registry_service_ip.stdout }}:5000"
    - "{{ docker_registry_route.stdout }}"
    - "docker-registry.default.svc.cluster.local:5000"
    when: openshift.common.deployment_subtype == 'registry'
    notify:
    - Restart docker
  - name: Delete temp directory
    file:
      name: "{{ mktemp.stdout }}"
      state: absent
    when: openshift.common.deployment_subtype == 'registry'
    changed_when: False
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  handlers:
  - name: Restart docker
    service:
      name: docker
      state: restarted