---

  - name: Create /opt/upgrader where some logs will be stored
    file: path=/opt/upgrader state=directory mode=0755

  - name: Get monitor private directory path
    shell: 'realpath $(dirname $(grep -lR "software_release_url = .*software/monitor/software.cfg" $(find /srv/slapgrid -type f -name "buildout.cfg")))/srv/monitor/private'
    register: monitor_path
    when: (monitor_path is succeeded) and (playbook_report | bool)
    ignore_errors: yes

  - name: Create directory if it does not exist
    file: path="{{ monitor_path.stdout }}/playbook-report" state=directory mode=0755
    when: (monitor_path is succeeded) and (playbook_report | bool)

  - name: Check Amarisoft version
    shell: 'find /opt/amarisoft -maxdepth 1 | grep "^/opt/amarisoft/v[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}$" | cut -d/ -f4 | sort | tail -n1'
    register: amarisoft_version
    ignore_errors: yes

  - name: Check registry URL
    shell: "grep registry /etc/re6stnet/re6stnet.conf | awk '{ print $2; }'"
    register: registry_url
    ignore_errors: yes

  - name: Setting playbook report message
    set_fact:
      playbook_report_message: "Starting ors playbook"
      playbook_report_progress: "30" 
      data: { 'registry_url': "{{ registry_url.stdout }}", 'amarisoft_version': "{{ amarisoft_version.stdout }}"}

  - name: Render log template
    template:
      src: playbook-report.j2
      dest: /tmp/playbook-report-tmp.log
    when: (monitor_path is succeeded) and (playbook_report | bool)

  - name: Append to log
    shell: 'cat /tmp/playbook-report-tmp.log >> {{ monitor_path.stdout }}/playbook-report/report.log'
    when: (monitor_path is succeeded) and (playbook_report | bool) and (extra_playbook | length > 0)

# SSD image backports

  - stat: path=/opt/upgrader/last-backport
    register: last_backport

  - stat: path=/opt/upgrader/playbook-tmp/ors_backport_after
    register: ors_backport_after

  - shell: echo 1 > /opt/upgrader/last-backport
    when: last_backport.stat.exists == False

  - name: Do ors backport
    shell: ansible-playbook ors-image-backports.yml -i hosts 2>>/opt/upgrader/ors_backport.log  >> /opt/upgrader/ors_backport.log
    when: (ors_backport_after.stat.exists == True) and (lookup('file', '/opt/upgrader/playbook-tmp/ors_backport_after')|int > lookup('file', '/opt/upgrader/last-backport')|int )
    args:
      chdir: /opt/upgrader/playbook-tmp/

  - shell: echo {{ ansible_date_time.epoch }} > /opt/upgrader/last-backport
    when: (ors_backport_after.stat.exists == True) and (lookup('file', '/opt/upgrader/playbook-tmp/ors_backport_after')|int > lookup('file', '/opt/upgrader/last-backport')|int )

# Radio Hardware

  - name: Copy get-sdr-info script
    copy: src=get-sdr-info dest=/opt/amarisoft owner=root mode=770

# Amarisoft software

  - name: Create a directory if it does not exist
    file: path=/opt/amarisoft state=directory mode=0755

  - name: Copy init-sdr script
    copy: src=init-sdr dest=/opt/amarisoft owner=root mode=770

  - name: Copy init-enb script
    copy: src=init-enb dest=/opt/amarisoft owner=root mode=770

  - name: Copy rm-tmp-lte script
    copy: src=rm-tmp-lte dest=/opt/amarisoft owner=root mode=770

  - name: Get Amarisoft path
    shell: 'find /opt/amarisoft -maxdepth 1 | grep "^/opt/amarisoft/v[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}$" | sort | tail -n1'
    register: amarisoft_path

  - name: Check if lteenb has capabilities
    shell: 'getcap {{ amarisoft_path.stdout }}/enb/lteenb | grep -q cap_sys_nice'
    ignore_errors: yes
    register: lteenb_cap

  - name: Set capabilities on lteenb
    shell: 'patchelf --set-rpath {{ amarisoft_path.stdout }}/enb {{ amarisoft_path.stdout }}/enb/lteenb && setcap cap_sys_nice=+pe {{ amarisoft_path.stdout }}/enb/lteenb'
    when: lteenb_cap.rc != 0

  - name: Check if lteenb-avx2 has capabilities
    shell: 'getcap {{ amarisoft_path.stdout }}/enb/lteenb-avx2 | grep -q cap_sys_nice'
    ignore_errors: yes
    register: lteenb_avx2_cap

  - name: Set capabilities on lteenb-avx2
    shell: 'patchelf --set-rpath {{ amarisoft_path.stdout }}/enb {{ amarisoft_path.stdout }}/enb/lteenb-avx2 && setcap cap_sys_nice=+pe {{ amarisoft_path.stdout }}/enb/lteenb-avx2'
    when: lteenb_avx2_cap.rc != 0

  - name: Create .amarisoft directory for SR
    file: path=/opt/amarisoft/.amarisoft state=directory

  - name: Copy keys for SR
    copy: src=/root/.amarisoft dest=/opt/amarisoft owner=root mode=644
    ignore_errors: yes

  - name: Configure sudoers
    script: configure-sudoers

# Re6st

  - name: Configure re6st
    script: configure-re6st

# Slapos

  - name: Enable and start cron.service
    systemd: name=cron.service enabled=yes state=started

  - name: Configure slapos
    script: configure-slapos.py

# Network

  - name: Configure firewall
    script: configure-firewall

  - name: Configure IPv4 forwarding
    lineinfile: dest=/etc/sysctl.conf regexp="^net.ipv4.conf.all.forwarding=(.*)" line="net.ipv4.conf.all.forwarding=1" state=present

  - name: Configure IPv6 forwarding
    lineinfile: dest=/etc/sysctl.conf regexp="^net.ipv6.conf.all.forwarding=(.*)" line="net.ipv6.conf.all.forwarding=1" state=present

  - name: Redirect 53 to 5353
    ansible.builtin.iptables:
      chain: PREROUTING
      table: nat
      protocol: udp
      match: udp
      jump: DNAT
      destination_port: '53'
      to_destination: ':5353'

  - name: Redirect 5353 to 53
    ansible.builtin.iptables:
      chain: POSTROUTING
      table: nat
      protocol: udp
      match: udp
      jump: SNAT
      source_port: '5353'
      to_source: ':53'

# System

  - name: Configure journald log size
    lineinfile: dest=/etc/systemd/journald.conf regexp="^SystemMaxUse=(.*)" line="SystemMaxUse=1G" state=present

  - name: Add kernel parameter
    script: configure-grub

# SSH

  - name: Configure ssh
    lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin (.*)" line="PermitRootLogin yes" state=present

  - name: Configure ssh
    lineinfile: dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication (.*)" line="PasswordAuthentication yes" state=present

# Schedule and upgrade playbook

  - name: Install upgrader
    shell: ansible-playbook upgrader-run.yml --extra-vars 'extra_playbook={{ extra_playbook }} upgrader_playbook={{ upgrader_playbook }} repeat_until_success={{ repeat_until_success }} upgrade_kernel={{ upgrade_kernel | default(False) == True }} playbook_report={{ playbook_report }}' -i hosts 2>>/opt/upgrader/latest_daily_upgrade.log >> /opt/upgrader/latest_daily_upgrade.log
    when: launch_upgrader | bool