---
- name: Master Install Checkpoint Start
  hosts: oo_all_hosts
  gather_facts: false
  tasks:
  - name: Set Master install 'In Progress'
    set_stats:
      data:
        installer_phase_master: "In Progress"
      aggregate: false

- include: certificates.yml

- name: Disable excluders
  hosts: oo_masters_to_config
  gather_facts: no
  roles:
  - role: openshift_excluder
    r_openshift_excluder_action: disable
    r_openshift_excluder_service_type: "{{ openshift.common.service_type }}"

- name: Gather and set facts for master hosts
  hosts: oo_masters_to_config
  pre_tasks:
  # Per https://bugzilla.redhat.com/show_bug.cgi?id=1469336
  #
  # When scaling up a cluster upgraded from OCP <= 3.5, ensure that
  # OPENSHIFT_DEFAULT_REGISTRY is present as defined on the existing
  # masters, or absent if such is the case.
  - name: Detect if this host is a new master in a scale up
    set_fact:
      g_openshift_master_is_scaleup: "{{ openshift.common.hostname in ( groups['new_masters'] | default([]) ) }}"

  - name: Scaleup Detection
    debug:
      var: g_openshift_master_is_scaleup

  - name: Check for RPM generated config marker file .config_managed
    stat:
      path: /etc/origin/.config_managed
    register: rpmgenerated_config

  - name: Remove RPM generated config files if present
    file:
      path: "/etc/origin/{{ item }}"
      state: absent
    when:
    - rpmgenerated_config.stat.exists == true
    - deployment_type == 'openshift-enterprise'
    with_items:
    - master
    - node
    - .config_managed

  - set_fact:
      openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}"
      openshift_master_etcd_hosts: "{{ hostvars
                                       | oo_select_keys(groups['oo_etcd_to_config']
                                                        | default([]))
                                       | oo_collect('openshift.common.hostname')
                                       | default(none, true) }}"
  roles:
  - openshift_facts
  post_tasks:
  - openshift_facts:
      role: master
      local_facts:
        api_port: "{{ openshift_master_api_port | default(None) }}"
        api_url: "{{ openshift_master_api_url | default(None) }}"
        api_use_ssl: "{{ openshift_master_api_use_ssl | default(None) }}"
        controllers_port: "{{ openshift_master_controllers_port | default(None) }}"
        public_api_url: "{{ openshift_master_public_api_url | default(None) }}"
        cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}"
        cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}"
        console_path: "{{ openshift_master_console_path | default(None) }}"
        console_port: "{{ openshift_master_console_port | default(None) }}"
        console_url: "{{ openshift_master_console_url | default(None) }}"
        console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}"
        public_console_url: "{{ openshift_master_public_console_url | default(None) }}"
        ha: "{{ openshift_master_ha | default(groups.oo_masters | length > 1) }}"
        master_count: "{{ openshift_master_count | default(groups.oo_masters | length) }}"

- name: Inspect state of first master config settings
  hosts: oo_first_master
  roles:
  - role: openshift_facts
  post_tasks:
  - openshift_facts:
      role: master
      local_facts:
        session_auth_secrets: "{{ openshift_master_session_auth_secrets | default(openshift.master.session_auth_secrets | default(None)) }}"
        session_encryption_secrets: "{{ openshift_master_session_encryption_secrets | default(openshift.master.session_encryption_secrets | default(None)) }}"
  - name: Check for existing configuration
    stat:
      path: /etc/origin/master/master-config.yaml
    register: master_config_stat

  - name: Set clean install fact
    set_fact:
      l_clean_install: "{{ not master_config_stat.stat.exists | bool }}"

  - name: Determine if etcd3 storage is in use
    command: grep  -Pzo  "storage-backend:\n.*etcd3" /etc/origin/master/master-config.yaml -q
    register: etcd3_grep
    failed_when: false
    changed_when: false

  - name: Set etcd3 fact
    set_fact:
      l_etcd3_enabled: "{{ etcd3_grep.rc == 0 | bool }}"

  - name: Check if atomic-openshift-master sysconfig exists yet
    stat:
      path: /etc/sysconfig/atomic-openshift-master
    register: l_aom_exists

  - name: Preserve OPENSHIFT_DEFAULT_REGISTRY master parameter if present
    command: awk '/^OPENSHIFT_DEFAULT_REGISTRY/' /etc/sysconfig/atomic-openshift-master
    register: l_default_registry_defined
    when: l_aom_exists.stat.exists | bool

  - name: Check if atomic-openshift-master-api sysconfig exists yet
    stat:
      path: /etc/sysconfig/atomic-openshift-master-api
    register: l_aom_api_exists

  - name: Preserve OPENSHIFT_DEFAULT_REGISTRY master-api parameter if present
    command: awk '/^OPENSHIFT_DEFAULT_REGISTRY/' /etc/sysconfig/atomic-openshift-master-api
    register: l_default_registry_defined_api
    when: l_aom_api_exists.stat.exists | bool

  - name: Check if atomic-openshift-master-controllers sysconfig exists yet
    stat:
      path: /etc/sysconfig/atomic-openshift-master-controllers
    register: l_aom_controllers_exists

  - name: Preserve OPENSHIFT_DEFAULT_REGISTRY master-controllers parameter if present
    command: awk '/^OPENSHIFT_DEFAULT_REGISTRY/' /etc/sysconfig/atomic-openshift-master-controllers
    register: l_default_registry_defined_controllers
    when: l_aom_controllers_exists.stat.exists | bool

  - name: Update facts with OPENSHIFT_DEFAULT_REGISTRY value
    set_fact:
      l_default_registry_value: "{{ l_default_registry_defined.stdout | default('') }}"
      l_default_registry_value_api: "{{ l_default_registry_defined_api.stdout | default('') }}"
      l_default_registry_value_controllers: "{{ l_default_registry_defined_controllers.stdout | default('') }}"

- name: Generate master session secrets
  hosts: oo_first_master
  vars:
    g_session_secrets_present: "{{ (openshift.master.session_auth_secrets | default([])) | length > 0 and (openshift.master.session_encryption_secrets | default([])) | length > 0 }}"
    g_session_auth_secrets: "{{ [ 24 | oo_generate_secret ] }}"
    g_session_encryption_secrets: "{{ [ 24 | oo_generate_secret ] }}"
  roles:
  - role: openshift_facts
  tasks:
  - openshift_facts:
      role: master
      local_facts:
        session_auth_secrets: "{{ g_session_auth_secrets }}"
        session_encryption_secrets: "{{ g_session_encryption_secrets }}"
    when: not g_session_secrets_present | bool

- name: Configure masters
  hosts: oo_masters_to_config
  any_errors_fatal: true
  vars:
    openshift_master_ha: "{{ openshift.master.ha }}"
    openshift_master_count: "{{ openshift.master.master_count }}"
    openshift_master_session_auth_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_auth_secrets }}"
    openshift_master_session_encryption_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_encryption_secrets }}"
    openshift_ca_host: "{{ groups.oo_first_master.0 }}"
    openshift_master_etcd_hosts: "{{ hostvars
                                     | oo_select_keys(groups['oo_etcd_to_config'] | default([]))
                                     | oo_collect('openshift.common.hostname')
                                     | default(none, true) }}"
    openshift_no_proxy_etcd_host_ips: "{{ hostvars | oo_select_keys(groups['oo_etcd_to_config'] | default([]))
                                                | oo_collect('openshift.common.ip') | default([]) | join(',')
                                                }}"
  roles:
  - role: os_firewall
  - role: openshift_master_facts
  - role: openshift_hosted_facts
  - role: openshift_clock
  - role: openshift_cloud_provider
  - role: openshift_builddefaults
  - role: openshift_buildoverrides
  - role: nickhammond.logrotate
  - role: contiv
    contiv_role: netmaster
    when: openshift_use_contiv | default(False) | bool
  - role: openshift_master
    openshift_master_hosts: "{{ groups.oo_masters_to_config }}"
    r_openshift_master_clean_install: "{{ hostvars[groups.oo_first_master.0].l_clean_install }}"
    r_openshift_master_etcd3_storage: "{{ hostvars[groups.oo_first_master.0].l_etcd3_enabled }}"
    openshift_master_is_scaleup_host: "{{ g_openshift_master_is_scaleup | default(false) }}"
    openshift_master_default_registry_value: "{{ hostvars[groups.oo_first_master.0].l_default_registry_value }}"
    openshift_master_default_registry_value_api: "{{ hostvars[groups.oo_first_master.0].l_default_registry_value_api }}"
    openshift_master_default_registry_value_controllers: "{{ hostvars[groups.oo_first_master.0].l_default_registry_value_controllers }}"
  - role: tuned
  - role: nuage_ca
    when: openshift_use_nuage | default(false) | bool
  - role: nuage_common
    when: openshift_use_nuage | default(false) | bool
  - role: nuage_master
    when: openshift_use_nuage | default(false) | bool
  - role: calico_master
    when: openshift_use_calico | default(false) | bool
  tasks:
  - include_role:
      name: kuryr
      tasks_from: master
    when: openshift_use_kuryr | default(false) | bool

  post_tasks:
  - name: Create group for deployment type
    group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }}
    changed_when: False

- name: Configure API Aggregation on masters
  hosts: oo_masters
  serial: 1
  tasks:
  - include: tasks/wire_aggregator.yml

- name: Re-enable excluder if it was previously enabled
  hosts: oo_masters_to_config
  gather_facts: no
  roles:
  - role: openshift_excluder
    r_openshift_excluder_action: enable
    r_openshift_excluder_service_type: "{{ openshift.common.service_type }}"

- name: Master Install Checkpoint End
  hosts: oo_all_hosts
  gather_facts: false
  tasks:
  - name: Set Master install 'Complete'
    set_stats:
      data:
        installer_phase_master: "Complete"
      aggregate: false