# tasks file for ansible-role-container-registry

# NOTE(mfedosin): In order to verify that we have already configured docker
# we add a line `# Configured by Ansible container registry role` in
# /etc/sysconfig/docker config file when initial configuration is done,
# and check its existence later.
- name: Check that the configuration mark exists in /etc/sysconfig/docker
  command: grep -Fq "# Configured by Ansible container registry role" /etc/sysconfig/docker
  register: is_configured
  check_mode: false
  ignore_errors: true
  changed_when: false

- block:
    # NOTE(aschultz): LP#1750194 - need to set ip_forward before docker starts
    # so lets set it before we install the package if we're managing it.
    - name: enable net.ipv4.ip_forward
      sysctl:
        name: net.ipv4.ip_forward
        value: 1
        sysctl_set: yes
        state: present
        reload: yes

    # NOTE(aschultz): LP#1765121 - need to check that we don't have any ftype=0
    # volumes because other wise docker is very unhappy
    - name: Check if there are XFS volumes with ftype=0
      shell: |
        for dev in $(df -h | grep '/dev/' | grep -v 'tmp' | cut -d' ' -f1)
        do
          parseftype=$(xfs_info $dev | grep ftype=0);
          if [[ ! -z "$parseftype" ]]; then
            ftype="ftype=0";
            break;
          fi
        done
        echo $ftype;
      register: ftype
      changed_when: false

    - name: Check ftype
      fail:
        msg: >
          XFS volumes formatted using ftype=0 are incompatible
          with the docker overlayfs driver.
      when:
        - not ansible_check_mode
        - ftype.stdout == 'ftype=0'

    - name: ensure docker is installed
      package:
        name: docker
        state: present

    - name: manage /etc/systemd/system/docker.service.d
      file:
        path: /etc/systemd/system/docker.service.d
        state: directory
      when: ansible_service_mgr == 'systemd'

    - name: unset mountflags
      ini_file:
        path: /etc/systemd/system/docker.service.d/99-unset-mountflags.conf
        section: Service
        option: MountFlags
        value: ""
        create: yes
      notify: restart docker service
      when: ansible_service_mgr == 'systemd'

    - name: configure OPTIONS in /etc/sysconfig/docker
      lineinfile:
        path: /etc/sysconfig/docker
        regexp: '^OPTIONS='
        line: "OPTIONS='{{ _full_docker_options }}'"
        create: yes
      notify: restart docker service

    - name: configure INSECURE_REGISTRY in /etc/sysconfig/docker
      lineinfile:
        path: /etc/sysconfig/docker
        regexp: '^INSECURE_REGISTRY='
        line: "INSECURE_REGISTRY='{{ registry_flags }}'"
      when: container_registry_insecure_registries | length > 0
      notify: restart docker service
      vars:
        registry_flags: --insecure-registry {{ container_registry_insecure_registries | join(' --insecure-registry ') }}

    - name: Create additional socket directories
      file:
        path: "{{ item | dirname }}"
        state: directory
      notify: restart docker service
      with_items: "{{ container_registry_additional_sockets }}"
      when: container_registry_additional_sockets | length > 0

    - name: manage /etc/docker/daemon.json
      template:
        src: docker-daemon.json.j2
        dest: /etc/docker/daemon.json
      notify: restart docker service

    - name: configure DOCKER_STORAGE_OPTIONS in /etc/sysconfig/docker-storage
      lineinfile:
        path: /etc/sysconfig/docker-storage
        regexp: '^DOCKER_STORAGE_OPTIONS='
        line: "DOCKER_STORAGE_OPTIONS=' {{ container_registry_storage_options }}'"
        create: yes
      when: container_registry_storage_options | length > 0
      notify: restart docker service

    - name: configure DOCKER_NETWORK_OPTIONS in /etc/sysconfig/docker-network
      lineinfile:
        path: /etc/sysconfig/docker-network
        regexp: '^DOCKER_NETWORK_OPTIONS='
        line: "DOCKER_NETWORK_OPTIONS=' {{ container_registry_network_options }}'"
        create: yes
      when: container_registry_storage_options | length > 0
      notify: restart docker service

    - name: ensure docker group exists
      group:
        name: docker
        state: present

    - name: add deployment user to docker group
      user:
        name: "{{ container_registry_deployment_user }}"
        groups: docker
        append: yes
      when: container_registry_deployment_user | length > 0

    - name: force systemd to reread configs
      meta: flush_handlers

    - name: enable and start docker
      systemd:
        enabled: true
        state: started
        name: docker
      when: ansible_service_mgr == 'systemd'

    - name: mark docker configured
      lineinfile:
        path: /etc/sysconfig/docker
        line: "# Configured by Ansible container registry role"
        insertafter: "^# /etc/sysconfig/docker$"
        create: yes

  become: true
  when: not container_registry_skip_reconfiguration or is_configured.rc != 0