---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Stop services
  service:
    name: "{{ item.service_name }}"
    enabled: yes
    state: "stopped"
    daemon_reload: yes
  with_items: "{{ filtered_neutron_services }}"
  register: _stop
  until: _stop is success
  retries: 5
  delay: 2
  listen:
    - "Restart neutron services"
    - "venv changed"
    - "systemd service changed"
    - "cert installed"

# NOTE(cloudnull):
# When installing or upgrading it is possible that an old metadata proxy process will not
#  be restarted by the metadata agent when a version changes. To fix it the ns-metadata
#  proxy pids are killed if they're not running the current tag. Once the old processeses
#  are removed the metadata agent will respawn the missing process within 60 seconds using
#  the correct code.
- name: Run ns-metadata-proxy process cleanup
  shell: |
    for ns_pid in $(pgrep neutron-ns-meta); do
      echo $(readlink -f "/proc/$ns_pid/exe") | grep -qv "{{ neutron_venv_tag }}"
      if [ $? -eq 0 ]; then
        if kill -9 "$ns_pid"; then
          logger -s "old metadata proxy pid found and has been cleaned up on: \"$ns_pid\""
        fi
      fi
    done
  when: "'neutron-metadata-agent' in (filtered_neutron_services | map(attribute='service_key') | list)"
  changed_when: false
  listen:
    - "Restart neutron services"
    - "venv changed"

# NOTE
# When restarting neutron-l3-agent, a non-default systemd KillMode of 'process' is used
# to prevent Keepalived from exiting and causing a data-plane outage. As a result of this
# some neutron processes remain running. In the case of an upgrade, these remaining
# processes will be running code from the previous version. This step ensures these
# orphaned processes are cleaned up correctly.
- name: Run neutron-l3-agent process cleanup
  shell: |
    for ns_pid in $(cat /sys/fs/cgroup/pids/neutron.slice/neutron-l3-agent.service/cgroup.procs); do
      echo $(readlink -f "/proc/$ns_pid/exe") | egrep -qv "keepalived|haproxy"
      if [ $? -eq 0 ] || [ "{{ neutron_l3_cleanup_on_shutdown | bool }}" = "True" ]; then
        if kill -9 "$ns_pid"; then
          logger -s "old neutron-l3-agent pid found and has been cleaned up on: \"$ns_pid\""
        fi
      fi
    done
  when: "'neutron-l3-agent' in (filtered_neutron_services | map(attribute='service_key') | list)"
  changed_when: false
  listen:
    - "Restart neutron services"
    - "venv changed"

- name: Restart openvswitch
  service:
    name: "{{ neutron_ovs_service_name }}"
    state: restarted
  listen:
    - "Restart provider services"
  when:
    - neutron_needs_openvswitch | bool
    - not _neutron_ovs_disabled

- name: Symlink neutron config directory
  file:
    # NOTE(cloudnull): The "src" path is relative. This ensures all files remain
    #                  within the host/container confines when connecting to
    #                  them using the connection plugin or the root filesystem.
    src: "{{ neutron_conf_version_dir | regex_replace('^/', '../') }}"
    dest: "{{ neutron_conf_dir }}"
    state: link
    force: true
  when: neutron_install_method == 'source'
  listen:
    - "venv changed"

- name: Drop sudoers file
  template:
    src: "sudoers.j2"
    dest: "/etc/sudoers.d/{{ neutron_system_user_name }}_sudoers"
    mode: "0440"
    owner: "root"
    group: "root"
  listen:
    - "Restart neutron services"
    - "venv changed"

- name: Perform a DB contract
  command: "{{ neutron_bin }}/neutron-db-manage upgrade --contract"
  become: yes
  become_user: "{{ neutron_system_user_name }}"
  delegate_to: "{{ groups[neutron_services['neutron-server']['group']][0] }}"
  changed_when: false
  when:
    - "ansible_local['openstack_ansible']['neutron']['need_db_contract'] | bool"
    - "_neutron_is_first_play_host"
  listen:
    - "Restart neutron services"
    - "venv changed"

- name: Start services
  service:
    name: "{{ item.service_name }}"
    enabled: yes
    state: "started"
    daemon_reload: yes
  with_items: "{{ filtered_neutron_services }}"
  register: _start
  until: _start is success
  retries: 5
  delay: 2
  listen:
    - "Restart neutron services"
    - "venv changed"
    - "systemd service changed"
    - "cert installed"

- name: Start ovn service
  service:
    name: "{{ neutron_ovn_northd_service_name }}"
    state: started
  listen:
    - start ovn service

# (NOTE) Restarting twice to cleanup some pid.
- name: Restart ovn northd
  service:
    name: "{{ neutron_ovn_northd_service_name }}"
    state: restarted
  when:
    - neutron_services['neutron-ovn-northd']['group'] in group_names and neutron_plugin_type == 'ml2.ovn'
  listen:
    - restart ovn service

- name: Restart ovn controller
  service:
    name: "{{ neutron_ovn_controller_service_name }}"
    state: restarted
  when:
    - neutron_services['neutron-ovn-controller']['group'] in group_names and neutron_plugin_type == 'ml2.ovn'
  listen:
    - restart ovn service