- name: Provision VM's
  hosts: localhost
  gather_facts: false
  vars_files:
  - hypervisor.vcenter.yml
  - cluster.k3s.yml
  tasks:

  - name: Download OVF-template
    ansible.builtin.get_url:
      url: "https://{{ repo_username }}:{{ repo_password }}@{{ image.ova_url }}"
      dest: /scratch/image.ova

  - name: Deploy VM's from OVF-template
    community.vmware.vmware_deploy_ovf:
      hostname: "{{ hv.hostname }}"
      username: "{{ hv.username }}"
      password: "{{ hv_password }}"
      validate_certs: no
      datacenter: "{{ hv.datacenter }}"
      folder: "{{ hv.folder }}"
      cluster: "{{ hv.cluster }}"
      name: "{{ cluster.name | upper }}-{{ (item.ip | checksum)[-5:] | upper }}"
      datastore: "{{ hv.datastore }}"
      disk_provisioning: thin
      networks:
        "LAN": "{{ hv.network }}"
      power_on: yes
      ovf: /scratch/image.ova
      deployment_option: "{{ image.deployment_option }}"
      properties:
        guestinfo.hostname: "{{ cluster.name | upper }}-{{ (item.ip | checksum)[-5:] | upper }}"
        guestinfo.rootpw: "{{ root_password }}"
        guestinfo.rootsshkey: "{{ public_key }}"
        guestinfo.ntpserver: "{{ network.ntpserver }}"
        guestinfo.ipaddress: "{{ item.ip | ansible.utils.ipaddr('address') }}"
        guestinfo.prefixlength: "{{ item.ip | ansible.utils.ipaddr('prefix') }}"
        guestinfo.dnsserver: "{{ network.dnsserver }}"
        guestinfo.gateway: "{{ network.gateway }}"
    delegate_to: localhost
    with_items: "{{ servers }}"
    register: job_init
    async: 300
    poll: 0

  - name: Pause to allow initial calls to complete
    ansible.builtin.pause:
      seconds: 10

  - name: Poll for completion
    ansible.builtin.async_status:
      jid: "{{ item.ansible_job_id }}"
    with_items: "{{ job_init.results }}"
    register: job_poll
    retries: 5
    delay: 100
    until: job_poll.finished

  - name: Parse results into dictionary
    ansible.builtin.set_fact:
      nodes: "{{ nodes | default([]) + [ {'name': item.instance.hw_name, 'ip': item.item.item.ip | ansible.utils.ipaddr('address')} ] }}"
    with_items: "{{ job_poll | json_query('results[*]') }}"
    # Purely to avoid large amount of spam; no sensitive data here.
    no_log: true

  - name: Register new VM's in inventory
    ansible.builtin.add_host:
      name: "{{ item.name }}"
      ansible_host: "{{ item.ip }}"
      groups: k3s_ha
    with_items: "{{ nodes }}"

  - name: Wait for systems to become reachable over SSH
    ansible.builtin.wait_for:
      host: "{{ item.ip }}"
      port: 22
      timeout: 300
    with_items: "{{ nodes }}"

  - name: Scan public keys
    ansible.builtin.shell:
      cmd: "ssh-keyscan -t rsa {{ item.ip }}"
    register: publickeys
    with_items: "{{ nodes }}"

  - name: Store public keys
    ansible.builtin.known_hosts:
      name: "{{ item.item.name | lower }}"
      key: "{{ item.item.name | lower }},{{ item.stdout }}"
      state: present
      path: ~/.ssh/known_hosts
    with_items: "{{ publickeys.results }}"
    # Purely to avoid large amount of spam; no sensitive data here.
    no_log: true

- name: Provision Kubernetes
  hosts: k3s_ha
  gather_facts: true
  vars_files:
  - cluster.k3s.yml
  tasks:

  - block:

    - name: Initial node -- Install K3s binary
      ansible.builtin.shell:
        cmd: "curl -sfL https://get.k3s.io | sh -s - server --cluster-init --disable local-storage --tls-san {{ cluster.virtualip | ansible.utils.ipaddr('address') }}"

    - name: Initial node -- Retrieve token
      ansible.builtin.slurp:
        src: /var/lib/rancher/k3s/server/token
      register: k3s_token

    - name: Initial node -- Store token
      ansible.builtin.set_fact:
        cluster: "{{ cluster | combine( { 'token': ( k3s_token.content | b64decode | trim ) } ) }}"

    - block:

      - name: Install 'kube-vip' -- Retrieve RBAC-manifest
        ansible.builtin.uri:
          url: https://kube-vip.io/manifests/rbac.yaml
          return_content: yes
        register: manifest_rbac

      - name: Install 'kube-vip' -- Pull image
        ansible.builtin.shell:
          cmd: ctr image pull ghcr.io/kube-vip/kube-vip:latest

      - name: Install 'kube-vip' -- Generate daemonSet-manifest
        ansible.builtin.shell:
          cmd: "ctr run --rm --net-host ghcr.io/kube-vip/kube-vip:latest vip /kube-vip manifest daemonset --interface {{ ansible_default_ipv4.interface }} --address {{ cluster.virtualip | ansible.utils.ipaddr('address') }} --inCluster --taint --controlplane --services --arp --leaderElection"
        register: manifest_daemonset

      - name: Install 'kube-vip' -- Inject manifest
        ansible.builtin.template:
          src: kube-vip.j2
          dest: /var/lib/rancher/k3s/server/manifests/kube-vip.yml

    - name: Initial node -- Wait for available API
      ansible.utils.cli_parse:
        command: "curl -k https://{{ cluster.virtualip | ansible.utils.ipaddr('address') }}:6443/livez?verbose"
        parser:
          name: ansible.utils.json
        set_fact: api_readycheck
      ignore_errors: yes
      until: api_readycheck.apiVersion is defined
      retries: 3
      delay: 30

    delegate_to: "{{ ansible_play_hosts[0] }}"
    run_once: true

  - block:

    - name: Additional nodes -- Install K3s binary
      ansible.builtin.shell:
        cmd: "curl -sfL https://get.k3s.io | sh -s - server --disable local-storage"
      environment:
        K3S_TOKEN: "{{ cluster.token }}"    # (hostvars[ansible_play_hosts[0]]).cluster.token
        K3S_URL: "{{ 'https://' + ( cluster.virtualip | ansible.utils.ipaddr('address') ) + ':6443' }}"

    # rescue:

    # - name: Debug systemd unit
    #   ansible.builtin.shell:
    #     cmd: systemctl status k3s -l --no-pager; journalctl -u k3s.service -b --no-pager
    #   register: debug
    # - ansible.builtin.debug:
    #     var: debug.stdout

    when: inventory_hostname != ansible_play_hosts[0]