# Copyright 2019 The Kubernetes Authors.

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at

# http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- import_tasks: debian.yml
  when: ansible_os_family == "Debian"

- import_tasks: flatcar.yml
  when: ansible_os_family == "Flatcar"

- import_tasks: redhat.yml
  when: ansible_os_family == "RedHat"

- import_tasks: photon.yml
  when: ansible_os_family == "VMware Photon OS"

- name: Remove containerd http proxy conf file if needed
  file:
    path: /etc/systemd/system/containerd.service.d/http-proxy.conf
    state: absent
  when: http_proxy is defined or https_proxy is defined

- name: Remove pip conf file if needed
  file:
    path: /etc/pip.conf
    state: absent
  when: remove_extra_repos and pip_conf_file != ""

- name: Truncate machine id
  file:
    state: "{{ item.state }}"
    path: "{{ item.path }}"
    owner: root
    group: root
    mode: "{{ item.mode }}"
  loop:
  - { path: /etc/machine-id, state: absent, mode: "{{ machine_id_mode }}" }
  - { path: /etc/machine-id, state: touch,  mode: "{{ machine_id_mode }}" }
  when: ansible_os_family != "Flatcar"

- name: Truncate hostname file
  file:
    state: "{{ item.state }}"
    path: "{{ item.path }}"
    owner: root
    group: root
    mode: "{{ item.mode }}"
  loop:
  - { path: /etc/hostname, state: absent, mode: "0644" }
  - { path: /etc/hostname, state: touch,  mode: "0644" }

- name: Set hostname
  hostname:
    name: localhost.local
  when: ansible_os_family != "VMware Photon OS" and ansible_os_family != "Flatcar" and packer_build_name != "nutanix"

- name: Reset hosts file
  copy:
    src: files/etc/hosts
    dest: /etc/hosts
    owner: root
    group: root
    mode: "0644"

- name: Truncate audit logs
  file:
    state: "{{ item.state }}"
    path: "{{ item.path }}"
    owner: root
    group: utmp
    mode: "{{ item.mode }}"
  loop:
  - { path: /var/log/wtmp,    state: absent, mode: "0664" }
  - { path: /var/log/lastlog, state: absent, mode: "{{ last_log_mode }}" }
  - { path: /var/log/wtmp,    state: touch,  mode: "0664" }
  - { path: /var/log/lastlog, state: touch,  mode: "{{ last_log_mode }}" }

- name: Remove cloud-init lib dir and logs
  file:
    state: absent
    path: "{{ item }}"
  loop:
  - /var/lib/cloud
  - /var/log/cloud-init.log
  - /var/log/cloud-init-output.log
  - /var/run/cloud-init

# A shallow search in /tmp and /var/tmp is used to declare which files or
# directories will be removed as part of resetting temp space. The reason
# a state absent->directory task isn't used is because Ansible's own data
# directory on the remote host(s) is /tmp/.ansible. Thus, by removing /tmp,
# Ansible can no longer access the remote host.
- name: Find temp files
  find:
    depth: 1
    file_type: any
    paths:
    - /tmp
    - /var/tmp
    pattern: '*'
  register: temp_files

- name: Reset temp space
  file:
    state: absent
    path: "{{ item.path }}"
  loop: "{{ temp_files.files }}"

- name: Find netplan files
  find:
    depth: 1
    file_type: any
    paths:
    - /lib/netplan
    - /etc/netplan
    - /run/netplan
    pattern: '*.yaml'
  register: netplan_files

- name: Delete netplan files
  file:
    state: absent
    path: "{{ item.path }}"
  loop: "{{ netplan_files.files }}"
  when: netplan_files.files is defined and (netplan_files.files|length>0)

- name: Create netplan for KubeVirt
  vars:
    kubevirt: "{{ lookup('env', 'KUBEVIRT') }}"
  copy:
    src: files/etc/netplan/51-kubevirt-netplan.yaml
    dest: /etc/netplan/51-kubevirt-netplan.yaml
    mode: "0644"
  when: ansible_os_family == "Debian" and kubevirt == "true"

- name: Find SSH host keys
  find:
    path: /etc/ssh
    pattern: 'ssh_host_*'
  register: ssh_host_keys

- name: Remove SSH host keys
  file:
    state: absent
    path: "{{ item.path }}"
  loop: "{{ ssh_host_keys.files }}"

- name: Remove SSH authorized users
  file:
    state: absent
    path: "{{ item.path }}"
  loop:
  - { path: /root/.ssh/authorized_keys }
  - { path: "/home/{{ ansible_env.SUDO_USER | default(ansible_user_id) }}/.ssh/authorized_keys" }
  when: ansible_os_family != "Flatcar"

- name: Remove SSH authorized users for Flatcar
  file:
    state: absent
    path: "{{ item.path }}"
  loop:
  - { path: /root/.ssh/authorized_keys }
  when: ansible_os_family == "Flatcar"


- name: Truncate all remaining log files in /var/log
  shell:
    cmd: |
      find /var/log -type f -iname '*.log' | xargs truncate -s 0
  when: ansible_os_family != "Flatcar"

- name: Delete all logrotated log zips
  shell:
    cmd: |
      find /var/log -type f -name '*.gz' -exec rm {} +
  when: ansible_os_family != "Flatcar"

- name: Remove swapfile
  file:
    state: "{{ item.state }}"
    path: "{{ item.path }}"
  loop:
  - { path: /swapfile, state: absent }
  - { path: /mnt/resource/swapfile, state: absent }
  when: ansible_memory_mb.swap.total != 0

- name: Truncate shell history
  file:
    state: absent
    path: "{{ item.path }}"
  loop:
  - { path: /root/.bash_history }
  - { path: "/home/{{ ansible_env.SUDO_USER | default(ansible_user_id) }}/.bash_history" }

- name: Rotate journalctl to archive logs
  shell:
    cmd: |
      journalctl --rotate
  when: not ( ansible_os_family == "RedHat" and ansible_distribution_major_version|int <= 7 )

- name: Remove archived journalctl logs
  shell:
    cmd: |
      journalctl -m --vacuum-time=1s

- name: Ensure ignition runs on next boot
  file:
    state: touch
    path: /boot/flatcar/first_boot
    owner: root
    group: root
  when: ansible_os_family == "Flatcar"

- name: Remove any default Ignition files used by Packer
  file:
    state: absent
    path: /usr/share/oem/config.ign
  when: ansible_os_family == "Flatcar"

- name: start ssh
  systemd:
    name: ssh
    enabled: yes
  when: ansible_os_family == "Debian"