---

- name: Install Ceph
  hosts: swarm
  become: true
  tasks:
    - name: Install Ceph
      ansible.builtin.apt:
        name: 
          - ceph-common
          - ceph-fuse
        state: present

          # - name: Copy Ceph Secret
          #   ansible.builtin.copy:
          #     content: "{{ ceph_secret }}"
          #     dest: /etc/ceph/secret.key

    # ceph config generate-minimal-conf
    - name: Copy Ceph Configuration
      ansible.builtin.copy:
        content: "[global]\n  fsid = {{ ceph_fsid }}\n  mon_host = {{ ceph_mon_host }}\n"
        dest: /etc/ceph/ceph.conf
        mode: '0644'

    # ceph fs authorize cephfs client.swarm / rw
    - name: Copy Ceph Keyring
      ansible.builtin.copy:
        content: "[client.{{ ceph_client_name }}]\n  key = {{ ceph_secret }}\n"
        dest: "/etc/ceph/ceph.client.{{ ceph_client_name }}.keyring"
        mode: '0600'

    - name: Adjust ceph mount perms
      ansible.builtin.file:
        path: /mnt/ceph
        owner: root
        group: root
        state: directory
        recurse: true

    - name: Mount Ceph on Boot
      ansible.builtin.lineinfile:
        path: /etc/fstab
        regexp: ':/\s+/mnt\s+ceph'
        line: "none      /mnt/ceph   fuse.ceph   ceph.id={{ ceph_client_name }},_netdev,defaults  0 0"
        create: true
        mode: "0644"

    - name: Mount ceph now
      ansible.builtin.shell:
        cmd: "mount -a"

    - name: Adjust ceph mount perms for docker
      ansible.builtin.file:
        path: /mnt/ceph/docker
        owner: root
        group: docker
        state: directory
        recurse: true

- name: Initial docker swarm fw rules
  hosts: swarm
  become: true
  tasks:
    - name: Enable local swarm comms
      loop: "{{ rfc1918_cgnat_networks }}"
      community.general.ufw:
        rule: allow
        port: "2377"
        from: "{{ item }}"
        state: "enabled"

- name: Initial docker swarm init
  hosts: swarm[0]
  become: true
  tasks:
    - name: Check Docker Swarm status
      ansible.builtin.shell: docker info --format '{{ "{{.Swarm.LocalNodeState}}" }}'
      register: docker_swarm_status
      changed_when: false

    - name: Initialize Docker Swarm
      ansible.builtin.shell:
        cmd: docker swarm init --advertise-addr {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}
      when: "'inactive' in docker_swarm_status.stdout"
      register: swarm_init
      changed_when: "'Swarm initialized' in swarm_init.stdout"

    - name: Retrieve Docker Swarm manager token
      ansible.builtin.shell: docker swarm join-token manager -q
      register: manager_token
      changed_when: false

- name: Join remaining managers to Docker Swarm
  hosts: swarm:!swarm[0]
  become: true
  tasks:
    - name: Check Docker Swarm status before attempting to join
      ansible.builtin.shell: docker info --format '{{ "{{.Swarm.LocalNodeState}}" }}'
      register: docker_swarm_status
      changed_when: false

    - name: Join Swarm as manager
      ansible.builtin.shell:
        cmd: docker swarm join --token {{ hostvars[groups['swarm'][0]]['manager_token'].stdout }} {{ hostvars[groups['swarm'][0]]['ansible_default_ipv4']['address'] }}:2377
      when: hostvars[groups['swarm'][0]]['manager_token'].stdout is defined and docker_swarm_status.stdout != "active"
      register: swarm_join
      changed_when: "'This node joined a swarm as a manager' in swarm_join.stdout"

    - name: Label Docker Swarm manager nodes
      ansible.builtin.shell:
        cmd: docker node update --label-add manager=true {{ ansible_hostname }}
      when: swarm_join is changed
      changed_when: false