# Licensed to the Apache Software Foundation (ASF) under one or more contributor
# license agreements; and to You under the Apache License, Version 2.0.
---
# This role will install Controller in group 'controllers' in the environment
# inventory

- import_tasks: docker_login.yml

- name: get controller name and index
  set_fact:
    controller_name: "{{ name_prefix ~ host_group.index(inventory_hostname) }}"
    controller_index:
      "{{ (controller_index_base|int) + host_group.index(inventory_hostname) }}"

- name: "pull the {{ docker.image.tag }} image of controller"
  shell: "docker pull {{docker_registry}}{{ docker.image.prefix }}/controller:{{docker.image.tag}}"
  when: docker_registry != ""
  register: result
  until: (result.rc == 0)
  retries: "{{ docker.pull.retries }}"
  delay: "{{ docker.pull.delay }}"

- name: ensure controller log directory is created with permissions
  file:
    path: "{{ whisk_logs_dir }}/{{ controller_name }}"
    state: directory
    mode: 0777
  become: "{{ logs.dir.become }}"

- name: ensure controller config directory is created with permissions
  file:
    path: "{{ controller.confdir }}/{{ controller_name }}"
    state: directory
    mode: 0777
  become: "{{ controller.dir.become }}"

- name: copy jmxremote password file
  when: jmx.enabled
  template:
    src: "jmxremote.password.j2"
    dest: "{{ controller.confdir }}/{{ controller_name }}/jmxremote.password"
    mode: 0777

- name: copy jmxremote access file
  when: jmx.enabled
  template:
    src: "jmxremote.access.j2"
    dest: "{{ controller.confdir }}/{{ controller_name }}/jmxremote.access"
    mode: 0777

- name: "copy kafka truststore/keystore"
  when: kafka.protocol == 'SSL'
  copy:
    src:
      "{{openwhisk_home~'/ansible/roles/kafka/files/'~kafka.ssl.keystore.name}}"
    dest: "{{ controller.confdir }}/{{ controller_name }}"

- name: copy nginx certificate keystore
  when: controller.protocol == 'https'
  copy:
    src: files/{{ controllerKeystoreName }}
    mode: 0666
    dest: "{{ controller.confdir }}/{{ controller_name }}"
  become: "{{ controller.dir.become }}"

- name: copy certificates
  when: controller.protocol == 'https'
  copy:
    src: "{{ openwhisk_home }}/ansible/roles/controller/files/{{ item }}"
    mode: 0666
    dest: "{{ controller.confdir }}/{{ controller_name }}"
  with_items:
    - "{{ controller.ssl.cert }}"
    - "{{ controller.ssl.key }}"
  become: "{{ controller.dir.become }}"

- name: check, that required databases exist
  include_tasks: "{{ openwhisk_home }}/ansible/tasks/db/checkDb.yml"
  vars:
    dbName: "{{ item }}"
  with_items:
    - "{{ db.whisk.actions }}"
    - "{{ db.whisk.auth }}"
    - "{{ db.whisk.activations }}"

- name: prepare controller port
  set_fact:
    controller_port: "{{ controller.basePort + (controller_index | int) }}"
    ports_to_expose:
      - "{{ controller.basePort + (controller_index | int) }}:8080"

- name: expose additional ports if jmxremote is enabled
  when: jmx.enabled
  vars:
    jmx_remote_port: "{{ jmx.basePortController + (controller_index|int) }}"
    jmx_remote_rmi_port:
      "{{ jmx.rmiBasePortController + (controller_index|int) }}"
  set_fact:
    ports_to_expose: >-
      {{ ports_to_expose }} +
      [ '{{ jmx_remote_port }}:{{ jmx_remote_port }}' ] +
      [ '{{ jmx_remote_rmi_port }}:{{ jmx_remote_rmi_port }}' ]
    controller_args: >-
      {{ controller.arguments }}
      {{ jmx.jvmCommonArgs }}
      -Djava.rmi.server.hostname={{ inventory_hostname }}
      -Dcom.sun.management.jmxremote.rmi.port={{ jmx_remote_rmi_port }}
      -Dcom.sun.management.jmxremote.port={{ jmx_remote_port }}

- name: populate environment variables for controller
  set_fact:
    controller_env:
      "JAVA_OPTS":
        -Xmx{{ controller.heap }}
        -XX:+CrashOnOutOfMemoryError
        -XX:+UseGCOverheadLimit
        -XX:ErrorFile=/logs/java_error.log
        -XX:+HeapDumpOnOutOfMemoryError
        -XX:HeapDumpPath=/logs
      "CONTROLLER_OPTS": "{{ controller_args | default(controller.arguments) }}"
      "CONTROLLER_INSTANCES": "{{ controller.instances }}"
      "JMX_REMOTE": "{{ jmx.enabled }}"

      "COMPONENT_NAME": "{{ controller_name }}"
      "PORT": 8080

      "CONFIG_whisk_info_date": "{{ whisk.version.date }}"
      "CONFIG_whisk_info_buildNo": "{{ docker.image.tag }}"

      "KAFKA_HOSTS": "{{ kafka_connect_string }}"
      "CONFIG_whisk_kafka_replicationFactor":
        "{{ kafka.replicationFactor | default() }}"
      "CONFIG_whisk_kafka_topics_cacheInvalidation_retentionBytes":
        "{{ kafka_topics_cacheInvalidation_retentionBytes | default() }}"
      "CONFIG_whisk_kafka_topics_cacheInvalidation_retentionMs":
        "{{ kafka_topics_cacheInvalidation_retentionMS | default() }}"
      "CONFIG_whisk_kafka_topics_cacheInvalidation_segmentBytes":
        "{{ kafka_topics_cacheInvalidation_segmentBytes | default() }}"
      "CONFIG_whisk_kafka_topics_completed_retentionBytes":
        "{{ kafka_topics_completed_retentionBytes | default() }}"
      "CONFIG_whisk_kafka_topics_completed_retentionMs":
        "{{ kafka_topics_completed_retentionMS | default() }}"
      "CONFIG_whisk_kafka_topics_completed_segmentBytes":
        "{{ kafka_topics_completed_segmentBytes | default() }}"
      "CONFIG_whisk_kafka_topics_health_retentionBytes":
        "{{ kafka_topics_health_retentionBytes | default() }}"
      "CONFIG_whisk_kafka_topics_health_retentionMs":
        "{{ kafka_topics_health_retentionMS | default() }}"
      "CONFIG_whisk_kafka_topics_health_segmentBytes":
        "{{ kafka_topics_health_segmentBytes | default() }}"
      "CONFIG_whisk_kafka_common_securityProtocol":
        "{{ kafka.protocol }}"
      "CONFIG_whisk_kafka_common_sslTruststoreLocation":
        "/conf/{{ kafka.ssl.keystore.name }}"
      "CONFIG_whisk_kafka_common_sslTruststorePassword":
        "{{ kafka.ssl.keystore.password }}"
      "CONFIG_whisk_kafka_common_sslKeystoreLocation":
        "/conf/{{ kafka.ssl.keystore.name }}"
      "CONFIG_whisk_kafka_common_sslKeystorePassword":
        "{{ kafka.ssl.keystore.password }}"

      "CONFIG_whisk_couchdb_protocol": "{{ db_protocol }}"
      "CONFIG_whisk_couchdb_host": "{{ db_host }}"
      "CONFIG_whisk_couchdb_port": "{{ db_port }}"
      "CONFIG_whisk_couchdb_username": "{{ db_username }}"
      "CONFIG_whisk_couchdb_password": "{{ db_password }}"
      "CONFIG_whisk_couchdb_provider": "{{ db_provider }}"
      "CONFIG_whisk_couchdb_databases_WhiskAuth": "{{ db.whisk.auth }}"
      "CONFIG_whisk_couchdb_databases_WhiskEntity": "{{ db.whisk.actions }}"
      "CONFIG_whisk_couchdb_databases_WhiskActivation":
        "{{ db.whisk.activations }}"
      "CONFIG_whisk_db_actionsDdoc": "{{ db_whisk_actions_ddoc | default() }}"
      "CONFIG_whisk_db_activationsDdoc": "{{ db_whisk_activations_ddoc | default() }}"
      "CONFIG_whisk_db_activationsFilterDdoc": "{{ db_whisk_activations_filter_ddoc | default() }}"
      "CONFIG_whisk_userEvents_enabled": "{{ user_events }}"

      "LIMITS_ACTIONS_INVOKES_PERMINUTE": "{{ limits.invocationsPerMinute }}"
      "LIMITS_ACTIONS_INVOKES_CONCURRENT": "{{ limits.concurrentInvocations }}"
      "LIMITS_ACTIONS_INVOKES_CONCURRENTINSYSTEM":
        "{{ limits.concurrentInvocationsSystem }}"
      "LIMITS_TRIGGERS_FIRES_PERMINUTE": "{{ limits.firesPerMinute }}"
      "LIMITS_ACTIONS_SEQUENCE_MAXLENGTH": "{{ limits.sequenceMaxLength }}"

      "CONFIG_whisk_memory_min": "{{ limit_action_memory_min | default() }}"
      "CONFIG_whisk_memory_max": "{{ limit_action_memory_max | default() }}"
      "CONFIG_whisk_memory_std": "{{ limit_action_memory_std | default() }}"

      "CONFIG_whisk_timeLimit_min": "{{ limit_action_time_min | default() }}"
      "CONFIG_whisk_timeLimit_max": "{{ limit_action_time_max | default() }}"
      "CONFIG_whisk_timeLimit_std": "{{ limit_action_time_std | default() }}"

      "CONFIG_whisk_activation_payload_max":
        "{{ limit_activation_payload | default() }}"

      "RUNTIMES_MANIFEST": "{{ runtimesManifest | to_json }}"
      "CONFIG_whisk_runtimes_defaultImagePrefix":
        "{{ runtimes_default_image_prefix | default() }}"
      "CONFIG_whisk_runtimes_defaultImageTag":
        "{{ runtimes_default_image_tag | default() }}"
      "CONFIG_whisk_runtimes_bypassPullForLocalImages":
        "{{ runtimes_bypass_pull_for_local_images | default() }}"
      "CONFIG_whisk_runtimes_localImagePrefix":
        "{{ runtimes_local_image_prefix | default() }}"

      "METRICS_KAMON": "{{ metrics.kamon.enabled }}"
      "METRICS_KAMON_TAGS": "{{ metrics.kamon.tags }}"
      "METRICS_LOG": "{{ metrics.log.enabled }}"
      "CONFIG_whisk_controller_protocol": "{{ controller.protocol }}"
      "CONFIG_whisk_controller_https_keystorePath":
        "{{ controller.ssl.keystore.path }}"
      "CONFIG_whisk_controller_https_keystorePassword":
        "{{ controller.ssl.keystore.password }}"
      "CONFIG_whisk_controller_https_keystoreFlavor":
        "{{ controller.ssl.storeFlavor }}"
      "CONFIG_whisk_controller_https_truststorePath":
        "{{ controller.ssl.truststore.path }}"
      "CONFIG_whisk_controller_https_truststorePassword":
        "{{ controller.ssl.truststore.password }}"
      "CONFIG_whisk_controller_https_truststoreFlavor":
        "{{ controller.ssl.storeFlavor }}"
      "CONFIG_whisk_controller_https_clientAuth":
        "{{ controller.ssl.clientAuth }}"
      "CONFIG_whisk_loadbalancer_invokerBusyThreshold":
        "{{ invoker.busyThreshold }}"
      "CONFIG_whisk_loadbalancer_blackboxFraction":
        "{{ controller.blackboxFraction }}"

      "CONFIG_kamon_statsd_hostname": "{{ metrics.kamon.host }}"
      "CONFIG_kamon_statsd_port": "{{ metrics.kamon.port }}"

      "CONFIG_whisk_spi_LogStoreProvider": "{{ userLogs.spi }}"
      "CONFIG_whisk_spi_LoadBalancerProvider":
        "{{ controller.loadbalancer.spi }}"
      "CONFIG_logback_log_level": "{{ controller.loglevel }}"

      "CONFIG_whisk_transactions_header": "{{ transactions.header }}"

- name: merge extra env variables
  set_fact:
    controller_env: "{{ controller_env | combine(controller.extraEnv) }}"

- name: include plugins
  include_tasks: "{{ item }}.yml"
  with_items: "{{ controller_plugins | default([]) }}"

- name: (re)start controller
  docker_container:
    name: "{{ controller_name }}"
    image:
      "{{docker_registry~docker.image.prefix}}/controller:{{docker.image.tag}}"
    state: started
    recreate: true
    restart_policy: "{{ docker.restart.policy }}"
    hostname: "{{ controller_name }}"
    env: "{{ controller_env }}"
    volumes:
      - "{{ whisk_logs_dir }}/{{ controller_name }}:/logs"
      - "{{ controller.confdir }}/{{ controller_name }}:/conf"
    ports: "{{ ports_to_expose }}"
    command:
      /bin/sh -c
      "exec /init.sh {{ controller_index }}
      >> /logs/{{ controller_name }}_logs.log 2>&1"

- name: wait until the Controller in this host is up and running
  uri:
    url:
      "{{controller.protocol}}://{{ansible_host}}:{{controller_port}}/ping"
    validate_certs: "no"
    client_key:
      "{{ controller.confdir }}/{{ controller_name }}/{{ controller.ssl.key }}"
    client_cert:
      "{{ controller.confdir }}/{{ controller_name }}/{{ controller.ssl.cert }}"
  register: result
  until: result.status == 200
  retries: 12
  delay: 5

# VIM: let b:syntastic_yaml_yamllint_args="-c '".expand('%:p:h')."../../../yamllint.yml'"