---
# TODO: Much of this file is shared with container engine tasks
- name: Check we are not using node as a Docker container with CRI-O
  fail: msg='Cannot use CRI-O with node configured as a Docker container'
  when:
    - openshift_is_containerized | bool
    - not l_is_node_system_container | bool

- include_tasks: common/pre.yml

- include_tasks: common/syscontainer_packages.yml

- name: Check that overlay is in the kernel
  shell: lsmod | grep overlay
  register: l_has_overlay_in_kernel
  ignore_errors: yes
  failed_when: false

- when: l_has_overlay_in_kernel.rc != 0
  block:

    - name: Add overlay to modprobe.d
      template:
        dest: /etc/modules-load.d/overlay.conf
        src: overlay.conf.j2
        backup: yes

    - name: Manually modprobe overlay into the kernel
      command: modprobe overlay

    - name: Enable and start systemd-modules-load
      service:
        name: systemd-modules-load
        enabled: yes
        state: restarted

- name: Ensure proxies are in the atomic.conf
  include_tasks: common/atomic_proxy.yml

# Be nice and let the user see the variable result
- debug:
    var: l_crio_image

# NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released
- name: Pre-pull CRI-O System Container image
  command: "atomic pull --storage ostree {{ l_crio_image }}"
  changed_when: false
  environment:
    NO_PROXY: "{{ openshift.common.no_proxy | default('') }}"

- name: Install CRI-O System Container
  oc_atomic_container:
    name: "cri-o"
    image: "{{ l_crio_image }}"
    state: latest
    values:
      - "ADDTL_MOUNTS={{ l_crio_additional_mounts }}"

- name: Remove CRI-O default configuration files
  file:
    path: "{{ item }}"
    state: absent
  with_items:
    - /etc/cni/net.d/200-loopback.conf
    - /etc/cni/net.d/100-crio-bridge.conf

- name: Create the CRI-O configuration
  template:
    dest: /etc/crio/crio.conf
    src: crio.conf.j2
    backup: yes

- name: Ensure CNI configuration directory exists
  file:
    path: /etc/cni/net.d/
    state: directory

- name: setup firewall for CRI-O
  import_tasks: crio_firewall.yml

- name: Configure the CNI network
  template:
    dest: /etc/cni/net.d/openshift-sdn.conf
    src: 80-openshift-sdn.conf.j2

- name: Create /etc/sysconfig/crio-storage
  copy:
    content: ""
    dest: /etc/sysconfig/crio-storage
    force: no

- name: Create /etc/sysconfig/crio-network
  template:
    dest: /etc/sysconfig/crio-network
    src: crio-network.j2

- name: Start the CRI-O service
  systemd:
    name: "cri-o"
    enabled: yes
    state: started
    daemon_reload: yes
  register: start_result

# If we are using crio only, docker.service might not be available for
# 'docker login'
- include_tasks: common/post.yml
  vars:
    openshift_docker_alternative_creds: "{{ openshift_use_crio_only | bool }}"