#
# These tasks configure the instance to periodically update the project metadata with the
# latest bootstrap kubeconfig from the project metadata. This keeps the project metadata
# in sync with the cluster's configuration. We then invoke a CSR approve on any nodes that
# are waiting to join the cluster.
#
---
- name: Copy unit service
  copy:
    src: openshift-bootstrap-update.timer
    dest: /etc/systemd/system/openshift-bootstrap-update.timer
    owner: root
    group: root
    mode: 0664

- name: Copy unit timer
  copy:
    src: openshift-bootstrap-update.service
    dest: /etc/systemd/system/openshift-bootstrap-update.service
    owner: root
    group: root
    mode: 0664

- name: Create bootstrap update script
  template: src=openshift-bootstrap-update.j2 dest=/usr/bin/openshift-bootstrap-update mode=u+rx

- name: Start bootstrap update timer
  systemd:
    name: "openshift-bootstrap-update.timer"
    state: started

- name: Bootstrap all nodes that were identified with bootstrap metadata
  run_once: true
  oc_adm_csr:
    nodes: "{{ groups['all'] | map('extract', hostvars) | selectattr('gce_metadata.bootstrap', 'match', 'true') | map(attribute='gce_name') | list }}"
    timeout: 60