---
- include: ../../../roles/etcd_client_certificates/tasks/main.yml
  vars:
    etcd_cert_prefix: calico.etcd-
    etcd_cert_config_dir: "{{ openshift.common.config_base }}/calico"
    embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
    etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
    etcd_cert_subdir: "openshift-calico-{{ openshift.common.hostname }}"

- name: Assure the calico certs have been generated
  stat:
    path: "{{ item }}"
  with_items:
  - "{{ calico_etcd_ca_cert_file }}"
  - "{{ calico_etcd_cert_file}}"
  - "{{ calico_etcd_key_file }}"

- name: Configure Calico service unit file
  template:
    dest: "/lib/systemd/system/calico.service"
    src: calico.service.j2

- name: Enable calico
  become: yes
  systemd:
    name: calico
    daemon_reload: yes
    state: started
    enabled: yes
  register: start_result

- name: Assure CNI conf dir exists
  become: yes
  file: path="{{ cni_conf_dir }}" state=directory

- name: Generate Calico CNI config
  become: yes
  template:
    src: "calico.conf.j2"
    dest: "{{ cni_conf_dir }}/10-calico.conf"

- name: Assures Kuberentes CNI bin dir exists
  become: yes
  file: path="{{ cni_bin_dir }}" state=directory

- name: Download Calico CNI Plugin
  become: yes
  get_url:
    url: https://github.com/projectcalico/cni-plugin/releases/download/v1.5.5/calico
    dest: "{{ cni_bin_dir }}"
    mode: a+x

- name: Download Calico IPAM Plugin
  become: yes
  get_url:
    url: https://github.com/projectcalico/cni-plugin/releases/download/v1.5.5/calico-ipam
    dest: "{{ cni_bin_dir }}"
    mode: a+x

- name: Download and unzip standard CNI plugins
  become: yes
  unarchive:
    remote_src: True
    src: https://github.com/containernetworking/cni/releases/download/v0.4.0/cni-amd64-v0.4.0.tgz
    dest: "{{ cni_bin_dir }}"

- name: Assure Calico conf dir exists
  become: yes
  file: path=/etc/calico/ state=directory

- name: Set calicoctl.cfg
  template:
    src: calico.cfg.j2
    dest: "/etc/calico/calicoctl.cfg"