- hosts: bastion:!disabled
  name: "Bridge: configure the bastion host"
  roles:
    - iptables
    - edit-secrets-script
    - install-docker
  tasks:
    # Skip as no arm64 support available; only used for gate testing,
    # where we can't mix arm64 and x86 nodes, so need a minimally
    # working bridge to drive the tests for mirrors/nodepool
    # etc. things.
    - name: Install openshift/kubectl
      when: ansible_architecture != 'aarch64'
      block:
        - include_role:
            name: install-kubectl
        - include_role:
            name: configure-kubectl

    - include_role:
        name: configure-openstacksdk
      vars:
        openstacksdk_config_template: clouds/bridge_all_clouds.yaml.j2

    - name: Get rid of all-clouds.yaml
      file:
        state: absent
        path: '/etc/openstack/all-clouds.yaml'

    - name: Install rackspace DNS backup tool
      include_role:
        name: rax-dns-backup

# NOTE: we have hard-coded the active bridge here because we only want
# to install this on the currently active production bridge that will
# execute this reboot cycle (we don't have two bastion hosts usually,
# but if we are bootstrapping a new one there may be a period where
# both have credentials).  For testing we also allow it to install on
# the system-config-run host -- but it will not have the credentials
# to actually do anything there if it does fire.
- hosts: bridge01.opendev.org:bridge99.opendev.org:!disabled
  name: Install reboot jobs
  tasks:
    - name: Automated Zuul cluster reboots and updates
      # Note this is run via cron because a zuul job can't run this playbook
      # as the playbook relies on all jobs ending for graceful stops on the
      # executors.
      cron:
        name: "Zuul cluster restart"
        # Start Sundays at 00:01 UTC.
        # Estimated completion time Sunday at 18:00 UTC.
        minute: 1
        hour: 0
        weekday: 6
        job: "flock -n /var/run/zuul_reboot.lock /usr/local/bin/ansible-playbook -f 20 /home/zuul/src/opendev.org/opendev/system-config/playbooks/zuul_reboot.yaml >> /var/log/ansible/zuul_reboot.log 2>&1"

    - name: Rotate Zuul restart logs
      include_role:
        name: logrotate
      vars:
        logrotate_file_name: /var/log/ansible/zuul_reboot.log
        logrotate_frequency: weekly

    - name: Install node launcher
      include_role:
        name: install-launch-node