---
- name: Import task utils/config_iptables.yml
  include_tasks: utils/config_iptables.yml

- name: set var
  set_fact:
    fou_url_base: "https://iso.yunion.cn/uos/{{ ansible_distribution_release }}/{{ onecloud_version_abbr }}/{{ ansible_architecture }}"

- name: init apt cache for UOS FOU
  get_url:
    url: "{{fou_url_base}}/yunion.gpg-key.asc"
    dest: /tmp/yunion.gpg-key.asc
    validate_certs: no
  become: true

- name: apply UOS FOU Sig key
  shell: |
    echo "deb [trusted=yes] {{fou_url_base}}/ ./" > /etc/apt/sources.list.d/yunion.list;
    apt-key add /tmp/yunion.gpg-key.asc;
    apt-get update -y;
    rm -f /tmp/yunion.gpg-key.asc
  become: true
  args:
    executable: /bin/bash

- name: install common packages via loop
  package:
    name: "{{ package_item }}"
    disablerepo: "{{ (online_status != 'online') | ternary('*', omit) }}"
    enablerepo: "{{ (online_status != 'online') | ternary('yunion-*', omit) }}"
  with_items:
  - "{{ common_packages }}"
  loop_control:
    index_var: item_index
    label: "[{{ item_index + 1 }}/{{ common_packages|length }}] {{ package_item }}"
    loop_var: package_item
  become: yes
  tags:
  - package

- name: install latest packages via loop
  package:
    name: "{{ package_item }}"
    state: latest
  with_items:
  - "{{ latest_packages }}"
  become: yes
  retries: 6
  delay: 10
  ignore_errors: yes
  when:
  - latest_packages is defined
  loop_control:
    index_var: item_index
    label: "[{{ item_index + 1 }}/{{ latest_packages | length }}] {{ package_item }}"
    loop_var: package_item
  tags:
  - package

- name: Check that if selinux config exists
  stat:
    path: /etc/selinux/config
  register: selinux_conf_exists

- name: Turn off selinux
  selinux:
    state: disabled
  become: true
  when:
    - selinux_conf_exists.stat.exists

- name: Import task utils/fix_ovmf_path
  include_tasks: utils/fix_ovmf_path.yml

# use legacy DNS resolve way
- block:
  - name: Write /etc/systemd/resolved.conf
    become: true
    template:
      src: etc_systemd_resolved.conf.j2
      dest: /etc/systemd/resolved.conf
      owner: root
      group: root
      mode: 0644

  - name: Restart systemd-resolved
    become: true
    service:
      name: systemd-resolved
      state: restarted

  - name: Link /etc/resolv.conf to /run/systemd/resolve/resolve.conf
    become: true
    shell: |
      ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
    args:
      executable: /bin/bash