---
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Find installed kernels
  ansible.builtin.find:
    paths: "/boot"
    patterns: "vmlinuz-*"
  register: kernels

- name: Determine latest installed kernel
  ansible.builtin.set_fact:
    latest_kernel: "{{ kernels.files | map(attribute='path') | sort(reverse=True) | first }}"

- name: Latest kernel readable to nova group/user
  ansible.builtin.command: "dpkg-statoverride --update --add root nova 0640 {{ latest_kernel }}"
  register: dpkg_statoverride_result
  changed_when:
    - ("an override for '" ~ latest_kernel ~ "' already exists; aborting" not in dpkg_statoverride_result.stderr)
  failed_when:
    - (dpkg_statoverride_result.rc != 0) and
      ("an override for '" ~ latest_kernel ~ "' already exists; aborting"
        not in dpkg_statoverride_result.stderr)

- name: Script installed to make future kernels readable to nova group/user
  ansible.builtin.copy:
    src: "nova_kernel_permissions"
    dest: "/etc/kernel/postinst.d/nova_kernel_permissions"
    mode: "0755"