---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: "Enable nf_conntrack"
  community.general.modprobe:
    name: "nf_conntrack"
    state: present

- name: "Set sysctl tcp_tw_reuse"
  ansible.posix.sysctl:
    name: "net.ipv4.tcp_tw_reuse"
    state: present
    value: "1"
    sysctl_set: true
    sysctl_file: "{{ swift_sysctl_file }}"
  delegate_to: "{{ physical_host }}"

- name: "Set sysctl file-max"
  ansible.posix.sysctl:
    name: "fs.file-max"
    state: present
    value: "{{ swift_max_file_limits }}"
    sysctl_set: true
    sysctl_file: "{{ swift_sysctl_file }}"
  delegate_to: "{{ physical_host }}"

- name: "Put /etc/rsyncd.conf in place"
  ansible.builtin.template:
    src: "rsyncd.conf.j2"
    dest: "/etc/rsyncd.conf"
    owner: "root"
    group: "root"
    mode: "0644"
  notify: "Restart rsync service"

# Red Hat/CentOS are enabled as part of the handler
- name: "Enable rsync service in defaults (Debian)"
  ansible.builtin.lineinfile:
    dest: "/etc/default/rsync"
    line: "RSYNC_ENABLE=true"
    regexp: "^RSYNC_ENABLE*"
  when: ansible_facts['pkg_mgr'] =="apt"
  notify: "Restart rsync service"

# TODO: This can be safely removed in 2025.2 cycle
- name: "Setup swift-recon-cron cron job"
  ansible.builtin.cron:
    name: "swift-recon-cron run"
    state: absent

- name: Setup swift-recon-cron systemd timer
  ansible.builtin.include_role:
    name: systemd_service
  vars:
    systemd_service_restart_changed: false
    systemd_user_name: "{{ swift_system_user_name }}"
    systemd_group_name: "{{ swift_system_group_name }}"
    systemd_tempd_prefix: openstack
    systemd_slice_name: "{{ swift_system_slice_name }}"
    systemd_lock_dir: "{{ swift_lock_dir }}"
    systemd_service_restart: on-abnormal
    systemd_services:
      - service_name: "swift-recon-cron"
        execstarts:
          - "{{ recon_cron_path }} /etc/swift/object-server/object-server.conf"
        environment:
          UMASK: "0640"
          UMASK_DIR: "0750"
        program_sandboxing:
          RuntimeDirectory: "swift-recon-cron"
        enabled: true
        timer:
          state: 'started'
          enabled: true
          options:
            OnCalendar: "*:0/5"
            Persistent: true
            Unit: "swift-recon-cron.service"

- name: "Set ownership on mounted drives"
  ansible.builtin.file:
    dest: "{{ swift_vars.mount_point | default(swift.mount_point) }}/{{ item.name }}"
    owner: "{{ swift_system_user_name }}"
    group: "{{ swift_system_group_name }}"
    state: "directory"
    mode: "0755"
  with_items: "{{ swift_vars.drives | default(swift.drives) | default([]) }}"