# certain initialization steps (run in a container) will occur
# on the role marked as primary controller or the first role listed
{%- if enabled_roles is not defined or enabled_roles == [] -%}
  # On upgrade certain roles can be disabled for operator driven upgrades
  # See major_upgrade_steps.j2.yaml and post-upgrade.j2.yaml
  {%- set enabled_roles = roles -%}
{%- endif -%}
{%- set primary_role = [enabled_roles[0]] -%}
{%- for role in enabled_roles -%}
  {%- if 'primary' in role.tags and 'controller' in role.tags -%}
    {%- set _ = primary_role.pop() -%}
    {%- set _ = primary_role.append(role) -%}
  {%- endif -%}
{%- endfor -%}
{%- set primary_role_name = primary_role[0].name -%}
# primary role is: {{primary_role_name}}
{% set deploy_steps_max = 6 -%}
{% set update_steps_max = 6 -%}
{% set external_update_steps_max = 2 -%}
{% set pre_upgrade_rolling_steps_max = 1 -%}
{% set upgrade_steps_max = 6 -%}
{% set external_upgrade_steps_max = 2 -%}
{% set post_upgrade_steps_max = 4 -%}
{% set fast_forward_upgrade_steps_max = 9 -%}
{% set fast_forward_upgrade_prep_steps_max = 3 -%}
{% set post_update_steps_max = 4 -%}

heat_template_version: rocky

description: >
  Post-deploy configuration steps via puppet for all roles,
  as defined in ../roles_data.yaml

parameters:
  servers:
    type: json
    description: Mapping of Role name e.g Controller to a list of servers
  stack_name:
    type: string
    description: Name of the topmost stack
  role_data:
    type: json
    description: Mapping of Role name e.g Controller to the per-role data
  DeployIdentifier:
    default: ''
    type: string
    description: >
      Setting this to a unique value will re-run any deployment tasks which
      perform configuration on a Heat stack-update.
  deployment_source_hosts:
    default: 'Undercloud'
    type: string
    description: Host or hostgroup that runs the deployment
  deployment_target_hosts:
    default: 'overcloud'
    type: string
    description: Host or hostgroup that consists of the target systems for the deployment
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  ConfigDebug:
    default: false
    description: Whether to run config management (e.g. Puppet) in debug mode.
    type: boolean
  EnablePuppet:
    default: true
    description: Whether to run the puppet (baremetal) deployment tasks.
    type: boolean
  DockerPuppetDebug:
    type: string
    default: ''
    description: Set to True to enable debug logging with docker-puppet.py
  DockerPuppetProcessCount:
    type: number
    default: 6
    description: Number of concurrent processes to use when running docker-puppet to generate config files.
  ContainerCli:
    type: string
    default: 'docker'
    description: CLI tool used to manage containers.
    constraints:
      - allowed_values: ['docker', 'podman']
  ctlplane_service_ips:
    type: json
  blacklisted_ip_addresses:
    description: List of IP addresses belong to blacklisted servers
    type: comma_delimited_list
    default: []
  blacklisted_hostnames:
    description: List of hostnames belong to blacklisted servers
    type: comma_delimited_list
    default: []
  FastForwardUpgradeReleases:
    type: comma_delimited_list
    default: ['ocata', 'pike', 'queens']
    description: List of releases to fast forward through during upgrade. Last release in list is used for post steps.
  ssh_known_hosts_hostnames:
    description: Mapping of hostname to ssh known hosts entry
    type: json

conditions:
{% for step in range(1, deploy_steps_max) %}
  WorkflowTasks_Step{{step}}_Enabled:
    or:
    {%- for role in enabled_roles %}
      - not:
          equals:
            - get_param: [role_data, {{role.name}}, workflow_tasks, step{{step}}]
            - ''
      - False
    {%- endfor %}
{% endfor %}

resources:

  RoleConfig:
    type: OS::Heat::SoftwareConfig
    properties:
      group: ansible
      options:
        modulepath: /usr/share/ansible-modules
      inputs:
        - name: step
        - name: tripleo_role_name
        - name: update_identifier
        - name: bootstrap_server_id
        - name: enable_debug
        - name: enable_puppet
        - name: docker_puppet_debug
        - name: container_cli
        - name: docker_puppet_process_count
        - name: role_data_step_config
        - name: role_data_puppet_config
          type: Json
        - name: role_data_docker_config_scripts
          type: Json
        - name: role_data_docker_puppet_tasks
          type: Json
        - name: role_data_docker_config
          type: Json
        - name: role_data_kolla_config
          type: Json

      config:
        str_replace:
          template: |
            - hosts: localhost
              connection: local
              tasks:
              _TASKS
          params:
            _TASKS: {get_file: deploy-steps-tasks.yaml}

  ExternalDeployTasks:
    type: OS::Heat::Value
    properties:
      type: comma_delimited_list
      value:
        yaql:
          # processing from per-role unique tasks into globally unique tasks
          expression: coalesce($.data, []).flatten().distinct()
          data:
          {%- for role in enabled_roles %}
            - get_param: [role_data, {{role.name}}, external_deploy_tasks]
          {%- endfor %}

  ExternalPostDeployTasks:
    type: OS::Heat::Value
    properties:
      type: comma_delimited_list
      value:
        yaql:
          # processing from per-role unique tasks into globally unique tasks
          expression: coalesce($.data, []).flatten().distinct()
          data:
          {%- for role in enabled_roles %}
            - get_param: [role_data, {{role.name}}, external_post_deploy_tasks]
          {%- endfor %}

  ExternalUpdateTasks:
    type: OS::Heat::Value
    properties:
      type: comma_delimited_list
      value:
        yaql:
          # processing from per-role unique tasks into globally unique tasks
          expression: coalesce($.data, []).flatten().distinct()
          data:
          {%- for role in enabled_roles %}
            - get_param: [role_data, {{role.name}}, external_update_tasks]
          {%- endfor %}

  ExternalUpgradeTasks:
    type: OS::Heat::Value
    properties:
      type: comma_delimited_list
      value:
        yaql:
          # processing from per-role unique tasks into globally unique tasks
          expression: coalesce($.data, []).flatten().distinct()
          data:
          {%- for role in enabled_roles %}
            - get_param: [role_data, {{role.name}}, external_upgrade_tasks]
          {%- endfor %}

{%- for step in range(1, deploy_steps_max) %}
# BEGIN workflow_tasks handling
  WorkflowTasks_Step{{step}}:
    type: OS::Mistral::Workflow
    condition: WorkflowTasks_Step{{step}}_Enabled
    depends_on:
    {%- if step == 1 %}
    {%- for dep in enabled_roles %}
      - {{dep.name}}PreConfig
      - {{dep.name}}ArtifactsDeploy
    {%- endfor %}
    {%- else %}
    {%- for dep in enabled_roles %}
      - {{dep.name}}Deployment_Step{{step -1}}
    {%- endfor %}
    {%- endif %}
    properties:
      name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflow_tasks", "step{{step}}"]]}
      type: direct
      tags:
      - tripleo-heat-templates-managed
      - {get_param: stack_name}
      tasks:
        yaql:
          expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten()
          data:
          {%- for role in enabled_roles %}
            - get_param: [role_data, {{role.name}}, workflow_tasks]
          {%- endfor %}

  WorkflowTasks_Step{{step}}_Execution:
    type: OS::TripleO::WorkflowSteps
    condition: WorkflowTasks_Step{{step}}_Enabled
    depends_on: WorkflowTasks_Step{{step}}
    properties:
      actions:
        CREATE:
          workflow: { get_resource: WorkflowTasks_Step{{step}} }
          params:
            env:
              heat_stack_name: { get_param: stack_name }
              service_ips: { get_param: ctlplane_service_ips }
              role_merged_configs:
                {%- for r in roles %}
                {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
                {%- endfor %}
              blacklisted_ip_addresses: {get_param: blacklisted_ip_addresses}
              blacklisted_hostnames: {get_param: blacklisted_hostnames}
            evaluate_env: false
        UPDATE:
          workflow: { get_resource: WorkflowTasks_Step{{step}} }
          params:
            env:
              heat_stack_name: { get_param: stack_name }
              service_ips: { get_param: ctlplane_service_ips }
              role_merged_configs:
                {%- for r in roles %}
                {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
                {%- endfor %}
              blacklisted_ip_addresses: {get_param: blacklisted_ip_addresses}
              blacklisted_hostnames: {get_param: blacklisted_hostnames}
            evaluate_env: false
      always_update: true
# END workflow_tasks handling
{% endfor %}

  BootstrapServerId:
    type: OS::Heat::Value
    properties:
      value:
        yaql:
          # Use a constant string of "bootstrap_server_id" when there are no
          # servers in the primary role, such as in the case when all
          # Controllers are blacklisted. No server id's will match the string
          # which is what we want when all are blacklisted.
          expression: switch($.data = {} => "no_bootstrap_server", $.data != {} => $.data.items().orderBy($[0]).first()[1])
          data: {get_param: [servers, {{primary_role_name}}]}

# Artifacts config and HostPrepConfig is done on all roles, not only
# enabled_roles, because on upgrade we need to write the json files
# for the operator driven upgrade scripts (the ansible steps consume them)
{% for role in roles %}
  # Prepare host tasks for {{role.name}}
  {{role.name}}ArtifactsConfig:
    type: ../puppet/deploy-artifacts.yaml

  {{role.name}}ArtifactsDeploy:
    type: OS::Heat::StructuredDeploymentGroup
    properties:
      name: {{role.name}}ArtifactsDeploy
      servers:  {get_param: [servers, {{role.name}}]}
      config: {get_resource: {{role.name}}ArtifactsConfig}

  {{role.name}}HostPrepConfig:
    type: OS::Heat::SoftwareConfig
    properties:
      group: ansible
      options:
        modulepath: /usr/share/ansible-modules
      config:
        str_replace:
          template: _PLAYBOOK
          params:
            _PLAYBOOK:
              - hosts: localhost
                connection: local
                vars:
                  docker_puppet_script: {get_file: ../docker/docker-puppet.py}
                  bootstrap_server_id: {get_attr: [BootstrapServerId, value]}
                tasks:
                  # FIXME: can we move docker-puppet somewhere so it's installed via a package?
                  - name: Create /var/lib/docker-puppet
                    file: path=/var/lib/docker-puppet state=directory setype=svirt_sandbox_file_t selevel=s0 recurse=true
                  - name: Write docker-puppet.py
                    copy: content="{{ '{{' }}docker_puppet_script{{ '}}' }}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600

  {{role.name}}HostPrepDeployment:
    type: OS::Heat::SoftwareDeploymentGroup
    properties:
      name: {{role.name}}HostPrepDeployment
      servers: {get_param: [servers, {{role.name}}]}
      config: {get_resource: {{role.name}}HostPrepConfig}
{% endfor %}

  # BEGIN CONFIG STEPS, only on enabled_roles
{%- for role in enabled_roles %}
  {{role.name}}PreConfig:
    type: OS::TripleO::Tasks::{{role.name}}PreConfig
    depends_on: {{role.name}}HostPrepDeployment
    properties:
      servers: {get_param: [servers, {{role.name}}]}
      input_values:
        update_identifier: {get_param: DeployIdentifier}

  # Deployment steps for {{role.name}}
  # A single config is re-applied with an incrementing step number
  {% for step in range(1, deploy_steps_max) %}
  {{role.name}}Deployment_Step{{step}}:
    type: OS::TripleO::DeploymentSteps
    depends_on:
      - WorkflowTasks_Step{{step}}_Execution
    # TODO(gfidente): the following if/else condition
    # replicates what is already defined for the
    # WorkflowTasks_StepX resource and can be remove
    # if https://bugs.launchpad.net/heat/+bug/1700569
    # is fixed.
    {%- if step == 1 %}
    {%- for dep in enabled_roles %}
      - {{dep.name}}PreConfig
      - {{dep.name}}ArtifactsDeploy
    {%- endfor %}
    {%- else %}
    {%- for dep in enabled_roles %}
      - {{dep.name}}Deployment_Step{{step -1}}
    {%- endfor %}
    {%- endif %}
    properties:
      name: {{role.name}}Deployment_Step{{step}}
      servers: {get_param: [servers, {{role.name}}]}
      config: {get_resource: RoleConfig}
      input_values:
        step: {{step}}
        tripleo_role_name: {{role.name}}
        update_identifier: {get_param: DeployIdentifier}
        bootstrap_server_id: {get_attr: [BootstrapServerId, value]}
        enable_debug: {get_param: ConfigDebug}
        enable_puppet: {get_param: EnablePuppet}
        docker_puppet_debug: {get_param: DockerPuppetDebug}
        container_cli: {get_param: ContainerCli}
        docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
        role_data_step_config: {get_param: [role_data, {{role.name}}, step_config]}
        role_data_puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]}
        role_data_docker_config_scripts: {get_param: [role_data, {{role.name}}, docker_config_scripts]}
        role_data_docker_puppet_tasks: {get_param: [role_data, {{role.name}}, docker_puppet_tasks]}
        role_data_docker_config: {get_param: [role_data, {{role.name}}, docker_config]}
        role_data_kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]}
        deploy_steps_max: {{deploy_steps_max}}

  {% endfor %}
  # END CONFIG STEPS

  # Note, this should be the last step to execute configuration changes.
  # Ensure that all {{role.name}}ExtraConfigPost steps are executed
  # after all the previous deployment steps.
  {{role.name}}ExtraConfigPost:
    depends_on:
  {%- for dep in enabled_roles %}
      - {{dep.name}}Deployment_Step{{deploy_steps_max - 1}}
  {%- endfor %}
    type: OS::TripleO::NodeExtraConfigPost
    properties:
        servers: {get_param: [servers, {{role.name}}]}

  # The {{role.name}}PostConfig steps are in charge of
  # quiescing all services, i.e. in the Controller case,
  # we should run a full service reload.
  {{role.name}}PostConfig:
    type: OS::TripleO::Tasks::{{role.name}}PostConfig
    depends_on:
  {%- for dep in enabled_roles %}
      - {{dep.name}}ExtraConfigPost
  {%- endfor %}
    properties:
      servers:  {get_param: servers}
      input_values:
        update_identifier: {get_param: DeployIdentifier}


{% endfor %}

outputs:
  RoleConfig:
    description: Mapping of config data for all roles
    value:
      global_vars:
        deploy_steps_max: {{deploy_steps_max}}
        ssh_known_hosts: {get_param: ssh_known_hosts_hostnames}
      common_deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml}
      docker_puppet_script: {get_file: ../docker/docker-puppet.py}
      deploy_steps_playbook:
        str_replace:
          params:
            BOOTSTRAP_SERVER_ID: {get_attr: [BootstrapServerId, value]}
            DEPLOY_SOURCE_HOST: {get_param: deployment_source_hosts}
            DEPLOY_TARGET_HOST: {get_param: deployment_target_hosts}
            UPDATE_IDENTIFIER: {get_param: DeployIdentifier}
            ENABLE_DEBUG: {get_param: ConfigDebug}
            ENABLE_PUPPET: {get_param: EnablePuppet}
            CONTAINER_CLI: {get_param: ContainerCli}
            DOCKER_PUPPET_DEBUG: {get_param: DockerPuppetDebug}
            DOCKER_PUPPET_PROCESS_COUNT: {get_param: DockerPuppetProcessCount}
          template: |
            - hosts: DEPLOY_SOURCE_HOST
              name: Gather facts from undercloud
              gather_facts: yes
              become: false
              tags:
                - facts

            - hosts: DEPLOY_TARGET_HOST
              name: Gather facts from overcloud
              gather_facts: yes
              tags:
                - facts

            - hosts: all
              name: Load global variables
              gather_facts: no
              tasks:
                - include_vars: global_vars.yaml
              tags:
                - always

            - hosts: DEPLOY_TARGET_HOST
              name: Common roles for TripleO servers
              gather_facts: no
              any_errors_fatal: yes
              roles:
                - tripleo-bootstrap
                - tripleo-ssh-known-hosts
              tags:
                - common_roles

            - hosts: {{primary_role_name}}:DEPLOY_TARGET_HOST
              name: Overcloud deploy step tasks for step 0
              gather_facts: no
              any_errors_fatal: yes
              vars:
                bootstrap_server_id: BOOTSTRAP_SERVER_ID
                step: 0
                update_identifier: UPDATE_IDENTIFIER
                enable_debug: ENABLE_DEBUG
                enable_puppet: ENABLE_PUPPET
                container_cli: CONTAINER_CLI
                docker_puppet_debug: DOCKER_PUPPET_DEBUG
                docker_puppet_process_count: DOCKER_PUPPET_PROCESS_COUNT
              tasks:
{%- for role in roles %}
                - import_tasks: {{role.name}}/deploy_steps_tasks.yaml
                  when: tripleo_role_name == '{{role.name}}'
{%- endfor %}
              tags:
                - overcloud
                - deploy_steps

            - hosts: {{primary_role_name}}:DEPLOY_TARGET_HOST
              name: Server deployments
              gather_facts: no
              any_errors_fatal: yes
              tasks:
                - include_tasks: deployments.yaml
                  vars:
                    force: false
                  with_items: "{{ '{{' }} lookup('vars', tripleo_role_name + '_pre_deployments')|default([]) {{ '}}' }}"
              tags:
                - overcloud
                - pre_deploy_steps

            - hosts: {{primary_role_name}}:DEPLOY_TARGET_HOST
              name: Host prep steps
              gather_facts: no
              any_errors_fatal: yes
              vars:
                bootstrap_server_id: BOOTSTRAP_SERVER_ID
                update_identifier: UPDATE_IDENTIFIER
                enable_debug: ENABLE_DEBUG
                enable_puppet: ENABLE_PUPPET
                container_cli: CONTAINER_CLI
                docker_puppet_debug: DOCKER_PUPPET_DEBUG
                docker_puppet_process_count: DOCKER_PUPPET_PROCESS_COUNT
              tasks:
{%- for role in roles %}
                - import_tasks: {{role.name}}/host_prep_tasks.yaml
                  when: tripleo_role_name == '{{role.name}}'
{%- endfor %}
              tags:
                - overcloud
                - host_prep_steps

{%- for step in range(1,deploy_steps_max) %}

            - hosts: DEPLOY_SOURCE_HOST
              name: External deployment step {{step}}
              gather_facts: no
              any_errors_fatal: yes
              become: false
              vars:
                bootstrap_server_id: BOOTSTRAP_SERVER_ID
                step: '{{step}}'
                update_identifier: UPDATE_IDENTIFIER
                enable_debug: ENABLE_DEBUG
                enable_puppet: ENABLE_PUPPET
                container_cli: CONTAINER_CLI
                docker_puppet_debug: DOCKER_PUPPET_DEBUG
                docker_puppet_process_count: DOCKER_PUPPET_PROCESS_COUNT
              tasks:
                - import_tasks: external_deploy_steps_tasks.yaml
              tags:
                - external
                - external_deploy_steps
                - step{{step}}

            - hosts: {{primary_role_name}}:DEPLOY_TARGET_HOST
              name: Overcloud deploy step tasks for {{step}}
              gather_facts: no
              any_errors_fatal: yes
              # FIXME(shardy) - it would be nice to use strategy: free to
              # allow the tasks per-step to run in parallel on each role,
              # but that doesn't work with any_errors_fatal: yes
              vars:
                bootstrap_server_id: BOOTSTRAP_SERVER_ID
                step: '{{step}}'
                update_identifier: UPDATE_IDENTIFIER
                enable_debug: ENABLE_DEBUG
                enable_puppet: ENABLE_PUPPET
                container_cli: CONTAINER_CLI
                docker_puppet_debug: DOCKER_PUPPET_DEBUG
                docker_puppet_process_count: DOCKER_PUPPET_PROCESS_COUNT
              tasks:
{%- for role in roles %}
                - import_tasks: {{role.name}}/deploy_steps_tasks.yaml
                  when: tripleo_role_name == '{{role.name}}'
{%- endfor %}
              tags:
                - overcloud
                - deploy_steps
                - step{{step}}

            - hosts: {{primary_role_name}}:DEPLOY_TARGET_HOST
              name: Overcloud common deploy step tasks {{step}}
              gather_facts: no
              any_errors_fatal: yes
              vars:
                bootstrap_server_id: BOOTSTRAP_SERVER_ID
                step: '{{step}}'
                update_identifier: UPDATE_IDENTIFIER
                enable_debug: ENABLE_DEBUG
                enable_puppet: ENABLE_PUPPET
                container_cli: CONTAINER_CLI
                docker_puppet_debug: DOCKER_PUPPET_DEBUG
                docker_puppet_process_count: DOCKER_PUPPET_PROCESS_COUNT
              tasks:
                - name: Check if /var/lib/docker-container-startup-configs.json already exists
                  stat:
                    path: /var/lib/docker-container-startup-configs.json
                  register: docker_container_startup_configs_json_stat
                - import_tasks: common_deploy_steps_tasks.yaml
                  when:
                    - ((update_identifier is defined and update_identifier != "" and update_identifier is not none) or not docker_container_startup_configs_json_stat.stat.exists)
              tags:
                - overcloud
                - deploy_steps
                - step{{step}}

{%- endfor %}
            - hosts: {{primary_role_name}}:DEPLOY_TARGET_HOST
              name: Server Post Deployments
              gather_facts: no
              any_errors_fatal: yes
              tasks:
                - include_tasks: deployments.yaml
                  vars:
                    force: false
                  with_items: "{{ '{{' }} lookup('vars', tripleo_role_name + '_post_deployments')|default([]) {{ '}}' }}"
              tags:
                - overcloud
                - post_deploy_steps

            - hosts: DEPLOY_SOURCE_HOST
              name: External deployment Post Deploy tasks
              gather_facts: no
              any_errors_fatal: yes
              become: false
              vars:
                bootstrap_server_id: BOOTSTRAP_SERVER_ID
                update_identifier: UPDATE_IDENTIFIER
                enable_debug: ENABLE_DEBUG
                enable_puppet: ENABLE_PUPPET
                container_cli: CONTAINER_CLI
                docker_puppet_debug: DOCKER_PUPPET_DEBUG
                docker_puppet_process_count: DOCKER_PUPPET_PROCESS_COUNT
              tasks:
                - import_tasks: external_post_deploy_steps_tasks.yaml
              tags:
                - external
                - external_deploy_steps

      external_deploy_steps_tasks: {get_attr: [ExternalDeployTasks, value]}
      external_post_deploy_steps_tasks: {get_attr: [ExternalPostDeployTasks, value]}
      update_steps_tasks: |
{%- for role in roles %}
            - import_tasks: {{role.name}}/update_tasks.yaml
              when: tripleo_role_name == '{{role.name}}'
{%- endfor %}
      update_steps_playbook:
        str_replace:
          params:
            DEPLOY_SOURCE_HOST: {get_param: deployment_source_hosts}
            DEPLOY_TARGET_HOST: {get_param: deployment_target_hosts}
            CONTAINER_CLI: {get_param: ContainerCli}
          template: |
            - hosts: DEPLOY_SOURCE_HOST
              name: Gather facts from undercloud
              gather_facts: yes
              become: false
            - hosts: DEPLOY_TARGET_HOST
              name: Gather facts from overcloud
              gather_facts: yes
            - hosts: all
              name: Load global variables
              gather_facts: no
              tasks:
                - include_vars: global_vars.yaml
            - hosts: DEPLOY_TARGET_HOST
              name: Run update
              serial: 1
              gather_facts: no
              any_errors_fatal: yes
              vars:
                container_cli: CONTAINER_CLI
              tasks:
                - include_tasks: update_steps_tasks.yaml
                  with_sequence: start=0 end={{update_steps_max-1}}
                  loop_control:
                    loop_var: step
{%- for role in roles %}
                - import_tasks: {{role.name}}/host_prep_tasks.yaml
                  when: tripleo_role_name == '{{role.name}}'
{%- endfor %}
                - include_tasks: common_deploy_steps_tasks.yaml
                  with_sequence: start=1 end={{deploy_steps_max-1}}
                  loop_control:
                    loop_var: step
                - include_tasks: post_update_steps_tasks.yaml
                  with_sequence: start=0 end={{post_update_steps_max-1}}
                  loop_control:
                    loop_var: step
      external_update_steps_tasks: {get_attr: [ExternalUpdateTasks, value]}
      external_update_steps_playbook:
        str_replace:
          params:
            DEPLOY_SOURCE_HOST: {get_param: deployment_source_hosts}
            DEPLOY_TARGET_HOST: {get_param: deployment_target_hosts}
          template: |
            - hosts: DEPLOY_SOURCE_HOST
              name: Gather facts from undercloud
              gather_facts: yes
              become: false
              tags:
                - always
                - facts
            # facts from overcloud may be needed for external installer inventory
            - hosts: DEPLOY_TARGET_HOST
              name: Gather facts from overcloud
              gather_facts: yes
              tags:
                - always
                - facts
            - hosts: all
              name: Load global variables
              gather_facts: no
              tasks:
                - include_vars: global_vars.yaml
              tags:
                - always
            - hosts: DEPLOY_SOURCE_HOST
              name: External update steps
              gather_facts: no
              any_errors_fatal: yes
              become: false
              tasks:
                - include: external_update_steps_tasks.yaml
                  with_sequence: start=0 end={{external_update_steps_max-1}}
                  loop_control:
                    loop_var: step
              tags:
                - external
                - external_update_steps
            # putting both update and deploy tasks in the same
            # playbook allows influencing the deploy tasks by
            # variables "exported" from update tasks
            - hosts: DEPLOY_SOURCE_HOST
              name: External deploy steps
              gather_facts: no
              any_errors_fatal: yes
              become: false
              tasks:
                - include: external_deploy_steps_tasks.yaml
                  with_sequence: start=1 end={{deploy_steps_max-1}}
                  loop_control:
                    loop_var: step
              tags:
                - external
                - external_deploy_steps
      pre_upgrade_rolling_steps_tasks: |
{%- for role in roles %}
            - import_tasks: {{role.name}}/pre_upgrade_rolling_tasks.yaml
              when: tripleo_role_name == '{{role.name}}'
{%- endfor %}
      pre_upgrade_rolling_steps_playbook:
        str_replace:
          params:
            DEPLOY_SOURCE_HOST: {get_param: deployment_source_hosts}
            DEPLOY_TARGET_HOST: {get_param: deployment_target_hosts}
          template: |
            - hosts: DEPLOY_SOURCE_HOST
              name: Gather facts from undercloud
              gather_facts: yes
              become: false
            - hosts: DEPLOY_TARGET_HOST
              name: Gather facts from overcloud
              gather_facts: yes
            - hosts: all
              name: Load global variables
              gather_facts: no
              tasks:
                - include_vars: global_vars.yaml
            - hosts: DEPLOY_TARGET_HOST
              name: Run pre-upgrade rolling tasks
              serial: 1
              gather_facts: no
              any_errors_fatal: yes
              tasks:
                - include_tasks: pre_upgrade_rolling_steps_tasks.yaml
                  with_sequence: start=0 end={{pre_upgrade_rolling_steps_max-1}}
                  loop_control:
                    loop_var: step
      upgrade_steps_tasks: |
{%- for role in roles %}
            - import_tasks: {{role.name}}/upgrade_tasks.yaml
              when: tripleo_role_name == '{{role.name}}'
{%- endfor %}
      upgrade_steps_playbook:
        str_replace:
          params:
            DEPLOY_SOURCE_HOST: {get_param: deployment_source_hosts}
            DEPLOY_TARGET_HOST: {get_param: deployment_target_hosts}
            CONTAINER_CLI: {get_param: ContainerCli}
          template: |
            - hosts: DEPLOY_TARGET_HOST
              any_errors_fatal: yes
              tasks:
                - include_tasks: upgrade_steps_tasks.yaml
                  with_sequence: start=0 end={{upgrade_steps_max-1}}
                  vars:
                    container_cli: CONTAINER_CLI
                  loop_control:
                    loop_var: step
      post_upgrade_steps_tasks: |
{%- for role in roles %}
            - import_tasks: {{role.name}}/post_upgrade_tasks.yaml
              when: tripleo_role_name == '{{role.name}}'
{%- endfor %}
      post_upgrade_steps_playbook:
        str_replace:
          params:
            DEPLOY_SOURCE_HOST: {get_param: deployment_source_hosts}
            DEPLOY_TARGET_HOST: {get_param: deployment_target_hosts}
            CONTAINER_CLI: {get_param: ContainerCli}
          template: |
            - hosts: DEPLOY_TARGET_HOST
              any_errors_fatal: yes
              tasks:
                - include_tasks: post_upgrade_steps_tasks.yaml
                  with_sequence: start=0 end={{post_upgrade_steps_max-1}}
                  vars:
                    container_cli: CONTAINER_CLI
                  loop_control:
                    loop_var: step
      external_upgrade_steps_tasks: {get_attr: [ExternalUpgradeTasks, value]}
      external_upgrade_steps_playbook:
        str_replace:
          params:
            DEPLOY_SOURCE_HOST: {get_param: deployment_source_hosts}
            DEPLOY_TARGET_HOST: {get_param: deployment_target_hosts}
            CONTAINER_CLI: {get_param: ContainerCli}
          template: |
            - hosts: DEPLOY_SOURCE_HOST
              name: Gather facts from undercloud
              gather_facts: yes
              become: false
              tags:
                - always
                - facts
            # facts from overcloud may be needed for external installer inventory
            - hosts: DEPLOY_TARGET_HOST
              name: Gather facts from overcloud
              gather_facts: yes
              tags:
                - always
                - facts
            - hosts: all
              name: Load global variables
              gather_facts: no
              tasks:
                - include_vars: global_vars.yaml
              tags:
                - always
            - hosts: DEPLOY_SOURCE_HOST
              name: External upgrade
              gather_facts: no
              any_errors_fatal: yes
              become: false
              vars:
                container_cli: CONTAINER_CLI
              tasks:
                - include: external_upgrade_steps_tasks.yaml
                  with_sequence: start=0 end={{external_upgrade_steps_max-1}}
                  loop_control:
                    loop_var: step
              tags:
                - external
                - external_upgrade_steps
            # putting both upgrade and deploy tasks in the same
            # playbook allows influencing the deploy tasks by
            # variables "exported" from upgrade tasks
            - hosts: DEPLOY_SOURCE_HOST
              name: External deploy steps
              gather_facts: no
              any_errors_fatal: yes
              become: false
              vars:
                container_cli: CONTAINER_CLI
              tasks:
                - include: external_deploy_steps_tasks.yaml
                  with_sequence: start=1 end={{deploy_steps_max-1}}
                  loop_control:
                    loop_var: step
              tags:
                - external
                - external_deploy_steps
      fast_forward_upgrade_playbook:
        str_replace:
          params:
            DEPLOY_SOURCE_HOST: {get_param: deployment_source_hosts}
            DEPLOY_TARGET_HOST: {get_param: deployment_target_hosts}
          template: |
            - hosts: DEPLOY_TARGET_HOST
              any_errors_fatal: yes
              tasks:
                - set_fact:
                    releases: {get_param: [FastForwardUpgradeReleases]}
{% raw %}
                - set_fact:
                    ffu_releases: "{{ releases | difference( releases | last )}}"
                - include_tasks: fast_forward_upgrade_release_tasks.yaml
                  loop_control:
                    loop_var: release
                  with_items: '{{ ffu_releases }}'
                - set_fact:
                    release: "{{ releases | last }}"
                    ffu_packages_apply: True
{% endraw %}
                - include_tasks: fast_forward_upgrade_post_role_tasks.yaml
      fast_forward_upgrade_release_tasks: |
                - include_tasks: fast_forward_upgrade_prep_tasks.yaml
                - include_tasks: fast_forward_upgrade_bootstrap_tasks.yaml
      fast_forward_upgrade_prep_tasks: |
{%- for role in roles %}
                - shell: |
                    #!/bin/bash
                    if [ ! -f /root/.ffu_workaround ]; then
                      touch /root/.ffu_workaround
                      os-apply-config -m /var/lib/os-collect-config/{{role.deprecated_server_resource_name|default(role.name)}}Deployment.json
                      systemctl stop os-collect-config
                      rm -r /var/lib/os-collect-config/*
                      rm -f /usr/libexec/os-refresh-config/configure.d/40-hiera-datafiles
                      rm -f /usr/libexec/os-apply-config/templates/etc/puppet/hiera.yaml
                      rm -f /usr/libexec/os-refresh-config/configure.d/10-hiera-disable
                    fi
                  when: tripleo_role_name == '{{role.name}}'
                  name: Run Fast Forward Upgrade Prep Workarounds for {{role.name}}
{%- endfor %}
{% raw %}
                - name: get bootstrap nodeid
                  tags: common
                  command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
                  register: bootstrap_node
                - name: set is_bootstrap_node ffu_packages_bootstrap_only facts
                  tags: common
                  set_fact:
                    is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
                    ffu_packages_apply={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
{% endraw %}
                - name: Create /var/lib/docker-puppet
                  file: path=/var/lib/docker-puppet state=directory setype=svirt_sandbox_file_t selevel=s0 recurse=true
                - name: Write docker-puppet.py
                  copy: src=docker_puppet_script.yaml dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600
                - include_tasks: fast_forward_upgrade_prep_role_tasks.yaml
                  with_sequence: start=0 end={{fast_forward_upgrade_prep_steps_max}}
                  loop_control:
                    loop_var: step
      fast_forward_upgrade_post_role_tasks: |
{%- for role in roles %}
                - include_tasks: {{role.name}}/fast_forward_post_upgrade_tasks.yaml
                  when: tripleo_role_name == '{{role.name}}'
{%- endfor %}
                - name: Openstack Heat Agents package update
                  package: name=openstack-heat-agents state=latest
                - name: Update os-collect-config
                  package: name=os-collect-config state=latest
                - name: Start os-collect-config back up
                  service: name=os-collect-config state=started enabled=yes
      fast_forward_upgrade_prep_role_tasks: |
{%- for role in roles %}
                - include_tasks: {{role.name}}/fast_forward_upgrade_tasks.yaml
                  when: tripleo_role_name == '{{role.name}}'
{%- endfor %}
      fast_forward_upgrade_bootstrap_tasks: |
                - include_tasks: fast_forward_upgrade_bootstrap_role_tasks.yaml
                  with_sequence: start={{fast_forward_upgrade_prep_steps_max+1}} end={{fast_forward_upgrade_steps_max}}
                  loop_control:
                    loop_var: step
      fast_forward_upgrade_bootstrap_role_tasks: |
{%- for role in roles %}
                - include_tasks: {{role.name}}/fast_forward_upgrade_tasks.yaml
                  when: tripleo_role_name == '{{role.name}}' and ansible_hostname == {{role.name}}[0]
{%- endfor %}
      post_update_steps_tasks: |
{%- for role in roles %}
            - import_tasks: {{role.name}}/post_update_tasks.yaml
              when: tripleo_role_name == '{{role.name}}'
{%- endfor %}
      boot_param_tasks: {get_file: ../extraconfig/pre_network/boot_param_tasks.yaml}