---
# {{ openqa_multivm_bridge_interface }} should not exist or we should use a different name
- name: Assert bridge interface does not exist
  ansible.builtin.assert:
    that:
      - 'openqa_multivm_bridge_interface not in ansible_interfaces'
    success_msg: 'interface does not exist, can proceed'
    fail_msg: '{{ openqa_multivm_bridge_interface }} already exists, please supply an alternative'

- name: Install multivm networking packages
  ansible.builtin.dnf:
    pkg:
      - os-autoinst-openvswitch
      - tunctl
      - network-scripts

- name: Create /etc/sysconfig/os-autoinst-openvswitch
  ansible.builtin.copy:
    dest: /etc/sysconfig/os-autoinst-openvswitch
    mode: '0644'
    content: |
      OS_AUTOINST_BRIDGE_LOCAL_IP=172.16.2.2
      OS_AUTOINST_BRIDGE_REWRITE_TARGET=172.17.0.0
      OS_AUTOINST_USE_BRIDGE={{ openqa_multivm_bridge_interface }}
  notify: restart_os-autoinst-openvswitch

- name: Create bridge interface configuration
  ansible.builtin.copy:
    dest: /etc/sysconfig/network-scripts/ifcfg-{{ openqa_multivm_bridge_interface }}
    mode: '0644'
    content: |
      DEVICETYPE='ovs'
      TYPE='OVSBridge'
      BOOTPROTO='static'
      IPADDR='172.16.2.2'
      NETMASK='255.254.0.0'
      DEVICE={{ openqa_multivm_bridge_interface }}
      STP=off
      ONBOOT='yes'
      NAME='{{ openqa_multivm_bridge_interface }}'
      HOTPLUG='no'

- name: Create worker tap interface configs
  ansible.builtin.copy:
    dest: /etc/sysconfig/network-scripts/ifcfg-tap{{ item }}
    mode: '0644'
    content: |
      DEVICETYPE='ovs'
      TYPE='OVSPort'
      OVS_BRIDGE='{{ openqa_multivm_bridge_interface }}'
      DEVICE='tap{{ item }}'
      ONBOOT='yes'
      BOOTPROTO='none'
      HOTPLUG='no'
  loop: "{{ range(openqa_worker_count) | list }}"

- name: Update /sbin/ifup-pre-local
  ansible.builtin.template:
    src: sbin/ifup-pre-local.j2
    dest: /sbin/ifup-pre-local
    mode: 'ug+x'

- name: Enable bridge interface for internal zone
  ansible.posix.firewalld:
    permanent: true
    interface: '{{ openqa_multivm_bridge_interface }}'
    state: enabled
    zone: internal
  notify: reload_firewalld

- name: Enable masquerade for public and internal zones
  ansible.posix.firewalld:
    masquerade: true
    permanent: true
    state: enabled
    zone: '{{ item }}'
  loop:
    - public
    - internal
  notify: reload_firewalld

- name: Enable ipv4 IP forwarding
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    state: present
    sysctl_file: /etc/sysctl.d/ip-forward.conf
    sysctl_set: true

- name: Set-target ACCEPT on public zone
  ansible.posix.firewalld:
    permanent: true
    state: present
    zone: public
    target: ACCEPT
  notify: reload_firewalld

# Only needed for multi-host setups
- name: Add port for GRE tunnel
  ansible.posix.firewalld:
    permanent: true
    port: 1723/tcp
    state: enabled

- name: Enable openvswitch services
  ansible.builtin.systemd_service:
    name: "{{ item }}"
    state: started
    enabled: true
  loop:
    - openvswitch
    - network
    - os-autoinst-openvswitch
  ignore_errors: "{{ ansible_check_mode }}"

- name: Set WORKER_CLASS for tap interfaces
  community.general.ini_file:
    path: /etc/openqa/workers.ini
    section: global
    option: WORKER_CLASS
    value: qemu_x86_64,tap
    state: present
    mode: '0644'
  notify: restart_openqa_services

- name: Enable bridge interface for openvswitch
  ansible.builtin.command: ovs-vsctl add-br {{ openqa_multivm_bridge_interface }}
  changed_when: true

- name: Enable capability
  ansible.builtin.command: setcap CAP_NET_ADMIN=ep /usr/bin/qemu-system-x86_64
  changed_when: true
...