---
- name: Register registry cleanup
  command: 'true'
  notify: Remove test registry
- name: Setup Docker
  # Please note that we do setup_docker here and not via meta/main.yml to avoid the problem that
  # our cleanup is called **after** setup_docker's cleanup has been called!
  include_role:
    name: setup_docker
- name: Create random name prefix and test registry name
  set_fact:
    docker_registry_container_name_registry: '{{ ''ansible-test-registry-%0x'' % ((2**32) | random) }}'
    docker_registry_container_name_nginx: '{{ ''ansible-test-registry-frontend-%0x'' % ((2**32) | random) }}'
    docker_registry_container_name_nginx2: '{{ ''ansible-test-registry-frontend2-%0x'' % ((2**32) | random) }}'
- name: Create image and container list
  set_fact:
    docker_registry_setup_inames: []
    docker_registry_setup_cnames:
    - '{{ docker_registry_container_name_registry }}'
    - '{{ docker_registry_container_name_nginx }}'
    - '{{ docker_registry_container_name_nginx2 }}'
    docker_registry_setup_vnames:
    - '{{ docker_registry_container_name_nginx }}'
    - '{{ docker_registry_container_name_nginx2 }}'
- debug:
    msg: Using test registry name {{ docker_registry_container_name_registry }} and nginx frontend name {{ docker_registry_container_name_nginx }}
- block:

  # Set up registry container
  - name: Start test registry
    docker_container:
      name: '{{ docker_registry_container_name_registry }}'
      image: registry:2.6.1
      ports: 5000
    register: registry_container
  - name: Get registry URL
    set_fact:
      registry_address: localhost:{{ registry_container.container.NetworkSettings.Ports['5000/tcp'].0.HostPort }}

  # Set up first nginx frontend for registry
  - name: Start nginx frontend for registry
    docker_volume:
      name: '{{ docker_registry_container_name_nginx }}'
      state: present
  - name: Create container for nginx frontend for registry
    docker_container:
      state: stopped
      name: '{{ docker_registry_container_name_nginx }}'
      image: nginx:alpine
      ports: 5000
      links:
      - '{{ docker_registry_container_name_registry }}:real-registry'
      volumes:
      - '{{ docker_registry_container_name_nginx }}:/etc/nginx/'
    register: nginx_container
  - name: Copy static files into volume
    command: docker cp {{ role_path }}/files/{{ item }} {{ docker_registry_container_name_nginx }}:/etc/nginx/{{ item }}
    loop:
    - nginx.conf
    - nginx.htpasswd
    register: can_copy_files
    ignore_errors: yes
  - block:
    - name: Create private key for frontend certificate
      community.crypto.openssl_privatekey:
        path: '{{ output_dir }}/cert.key'
        type: ECC
        curve: secp256r1
    - name: Create CSR for frontend certificate
      community.crypto.openssl_csr:
        path: '{{ output_dir }}/cert.csr'
        privatekey_path: '{{ output_dir }}/cert.key'
        subject_alt_name:
        - DNS:test-registry.ansible.com
    - name: Create frontend certificate
      community.crypto.openssl_certificate:
        path: '{{ output_dir }}/cert.pem'
        csr_path: '{{ output_dir }}/cert.csr'
        privatekey_path: '{{ output_dir }}/cert.key'
        provider: selfsigned
    - name: Copy dynamic files into volume
      command: docker cp {{ output_dir }}/{{ item }} {{ docker_registry_container_name_nginx }}:/etc/nginx/{{ item }}
      loop:
      - cert.pem
      - cert.key
    - name: Start nginx frontend for registry
      docker_container:
        name: '{{ docker_registry_container_name_nginx }}'
        state: started
      register: nginx_container
    - debug: var=nginx_container.container.NetworkSettings
    - name: Wait for registry frontend
      uri:
        url: https://{{ nginx_container.container.NetworkSettings.IPAddress }}:5000/v2/
        url_username: testuser
        url_password: hunter2
        validate_certs: false
      register: result
      until: result is success
      retries: 5
      delay: 1
    - name: Get registry URL
      set_fact:
        registry_frontend_address: localhost:{{ nginx_container.container.NetworkSettings.Ports['5000/tcp'].0.HostPort }}
    when: can_copy_files is not failed
  - set_fact:
      registry_frontend_address: 'n/a'
    when: can_copy_files is failed

  # Set up second nginx frontend for registry
  - name: Start nginx frontend for registry
    docker_volume:
      name: '{{ docker_registry_container_name_nginx2 }}'
      state: present
  - name: Create container for nginx frontend for registry
    docker_container:
      state: stopped
      name: '{{ docker_registry_container_name_nginx2 }}'
      image: nginx:alpine
      ports: 5000
      links:
      - '{{ docker_registry_container_name_registry }}:real-registry'
      volumes:
      - '{{ docker_registry_container_name_nginx2 }}:/etc/nginx/'
    register: nginx_container
  - name: Copy static files into volume
    command: docker cp {{ role_path }}/files/{{ item }} {{ docker_registry_container_name_nginx2 }}:/etc/nginx/{{ item }}
    loop:
    - nginx.conf
    - nginx.htpasswd
    register: can_copy_files
    ignore_errors: yes
  - block:
    - name: Create private key for frontend certificate
      community.crypto.openssl_privatekey:
        path: '{{ output_dir }}/cert.key'
        type: ECC
        curve: secp256r1
    - name: Create CSR for frontend certificate
      community.crypto.openssl_csr:
        path: '{{ output_dir }}/cert.csr'
        privatekey_path: '{{ output_dir }}/cert.key'
        subject_alt_name:
        - DNS:test-registry.ansible.com
    - name: Create frontend certificate
      community.crypto.openssl_certificate:
        path: '{{ output_dir }}/cert.pem'
        csr_path: '{{ output_dir }}/cert.csr'
        privatekey_path: '{{ output_dir }}/cert.key'
        provider: selfsigned
    - name: Copy dynamic files into volume
      command: docker cp {{ output_dir }}/{{ item }} {{ docker_registry_container_name_nginx2 }}:/etc/nginx/{{ item }}
      loop:
      - cert.pem
      - cert.key
    - name: Start nginx frontend for registry
      docker_container:
        name: '{{ docker_registry_container_name_nginx2 }}'
        state: started
      register: nginx_container
    - debug: var=nginx_container.container.NetworkSettings
    - name: Wait for registry frontend
      uri:
        url: https://{{ nginx_container.container.NetworkSettings.IPAddress }}:5000/v2/
        url_username: testuser
        url_password: hunter2
        validate_certs: false
      register: result
      until: result is success
      retries: 5
      delay: 1
    - name: Get registry URL
      set_fact:
        registry_frontend2_address: localhost:{{ nginx_container.container.NetworkSettings.Ports['5000/tcp'].0.HostPort }}
    when: can_copy_files is not failed
  - set_fact:
      registry_frontend2_address: 'n/a'
    when: can_copy_files is failed

  - debug: msg="Registry available under {{ registry_address }}, NGINX frontends available under {{ registry_frontend_address }} and {{ registry_frontend2_address }}"
  when: docker_py_version is version('1.8.0', '>=') and docker_api_version is version('1.20', '>=')
- fail: msg="Too old docker / docker-py version to run docker_image tests!"
  when: not(docker_py_version is version('1.8.0', '>=') and docker_api_version is version('1.20', '>=')) and (ansible_distribution != 'CentOS' or ansible_distribution_major_version|int > 6)