- name: prepare OVN databases using cluster-to-standalone conversion
  ansible.builtin.include_tasks: cluster_to_standalone.yaml

- name: deploy podified OVN ovsdb-servers
  ansible.builtin.shell: |
    {{ shell_header }}
    {{ oc_header }}
    oc patch openstackcontrolplane openstack --type=merge --patch '{{ ovs_db_patch }}'

- name: wait for OVN ovsdb-servers to start up
  ansible.builtin.shell: |
    {{ shell_header }}
    {{ oc_header }}
    oc wait pod --for condition=Ready --selector=service=ovsdbserver-nb
    oc wait pod --for condition=Ready --selector=service=ovsdbserver-sb
  register: ovn_ovsdb_servers_running_result
  until: ovn_ovsdb_servers_running_result is success
  retries: 60
  delay: "{{ ovn_retry_delay }}"


- name: execute alternative tasks when source env is ODPdO
  ansible.builtin.include_tasks: ovn_ospdo_src_vars.yaml
  when: ospdo_src| bool

- name: set OVN shell vars
  no_log: "{{ use_no_log }}"
  ansible.builtin.set_fact:
    ovn_shell_vars: |
      CONTROLLER1_SSH="{{ controller1_ssh }}"
      CONTROLLER2_SSH="{{ controller2_ssh }}"
      CONTROLLER3_SSH="{{ controller3_ssh }}"
  when: not ospdo_src| bool

- name: stop northd service
  no_log: "{{ use_no_log }}"
  ansible.builtin.shell: |
    {{ shell_header }}
    {{ oc_header }}
    {{ ovn_shell_vars }}

    for i in {1..3}; do
        SSH_CMD=CONTROLLER${i}_SSH
        if [ ! -z "${!SSH_CMD}" ]; then
            ${!SSH_CMD} if sudo systemctl is-active tripleo_ovn_cluster_northd.service ';' then sudo systemctl stop tripleo_ovn_cluster_northd.service ';' fi
        fi
    done

# If ovn_adoption is done using scenario A (different networks between podified
# and tripleo deployments) in order to be able to dump OVN database a nftable
# filter allowing traffic from podified network is needed. Adding the rules
# no matter the scenario to simplify logic and on a non-scenario-A environment
# this rule shouldn't harm.
- name: Add nftables rule to allow podified internalapi traffic to controllers (IPv4)
  ansible.builtin.shell: |
    {{ shell_header }}
    {{ oc_header }}
    {{ ovn_shell_vars }}

    for i in {1..3}; do
        SSH_CMD=CONTROLLER${i}_SSH
        if [ ! -z "${!SSH_CMD}" ]; then
            ${!SSH_CMD} sudo nft add rule inet filter INPUT ip saddr {{ internalapi_src }} tcp dport 6641 ct state new counter accept
            ${!SSH_CMD} sudo nft add rule inet filter INPUT ip saddr {{ internalapi_src }} tcp dport 6642 ct state new counter accept
        fi
    done
  when: not ipv6_enabled | bool

- name: Add nftables rule to allow podified internalapi traffic to controllers (IPv6)
  ansible.builtin.shell: |
    {{ shell_header }}
    {{ oc_header }}
    {{ ovn_shell_vars }}

    for i in {1..3}; do
        SSH_CMD=CONTROLLER${i}_SSH
        if [ ! -z "${!SSH_CMD}" ]; then
            ${!SSH_CMD} sudo nft add rule inet filter INPUT ip6 saddr {{ internalapi_src_ipv6 }} tcp dport 6641 ct state new counter accept
            ${!SSH_CMD} sudo nft add rule inet filter INPUT ip6 saddr {{ internalapi_src_ipv6 }} tcp dport 6642 ct state new counter accept
        fi
    done
  when: ipv6_enabled | bool

- name: wait bgp
  when: bgp
  ansible.builtin.pause:
    seconds: 60

- name: deploy podified OVN northd service to keep databases in sync
  ansible.builtin.shell: |
    {{ shell_header }}
    {{ oc_header }}
    oc patch openstackcontrolplane openstack --type=merge --patch '{{ ovn_northd_patch }}'

- name: Patch OVN add baremetal bridge mapping
  when: ironic_adoption|bool
  ansible.builtin.shell: |
    {{ shell_header }}
    {{ oc_header }}
    oc patch openstackcontrolplane openstack --type=merge --patch '{{ ovn_nic_mapping_patch }}'

- name: Enable ovn controller
  ansible.builtin.shell: |
    {{ shell_header }}
    {{ oc_header }}
    oc patch openstackcontrolplane openstack --type=json -p="[{'op': 'remove', 'path': '/spec/ovn/template/ovnController/nodeSelector'}]"

- name: list briefs from OVN NB and SB databases
  ansible.builtin.shell: |
    {{ shell_header }}
    {{ oc_header }}

    oc exec ovsdbserver-nb-0 -- ovn-nbctl --no-leader-only show
    oc exec ovsdbserver-sb-0 -- ovn-sbctl --no-leader-only show

  register: ovn_show_responding_result

- name: stop old ovn ovsdb services
  no_log: "{{ use_no_log }}"
  ansible.builtin.shell: |
    {{ shell_header }}
    {{ oc_header }}
    {{ ovn_shell_vars }}
    for i in {1..3}; do
        SSH_CMD=CONTROLLER${i}_SSH
        if [ ! -z "${!SSH_CMD}" ]; then
            ${!SSH_CMD} if sudo systemctl is-active tripleo_ovn_cluster_north_db_server.service ';' then sudo systemctl stop tripleo_ovn_cluster_north_db_server.service ';' fi
        fi
    done

    for i in {1..3}; do
        SSH_CMD=CONTROLLER${i}_SSH
        if [ ! -z "${!SSH_CMD}" ]; then
            ${!SSH_CMD} if sudo systemctl is-active tripleo_ovn_cluster_south_db_server.service ';' then sudo systemctl stop tripleo_ovn_cluster_south_db_server.service ';' fi
        fi
    done