---
- name: Deploy latest stable AWX using AWX Operator on Kubernetes
  hosts: localhost
  connection: local
  become: false
  gather_facts: false

  vars:
    # Простые fallback-значения (переопределяются Semaphore Variable Group)
    awx_namespace: awx
    awx_instance_name: awx
    awx_service_type: NodePort          # NodePort / ClusterIP / LoadBalancer
    awx_operator_version: 2.19.1        # Последняя стабильная на конец 2025
    kubeconfig_path: "/home/semaphore/.kube/config"

  tasks:
    - name: Fail if kubeconfig not found inside container
      ansible.builtin.stat:
        path: "{{ kubeconfig_path }}"
      register: kubeconfig_stat
      failed_when: not kubeconfig_stat.stat.exists
      delegate_to: localhost

    - name: Create namespace for AWX
      kubernetes.core.k8s:
        state: present
        kubeconfig: "{{ kubeconfig_path }}"
        definition:
          apiVersion: v1
          kind: Namespace
          metadata:
            name: "{{ awx_namespace }}"

    - name: Apply AWX Operator from GitHub kustomize
      ansible.builtin.command:
        cmd: >-
          kubectl apply -k "github.com/ansible/awx-operator/config/default?ref={{ awx_operator_version }}"
      environment:
        KUBECONFIG: "{{ kubeconfig_path }}"
      changed_when: true
      register: operator_apply
      failed_when: operator_apply.rc != 0 and 'already exists' not in operator_apply.stderr | default('')

    - name: Wait for AWX Operator to be ready
      kubernetes.core.k8s_info:
        kubeconfig: "{{ kubeconfig_path }}"
        api_version: apps/v1
        kind: Deployment
        name: awx-operator-controller-manager
        namespace: "{{ awx_namespace }}"
      register: operator_status
      until: >-
        operator_status.resources | length > 0 and
        operator_status.resources[0].status.readyReplicas is defined and
        operator_status.resources[0].status.readyReplicas >= 1
      retries: 40
      delay: 15

    - name: Deploy AWX instance
      kubernetes.core.k8s:
        state: present
        kubeconfig: "{{ kubeconfig_path }}"
        definition:
          apiVersion: awx.ansible.com/v1beta1
          kind: AWX
          metadata:
            name: "{{ awx_instance_name }}"
            namespace: "{{ awx_namespace }}"
          spec:
            service_type: "{{ awx_service_type }}"

    - name: Wait for AWX pods to be running
      kubernetes.core.k8s_info:
        kubeconfig: "{{ kubeconfig_path }}"
        kind: Pod
        namespace: "{{ awx_namespace }}"
        label_selectors:
          - "app.kubernetes.io/managed-by=awx-operator"
      register: awx_pods
      until: >-
        awx_pods.resources | selectattr('status.phase', 'equalto', 'Running') | list | length >= 2
      retries: 60
      delay: 20

    - name: Retrieve AWX admin password
      kubernetes.core.k8s_info:
        kubeconfig: "{{ kubeconfig_path }}"
        api_version: v1
        kind: Secret
        name: "{{ awx_instance_name }}-admin-password"
        namespace: "{{ awx_namespace }}"
      register: awx_secret

    - name: Display AWX login information
      ansible.builtin.debug:
        msg: |
          AWX deployed successfully!
          Access URL: http://<your-node-ip>:<node-port>
          (get port: kubectl get svc {{ awx_instance_name }}-service -n {{ awx_namespace }})
          Username: admin
          Password: {{ awx_secret.resources[0].data.password | b64decode }}