# SKIP_ARMV7=1（默认）：仅 noop。
# SKIP_ARMV7=0 且 ARMV7_NFS_SSH 或 ARMV7_SSH：经 SSH 在 arm 上 dnf 装 nfs-utils、写 /etc/exports、exportfs（见 docs/01-04）。
# 导出路径/网段：ARMV7_NFS_EXPORT_PATH（默认 /sdcard）、ARMV7_NFS_CLIENT_SUBNET（默认 192.168.2.0/24）
- name: 01-04 armv7 NFS（矩阵 + 可选远程安装）
  hosts: localhost
  gather_facts: false
  vars:
    repo_root: "{{ playbook_dir }}/../../.."
    doc_id: "01-04"
    doc_filename: "01-04-armv7-nfs服务安装.md"
    skip_armv7: "{{ lookup('env', 'SKIP_ARMV7') | default('1', true) | trim }}"
    armv7_ssh: "{{ lookup('env', 'ARMV7_SSH') | default('', true) | trim }}"
    armv7_nfs_export_path: "{{ lookup('env', 'ARMV7_NFS_EXPORT_PATH') | default('/sdcard', true) | trim }}"
    armv7_nfs_client_subnet: "{{ lookup('env', 'ARMV7_NFS_CLIENT_SUBNET') | default('192.168.2.0/24', true) | trim }}"
  tasks:
    - name: Resolve ARMV7_NFS_SSH from env
      ansible.builtin.set_fact:
        armv7_nfs_ssh: >-
          {% set n = lookup('env', 'ARMV7_NFS_SSH') | default('', true) | trim %}
          {% set b = lookup('env', 'ARMV7_SSH') | default('', true) | trim %}
          {{ n if n | length > 0 else b }}

    - name: Baseline docs/files checks
      block:
        - name: Assert docs file exists
          ansible.builtin.stat:
            path: "{{ repo_root }}/docs/{{ doc_filename }}"
          register: _doc_stat

        - name: Fail when docs file missing
          ansible.builtin.assert:
            that:
              - _doc_stat.stat.exists
            fail_msg: "docs file missing: docs/{{ doc_filename }}"

        - name: Find matching ansible/files doc_id directory
          ansible.builtin.find:
            paths: "{{ repo_root }}/ansible/files"
            file_type: directory
            patterns: "{{ doc_id }}"
            use_regex: false
          register: _files_dirs

        - name: Fail when ansible/files doc_id directory missing
          ansible.builtin.assert:
            that:
              - _files_dirs.matched | int >= 1
            fail_msg: "ansible/files missing doc_id directory: ansible/files/{{ doc_id }}"

        - name: Show noop verification summary
          ansible.builtin.debug:
            msg:
              - "doc_id={{ doc_id }}"
              - "doc={{ doc_filename }}"
              - "files_dirs={{ _files_dirs.files | map(attribute='path') | list }}"

        - name: Verify cluster reachable (kubectl get nodes) [runbook baseline]
          ansible.builtin.shell: |
            set -euo pipefail
            KUBECONFIG={{ k3s_kubeconfig | default('/etc/rancher/k3s/k3s.yaml') }} kubectl get nodes
          args:
            executable: /bin/bash
          delegate_to: "{{ groups['k3s_server'][0] }}"
          become: true
          run_once: true
          changed_when: false

        - name: Verify core namespace exists (kube-system) [runbook baseline]
          ansible.builtin.shell: |
            set -euo pipefail
            KUBECONFIG={{ k3s_kubeconfig | default('/etc/rancher/k3s/k3s.yaml') }} kubectl get ns kube-system
          args:
            executable: /bin/bash
          delegate_to: "{{ groups['k3s_server'][0] }}"
          become: true
          run_once: true
          changed_when: false

        - name: Find YAML manifests under ansible/files doc_id dirs
          ansible.builtin.find:
            paths: "{{ _files_dirs.files | map(attribute='path') | list }}"
            file_type: file
            patterns:
              - "*.yml"
              - "*.yaml"
            recurse: true
            use_regex: false
          register: _files_manifests

        - name: Show manifest count summary
          ansible.builtin.debug:
            msg:
              - "doc_id={{ doc_id }}"
              - "manifest_files={{ _files_manifests.matched | default(0) }}"
              - "manifest_paths={{ (_files_manifests.files | map(attribute='path') | list)[:12] }}"

        - name: Server-side dry-run apply (kubectl apply --dry-run=server) [doc assertion]
          ansible.builtin.shell: |
            set -euo pipefail
            KUBECONFIG={{ k3s_kubeconfig | default('/etc/rancher/k3s/k3s.yaml') }} \
              kubectl apply --dry-run=server -f "{{ item.path }}"
          args:
            executable: /bin/bash
          loop: "{{ _files_manifests.files }}"
          loop_control:
            label: "{{ item.path }}"
          delegate_to: "{{ groups['k3s_server'][0] }}"
          become: true
          run_once: true
          changed_when: false
          when: (_files_manifests.matched | default(0) | int) > 0

    - name: Fail when SKIP_ARMV7=0 but no ARMV7_SSH / ARMV7_NFS_SSH
      ansible.builtin.fail:
        msg: "SKIP_ARMV7=0 但未设置 ARMV7_SSH（或 ARMV7_NFS_SSH 指向 NFS 所在 arm 主机）"
      when: skip_armv7 == '0' and armv7_nfs_ssh | length == 0

    - name: Note skipping remote NFS setup
      ansible.builtin.debug:
        msg: "SKIP_ARMV7={{ skip_armv7 }}：跳过 arm NFS 远程配置。"
      when: skip_armv7 != '0' or armv7_nfs_ssh | length == 0

    - name: Remote NFS install (dnf on arm)
      when: skip_armv7 == '0' and armv7_nfs_ssh | length > 0
      block:
        - name: Install nfs-utils and enable nfs-server
          ansible.builtin.shell: "{{ armv7_nfs_ssh }} 'sudo dnf install -y nfs-utils && sudo systemctl enable --now nfs-server'"

        - name: Check if export path already in /etc/exports
          ansible.builtin.shell: "{{ armv7_nfs_ssh }} sudo grep -qF {{ armv7_nfs_export_path | quote }} /etc/exports"
          register: armv7_exports_grep
          failed_when: false
          changed_when: false

        - name: Append NFS export line
          ansible.builtin.shell: "{{ armv7_nfs_ssh }} bash -c 'echo \"{{ armv7_nfs_export_path }} {{ armv7_nfs_client_subnet }}(rw,sync,no_subtree_check,no_root_squash)\" | sudo tee -a /etc/exports'"
          when: armv7_exports_grep.rc != 0

        - name: Apply exportfs
          ansible.builtin.shell: "{{ armv7_nfs_ssh }} sudo exportfs -rav"
          changed_when: true

        - name: Verify showmount
          ansible.builtin.shell: "{{ armv7_nfs_ssh }} showmount -e localhost"
          changed_when: false