Deploy-Laboratory/ansible/playbooks/verify/01-03.yml

# SKIP_ARMV7=1（默认）：仅 noop（文档 + ansible/files）。
# SKIP_ARMV7=0 且设置 ARMV7_SSH：经 SSH 调用 ansible/tools/armv7-docker-verify-install.sh（先 docker info，失败再 get.docker.com，见 docs/01-03）。
- name: 01-03 armv7 Docker（矩阵 + 可选远程安装）
  hosts: localhost
  gather_facts: false
  vars:
    repo_root: "{{ playbook_dir }}/../../.."
    doc_id: "01-03"
    doc_filename: "01-03-armv7-standalone-docker.md"
    skip_armv7: "{{ lookup('env', 'SKIP_ARMV7') | default('1', true) | trim }}"
    armv7_ssh: "{{ lookup('env', 'ARMV7_SSH') | default('', true) | trim }}"
  tasks:
    - name: Baseline docs/files checks
      block:
        - name: Assert docs file exists
          ansible.builtin.stat:
            path: "{{ repo_root }}/docs/{{ doc_filename }}"
          register: _doc_stat

        - name: Fail when docs file missing
          ansible.builtin.assert:
            that:
              - _doc_stat.stat.exists
            fail_msg: "docs file missing: docs/{{ doc_filename }}"

        - name: Find matching ansible/files doc_id directory
          ansible.builtin.find:
            paths: "{{ repo_root }}/ansible/files"
            file_type: directory
            patterns: "{{ doc_id }}"
            use_regex: false
          register: _files_dirs

        - name: Fail when ansible/files doc_id directory missing
          ansible.builtin.assert:
            that:
              - _files_dirs.matched | int >= 1
            fail_msg: "ansible/files missing doc_id directory: ansible/files/{{ doc_id }}"

        - name: Show noop verification summary
          ansible.builtin.debug:
            msg:
              - "doc_id={{ doc_id }}"
              - "doc={{ doc_filename }}"
              - "files_dirs={{ _files_dirs.files | map(attribute='path') | list }}"

        - name: Verify cluster reachable (kubectl get nodes) [runbook baseline]
          ansible.builtin.shell: |
            set -euo pipefail
            KUBECONFIG={{ k3s_kubeconfig | default('/etc/rancher/k3s/k3s.yaml') }} kubectl get nodes
          args:
            executable: /bin/bash
          delegate_to: "{{ groups['k3s_server'][0] }}"
          become: true
          run_once: true
          changed_when: false

        - name: Verify core namespace exists (kube-system) [runbook baseline]
          ansible.builtin.shell: |
            set -euo pipefail
            KUBECONFIG={{ k3s_kubeconfig | default('/etc/rancher/k3s/k3s.yaml') }} kubectl get ns kube-system
          args:
            executable: /bin/bash
          delegate_to: "{{ groups['k3s_server'][0] }}"
          become: true
          run_once: true
          changed_when: false

        - name: Find YAML manifests under ansible/files doc_id dirs
          ansible.builtin.find:
            paths: "{{ _files_dirs.files | map(attribute='path') | list }}"
            file_type: file
            patterns:
              - "*.yml"
              - "*.yaml"
            recurse: true
            use_regex: false
          register: _files_manifests

        - name: Show manifest count summary
          ansible.builtin.debug:
            msg:
              - "doc_id={{ doc_id }}"
              - "manifest_files={{ _files_manifests.matched | default(0) }}"
              - "manifest_paths={{ (_files_manifests.files | map(attribute='path') | list)[:12] }}"

        - name: Server-side dry-run apply (kubectl apply --dry-run=server) [doc assertion]
          ansible.builtin.shell: |
            set -euo pipefail
            KUBECONFIG={{ k3s_kubeconfig | default('/etc/rancher/k3s/k3s.yaml') }} \
              kubectl apply --dry-run=server -f "{{ item.path }}"
          args:
            executable: /bin/bash
          loop: "{{ _files_manifests.files }}"
          loop_control:
            label: "{{ item.path }}"
          delegate_to: "{{ groups['k3s_server'][0] }}"
          become: true
          run_once: true
          changed_when: false
          when: (_files_manifests.matched | default(0) | int) > 0

    - name: Fail when SKIP_ARMV7=0 but ARMV7_SSH empty
      ansible.builtin.fail:
        msg: "SKIP_ARMV7=0 但未设置 ARMV7_SSH（见 ansible/env/.env.verify.example）"
      when: skip_armv7 == '0' and armv7_ssh | length == 0

    - name: Note skipping remote arm install
      ansible.builtin.debug:
        msg: "SKIP_ARMV7={{ skip_armv7 }}：跳过 arm 远程安装。若需安装：SKIP_ARMV7=0 且 export ARMV7_SSH='ssh -o BatchMode=yes user@arm-host'"
      when: skip_armv7 != '0' or armv7_ssh | length == 0

    - name: Remote Docker verify-or-install (get.docker.com)
      when: skip_armv7 == '0' and armv7_ssh | length > 0
      ansible.builtin.shell: |
        set -euo pipefail
        exec bash "{{ repo_root }}/ansible/tools/armv7-docker-verify-install.sh"
      environment:
        ARMV7_SSH: "{{ armv7_ssh }}"
      args:
        executable: /bin/bash
      register: armv7_docker_verify_install
      changed_when: "'skip_install=0' in (armv7_docker_verify_install.stdout | default(''))"