---
- name: Create debian containers for swarm
  lxc_container:
    name: "{{ item }}"
    container_log: true
    template: debian
    state: stopped
    fs_size: 2G
    template_options: --release stretch -a amd64
    container_command: |
      if [ ! -d ~/.ssh ]; then
        mkdir /root/.ssh
        echo "{{ lookup('file', my_ssh_key) }}" | tee -a /root/.ssh/authorized_keys
        systemctl restart sshd
      fi
  with_items:
    - "worker1"
    - "worker2"
  when: inventory_hostname in groups['manager']

- name: Pause execution for 20 seconds
  pause:
    seconds: 20

- name: Start lxc containers
  shell: lxc-start --name {{ item }}
  with_items:
    - "worker1"
    - "worker2"
  when: inventory_hostname in groups['manager']

- name: Remove old container identification keys
  shell: ssh-keygen -f /root/.ssh/known_hosts -R {{ item }}
  with_items:
    - "10.0.3.100"
    - "10.0.3.101"
  when: inventory_hostname in groups['manager']

- name: Ensure container key is up-to-date locally
  shell: ssh-keyscan -T 15 {{ item }} >> /root/.ssh/known_hosts
  with_items:
    - "10.0.3.100"
    - "10.0.3.101"
  when: inventory_hostname in groups['manager']

- name: Install python on LXC container
  raw: which python || (apt-get -y update && apt-get install -y python)
  when: inventory_hostname in groups['workers']

- name: Allow container network communication with host via linux bridge
  ufw:
    rule: allow
    interface: lxcbr0
    direction: in
    from_ip: "10.0.3.0/24"
  when: inventory_hostname in groups['manager']