- name: make sure we re in permissive mode
  shell: "setenforce 0 "
  register: selinux_off

- name: Update CA trust
  shell: update-ca-trust

- name: kill the openstack ccm pods to make sure they boot in permissive mode
  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml rollout restart -n kube-system ds openstack-cloud-controller-manager "
  register: openstack_ccm_restart
  when: ( 'master' in group_names )
  ignore_errors: True

- name: Wait for openstack-cloud-controller deamon set to be ready
  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml wait --namespace=kube-system --for=condition=Ready pods --selector app=openstack-cloud-controller-manager --timeout=60s"
  register: openstack_ccm_ready
  when: ('master' in group_names)
  ignore_errors: True


- debug: var=openstack_ccm_ready.stdout_lines
#- name: Wait for openstack-cloud-controller deamon set to be ready
#  shell: " sleep 60"
  
#- name: Wait for openstack-cloud-controller deamon set to be ready
#  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml wait --namespace=kube-system --for=condition=Ready ds openstack-cloud-controller-manager --timeout=120s"
#  register: openstack_ccm_ready
#  when: not upgrade
#  ignore_errors: True

# - name: Wait till the Object is created
#   kubernetes.core.k8s_info:
#     kind: Pod
#     wait: yes
#     name: pod-not-yet-created
#     namespace: default
#     wait_sleep: 10
#     wait_timeout: 360

- name: Enable SELinux
  selinux:
    policy: targeted
    state: enforcing