---
# Ensure a Swarm-wide overlay network exists for inter-service communication.

- name: Validate Docker is available
  ansible.builtin.command: docker --version
  changed_when: false
  check_mode: false

- name: Collect Swarm state from current host
  ansible.builtin.command: docker info --format '{{"{{"}} .Swarm.LocalNodeState {{"}}"}}|{{"{{"}} .Swarm.ControlAvailable {{"}}"}}'
  register: swarm_state
  changed_when: false
  check_mode: false

- name: Fail when host is not an active swarm manager
  ansible.builtin.assert:
    that:
      - swarm_state.stdout is search('active|true')
    fail_msg: >-
      This role must run on an active Swarm manager.
      Current state was: {{ swarm_state.stdout }}
    success_msg: "Host is an active Swarm manager."

- name: Ensure overlay network exists for swarm services
  community.docker.docker_network:
    name: "{{ swarm_overlay_network_name }}"
    driver: overlay
    scope: swarm
    attachable: "{{ swarm_overlay_network_attachable }}"
    internal: "{{ swarm_overlay_network_internal }}"
    ipam_config:
      - subnet: "{{ swarm_overlay_network_subnet }}"
        gateway: "{{ swarm_overlay_network_gateway }}"
    driver_options:
      com.docker.network.driver.mtu: "{{ swarm_overlay_network_mtu }}"
    state: present
  register: swarm_overlay_network_result

- name: Show network reconciliation result
  ansible.builtin.debug:
    msg:
      - "Overlay network ensured: {{ swarm_overlay_network_name }}"
      - "Changed: {{ swarm_overlay_network_result.changed }}"
      - "Subnet: {{ swarm_overlay_network_subnet }}"
      - "Gateway: {{ swarm_overlay_network_gateway }}"