# Clean up any existing k3s installation on the master node
resource "null_resource" "k3s_cleanup_master" {
  # SSH 登录你的 master server
  connection {
    type        = "ssh"
    host        = var.master_ip
    user        = "root"
    password    = var.master_password
  }

  # 远程执行清理命令
  provisioner "remote-exec" {
    inline = [
      "echo -e '\\033[32mCleanup start on master node\\033[0m'",
      "systemctl stop k3s 2>/dev/null || true",
      "pkill -f k3s 2>/dev/null || true",
      #"rm -rf /usr/local/bin/k3s",
      "rm -f /etc/systemd/system/k3s.service",
      "rm -rf /var/lib/rancher/k3s",
      "rm -rf /etc/rancher/k3s",
      "rm -rf /root/.kube",
      "echo -e '\\033[32mCleanup completed on master node\\033[0m'"
    ]
  }
}


resource "null_resource" "k3s_install_master" {
  depends_on = [null_resource.k3s_cleanup_master]
  
  # SSH 登录你的 master server
  connection {
    type        = "ssh"
    host        = var.master_ip
    user        = "root"
    password    = var.master_password
  }

  # 远程执行命令（你原来的所有逻辑，一模一样）
  provisioner "remote-exec" {
    inline = [
      "echo -e '\\033[32mChecking if k3s binary exists...\\033[0m'",
      "if [ ! -f /usr/local/bin/k3s ]; then",
      "  echo -e '\\033[32mDownloading k3s binary...\\033[0m'",
      "  wget -O /usr/local/bin/k3s http://download.9981.tech/k3s-v1.35.0%2Bk3s1",
      "  chmod +x /usr/local/bin/k3s",
      "else",
      "  echo -e '\\033[33mk3s binary already exists, skipping download\\033[0m'",
      "fi",
      "echo -e '\\033[32mCreating k3s systemd service...\\033[0m'",
      # 关键：用 heredoc 完全避免语法错误
      "cat > /etc/systemd/system/k3s.service <<'EOF'",
      "[Unit]",
      "Description=Lightweight Kubernetes",
      "Documentation=https://k3s.io",
      "After=network-online.target",
      "[Service]",
      "Type=exec",
      "ExecStart=/usr/local/bin/k3s server --tls-san ${var.master_ip} --advertise-address ${var.master_ip} --disable=traefik --disable=servicelb --disable=metrics-server --token=my-secret-token --https-listen-port=6443 --pause-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6 --system-default-registry=registry.cn-hangzhou.aliyuncs.com",
      "Restart=always",
      "RestartSec=5s",
      "[Install]",
      "WantedBy=multi-user.target",
      "EOF",
      "systemctl daemon-reload",
      "systemctl enable --now k3s",
      "echo -e '\\033[32mK3s started successfully via systemd!\\033[0m'",
    ]
  }
}


resource "null_resource" "copy_token_to_workers" {
  depends_on = [null_resource.k3s_install_master]
  
  connection {
    type        = "ssh"
    host        = var.master_ip
    user        = "root"
    password    = var.master_password
  }

  provisioner "remote-exec" {
    inline = [
      "echo -e '\\033[32mK3s Starting copy token to workers!\\033[0m'",
      "timeout 300 bash -c 'while [ ! -f /var/lib/rancher/k3s/server/node-token ]; do echo waiting for k3s token...; sleep 10; done'",
      "sshpass -p '${var.worker_password}' scp -o StrictHostKeyChecking=no /var/lib/rancher/k3s/server/node-token root@${var.worker_ips[0]}:/root/",
      "sshpass -p '${var.worker_password}' scp -o StrictHostKeyChecking=no /var/lib/rancher/k3s/server/node-token root@${var.worker_ips[1]}:/root/",
      "echo -e '\\033[32mK3s Done copy token to workers!\\033[0m'",
    ]
  }
}