---
# etcd witness node configuration
# This node participates in etcd quorum but does not run K8s workloads

- name: Check if K3s is already installed
  stat:
    path: /usr/local/bin/k3s
  register: k3s_binary

- name: Get K3s token from first server
  set_fact:
    k3s_token: "{{ lookup('file', k3s_token_file, errors='ignore') | default('PLACEHOLDER') }}"

- name: Install K3s as server (witness mode)
  shell: |
    curl -sfL {{ k3s_install_url }} | INSTALL_K3S_VERSION="{{ k3s_version }}" sh -s - server \
      --server https://{{ k3s_server_1_ip }}:6443 \
      --token {{ k3s_token }} \
      --disable-apiserver \
      --disable-controller-manager \
      --disable-scheduler \
      --node-ip {{ ansible_default_ipv4.address }}
  when: not k3s_binary.stat.exists
  environment:
    INSTALL_K3S_SKIP_START: "false"

- name: Enable and start k3s service
  systemd:
    name: k3s
    state: started
    enabled: yes

- name: Display witness node information
  debug:
    msg: "etcd witness node configured at {{ ansible_default_ipv4.address }}"