---
# Simulate primary WAN failure and verify OOB path survivability.
- name: WAN failover test
  hosts: homelab
  become: true
  tasks:
    - name: Record current WireGuard peer status
      ansible.builtin.command:
        cmd: wg show wg0
      register: wg_before
      changed_when: false

    - name: Display pre-failover state
      ansible.builtin.debug:
        var: wg_before.stdout_lines

    # NOTE: Actual failover simulation (iptables rules to block primary WAN)
    # is too destructive for automated runs. This playbook verifies the
    # monitoring and detection components are working.

    - name: Check Kedge DaemonSet dead peer detection
      ansible.builtin.uri:
        url: "http://localhost:{{ kedge_metrics_port }}/metrics"
        return_content: true
      register: metrics

    - name: Verify mesh peer metrics exist
      ansible.builtin.assert:
        that:
          - "'kedge_mesh_peer_count' in metrics.content"
        fail_msg: "Mesh peer metrics not found — DaemonSet may not be running"