---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Check to see if yum's fastestmirror plugin is present
  stat:
    path: /etc/yum/pluginconf.d/fastestmirror.conf
  register: fastestmirror_plugin_check

- name: Configure yum's fastestmirror plugin
  ini_file:
    path: /etc/yum/pluginconf.d/fastestmirror.conf
    section: main
    option: enabled
    value: "{{ (openstack_hosts_enable_yum_fastestmirror | bool) | ternary('1', '0') }}"
    no_extra_spaces: yes
    mode: "0644"
  when:
    - fastestmirror_plugin_check.stat.exists

- name: Disable requiretty for root sudo on centos
  template:
    dest: /etc/sudoers.d/openstack-ansible
    owner: root
    group: root
    mode: "0440"
    src: sudoers.j2

# Copy all factored-in GPG keys.
# KeyID 764429E6 from https://raw.githubusercontent.com/rdo-infra/centos-release-openstack/ocata-rdo/RPM-GPG-KEY-CentOS-SIG-Cloud
# KeyID 61E8806C from keyserver for rdo-qemu-ev
- name: If a keyfile is provided, copy the gpg keyfile to the key location
  copy:
    src: "{{ item.keyfile }}"
    dest: "{{ item.key }}"
    mode: '0644'
  with_items: "{{ openstack_hosts_package_repos_keys | selectattr('keyfile', 'defined') | list }}"

- name: Ensure GPG keys have the correct SELinux contexts applied
  command: restorecon -Rv /etc/pki/rpm-gpg/
  # TODO(evrardjp): Be more idempotent
  changed_when: false

# Handle gpg keys manually
- name: Install gpg keys
  rpm_key:
    key: "{{ key.key }}"
    validate_certs: "{{ key.validate_certs | default(omit) }}"
    state: "{{ key.state | default('present') }}"
  with_items: "{{ openstack_hosts_package_repos_keys }}"
  loop_control:
    loop_var: key
  register: _add_yum_keys
  until: _add_yum_keys  is success
  retries: 5
  delay: 2

- name: Add requirement packages (repositories gpg keys packages, toolkits...)
  package:
    name: "{{ openstack_hosts_package_list | rejectattr('state', 'equalto', 'absent') | map(attribute='name') | list }}"
    state: "{{ openstack_hosts_package_state }}"

- name: Add yum repositories if they do not exist
  yum_repository:
    name: "{{ repo.name }}"
    file: "{{ repo.file | default(omit) }}"
    description: "{{ repo.description | default(omit) }}"
    baseurl: "{{ repo.baseurl | default(omit) }}"
    mirrorlist: "{{ repo.mirrorlist | default(omit) }}"
    gpgkey: "{{ repo.gpgkey | default(omit) }}"
    gpgcheck: "{{ repo.gpgcheck | default(omit) }}"
    enabled: "{{ repo.enabled | default('yes') }}"
    exclude: "{{ repo.exclude | default(omit) }}"
    priority: "{{ repo.priority | default(99) }}"
    state: "{{ repo.state | default(omit) }}"
    module_hotfixes: "{{ repo.module_hotfixes | default(omit) }}"
  with_items: "{{ openstack_hosts_package_repos }}"
  loop_control:
    loop_var: repo
  register: _adding_repo
  until: _adding_repo  is success
  retries: 5
  delay: 2

- name: Add dnf extra conf
  blockinfile:
    block: "{{ openstack_hosts_package_manager_default_conf + openstack_hosts_package_manager_extra_conf }}"
    path: /etc/dnf/dnf.conf
    marker: "# {mark} OPENSTACK-ANSIBLE-OPENSTACK_HOSTS MANAGED BLOCK"
    create: yes
    mode: "0644"
  when:
    - openstack_hosts_package_manager_extra_conf | length > 0 or openstack_hosts_package_manager_default_conf | length > 0

- name: Add rdo repositories via url for trunk based installation
  get_url:
    url: "{{ openstack_hosts_rdo_repo_url }}/delorean.repo"
    dest: /etc/yum.repos.d/rdo.repo
    mode: "0640"
  register: _get_repo
  until: _get_repo  is success
  retries: 5
  delay: 2
  when:
    - (install_method | default('source')) == 'distro'
    - openstack_hosts_rdo_repo_type == 'trunk'

- name: Install centos-release-openstack package for cloudsig based installation
  package:
    name:
      - centos-release-openstack-{{ openstack_distrib_code_name | lower }}
  when:
    - (install_method | default('source')) == 'distro'
    - openstack_hosts_rdo_repo_type == 'cloudsig'

- name: Enable CodeReadyBuilder repository
  command: dnf config-manager --set-enabled "crb"
  changed_when: false
  when:
    - openstack_hosts_power_tool_enable | bool
    - ansible_facts['distribution_major_version'] == "9"

- name: Create SSL certificate and key directories
  file:
    path: "{{ item.path }}"
    state: directory
    owner: "{{ item.owner | default(root) }}"
    group: "{{ item.group | default(root) }}"
    mode: "{{ item.mode | default('0755') }}"
  with_items:
    - { path: "/etc/pki/tls/certs", owner: "root", group: "root" }
    - { path: "/etc/pki/tls/private", owner: "root", group: "root" }

- name: Create SSL certificate and key directory symlinks
  file:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    state: "link"
  with_items:
    - { src: "/etc/pki/tls/certs", dest: "/etc/ssl/certs" }
    - { src: "/etc/pki/tls/private", dest: "/etc/ssl/private" }