---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Restart web server
  service:
    name: "{{ (keystone_web_server == 'apache') | ternary(keystone_system_service_name, 'nginx') }}"
    enabled: yes
    state: restarted
    daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
  register: _restart
  until: _restart | success
  retries: 5
  delay: 2

- name: Wait for web server to complete starting
  wait_for:
    port: "{{ item }}"
    timeout: 25
    delay: 10
  with_items:
    - "{{ keystone_service_port }}"
    - "{{ keystone_admin_port }}"
  register: _wait_check
  until: _wait_check | success
  retries: 5
  listen: "Restart web server"

- name: Stop uWSGI
  service:
    name: "{{ item }}"
    state: "stopped"
    daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
  register: _stop
  until: _stop | success
  retries: 5
  delay: 2
  with_items: "{{ keystone_services.keys() | list }}"
  listen: "Restart uWSGI"

# Note (odyssey4me):
# The policy.json file is currently read continually by the services
# and is not only read on service start. We therefore cannot template
# directly to the file read by the service because the new policies
# may not be valid until the service restarts. This is particularly
# important during a major upgrade. We therefore only put the policy
# file in place after the service has been stopped.
#
- name: Check whether a custom policy file is being used
  stat:
    path: "/etc/keystone/policy.json-{{ keystone_venv_tag }}"
  register: _custom_policy_file
  listen: "Restart uWSGI"

- name: Copy new policy file into place
  copy:
    src: "/etc/keystone/policy.json-{{ keystone_venv_tag }}"
    dest: "/etc/keystone/policy.json"
    owner: "root"
    group: "{{ keystone_system_group_name }}"
    mode: "0640"
    remote_src: yes
  when:
    - _custom_policy_file['stat']['exists'] | bool
  listen: "Restart uWSGI"

- name: Start uWSGI
  service:
    name: "{{ item }}"
    enabled: yes
    state: "started"
    daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
  register: _start
  until: _start | success
  retries: 5
  delay: 2
  with_items: "{{ keystone_services.keys() | list }}"
  listen: "Restart uWSGI"

- name: Wait for uWSGI socket to be ready
  wait_for:
    port: "{{ item }}"
    timeout: 25
    delay: 10
  with_items:
    - "{{ keystone_uwsgi_ports['keystone-wsgi-admin']['socket'] }}"
    - "{{ keystone_uwsgi_ports['keystone-wsgi-public']['socket'] }}"
  register: _wait_check
  until: _wait_check | success
  retries: 5
  listen: "Restart uWSGI"

- name: Restart Shibd
  service:
    name: "shibd"
    enabled: yes
    state: "restarted"
    daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
  register: _restart
  until: _restart | success
  retries: 5
  delay: 2

- meta: noop
  listen: Manage LB
  when: false