---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


# Note:
# This role is used in a playbook that typically targets the undercloud
# and may target other hosts, so to ensure that it executes against the
# right src and dest it uses delegation throughout.

- name: tripleo_transfer tasks
  run_once: true
  block:
    - name: install requirements in src and dest hosts
      become: true
      package:
        name:
          - rsync
          - openssh-clients
        state: present
      delegate_to: "{{ item }}"
      loop:
        - "{{ tripleo_transfer_src_host }}"
        - "{{ tripleo_transfer_dest_host }}"

    - name: generate ssh key-pair in source host
      openssh_keypair:
        path: "{{ tripleo_transfer_key_location }}"
      delegate_to: "{{ tripleo_transfer_src_host }}"
      become: "{{ tripleo_transfer_src_become }}"
      register: keypair_gen

    - name: set authorized-keys in destination host
      authorized_key:
        comment: "Added by tripleo-transfer"
        user: "{{ ansible_user|default(ansible_ssh_user|default(hostvars[tripleo_transfer_dest_host].ansible_user_id)) }}"
        state: present
        key: "{{ keypair_gen.public_key }}"
      delegate_to: "{{ tripleo_transfer_dest_host }}"
      when: keypair_gen is succeeded

    - import_tasks: flag.yml
      when:
        - tripleo_transfer_flag_file != None
        - tripleo_transfer_flag_file|length > 0
      become: "{{ tripleo_transfer_dest_become }}"
      delegate_to: "{{ tripleo_transfer_dest_host }}"

    - name: synchronize both directories
      vars:
        hostvars_dest_host_ip: >-
          {{ hostvars[tripleo_transfer_dest_host].ansible_host |
          default(hostvars[tripleo_transfer_dest_host].inventory_hostname) }}
        tripleo_transfer_dest_user: >-
          {{ hostvars[tripleo_transfer_dest_host].ansible_user |
          default(hostvars[tripleo_transfer_dest_host].ansible_ssh_user |
          default(hostvars[tripleo_transfer_dest_host].ansible_user_id)) }}
      shell: >-
        /usr/bin/rsync
        -v
        --delay-updates
        -F
        --compress
        --archive
        --delete
        --rsync-path='sudo rsync'
        --rsh='ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i {{ tripleo_transfer_key_location }}'
        {{ tripleo_transfer_src_dir_safe }}
        {{ tripleo_transfer_dest_user }}@{{ hostvars_dest_host_ip }}:{{ tripleo_transfer_dest_dir_safe }}
      become: "{{ tripleo_transfer_src_become }}"
      delegate_to: "{{ tripleo_transfer_src_host }}"
  always:
    - name: clean up keys in source host
      file:
        path: "{{ item }}"
        state: absent
      delegate_to: "{{ tripleo_transfer_src_host }}"
      become: "{{ tripleo_transfer_src_become }}"
      loop:
        - "{{ tripleo_transfer_key_location }}"
        - "{{ tripleo_transfer_key_location }}.pub"

    - name: remove public key from authorized keys in destination host
      lineinfile:
        path: "~/.ssh/authorized_keys"
        state: absent
        regexp: '.*Added by tripleo-transfer.*$'
      delegate_to: "{{ tripleo_transfer_dest_host }}"
  when: tripleo_transfer_cleanup_keys | bool