---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# This role adds a host and its required sub-hosts and services to
# FreeIPA as defined in the ServerMetadata.
#
# The following variables are required:
# - tripleo_ipa_enroll_base_server (True if base server must be enrolled)
# - tripleo_ipa_base_server_fqdn   (FQDN of base host eg. controller-0.example.com)
# - tripleo_ipa_base_server_otp    (OTP for enrollment, only required if enroll_server is True)
# - tripleo_ipa_delegate_server    (Server for OTP delegation, only required if enroll_server is True)
# - tripleo_ipa_server_metadata    (server metadata, which includes required services)

- name: set main facts
  set_fact:
    base_server_fqdn: "{{ tripleo_ipa_base_server_fqdn }}"
    base_server_short_name: "{{ tripleo_ipa_base_server_fqdn.split('.')[0] }}"
    base_server_domain: "{{ tripleo_ipa_base_server_fqdn.split('.', 1)[1] }}"
    enroll_base_server: "{{ tripleo_ipa_enroll_base_server }}"

- name: add main host to IPA with OTP
  when: enroll_base_server|bool
  become: true
  block:
    - name: get host raw data and keytab info
      command: "ipa host-show --raw --all {{ base_server_fqdn }}"
      register: host_raw_data
      changed_when: false
      failed_when: false

    - name: confirm that host is not already registered with current keytab
      when: '"has_keytab: TRUE" not in host_raw_data.stdout'
      block:
        - name: remove stale host if present
          when: host_raw_data.rc == 0
          ipa_host:
            fqdn: "{{ base_server_fqdn }}"
            state: absent

        - name: add new host with random one-time password
          ipa_host:
            fqdn: "{{ base_server_fqdn }}"
            random_password: true
            force: true
          register: ipa_host

        - name: set otp as a host fact
          set_fact:
            ipa_host_otp: "{{ ipa_host.host.randompassword }}"
          no_log: true
          delegate_facts: true
          delegate_to: "{{ tripleo_ipa_delegate_server }}"

- name: add required services
  include: services.yml
  loop: "{{ tripleo_ipa_server_metadata | from_json | parse_service_metadata(base_server_fqdn) }}"