# create a new autosign server
#
# FURTHER NOTE: some of These machines run day to day with sshd disabled/off.
# Access is via management interface only. This playbook does initial setup.
# Please check with rel-eng before doing anything here.

- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=autosign_stg"

- name: make the box be real
  hosts: autosign:autosign_stg
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - base
  - basessh
  - rkhunter
  - nagios_client
  - hosts
  - { role: fas_client, when: env != "staging" }
  - collectd/base
  - sudo
  - role: nfs/client
    mnt_dir: '/mnt/fedora_koji'
    nfs_src_dir: 'fedora_koji'
    when: env != 'staging'
  - role: nfs/client
    mnt_dir: '/mnt/fedora_koji/koji/ostree'
    nfs_src_dir: 'fedora_ostree_content/ostree'
    when: env != 'staging' and datacenter == 'iad2'

  - role: nfs/client
    mnt_dir: '/mnt/fedora_koji/koji/compose/ostree'
    nfs_src_dir: 'fedora_ostree_content/compose/ostree'
    when: env != 'staging' and datacenter == 'iad2'

  - role: nfs/client
    mnt_dir: '/mnt/fedora_koji/koji/ostree'
    nfs_src_dir: 'fedora_ostree_content/ostree'
    when: env != 'staging' and datacenter == 'iad2'

  - role: nfs/client
    mnt_dir: '/mnt/fedora_koji/koji/compose/ostree'
    nfs_src_dir: 'fedora_ostree_content/compose/ostree'
    when: env != 'staging' and datacenter == 'iad2'

#  - role: nfs/client
#    mnt_dir: '/mnt/fedora_koji/koji/ostree'
#    nfs_src_dir: 'fedora_ostree_content/ostree'
#    when: env == 'staging'
#
#  - role: nfs/client
#    mnt_dir: '/mnt/fedora_koji/koji/compose/ostree'
#    nfs_src_dir: 'fedora_ostree_content/compose/ostree'
#    when: env == 'staging'

  - role: rabbit/queue
    username: "robosignatory{{ env_suffix }}"
    queue_name: "robosignatory{{ env_suffix }}"
    routing_keys:
    - "org.fedoraproject.*.pungi.compose.ostree"
    - "org.fedoraproject.*.coreos.build.request.artifacts-sign"
    - "org.fedoraproject.*.coreos.build.request.ostree-sign"
    - "org.fedoraproject.*.buildsys.tag"
  - robosignatory
  - role: keytab/service
    service: autosign
    owner_user: robosignatory
    owner_group: robosignatory

  - { role: clevis, when: datacenter == 'iad2'}
  - { role: serial-console, when: datacenter == 'iad2'}

  pre_tasks:
  - import_tasks: "{{ tasks_path }}/yumrepos.yml"


  tasks:
  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
    when: env != "staging"
  - import_tasks: "{{ tasks_path }}/motd.yml"

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"