# c&p from persistent_cloud.yml, with necessary edits, this only works
# with modern Fedora for now, not RHEL/CentOS

- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README

- name: check it out
  local_action: shell nc -w 5 {{ inventory_hostname }} 22 < /dev/null
  register: host_is_up
  # ignore_errors: true
  changed_when: false
  check_mode: no

#####################################################x
# from https://github.com/praiskup/ansible-role-fix-root-ssh
- name: allow root ssh connections
  lineinfile:
    path: /etc/cloud/cloud.cfg
    regexp: '^disable_root:'
    line: 'disable_root: 0'
  remote_user: fedora
  become: true
  become_user: root
  when: birthday is defined

- name: use the same authorized_keys
  replace:
    path: /root/.ssh/authorized_keys
    regexp: '.*Please login as the user.* ssh-rsa '
    replace: 'ssh-rsa '
    backup: yes
  remote_user: fedora
  become: true
  become_user: root
  when: birthday is defined

- meta: reset_connection
  when: birthday is defined

# from https://github.com/praiskup/ansible-role-fix-root-ssh
#####################################################x

###   - name: spin UP VM using nova_compute
###     become: False
###     local_action:
###         module: nova_compute
###         auth_url: "{{os_auth_url}}"
###         login_username: "admin"
###         login_password: "{{ADMIN_PASS}}"
###         login_tenant_name: "{{inventory_tenant}}"
###         name: "{{inventory_instance_name}}"
###         image_id: "{{ image|image_name_to_id('admin', ADMIN_PASS, inventory_tenant, os_auth_url) }}"
###         wait_for: 600
###         flavor_id: "{{ instance_type|flavor_name_to_id('admin', ADMIN_PASS, inventory_tenant, os_auth_url) }}"
###         security_groups: "{{security_group}}"
###         key_name: "{{ keypair }}"
###         nics: "{{ cloud_networks }}"
###         user_data: "#cloud-config\ndisable_root: 0"
###         floating_ips:
###           - "{{public_ip}}"
###     register: nova_result
###     when: host_is_up is failed
###
###   # instance can be both id and name, volume must be id
###   # volume must be id
###   #
###   # Check that the volume is available
###   #
###   - local_action: shell nova --os-auth-url="{{os_auth_url}}" --os-username="admin" --os-password="{{ADMIN_PASS}}" --os-tenant-name={{inventory_tenant}} volume-list | grep ' {{item.volume_id}} ' | grep 'available'
###     with_items: "{{ volumes|default([]) }}"
###     register: volume_available
###     failed_when: volume_available.rc == 2
###     changed_when: volume_available.rc == 0
###     ignore_errors: True
###     when: volumes is defined
###     check_mode: no
###
###   #
###   # If it is attach it.
###   #
###   - local_action: shell nova --os-auth-url="{{os_auth_url}}" --os-username="admin" --os-password="{{ADMIN_PASS}}" --os-tenant-name={{inventory_tenant}} volume-attach "{{inventory_instance_name}}" "{{item.volume_id}}" "{{item.device}}"
###     with_items: "{{ volume_available.results|default([]) }}"
###     ignore_errors: True
###     failed_when: False
###     when: volumes is defined and volume_available is defined and item.changed
###
###   - name: wait for he host to be hot
###     local_action: wait_for host={{ public_ip }} port=22 delay=1 timeout=600
###     when: host_is_up is failed
###
###   # SSH is up and running, however cloud-init still did not deployed ssh keypair
###   # we have to wait some time. 10 sec is usually enough, but not always.
###
###   - name: waiting for cloud-init
###     pause: seconds=30
###     when: host_is_up is failed

### - name: gather ssh host key from new instance
###   local_action: command ssh-keyscan -t rsa {{ inventory_hostname }}
###   ignore_errors: True
###   register: hostkey
###   when: host_is_up is failed
### 
### - name: add new ssh host key (until we can sign it)
###   local_action: known_hosts path={{item}} key="{{ hostkey.stdout }}" host={{ inventory_hostname }} state=present
###   ignore_errors: True
###   with_items:
###   - /root/.ssh/known_hosts
###   when: host_is_up is failed

#
# Next we try and gather facts. If the host doesn't have python2 this will fail.
#

- name: gather facts
  setup:
  check_mode: no
  ignore_errors: True
  register: facts

#
# If that failed, then we use the raw module to install things
#

- name: install python3 and dnf stuff
  raw: sudo dnf -y install python3-dnf python3-libselinux python3
  when:
  - birthday is defined
  - facts is failed

# TODO - somehow guess when keypair is finally deployed and return little bit earlier
## We need to specify user, here we trying with fedora or root
#- name: wait until ssh is available
#  # local_action:  shell false; until [ "$?" -eq "0" ]; do sleep 2; ssh -o PasswordAuthentication=no fedora@{{ public_ip }} 'echo foobar'  || ssh -o PasswordAuthentication=no root@{{ public_ip }} 'echo foobar'; done
#  # local_action: shell false; until [ "$?" -eq "0" ]; do sleep 2; ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PasswordAuthentication=no fedora@{{ public_ip }} 'echo foobar'; done
#  local_action: shell whoami && ssh -vvvv -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PasswordAuthentication=no fedora@{{ public_ip }} 'echo foobar'
#  # async: 20
#  # poll: 5
#  ignore_errors: True
#

- name: Include SSH config
  import_role: name=basessh