---
- name: Install desired extra packages (yum)
  yum: state=present pkg={{ item }}
  with_items:
  - ntpdate
  - ntp
  - libsemanage-python
  - libselinux-python
  when: ansible_distribution_major_version|int < 22
  tags:
  - packages

- name: Install desired extra packages (dnf)
  dnf: state=present pkg={{ item }}
  with_items:
  - ntpdate
  - ntp
  - libsemanage-python
  - libselinux-python
  when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined
  tags:
  - packages

- name: remove some packages (yum)
  yum: state=absent pkg={{ item }}
  with_items:
  - chrony
  tags:
  - packages
  when: ansible_distribution_major_version|int < 22

- name: remove some packages (dnf)
  dnf: state=absent pkg={{ item }}
  with_items:
  - chrony
  tags:
  - packages
  when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined

- name: put step-tickers in place
  copy: src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
  when: ansible_cmdline.ostree is not defined
  tags:
  - ntp
  - config

- name: enable the service
  service: name=ntpd state=running enabled=true
  when: ansible_cmdline.ostree is not defined

#- name: edit hostname to be instance name - prefix hostbase var if it exists
#  shell: hostname  {{ hostbase }}`curl -s http://169.254.169.254/latest/meta-data/instance-id`
#  tags:
#  - config

- name: add ansible root key 
  authorized_key: user=root key="{{ item }}"
  with_file:
  - /srv/web/infra/ansible/roles/base/files/ansible-pub-key
  tags:
  - config
  - sshkeys
  
- name: add root keys for sysadmin-main and other allowed users
  authorized_key: user=root key="{{ item }}"
  with_lines: "/srv/web/infra/ansible/scripts/auth-keys-from-fas @sysadmin-main {{ root_auth_users }}"
  tags:
  - config
  - sshkeys
  ignore_errors: true

- name: enable ssh_sysadm_login sebool
  seboolean: name=ssh_sysadm_login state=yes persistent=yes
  ignore_errors: true

# note - kinda should be a handler - but handlers need args
- name: restorecon
  file: path=/root/.ssh setype=ssh_home_t recurse=yes
  tags:
  - config

- name: update all
  command: yum -y update creates=/etc/sysconfig/global-update-applied
  register: updated
  when: ansible_distribution_major_version|int < 22
  tags:
  - packages

- name: update all
  command: dnf -y update creates=/etc/sysconfig/global-update-applied
  register: updated
  when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined
  tags:
  - packages

- name: write out global-update-applied file if we updated
  copy: content="updated" dest=/etc/sysconfig/global-update-applied 
  when: updated is defined
  tags:
  - packages