# create an osbs server
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
  vars:
    myhosts: "oci_registry:oci_registry_stg"

- name: Make the box be real
  hosts: oci_registry:oci_registry_stg
  user: root
  gather_facts: true

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - base
  - rkhunter
  - nagios_client
  - zabbix/zabbix_agent
  - hosts
  - { role: openvpn/client,
      when: env != "staging" }
  - ipa/client
  - collectd/base
  - rsyncd
  - sudo
  - role: nfs/client
    mnt_dir: '/srv/registry'
    nfs_src_dir: "oci_registry"
    when: inventory_hostname.startswith(('oci-registry01.iad2', 'oci-registry02.iad2'))

  - role: nfs/client
    mnt_dir: '/srv/registry'
    nfs_src_dir: "oci_candidate_registry"
    when: inventory_hostname.startswith(('oci-candidate-registry01.iad2'))

  pre_tasks:
  - name: Create /srv/registry on staging since it does not use NFS
    ansible.builtin.file:
      path: /srv/registry
      state: directory
      owner: root
      group: root
      mode: "0755"
    when: "env == 'staging'"
  - import_tasks: "{{ tasks_path }}/yumrepos.yml"

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: Setup docker distribution registry
  hosts: oci_registry:oci_registry_stg
  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - /srv/private/ansible/vars.yml
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml


  # NOTE: tls is disabled for docker-distribution because we are listening only
  #       on localhost and all external connections will be through httpd which
  #       will be SSL enabled.
  roles:
    - {
      role: docker-distribution,
      conf_path: "/etc/docker-distribution/registry/config.yml",
      tls: {
        enabled: false,
      },
      log: {
        fields: {
          service: "registry"
        }
      },
      storage: {
        filesystem: {
          rootdirectory: "/srv/registry"
        }
      },
      http: {
        addr: ":5000"
      }
    }

    # Setup compose-x86-01 push docker images to registry
    - {
      role: login-registry,
      candidate_registry: "candidate-registry.stg.fedoraproject.org",
      candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}",
      candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}",
      when: env == "staging",
      delegate_to: "compose-x86-01.{{ datacenter }}.fedoraproject.org"
    }
    - {
      role: login-registry,
      candidate_registry: "candidate-registry.fedoraproject.org",
      candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}",
      candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}",
      when: env == "production",
      delegate_to: "compose-x86-01.{{ datacenter }}.fedoraproject.org"
    }