---
- name: update all
  command: yum -y update creates=/etc/sysconfig/global-update-applied
  register: updated
  tags:
  - packages

- name: ntp pkgs
  action: yum state=present pkg={{ item }}
  with_items:
  - ntpdate
  - ntp
  - libsemanage-python
  - libselinux-python
  tags:
  - packages

- name: write out global-update-applied file if we updated
  copy: content="updated" dest=/etc/sysconfig/global-update-applied 
  when: updated is defined
  tags:
  - packages

- name: put step-tickers in place
  action: copy src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers

- name: enable the service
  action: service name=ntpd state=running enabled=true

#- name: edit hostname to be instance name - prefix hostbase var if it exists
#  action: shell hostname  {{ hostbase }}`curl -s http://169.254.169.254/latest/meta-data/instance-id`
#  tags:
#  - config

- name: add ansible root key 
  action: authorized_key user=root key="{{ item }}"
  with_file:
  - /srv/web/infra/ansible/roles/base/files/ansible-pub-key
  tags:
  - config
  
- name: add root keys for sysadmin-main and other allowed users
  authorized_key: user=root key="{{ item }}"
  with_lines: "/srv/web/infra/ansible/scripts/auth-keys-from-fas @sysadmin-main {{ root_auth_users }}"
  tags:
  - config
  ignore_errors: true

- name: enable ssh_sysadm_login sebool
  action: seboolean name=ssh_sysadm_login state=yes persistent=yes

# note - kinda should be a handler - but handlers need args
- name: restorecon
  action: command restorecon -R /root/.ssh
  tags:
  - config