---

- name: Configure system for running OpenStack Ansible
  hosts: "{{ host }}"
  become: true

  handlers:
    - import_tasks: handlers/main.yml

  pre_tasks:
    - name: Check if ansible cannot be run here
      stat:
        path: /etc/no-ansible
      register: no_ansible

    - name: Verify if we can run ansible
      assert:
        that:
          - "not no_ansible.stat.exists"
        success_msg: "We are able to run on this node"
        fail_msg: "/etc/no-ansible exists - skipping run on this node"

  tasks:
    - name: Loading Variables from OS Common
      import_tasks: tasks/common_vars.yml

    - name: Disable Firewalld
      ansible.builtin.systemd:
        name: firewalld.service
        masked: yes
        enabled: no
        force: yes
        state: stopped
      tags: services

    - name: Set SELinux to permissive
      ansible.posix.selinux:
        policy: targeted
        state: permissive
      tags: services

    - name: Ensure packages are upgraded
      ansible.builtin.dnf:
        name: "*"
        state: latest
      tags: packages

    - name: Disable SSH Agent Forwarding
      lineinfile:
        dest: /etc/ssh/sshd_config
        regexp: '^.*AllowAgentForwarding'
        line: 'AllowAgentForwarding no'
      tags: services
      notify:
        - restart_sshd

    - name: Copy interface.sh script to host
      ansible.builtin.copy:
        src: 'files/interfaces.sh'
        dest: '/root/interfaces.sh'
        mode: 0744
        owner: 'root'
        group: 'root'
      tags:
        - interfaces

    - name: Generate ifcfg files
      shell: /root/interfaces.sh
      args:
        chdir: /etc/sysconfig/network-scripts/
        creates: /etc/sysconfig/network-scripts/ifcfg-br-mgmt
      tags:
        - interfaces

    - name: Setup Infra Nodes
      block:
        - name: Install packages
          ansible.builtin.dnf:
            name:
              - git-core
              - wget
              - python36
              - chrony
              - openssh-server
              - python3-devel
              - sudo
            state: latest
          tags: packages
        - name: Clone repository
          ansible.builtin.git:
            repo: https://github.com/NeilHanlon/openstack-ansible.git
              #single_branch: yes
            dest: /opt/openstack-ansible
            version: 'feature/rocky8'
          tags: repos

      when: tag.find("infra") != -1
      tags: infra

  post_tasks:
    - name: Disable cloud init from future runs
      file:
        path: /etc/cloud/cloud-init.disabled
        state: touch
        mode: '0644'
        owner: root
        group: root

    - name: Touching run file that ansible has ran here
      file:
        path: /var/log/ansible.run
        state: touch
        mode: '0644'
        owner: root
        group: root
...