---

#
# This is the base role for all machines. 
# Things in here are things we want to do to every machine no matter what. 
#
- name: global default packages to install
  yum: state=installed name={{ item }}
  with_items:
   - "{{ global_pkgs_inst }}"
  tags:
  - packages
  - base

- name: make sure hostname is set right on rhel7 hosts
  command: hostnamectl set-hostname {{ inventory_hostname }}
  when: ( ansible_nodename != inventory_hostname ) and ansible_distribution_major_version == '7'

- name: sshd_config 
  copy: src={{ item }} dest=/etc/ssh/sshd_config mode=600
  with_first_found:
    - "{{ sshd_config }}"
    - ssh/sshd_config.{{ ansible_fqdn }}
    - ssh/sshd_config.{{ host_group }}
    - ssh/sshd_config.{{ dist_tag }}
    - ssh/sshd_config.{{ ansible_distribution }}
    - ssh/sshd_config.{{ ansible_distribution_version }}
    - ssh/sshd_config.default
  notify:
  - restart sshd
  tags:
  - sshd_config
  - config
  - sshd
  - base

- name: set root passwd
  user: name=root password={{ rootpw }} state=present
  tags:
  - rootpw
  - base
  when: not (inventory_hostname.startswith('build') or inventory_hostname.startswith('releng') or inventory_hostname.startswith('arm') or inventory_hostname.startswith('compose') or inventory_hostname.startswith('bkernel') or inventory_hostname.startswith('koji') or inventory_hostname.startswith('rawhide') or inventory_hostname.startswith('branched'))

- name: add ansible root key 
  authorized_key: user=root key="{{ item }}"
  with_file:
  - ansible-pub-key
  tags:
  - config
  - base

- name: make sure our resolv.conf is the one being used - set RESOLV_MODS=no in /etc/sysconfig/network
  lineinfile: dest=/etc/sysconfig/network create=yes backup=yes state=present line='RESOLV_MODS=no' regexp=^RESOLV_MODS=
  tags:
  - config
  - base
  
- name: dist pkgs to remove
  yum: state=removed name={{ item }}
  with_items: 
   - "{{ base_pkgs_erase }}"
  tags:
  - packages
  - base

- name: dist pkgs to install
  yum: state=installed name={{ item }}
  with_items:
   - "{{ base_pkgs_inst }}"
  tags:
  - packages
  - base

- name: dist disabled services
  service: state=stopped enabled=false name={{ item }}
  with_items:
   - "{{ service_disabled }}"
  tags:
  - service
  - config
  - base

- name: dist enabled services
  service: state=running enabled=true name={{ item }}
  with_items:
   - "{{ service_enabled }}"
  tags:
  - service
  - config
  - base

- name: iptables service enabled
  service: name=iptables state=running enabled=true
  tags:
  - iptables
  - service
  - base

- name: iptables
  template: src={{ item }} dest=/etc/sysconfig/iptables mode=600 backup=yes
  with_first_found:
   - ../templates/iptables/iptables.{{ datacenter }}
   - ../templates/iptables/iptables.{{ ansible_fqdn }}
   - ../templates/iptables/iptables.{{ host_group }}
   - ../templates/iptables/iptables.{{ env }}
   - ../templates/iptables/iptables
  notify:
  - restart iptables
  tags:
  - iptables
  - config
  - base

# XXX fixme # a datacenter 'fact' from setup
- name: /etc/resolv.conf
  copy: src={{ item }} dest=/etc/resolv.conf
  with_first_found:
  - "{{ resolvconf }}"
  - resolv.conf/{{ ansible_fqdn }}
  - resolv.conf/{{ host_group }}
  - resolv.conf/{{ datacenter }}
  - resolv.conf/resolv.conf
  tags:
  - config
  - resolvconf
  - base

- name: rsyslog.conf
  copy: src={{ item }} dest=/etc/rsyslog.conf mode=644
  with_first_found:
    - rsyslog/rsyslog.conf.{{ ansible_fqdn }}
    - rsyslog/rsyslog.conf.{{ dist_tag }}
    - rsyslog/rsyslog.conf.default
  notify:
  - restart rsyslog
  tags:
  - rsyslogd
  - config
  - base

- name: rsyslog log rotate for rsyslog servers
  copy: src=rsyslog/merged-rsyslog dest=/etc/logrotate.d/merged-rsyslog mode=644
  when: inventory_hostname.startswith('log')
  notify:
  - restart rsyslog
  tags:
  - rsyslogd
  - config
  - base

- name: add rsyslog config to /etc/rsyslog.d
  copy: src={{ item }} dest=/etc/rsyslog.d/ owner=root group=root mode=0644
  with_fileglob:
   - rsyslog/*.conf
  notify:
  - restart rsyslog
  tags:
  - rsyslogd
  - config
  - base

- name: log everything to log02 except on mirrorlist, do not log local4 there.
  copy: src=rsyslog/rsyslog-log02 dest=/etc/rsyslog.d/rsyslog-log02.conf mode=644
  when: not inventory_hostname.startswith('mirrorlist')
  tags:
  - rsyslogd
  - config
  - base

- name: log everything to log02 except on mirrorlist, do not log local4 there.
  copy: src=rsyslog/rsyslog-log02-nolocal4 dest=/etc/rsyslog.d/rsyslog-log02.conf mode=644
  when: inventory_hostname.startswith('mirrorlist')
  tags:
  - rsyslogd
  - config
 
- name: log everything to log01 except on mirrorlist, do not log local4 there.
  copy: src=rsyslog/rsyslog-log01 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=644
  when: not inventory_hostname.startswith('mirrorlist')
  tags:
  - rsyslogd
  - config
  - base

- name: log everything to log01 except on mirrorlist, do not log local4 there.
  copy: src=rsyslog/rsyslog-log01-nolocal4 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=644
  when: inventory_hostname.startswith('mirrorlist')
  tags:
  - rsyslogd
  - config
  - base
   - base
   
- name: /etc/postfix/main.cf
  copy: src={{ item }} dest=/etc/postfix/main.cf
  with_first_found:
    - "{{ postfix_maincf }}"
    - "postfix/main.cf/main.cf.{{ ansible_fqdn }}"
    - "postfix/main.cf/main.cf.{{ host_group }}"
    - "postfix/main.cf/main.cf.{{ postfix_group }}"
    - "postfix/main.cf/main.cf.{{ datacenter }}"
    - "postfix/main.cf/main.cf"
  notify:
  - restart postfix
  tags:
  - postfix
  - config
  - base

- name: install /etc/postfix/master.cf file
  copy: src={{ item }} dest=/etc/postfix/master.cf mode=0644
  with_first_found:
    - "{{ postfix_mastercf }}"
    - "postfix/master.cf/master.cf.{{ ansible_fqdn }}"
    - "postfix/master.cf/master.cf.{{ inventory_hostname }}"
    - "postfix/master.cf/master.cf.{{ host_group }}"
    - "postfix/master.cf/master.cf.{{ postfix_group }}"
    - "postfix/master.cf/master.cf"
  when: inventory_hostname.startswith('smtp-mm')
  notify:
  - restart postfix
  tags:
  - postfix
  - config
  - base

- name: enable postfix to start
  service: name=postfix state=running enabled=true
  tags:
  - service
  - base

- name: install /etc/postfix/transport file
  copy: src="postfix/{{ postfix_transport_filename }}" dest=/etc/postfix/transport
  when: inventory_hostname.startswith(('smtp-mm','bastion'))
  notify:
  - restart postfix
  - rebuild postfix transport
  tags:
  - postfix
  - base
  - config
#
# This task installs some common scripts to /usr/local/bin
# scripts are under roles/base/files/common-scripts
#

- name: Install common scripts
  copy: src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755
  with_fileglob:
   - common-scripts/*
  tags:
  - config
  - base

- name: install a sync httpd logs cron script only on log01
  copy: src=syncHttpLogs.sh dest=/etc/cron.daily/syncHttpLogs.sh mode=755
  when: inventory_hostname.startswith('log01')
  tags:
  - config
  - base