---
#
# This task sets up fasClient on a machine. 
# It installs the fas-clients package, then the /etc/fas.conf and finally a cron job update.
#

#
# fas-clients is in the infrastructure repo. 
# nss_db is needed to store user/group info.
#
- name: install package needed for fas-client
  yum: state=installed name={{ item }}
  with_items:
  - fas-clients
  - cronie
  tags:
  - packages
  - fas_client

- name: install nss_db on rhel hosts only
  yum: state=installed name=nss_db
  when: is_rhel is defined and ansible_distribution_major_version == '6'
  tags:
  - packages
  - fas_client

#
# setup /etc/nsswitch.conf to use nssdb
#
- name: setup /etc/nsswitch.conf for client use
  copy: src=nsswitch.conf  dest=/etc/nsswitch.conf owner=root mode=644
  tags:
  - config
  - fas_client

#
# fasClients needs a valid /etc/fas.conf. 
# There's vars used in this template: 
#
# fas_client_groups = "sysadmin-main"
# fas_client_restricted_app = ""
# fas_client_admin_app = ""
# fas_client_ssh_groups = ""
#
# if desired, set them on a per host/group basis. 
#
# Currently the default template is used, but could be modified on a host basis. 
#
- name: setup /etc/fas.conf for client use
  template: src={{ item }} dest=/etc/fas.conf owner=root mode=600
  with_first_found:
  - ../templates/{{ ansible_fqdn }}.fas.conf.j2
  - ../templates/{{ ansible_hostname }}.fas.conf.j2
  - ../templates/{{ ansible_hostname }}.fas.conf.j2 
  - ../templates/fas.conf.j2
  tags:
  - config
  - fas_client
  notify:
  - run fasclient

#
# setup /etc/cron.d/ file to run sync every 10min
# TODO: use cron module when it's fixed
#
#- name: fas_client cron job
#  cron: name="fas client" user=root cron_file=fas-client minute="*/10" job="/usr/bin/fasClient -i"
#  tags:
#  - config

- name: fas_client cron job
  copy: src=fas-client.cron dest=/etc/cron.d/fas-client owner=root mode=644
  tags:
  - config
  - fas_client

- name: fas_client_aliases cron job
  copy: src=fas-client-aliases.cron dest=/etc/cron.d/fas-client-aliases owner=root mode=644
  tags:
  - config
  - fas_client
  when: fas_aliases is defined

- name: fas_client_aliases template
  copy: src=aliases.template dest=/etc/aliases.template owner=root mode=644
  tags:
  - config
  - fas_client
  when: fas_aliases is defined

- name: run fas_client only if we just installed
  command: fasClient -if creates=/var/db/shadow.db
  tags:
  - config
  - fas_client