---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
  vars:
    myhosts: "logging"

- name: Make the box be real
  hosts: logging
  user: root
  gather_facts: true

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - base
  - rkhunter
  - nagios_client
  - zabbix/zabbix_agent
  - hosts
  - openvpn/client
  - ipa/client
  - apache
  - collectd/base
  - collectd/server
  - sudo
  - web-data-analysis
  - role: keytab/service
    owner_user: apache
    owner_group: apache
    service: HTTP
    host: "admin.fedoraproject.org"
    when: env == "production"
  # Set up for fedora-messaging
  - role: rabbit/user
    user_name: "logging{{ env_suffix }}"
    user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.logging\.stats\..*
  # Used by countme
  - fedora-messaging-utils
  - logging

  pre_tasks:
  - import_tasks: "{{ tasks_path }}/yumrepos.yml"


  tasks:

#
# We exclude some dirs from restorecon on updates on logservers as they are very large
# and it takes a long long time to run restorecon over them.
#
  - name: Exclude some directories from selinux relabeling on updates
    ansible.builtin.copy: src="{{ files }}/logserver/fixfiles_exclude_dirs" dest=/etc/selinux/fixfiles_exclude_dirs owner=root mode=0644

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: Cloud Image stats
  hosts: log01.rdu3.fedoraproject.org
  user: root
  gather_facts: false

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - cloudstats

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: Dole out the service-specific config
  hosts: log01.rdu3.fedoraproject.org
  user: root
  gather_facts: true
  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

  roles:
    - role: nfs/client
      mnt_dir: '/mnt/fedora_stats'
      nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3"
      nfs_src_dir: 'fedora_stats'
    - geoip

  tasks:
    - name: Install needed packages
      ansible.builtin.package: name={{ item }} state=present
      with_items:
        - httpd
        - httpd-tools
        - mod_ssl
        - rsync
        - emacs-nox
        - git
        - bc
        - gnuplot
        - mod_auth_gssapi

    - name: Set domain_can_mmap_files so collectd works
      seboolean: name=domain_can_mmap_files state=yes persistent=yes