# Required vars
# - checkcompose_amqp_queue
##      string - Message queue name for the consumer. To use the
##               fedora-messaging scheduler with public authentication
##               on the Fedora production AMQP broker (which is what
##               you'd typically want), you only need to set this.
##               This should be a unique and private string; the
##               official recommendation is to use a random UUID
##               generated by uuidgen.
#
# Required vars with defaults
# - checkcompose_prod
##       bool - whether this is the production instance. **SHOULD ONLY
##              EVER BE TRUE ON ONE SYSTEM IN THE WORLD**
##       default - False
# - checkcompose_amqp_passive
##        bool - If true, passive_declares will be set true in all the
##               fedora-messaging consumer configuration files. This
##               is needed for private authentication on the Fedora
##               brokers.
##       default - False
# - checkcompose_amqp_url
##      string - AMQP broker URL for fedora-messaging report sender.
##               The role default for this is the Fedora production
##               broker with the shared 'fedora' username.
# - checkcompose_amqp_cacert
##      string - CA certificate file to use for authenticating with
##               AMQP broker for fedora-messaging report sender.
##               The role default for this is the CA cert file for the
##               Fedora production broker.
# - checkcompose_amqp_cert
##      string - Certificate file to use for authenticating with AMQP
##               broker for fedora-messaging report sender. The role
##               default for this is the certificate file for the
##               public 'fedora' account on the Fedora production
##               broker.
# - checkcompose_amqp_key
##      string - Private key file to use for authenticating with AMQP
##               broker for fedora-messaging report sender. The role
##               default for this is the key file for the public
##               'fedora' account on the Fedora production broker.
# - checkcompose_amqp_routing_keys
##        list - List of routing key names for the fedora-messaging
##               scheduler to subscribe to. The role default for this
##               is the appropriate keys for the Fedora production
##               broker.
# - checkcompose_amqp_mailfrom
##      string - From email address for error report emails. Defaults
##               to "root@{{ external_hostname }}". Only relevant if
##               checkcompose_amqp_mailto is set.
# - checkcompose_amqp_smtp
##      string - Hostname of SMTP server to use for sending consumer error
##               emails. Defaults to 'localhost'. Only relevant if
##               checkcompose_amqp_mailto is set.
#
# Optional vars
# - checkcompose_server
##      string - hostname of openQA server to connect to (if not set, openQA
##               client configuration will determine this, default will be
##               localhost)
# - checkcompose_url
##      string - base URL for openQA result links (if not set, will be
##               the URL the client actually wound up connecting to)
# - checkcompose_wait
##      string - (digits) time in minutes to wait for openQA tests to complete
##               before sending the report (defaults to 480)
# - checkcompose_emailfrom
##      string - Email address to send reports from (if not set, no reports
##               sent)
# - checkcompose_emailto
##      string - Email address to send all reports to. Split multiple
##               addresses with spaces
# - checkcompose_subvariant_emails
##        dict - Per-subvariant recipients foe check-compose emails. Should
##               be a dict of dicts like this:
##               {
##                   'Workstation': {
##                       'all':  ['foo@workstation.com', 'bar@workstation.com'],
##                       'error': ['error@workstation.com'],
##                   },
##                   'Server': {
##                       'all': ['foo@server.com'],
##                       'error': ['error@server.com'],
##                   },
##               }
##               Split multiple addresses with spaces
# - checkcompose_smtp
##      string - SMTP server to use for sending the report
# - checkcompose_json
##      string - File to append JSON-formatted report summary to
# - checkcompose_loglevel
##      string - log level
# - checkcompose_amqp_mailto
##        list - List of email addresses to email errors to. If set,
##               the email log handler will be configured.
#
# NOTE: this is missing /etc/openqa/client.conf configuration, for now;
# we're assuming it'll be deployed on the openqa server boxes and hence
# client.conf will be in place (and localhost default would be correct
# anyhow). We also get lazy and assume fedora_openqa will be installed
# by openqa/dispatcher role; ideally we should factor this out into a
# shared task or something.

# - name: Install required packages (testing)
#  dnf: name={{ item }} state=present enablerepo="updates-testing"
#  with_items:
#  - python3-fedfind
#  tags:
#  - packages

---
- name: Install required packages
  ansible.builtin.package:
    name: ['fedora-messaging', 'python3-fedfind', 'python3-openqa_client', 'python3-pip',
           'python3-pip']
    state: present
  tags:
  - packages

- name: Check out check-compose
  git:
    repo: https://forge.fedoraproject.org/quality/check-compose.git # noqa 401
    dest: /root/check-compose
  register: gitcc

- name: Check if check-compose is installed for current Python
  ansible.builtin.command: "pip show check_compose"
  register: instcc
  changed_when: "1 != 1"
  failed_when: "1 != 1"
  check_mode: no

- name: Install check-compose
  ansible.builtin.command: "python3 -m pip install --no-deps /root/check-compose"
  when: "gitcc is changed or instcc.rc != 0"
  notify:
  - Restart check-compose

- name: Create /etc/pki/fedora-messaging
  ansible.builtin.file:
    dest: /etc/pki/fedora-messaging
    mode: "0775"
    owner: root
    group: root
    state: directory
  when: "deployment_type is defined"
  tags:
  - config

# as noted elsewhere, we are reusing the openqa user and creds for
# convenience while the roles are all run on the same system, and
# stg uses the prod account and credentials to listen on prod
- name: Deploy the Fedora infra fedora-messaging cert
  ansible.builtin.copy:
    src: "{{ private }}/files/rabbitmq/{{ checkcompose_env }}/pki/issued/{{ openqa_amqp_this_username }}.crt"
    dest: "/etc/pki/fedora-messaging/{{ openqa_amqp_this_username }}-cert.pem"
    mode: "0644"
    owner: root
    group: root
  when: "deployment_type is defined"
  tags:
  - config

# This is kinda icky, as there's no intrinsic reason the group geekotest
# should exist so far as this role is concerned. But as we run this role
# on the same box as openQA, in fact we need to keep the ownership in
# line. This needs making cleaner somehow.
- name: Deploy the Fedora infra fedora-messaging key
  ansible.builtin.copy:
    src: "{{ private }}/files/rabbitmq/{{ checkcompose_env }}/pki/private/{{ openqa_amqp_this_username }}.key"
    dest: "/etc/pki/fedora-messaging/{{ openqa_amqp_this_username }}-key.pem"
    mode: "0640"
    owner: root
    group: geekotest
  when: "deployment_type is defined"
  tags:
  - config

- name: Configure fedora-messaging check-compose consumer
  ansible.builtin.template: src=check-compose.toml.j2 dest=/etc/fedora-messaging/check-compose.toml owner=root group=root mode=0640
  notify:
  - Restart check-compose
  tags:
  - config

- name: Install config file
  ansible.builtin.template: src=check-compose.conf.j2 dest=/etc/check-compose.conf mode=0644
  tags:
  - config

- name: Enable and start fedora-messaging check-compose consumer
  service: name=fm-consumer@check-compose enabled=yes state=started