---

- include_vars: "{{ item }}"
  with_first_found:
    - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
    - vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
    - vars/{{ ansible_distribution }}.yml
    - vars/{{ ansible_os_family }}.yml
  tags: web

- name: Install needed tools
  yum: name{{ wh_backend_packages }}
  tags: web

- set_fact: wh_app_dir=[]
  tags: web
- name: Build a list of app root
  set_fact:
    wh_app_dir: "{{ wh_app_dir }} + [ '/opt/wh/{{ item.0.name }}/apps/{{ item.1.name }}' ]"
  loop: "{{ wh_clients | subelements('apps') }}"
  when: item.1.backend | default(item.0.backend) | default(wh_defaults.backend) == inventory_hostname
  tags: web

- name: Create unix accounts
  user:
    name: "wh-{{ item.name }}"
    comment: "Unix account for {{ item.name }}"
    system: True
    shell: "{{ shell | default('/sbin/nologin') }}"
    home: /opt/wh/{{ item.name }}
  loop: "{{ wh_clients }}"
  tags: web

- name: Create ssh directories
  file: path=/etc/ssh/wh/{{ item.name }}/ state=directory mode=755
  loop: "{{ wh_clients }}"
  tags: web

- name: Deploy SSH keys
  authorized_key:
    user: root
    key: "{{ item.ssh_keys | default([]) | join(\"\n\") }}"
    path: /etc/ssh/wh/{{ item.name }}/authorized_keys
    manage_dir: False
    exclusive: True
  loop: "{{ wh_clients }}"
  tags: web

- name: Set correct permissions on authorized_key files
  file: path=/etc/ssh/wh/{{ item.name }}/authorized_keys owner=root group=root mode=644
  loop: "{{ wh_clients }}"
  when: item.ssh_keys | default([]) | length > 0
  tags: web

- name: List all authorized keys directories
  shell: ls -1 /etc/ssh/wh | xargs -n1 basename
  register: wh_existing_ssh_keys
  changed_when: False
  tags: web

- name: Remove unmanaged ssh keys
  file: path=/etc/ssh/wh/{{ item }} state=absent
  with_items: "{{ wh_existing_ssh_keys.stdout_lines | default([]) }}"
  when: item not in wh_clients | map(attribute='name')
  tags: web

- name: Create applications directories
  file: path={{ item.0 }}/{{ item.1 }} state=directory
  loop: "{{ wh_app_dir | product(['web','data','tmp','logs','archives','bin','info', 'db_dumps']) | list }}"
  notify: reset permissions
  tags: web

- name: Set correct SELinux context for apps directories
  sefcontext:
    target: "{{ item }}(/.*)?"
    setype: httpd_sys_content_t
    state: present
  when: ansible_selinux.status == 'enabled'
  loop: "{{ wh_app_dir }}"
  notify: reset permissions
  tags: web

- name: Deploy PHP FPM pools
  template: src=php-fpm.conf.j2 dest=/etc/opt/remi/php{{ item }}/php-fpm.d/wh.conf
  vars:
    wh_php_version: "{{ item }}"
  loop: "{{ httpd_php_versions }}"
  notify: restart php-fpm
  tags: web

- name: Deploy httpd configuration
  template: src=httpd.conf.j2 dest=/etc/httpd/ansible_conf.d/31-wh.conf
  notify: reload httpd
  tags: web

- name: Deploy permissions scripts
  template: src=perms.sh.j2 dest=/opt/wh/{{ item.0.name }}/apps/{{ item.1.name }}/bin/perms.sh
  loop: "{{ wh_clients | subelements('apps') }}"
  when: item.1.backend | default(item.0.backend) | default(wh_defaults.backend) == inventory_hostname
  notify: reset permissions
  tags: web

- name: Create databases
  mysql_db:
    name: "{{ item.0.name[0:7] }}_{{ item.1.name[0:7] }}"
    login_host: "{{ (wh_default_app | combine(item.1)).database.server | default(mysql_server) }}"
    login_user: sqladmin
    login_password: "{{ mysql_admin_pass }}"
    collation: "{{ (wh_default_app | combine(item.1)).database.collation  }}"
    encoding: "{{ (wh_default_app | combine(item.1)).database.encoding  }}"
    state: present
  loop: "{{ wh_clients | subelements('apps') }}"
  when:
    - (wh_default_app | combine(item.1)).database.enabled
    - (wh_default_app | combine(item.1)).database.engine == 'mysql'
    - item.1.backend | default(item.0.backend) | default(wh_defaults.backend) == inventory_hostname
  tags: web

- name: Create applications database users
  mysql_user:
    name: "{{ item.0.name[0:7] }}_{{ item.1.name[0:7] }}"
    password: "{{ (wh_default_app | combine(item.1)).database.pass | default((wh_pass_seed | password_hash('sha256', 65534 | random(seed=item.0.name + item.1.name) | string))[9:27] ) }}"
    priv: "{{ item.0.name[0:7] }}_{{ item.1.name[0:7] }}.*:ALL"
    host: "%"
    login_host: "{{ (wh_default_app | combine(item.1)).database.server | default(mysql_server) }}"
    login_user: sqladmin
    login_password: "{{ mysql_admin_pass }}"
    state: present
  loop: "{{ wh_clients | subelements('apps') }}"
  when:
    - (wh_default_app | combine(item.1)).database.enabled
    - (wh_default_app | combine(item.1)).database.engine == 'mysql'
    - item.1.backend | default(item.0.backend) | default(wh_defaults.backend) == inventory_hostname
  tags: web

- name: Create clients database user
  mysql_user:
    name: "{{ item.0.name[0:15] }}"
    password: "{{ item.0.db_pass | default((wh_pass_seed | password_hash('sha256', 65534 | random(seed=item.0.name) | string))[9:27]) }}"
    priv: "{{ item.0.name[0:7] }}_{{ item.1.name[0:7] }}.*:ALL"
    host: "%"
    login_host: "{{ (wh_default_app | combine(item.1)).database.server | default(mysql_server) }}"
    login_user: sqladmin
    login_password: "{{ mysql_admin_pass }}"
    append_privs: True
    state: present
  loop: "{{ wh_clients | subelements('apps')}}"
  when:
    - (wh_default_app | combine(item.1)).database.enabled
    - (wh_default_app | combine(item.1)).database.engine == 'mysql'
    - item.1.backend | default(item.0.backend) | default(wh_defaults.backend) == inventory_hostname
  tags: web

- name: Deploy databases info file
  template: src=database.txt.j2 dest=/opt/wh/{{ item.0.name }}/apps/{{ item.1.name }}/info/database.txt
  loop: "{{ wh_clients | subelements('apps') }}"
  when: item.1.backend | default(item.0.backend) | default(wh_defaults.backend) == inventory_hostname
  notify: reset permissions
  tags: web

- name: Deploy per app backup scripts
  template: src=backup.sh.j2 dest=/opt/wh/{{ item.0.name }}/apps/{{ item.1.name }}/bin/backup.sh mode=750
  loop: "{{ wh_clients | subelements('apps') }}"
  when: item.1.backend | default(item.0.backend) | default(wh_defaults.backend) == inventory_hostname
  tags: web

- name: Deploy wh_create_archives script to archive all the hosted apps
  template: src=wh_create_archives.sh.j2 dest=/usr/local/bin/wh_create_archives.sh mode=750
  tags: web

- name: Setup a daily cronjob to take automatic archives of webapps
  cron:
    name: wh_backups
    special_time: daily
    user: root
    job: 'systemd-cat /usr/local/bin/wh_create_archives.sh'
    cron_file: wh
    state: present
  tags: web

- name: Deploy global pre/post backup scripts
  template: src={{ item }}_backup.sh.j2 dest=/etc/backup/{{ item }}.d/wh.sh mode=700
  loop: [ 'pre', 'post' ]
  tags: web

- name: Deploy logrotate snippet
  template: src=logrotate.j2 dest=/etc/logrotate.d/wh
  tags: web

- name: Deploy wh-acld
  template: src=wh-acld.j2 dest=/usr/local/bin/wh-acld mode=750
  notify: restart wh-acld
  tags: web

- name: Deploy wh-acld service unit
  template: src=wh-acld.service.j2 dest=/etc/systemd/system/wh-acld.service
  register: wh_acld_unit
  tags: web

- name: Reload systemd
  systemd: daemon_reload=True
  when: wh_acld_unit.changed
  tags: web

- name: Start and enable wh-acld
  service: name=wh-acld state=started enabled=True
  tags: web