---

- include_vars: "{{ item }}"
  with_first_found:
    - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
    - vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
    - vars/{{ ansible_distribution }}.yml
    - vars/{{ ansible_os_family }}.yml
  tags: pki

  # Merge realm config
- name: Build PKI realm config
  set_fact: pki_realms_conf={{ pki_realms_conf | default([]) + [ pki_realm_conf | combine(item, recursive=True) ] }}
  with_items: "{{ pki_realms }}"
  tags: pki
- set_fact: pki_realms={{ pki_realms_conf | default([]) }}
  tags: pki

  # Detect if its an initial install, an upgrade, or none
- import_tasks: ../includes/webapps_set_install_mode.yml
  vars:
    - root_dir: "{{ pki_root_dir }}"
    - version: "{{ pki_version }}"
  tags: pki
- set_fact: pki_install_mode={{ (install_mode == 'upgrade' and not pki_manage_upgrade) | ternary('none',install_mode) }}
  tags: pki
- set_fact: pki_current_version={{ current_version | default('') }}
  tags: pki

  # Generate various password and secrets, if they are not defined
- import_tasks: ../includes/get_rand_pass.yml
  vars:
    - pass_file: "{{ pki_root_dir }}/meta/ansible_secret_cookie"
  tags: pki
- set_fact: pki_secret_cookie={{ rand_pass }}
  tags: pki

- import_tasks: ../includes/get_rand_pass.yml
  vars:
    - pass_file: "{{ pki_root_dir }}/meta/ansible_secret"
  when: pki_secret is not defined
  tags: pki
- set_fact: pki_secret={{ rand_pass }}
  when: pki_secret is not defined
  tags: pki

- import_tasks: ../includes/get_rand_pass.yml
  vars:
    - pass_file: "{{ pki_root_dir }}/meta/ansible_scep_hmac"
  when: pki_scep_hmac is not defined
  tags: pki
- set_fact: pki_scep_hmac={{ rand_pass }}
  when: pki_scep_hmac is not defined
  tags: pki

- import_tasks: ../includes/get_rand_pass.yml
  vars:
    - pass_file: "{{ pki_root_dir }}/meta/ansible_scep_challenge"
  when: pki_scep_challenge is not defined
  tags: pki
- set_fact: pki_scep_challenge={{ rand_pass }}
  when: pki_scep_challenge is not defined
  tags: pki

- import_tasks: ../includes/get_rand_pass.yml
  vars:
    - pass_file: "{{ pki_root_dir }}/meta/ansible_dbpass"
  when: pki_db_pass is not defined
  tags: pki
- set_fact: pki_db_pass={{ rand_pass }}
  when: pki_db_pass is not defined
  tags: pki

- import_tasks: ../includes/get_rand_pass.yml
  vars:
    - pass_file: "{{ pki_root_dir }}/meta/ansible_session_dbpass"
  when: pki_db_session_pass is not defined
  tags: pki
- set_fact: pki_db_session_pass={{ rand_pass }}
  when: pki_db_session_pass is not defined
  tags: pki