#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
---

- name: Include common vars
  include_vars: ../../login_common/vars/main.yml

- name: Fetch hostname
  command: hostname
  register: new_serv_hostname
  changed_when: false

- name: Set fact for server hostname
  set_fact:
    server_hostname: "{{ new_serv_hostname.stdout }}"

- name: Uninstall server if it is already installed
  command: ipa-server-install --uninstall -U
  changed_when: false
  failed_when: false

- block:
    - name: Install ipa server in CentOS 7.9
      command: >-
        ipa-server-install -n '{{ hostvars['127.0.0.1']['domain_name'] }}' --hostname='{{ server_hostname }}' -a '{{ hostvars['127.0.0.1']['kerberos_admin_password'] }}'
        -p '{{ hostvars['127.0.0.1']['directory_manager_password'] }}' -r '{{ hostvars['127.0.0.1']['realm_name'] }}' --setup-dns --auto-forwarders --auto-reverse -U
      changed_when: true
      no_log: true
      register: install_ipa_server
      when:
        - ( ansible_distribution | lower == os_centos )
        - ( ansible_distribution_version < os_version )

    - name: Install ipa server in CentOS > 8 or Rocky 8
      command: >-
        ipa-server-install -n '{{ hostvars['127.0.0.1']['domain_name'] }}' --hostname='{{ server_hostname }}' -a '{{ hostvars['127.0.0.1']['kerberos_admin_password'] }}'
        -p '{{ hostvars['127.0.0.1']['directory_manager_password'] }}' -r '{{ hostvars['127.0.0.1']['realm_name'] }}' --setup-dns --no-forwarders --no-reverse --no-ntp -U
      changed_when: true
      no_log: true
      register: install_ipa_server
      when:
        - ( ansible_distribution | lower == os_centos ) or
          ( ansible_distribution | lower == os_rocky )
        - ( ansible_distribution_version >= os_version )
  rescue:
    - name: Install ipa server failed
      fail:
        msg: "Error: {{ install_ipa_server.stderr_lines }}"

- block:
    - name: Authenticate as admin
      shell: set -o pipefail && echo $'{{ hostvars['127.0.0.1']['kerberos_admin_password'] }}' | kinit admin
      no_log: true
      changed_when: false
      register: authenticate_admin
  rescue:
    - name: Authenticate as admin failed
      fail:
        msg: "Error: {{ authenticate_admin.stderr }}"

- name: Replace the /etc/resolv.conf file
  copy:
    src: "{{ temp_resolv_conf_path }}"
    dest: "{{ resolv_conf_path }}"
    mode: "{{ file_mode }}"
    remote_src: yes