---

# Parameters:
#   playbook inventory
#     stage := the name of the stage (e.g. devnso, qanso, prodnso)
#     tenant := object with tenant related data
#       key := 
#       name := 
#     cluster := object with cluster specific data (optional)
#       ...
#     data := object with action specific data (optional)
#       ...
#   smardigo message callback
#     scope_id := (scope id of the management process)
#     process_instance_id := (process instance id of the management process)
#     smardigo_management_action := (smardigo management action anme of the management process)

#############################################################
#   Creating inventory dynamically for given parameters
#############################################################

- import_playbook: pmci-inventory-cluster.yml

#############################################################
#   Creating servers for created inventory
#############################################################

- hosts: "stage_{{ stage }}:!{{ stage }}-virtual-host-to-read-groups-vars"
  serial: "{{ serial_number | default(5) }}"
  gather_facts: false
  remote_user: root

  pre_tasks:
    - name: Get all Firewalls from Hetzner
      uri:
        url: "https://api.hetzner.cloud/v1/firewalls"
        headers:
          accept: application/json
          authorization: Bearer {{ hetzner_authentication_ansible }}
        return_content: yes
      register: hetzner_firewalls_response
      delegate_to: 127.0.0.1
      tags:
        - update_networks

    - name: Save firewall entries as variable (fact)
      set_fact:
        hetzner_firewalls_response_json: "{{ hetzner_firewalls_response.json }}"
      tags:
        - update_networks

    - name: Parse firewall entries
      set_fact:
        firewall_records: "{{ hetzner_firewalls_response_json.firewalls | json_query(jmesquery) }}"
      vars:
        jmesquery: '[*].{id: id, name: name}'
      tags:
        - update_networks

    - name: Print firewall entries
      debug:
        msg: "{{ firewall_records }}"
      tags:
        - update_networks

  roles:
    - role: hetzner-ansible-hcloud

    - role: hetzner-ansible-dns
      vars:
        record_data: "{{ stage_server_ip }}"
        record_name: "{{ inventory_hostname }}"

#############################################################
#   Provisioning servers for created inventory
#############################################################

- hosts: "stage_{{ stage }}:!{{ stage }}-virtual-host-to-read-groups-vars"
  serial: "{{ serial_number | default(1) }}"
  remote_user: root
  vars:
    ansible_ssh_host: "{{ stage_server_domain }}"

  pre_tasks:
    - name: Remove outdated dependencies
      apt:
        name: [
          'docker',
          'docker-client',
          'docker-client-latest',
          'docker-common',
          'docker-latest',
          'docker-latest-logrotate',
          'docker-logrotate',
          'docker-engine',
          'smartmontools',
        ]
        state: 'absent'
      when: ansible_distribution == "Ubuntu"

    - name: "Import autodiscover pre-tasks"
      import_tasks: tasks/autodiscover_pre_tasks.yml
      become: false
      tags:
        - always

  roles:
    - role: ansible-role-docker
      when:
        - docker_enabled

    - role: hetzner-ansible-common

    - role: devsec.hardening.ssh_hardening
      tags:
        - ssh_hardening 

    - role: hetzner-ansible-filebeat
      when: filebeat_enabled | default(True)

    - role: hetzner-ansible-node-exporter
      when: node_exporter_enabled | default(True)

    - role: hetzner-ansible-traefik
      when: traefik_enabled | default(True)

#############################################################
#   Sending smardigo management message to process
#############################################################

- import_playbook: pmci-callback.yml