---
- name: Install OpenQA packages
  ansible.builtin.yum:
    name: "{{ openqa_packages }}"
    state: present
  tags:
    - packages

- name: Copy httpd configuration files
  ansible.builtin.copy:
    remote_src: true
    src: /etc/httpd/conf.d/{{ item }}.template
    dest: /etc/httpd/conf.d/{{ item }}
    mode: "0644"
    owner: root
    group: root
  loop:
    - openqa.conf
    - openqa-ssl.conf
  notify: Restart httpd
  tags:
    - configure
  ignore_errors: "{{ ansible_check_mode }}"

- name: Template OpenQA configuration files
  ansible.builtin.template:
    src: etc/openqa/{{ item }}.j2
    dest: /etc/openqa/{{ item }}
    owner: "{{ openqa_user }}"
    group: "{{ openqa_group }}"
    mode: "0444"
  loop:
    - openqa.ini
    - client.conf
  tags:
    - configure
  notify: Restart openQA workers

- name: Get service facts
  ansible.builtin.service_facts:
  check_mode: false

- name: Check for non-empty postgres data directory
  ansible.builtin.stat:
    path: /var/lib/pgsql/data/base
  register: postgres_data_dir

- name: If postgresql is not already running, initialize database
  ansible.builtin.command: postgresql-setup --initdb
  when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" )
        and not postgres_data_dir.stat.exists
  changed_when: true
  ignore_errors: "{{ ansible_check_mode }}"

- name: Enable and start postgresql service
  ansible.builtin.systemd:
    name: postgresql
    state: started
    enabled: true
  when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" )
        and not postgres_data_dir.stat.exists
  ignore_errors: "{{ ansible_check_mode }}"

- name: Configure SELinux to allow httpd connection to network
  ansible.posix.seboolean:
    name: httpd_can_network_connect
    state: true
    persistent: true
  tags:
    - configure

- name: Enable and start OpenQA services
  ansible.builtin.systemd:
    name: "{{ item }}"
    state: started
    enabled: true
  loop: "{{ openqa_services }}"
  tags:
    - configure
  ignore_errors: "{{ ansible_check_mode }}"

- name: Create openqa-vnc firewalld service
  ansible.builtin.template:
    src: etc/firewalld/services/openqa-vnc.xml.j2
    dest: /etc/firewalld/services/openqa-vnc.xml
    owner: root
    group: root
    mode: "0644"
  tags:
    - configure
  notify: Reload firewalld

- name: Systemctl daemon-reload
  ansible.builtin.systemd:
    daemon_reload: true

- name: Permit traffic for http and openqa-vnc services
  ansible.posix.firewalld:
    service: "{{ item }}"
    permanent: true
    state: enabled
  loop:
    - http
    - openqa-vnc
  tags:
    - configure
  notify: Reload firewalld

- name: Check for existing repository
  ansible.builtin.stat:
    path: "{{ openqa_homedir }}/share/tests/rocky"
  register: rocky_testing_repo
  tags:
    - configure

- name: Clone repository if it does not already exist
  ansible.builtin.git:
    accept_hostkey: true
    dest: "{{ openqa_homedir }}/share/tests/rocky"
    repo: "{{ openqa_rocky_testing_repo }}"
    version: develop
  when: not rocky_testing_repo.stat.exists
  tags:
    - configure

- name: Set owner/group/permissions on repo contents
  ansible.builtin.file:
    path: "{{ openqa_homedir }}/share/tests/rocky"
    recurse: true
    owner: "{{ openqa_user }}"
    group: "{{ openqa_group }}"
    mode: "0775"
  tags:
    - configure

- name: Create asset directories
  ansible.builtin.file:
    path: "{{ openqa_homedir }}/share/factory/{{ item }}/fixed"
    state: directory
    owner: "{{ openqa_user }}"
    group: "{{ openqa_group }}"
    mode: "0775"
  loop:
    - iso
    - hdd
...