---
- name: Install the basic packages
  yum: name={{ centos_packages_to_install }} state={{ centos_pkg_state }}
  tags: [ 'centos', 'bootstrap', 'packages' ]

- name: Install the basic packages from the EPEL repository
  yum: name={{ centos_packages_from_epel }} state={{ centos_pkg_state }}
  when: centos_install_epel
  tags: [ 'centos', 'bootstrap', 'packages' ]

- name: Install the packages we want on a non virtualized host
  yum: name={{ centos_hw_packages | default([]) }} state={{ centos_pkg_state }}
  when: ansible_virtualization_role is defined and ansible_virtualization_role == 'host'
  tags: [ 'centos', 'bootstrap', 'packages' ]

- name: Install the selinux policy file to fix a timedatectl problem and various qemu-ga ones
  copy: src=qemu_ag_provisioning-sepol.te dest=/usr/local/etc/qemu_ag_provisioning-sepol.te
  register: qemu_ga_selinux_policy
  tags: [ 'centos', 'rhel', 'selinux' ]

- name: Activate the selinux policy for qemu
  shell: checkmodule -M -m -o /usr/local/etc/qemu_ag_provisioning-sepol.mod /usr/local/etc/qemu_ag_provisioning-sepol.te ; semodule_package -o /usr/local/etc/qemu_ag_provisioning-sepol.pp -m /usr/local/etc/qemu_ag_provisioning-sepol.mod ; semodule -i /usr/local/etc/qemu_ag_provisioning-sepol.pp
  args:
    creates: /usr/local/etc/qemu_ag_provisioning-sepol.pp
  when: qemu_ga_selinux_policy is changed
  tags: [ 'centos', 'rhel', 'selinux' ]

- name: Install the selinux policy file to fix a systemd policy glitch
  copy: src=systemd-enable.te dest=/usr/local/etc/systemd-enable-sepol.te
  register: systemd_selinux_policy
  tags: [ 'centos', 'rhel', 'selinux' ]

- name: Activate the selinux policy for systemd
  shell: checkmodule -M -m -o /usr/local/etc/systemd-enable-sepol.mod /usr/local/etc/systemd-enable-sepol.te ; semodule_package -o /usr/local/etc/systemd-enable-sepol.pp -m /usr/local/etc/systemd-enable-sepol.mod ; semodule -i /usr/local/etc/systemd-enable-sepol.pp
  args:
    creates: /usr/local/etc/systemd-enable-sepol.pp
  when: systemd_selinux_policy is changed
  tags: [ 'centos', 'rhel', 'selinux' ]

- name: Activate smartmontools on a non virtualized host
  service: name=smartd state=started enabled=yes
  when: ansible_virtualization_role is defined and ansible_virtualization_role == 'host'
  tags: [ 'centos', 'bootstrap', 'packages' ]

- name: Install the locate utility if needed
  yum: name={{ centos_locate_package }} state={{ centos_pkg_state }}
  when: centos_enable_locate
  tags: [ 'centos', 'bootstrap', 'packages' ]
  
- name: Set the timezone
  command: timedatectl set-timezone {{ timezone }}
  tags: [ 'centos', 'bootstrap' ]

- name: Set the hostname
  hostname: name={{ hostname }}
  when: hostname is defined
  tags: [ 'centos', 'bootstrap' ]

- name: Configure the main interface to set the correct resolvers. dns1
  lineinfile: name=/etc/sysconfig/network-scripts/ifcfg-eth0 regexp="^DNS1=" line="DNS1={{ dns1 }}"
  when: centos_set_dns_servers
  tags: [ 'centos', 'bootstrap' ]

- name: Configure the main interface to set the correct resolvers. dns2
  lineinfile: name=/etc/sysconfig/network-scripts/ifcfg-eth0 regexp="^DNS2=" line="DNS2={{ dns2 }}"
  when: centos_set_dns_servers
  tags: [ 'centos', 'bootstrap' ]

- name: Configure the main interface to set the correct resolvers. search domain
  lineinfile: name=/etc/sysconfig/network-scripts/ifcfg-eth0 regexp="^DOMAIN=" line="DOMAIN={{ domain_name }}"
  when: configure_domain_name_in_interface
  tags: [ 'centos', 'bootstrap' ]

- name: Stop avahi before removing it when it is not needed
  service: name=avahi-daemon state=stopped enabled=no
  when: centos_remove_avahi or centos_disable_avahi
  ignore_errors: True
  tags: [ 'centos', 'bootstrap', 'avahi' ]

- name: Stop and disable NetworkManager when we do not need it or we are going to remove it
  service: name=NetworkManager state=stopped enabled=no
  when: centos_remove_networkmanager or centos_disable_networkmanager
  ignore_errors: True
  tags: [ 'centos', 'bootstrap', 'networkmanager' ]
  
- name: Remove some unneeded packages
  yum: name={{ centos_packages_to_remove | default ([]) }} state=absent
  when: centos_packages_cleanup
  tags: [ 'centos', 'bootstrap', 'packages' ]

- name: Remove the Avahi packages
  yum: name={{ centos_avahi_packages | default ([]) }} state=absent
  when: centos_remove_avahi
  tags: [ 'centos', 'bootstrap', 'packages' ]

- name: Remove the NetworkManager packages
  yum: name={{ centos_nm_packages | default ([]) }} state=absent
  when: centos_remove_networkmanager
  tags: [ 'centos', 'bootstrap', 'packages' ]

- name: Disable some unneeded services
  service: name= state=stopped enabled=no
  with_items: '{{ centos_services_to_be_disabled }}'
  when: centos_services_to_be_disabled is defined
  ignore_errors: True
  tags: [ 'centos', 'bootstrap', 'daemons' ]

- name: Configure selinux to permit core dumps by daemons
  seboolean: name=daemons_dump_core state=yes persistent=yes
  when: centos_selinux_daemons_dump_core
  tags: [ 'centos', 'bootstrap', 'selinux' ]

- name: various pub ssh keys for users and apps
  authorized_key: user=root key="{{ item }}" state=present
  with_items: '{{ root_ssh_keys | default([]) }}'
  when: manage_root_ssh_keys
  tags: root_pubkeys

- name: Remove obsolete keys from the authorized ones
  authorized_key: user=root key="{{ item }}" state=absent
  with_items: '{{ obsolete_root_ssh_keys | default([]) }}'
  when: obsolete_root_ssh_keys is defined
  tags: root_pubkeys