---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
  vars:
    myhosts: "openqa:openqa_lab"

- name: Setup base openQA host
  hosts: openqa:openqa_lab
  user: root
  gather_facts: true

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  pre_tasks:
  - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
  - import_tasks: "{{ tasks_path }}/yumrepos.yml"

  roles:
    - { role: base, tags: ['base'] }
    - { role: rkhunter, tags: ['rkhunter'] }
    - { role: nagios_client, tags: ['nagios_client'] }
    - { role: hosts, tags: ['hosts']}
    - ipa/client
    - { role: collectd/base, tags: ['collectd_base'] }
    - { role: sudo, tags: ['sudo'] }
    - apache

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: Configure fedora-messaging queues on openQA servers
  hosts: openqa:openqa_lab
  user: root
  gather_facts: true

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  # we must always make sure the prod user exists, as stg uses the
  # prod account to listen to things on prod. **NOTE**: this is lazy
  # and bad practice, but we've evaluated it and it doesn't really
  # cause any significant security risk, it just means someone with
  # root on openqa.stg could access the rabbitmq creds for the prod
  # user and impersonate prod openqa on the message bus, which is
  # not a huge deal. fixing it would be kinda tedious.
  - role: rabbit/user
    user_name: "{{ openqa_amqp_prod_username }}"
    user_publish_only: false
    user_sent_topics: ^org\.fedoraproject\.prod\.(openqa|ci)\..*
    vars:
      env: "production"
      env_suffix: ""
    tags: ['rabbit']

  - role: rabbit/user
    user_name: "{{ openqa_amqp_stg_username }}"
    user_publish_only: false
    user_sent_topics: ^org\.fedoraproject\.stg\.(openqa|ci)\..*
    vars:
      env: "staging"
      env_suffix: ".stg"
    tags: ['rabbit']
    when: "deployment_type == 'stg'"

  - role: rabbit/queue
    queue_name: "{{ openqa_amqp_scheduler_queue }}"
    queue_routing_keys: "{{ openqa_amqp_scheduler_routing_keys }}"
    vars:
      # yes, even the staging scheduler listens to production, it
      # has to or else it wouldn't schedule any jobs
      env: "production"
      env_suffix: ""
    tags: ['rabbit']

  - role: rabbit/queue
    queue_name: "{{ openqa_amqp_resultsdb_reporter_queue }}"
    queue_routing_keys: "{{ openqa_amqp_resultsdb_reporter_routing_keys }}"
    vars:
      # this role does listen on stg, as it listens out for jobs
      # from openqa stg
      env: "{{ openqa_env }}"
      env_suffix: "{{ openqa_env_suffix }}"
    tags: ['rabbit']

  - role: rabbit/queue
    queue_name: "{{ openqa_amqp_wiki_reporter_queue }}"
    queue_routing_keys: "{{ openqa_amqp_wiki_reporter_routing_keys }}"
    vars:
      # this role does listen on stg, as it listens out for jobs
      # from openqa stg
      env: "{{ openqa_env }}"
      env_suffix: "{{ openqa_env_suffix }}"
    tags: ['rabbit']

    # relvalconsumer queue
  - role: rabbit/queue
    queue_name: "{{ relvalconsumer_amqp_queue }}"
    vars:
      # yes, even the staging relvalconsumer listens to production,
      # it has to because composes don't happen in stg
      env: "production"
      env_suffix: ""
    tags: ['rabbit']
    when: "relvalconsumer_amqp_queue is defined"

    # relvalamiconsumer queue
  - role: rabbit/queue
    queue_name: "{{ relvalamiconsumer_amqp_queue }}"
    queue_routing_keys: "{{ relvalamiconsumer_amqp_routing_keys }}"
    vars:
      # yes, even the staging updater listens to production, it
      # has to as we never publish fedimg.image.publish on stg
      env: "production"
      env_suffix: ""
    tags: ['rabbit']
    when: "relvalamiconsumer_amqp_queue is defined"

    # check-compose queue
  - role: rabbit/queue
    queue_name: "{{ checkcompose_amqp_queue }}"
    queue_routing_keys: "{{ checkcompose_amqp_routing_keys }}"
    vars:
      # this role does listen on stg, as it listens out for jobs
      # from openqa stg
      env: "{{ checkcompose_env }}"
      env_suffix: "{{ checkcompose_env_suffix }}"
    tags: ['rabbit']
    when: "checkcompose_amqp_queue is defined"

    # fedora_nightlies queue
  - role: rabbit/queue
    queue_name: "{{ fedora_nightlies_amqp_queue }}"
    queue_routing_keys: "{{ fedora_nightlies_amqp_routing_keys }}"
    vars:
      # this role listens on prod as it listens for composes
      env: "production"
      env_suffix: ""
    tags: ['rabbit']
    when: "fedora_nightlies_amqp_queue is defined"

- name: Set up openQA server data NFS mounts (staging)
  hosts: openqa_lab

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - role: nfs/client
    mnt_dir: '/var/lib/openqa/testresults'
    nfs_src_dir: 'fedora_openqa_lab/testresults'
    nfs_mount_opts: 'rw,bg,nfsvers=3'
    tags: ['nfs_client']
  - role: nfs/client
    mnt_dir: '/var/lib/openqa/images'
    nfs_src_dir: 'fedora_openqa_lab/images'
    nfs_mount_opts: 'rw,bg,nfsvers=3'
    tags: ['nfs_client']

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: Set up openQA server data NFS mounts (prod)
  hosts: openqa

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - role: nfs/client
    mnt_dir: '/var/lib/openqa/testresults'
    nfs_src_dir: 'fedora_openqa/testresults'
    nfs_mount_opts: 'rw,bg,nfsvers=3'
    tags: ['nfs_client']
  - role: nfs/client
    mnt_dir: '/var/lib/openqa/images'
    nfs_src_dir: 'fedora_openqa/images'
    nfs_mount_opts: 'rw,bg,nfsvers=3'
    tags: ['nfs_client']

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: Configure openQA
  hosts: openqa:openqa_lab
  user: root
  gather_facts: true

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

# relvalconsumer isn't particularly related to openQA in any way, we
# just put that role on these boxes. There's nowhere more obviously
# correct for it, really. Ditto fedora_nightlies and testcase_stats
  roles:
  - { role: openqa/server, tags: ['openqa_server'] }
  - { role: openqa/dispatcher, tags: ['openqa_dispatcher'] }
  - { role: check-compose, tags: ['check-compose'], when: "checkcompose_amqp_queue is defined" }
  - { role: relvalconsumer, tags: ['relvalconsumer'], when: "relvalconsumer_amqp_queue is defined" }
  - { role: fedora_nightlies, tags: ['fedora_nightlies'], when: "fedora_nightlies_amqp_queue is defined" }
  - { role: testcase_stats, tags: ['testcase_stats'], when: "testcase_stats_output_dir is defined" }

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"