---
- name: Step 001 Deploy Infrastructure
  hosts:
    - localhost
    - "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_bastion') | replace('-', '_') }}"
  connection: local
  gather_facts: false
  become: false
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
  tags:
    - step001
    - create_ssh_config
  tasks:
    - name: Store bastion hostname as a fact
      set_fact:
        bastion_hostname:
          internal: "{{ ravello_groups  | json_query('bastion.hosts') }}"
          external: "{{ ravello_groups | json_query('_meta.hostvars.\"bastion-REPL.rhpds.opentlc.com\".externalFqdn') }}"
    - add_host:
        name: '{{ bastion_hostname.external }}'
        groups: bastion_host
    - name: Create quick_ssh script
      copy:
        content: |
            #!/bin/bash
            ssh -i {{ ANSIBLE_REPO_PATH }}/workdir/{{ guid }}key cloud-user@{{ bastion_hostname.external }}
        dest: '{{ ANSIBLE_REPO_PATH }}/workdir/{{ guid }}-quickssh.sh'
        mode: 0755
      # when: delete_app_post_deploy

      #  - name: set ansible_ssh_common_args
      #    set_fact:
      #      ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q cloud-user@{{ bastion_hostname.external }}'
      #      # ansible_ssh_common_args: '-F "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{ guid }}_ssh_conf" -o ControlMaster=auto -o ControlPersist=30m'
    - name: Create empty local ssh config as defined by deploy_local_ssh_config_location
      file:
        dest: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{ guid }}_ssh_conf"
        state: touch

    - name: Add bastion proxy config to workdir ssh config file
      blockinfile:
        dest: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{ guid }}_ssh_conf"
        marker: "##### {mark} ADDED BASTION PROXY HOST {{ env_type }}-{{ guid }} ######"
        content: |
            Host {{ bastion_hostname.external }}
              Hostname {{ bastion_hostname.external }}
              IdentityFile {{ ANSIBLE_REPO_PATH }}/workdir/{{ env_authorized_key }}
              IdentitiesOnly yes
              User {{ remote_user }}
              ControlMaster auto
              ControlPath /tmp/%h-%r
              ControlPersist 5m
              StrictHostKeyChecking no
      tags:
        - bastion_proxy_config_main

- name: Add other hosts to workdir ssh file
  include: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/add_hosts_ssh_config.yml"

#- name: copy ssh config to /root/.ssh/config
#  hosts: localhost
#  tasks:
#    - name: back up current ssh config file
#      copy:
#        src: /root/.ssh/config
#        dest: /root/.ssh/config.bak
#        owner: root
#        group: root
#        mode: 0400
#    - name: copy workdir ssh file to .ssh/config
#      copy:
#        src: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{ guid }}_ssh_conf"
#        dest: /root/.ssh/config
#        owner: root
#        group: root
#        mode: 0400