---
- name: Step 001 Deploy Infrastructure
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
  tags:
    - step001
    - deploy_infrastructure
  tasks:
  - name: AWS Generate CloudFormation Template
    template:
      src: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/files/cloud_providers/{{cloud_provider}}_cloud_template.j2"
      dest: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template-orig"
    tags:
      - aws_infrastructure_deployment
      - gen_cf_template

  ######################### Minimize template (avoid size limitation as much as possible)
  - name: minimize json
    shell: "jq -c . < {{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template-orig >  {{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template"
    register: jq_minify
    ignore_errors: true

  - name: use original if jq failed
    command: "cp {{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template-orig {{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template"
    when: jq_minify|failed

  ######################### Validate CF Template

  - name: validate cloudformation template
    environment:
      AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}"
      AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}"
      AWS_DEFAULT_REGION: "{{aws_region}}"
    shell: "aws cloudformation validate-template --region {{ aws_region | default(region) | default('us-east-1')}} --template-body file://{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template"

  ######################### Launch CF Template

  - name: Launch CloudFormation template
    # environment:
    #   AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}"
    #   AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}"
    #   AWS_DEFAULT_REGION: "{{aws_region}}"
    cloudformation:
      aws_access_key: "{{ aws_access_key_id }}"
      aws_secret_key: "{{ aws_secret_access_key }}"
      stack_name: "{{ project_tag }}"
      state: "present"
      region: "{{ aws_region | default(region) | default('us-east-1')}}"
      disable_rollback: true
      template: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template"
      tags:
        Stack: "project {{ project_tag }}"
    tags:
      - aws_infrastructure_deployment
      - provision_cf_template
    register: cloudformation_out
    until:
      - cloudformation_out|succeeded
      - cloudformation_out.output in ["Stack CREATE complete", "Stack is already up-to-date."]
    retries: "{{ cloudformation_retries | default(25) }}"
    delay: 60
    ignore_errors: yes

  - name: report Cloudformation error
    fail:
      msg: "FAIL {{ project_tag }} Create Cloudformation"
    when: not cloudformation_out|succeeded
    tags:
      - provision_cf_template

  - name: Gather EC2 facts
    ec2_remote_facts:
      aws_access_key: "{{ aws_access_key_id }}"
      aws_secret_key: "{{ aws_secret_access_key }}"
      region: "{{ aws_region | default(region) | default('us-east-1')}}"
      filters:
        instance-state-name: running
        "tag:Project": "{{project_tag}}"
    register: ec2_facts
    tags:
      - create_inventory
      - must
  - name: windows ostype workaround
    set_fact:
      project_tag_ostype: "{{project_tag}}_ostype"
    tags:
      - create_inventory
      - must
  - add_host:
      name: "{{item['public_dns_name']}}"
      shortname: "{{item['tags']['Name'] | default(item['private_dns_name'])}}"
      groups: "{{item['tags']['AnsibleGroup']}},tag_Project_{{env_type| replace('-', '_')}}_{{guid}},tag_{{env_type| replace('-', '_')}}_{{guid}}_{{item['tags'][project_tag] | default('unknowns')}},tag_{{env_type| replace('-', '_')}}_{{guid}}_ostype_{{item['tags'][project_tag_ostype] | default('unknown')}},{{item['tags']['ostype'] | default('unknowns')}},{{item['tags'][project_tag_ostype] | default('unknowns')}}"
      ansible_ssh_user: ec2-user
      remote_user: ec2-user
      ansible_ssh_private_key_file: "{{item['key_name']}}"
      key_name: "{{item['key_name']}}"
      state: "{{item['state']}}"
      internaldns: "{{item['tags']['internaldns'] | default(item['private_dns_name'])}}"
      region: "{{item['region']}}"
      public_dns_name: "{{item['public_dns_name']}}"
      private_dns_name: "{{item['private_dns_name']}}"
      private_ip_address: "{{item['private_ip_address']}}"
      public_ip_address: "{{item['public_ip_address']}}"
      placement: "{{item['placement']['zone']}}"
      image_id: "{{item['image_id']}}"
    with_items: "{{ec2_facts['instances']}}"
    tags:
      - create_inventory
      - must

  - name: debug hostvars
    debug:
      var: hostvars
      verbosity: 2

- name: Configure local ssh config for bastion proxy use
  include: "{{ ANSIBLE_REPO_PATH }}/cloud_providers/{{cloud_provider}}_ssh_config_setup.yml"
  when: groups['bastions']

- name: wait_for_connection for all non-windows machines and set hostname
  hosts:
    - all:!windows
  vars_files:
      - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
      - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
      - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/ssh_vars.yml"
  gather_facts: false
  any_errors_fatal: true
  ignore_errors: false
  become: true
  tags:
    - step001
    - wait_ssh
    - set_hostname
  tasks:
    - name: wait for linux host to be available
      wait_for_connection:
    - name: Set hostname based on tag_internaldns
      hostname:
        name: "{{hostvars[inventory_hostname]['internaldns']}}"
      when: hostvars[inventory_hostname]['internaldns'] is defined
    - stat:
        path: /etc/cloud/cloud.cfg
      register: cloud_cfg_file

    - name: disable updating hostname in /etc/cloud/cloud.cfg
      lineinfile:
        dest: /etc/cloud/cloud.cfg
        regexp: 'update_hostname$'
        line: '# - update_hostname'
        backup: yes
      when: cloud_cfg_file.stat.exists
      tags: disable_cloud_cfg_hostname


- name: Set facts for Windows hosts if any exist and wait_for_connection
  gather_facts: false
  hosts:
    - windows
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/ssh_vars.yml"
  tasks:
    - name: set facts for remote access
      set_fact:
        ansible_become: false
        ansible_connection: winrm
        ansible_host: "{{ public_dns_name }}"
        ansible_password: "{{ windows_password | default(hostvars['localhost'].generated_windows_password) }}"
        ansible_port: 5986
        ansible_user: Administrator
        ansible_ssh_user: Administrator
        ansible_winrm_server_cert_validation: ignore

    - name: wait for windows host to be available
      wait_for_connection:

- name: wait_for_connection for all non-windows machines and set hostname
  hosts:
    - all:!windows
  vars_files:
      - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
      - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
      - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/ssh_vars.yml"
  gather_facts: false
  any_errors_fatal: true
  ignore_errors: false
  become: true
  tags:
    - step001
    - wait_ssh
    - set_hostname
  tasks: