---
- name: Step 003 - Create env key
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  tags:
  - step003
  - generate_env_keys
  tasks:
  - name: Generate SSH keys
    shell: ssh-keygen -b 2048 -t rsa -f "{{output_dir}}/{{env_authorized_key}}" -q -N ""
    args:
      creates: "{{output_dir}}/{{env_authorized_key}}"
    when: set_env_authorized_key

  - name: fix permission
    file:
      path: "{{output_dir}}/{{env_authorized_key}}"
      mode: 0400
    when: set_env_authorized_key

  - name: Generate SSH pub key
    shell: ssh-keygen -y -f "{{output_dir}}/{{env_authorized_key}}" > "{{output_dir}}/{{env_authorized_key}}.pub"
    args:
      creates: "{{output_dir}}/{{env_authorized_key}}.pub"
    when: set_env_authorized_key

# Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }}
- name: Configure all hosts with Repositories, Common Files and Set environment key
  hosts:
  - all:!windows
  become: true
  gather_facts: False
  tags:
  - step004
  - common_tasks
  roles:
  - { role: "set-repositories",       when: 'repo_method is defined' }
  - { role: "common",                 when: 'install_common' }
  - { role: "set_env_authorized_key", when: 'set_env_authorized_key' }

- name: Configuring Bastion Hosts
  hosts: bastions
  become: true
  roles:
  - { role: "bastion",              when: 'install_bastion' }
  - { role: "bastion-student-user", when: 'install_student_user' }
  - { role: "bastion-opentlc-ipa",  when: 'install_ipa_client' }
  tags:
  - step004
  - bastion_tasks

- name: PreSoftware flight-check
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  tags:
  - flight_check
  tasks:
  - debug:
      msg: "Pre-Software checks completed successfully"