---
- name: Linux server patching
  hosts: "{{ _hosts | default(omit) }}"
  become: true
  vars:
    report_server: reports

  tasks:
    # Install yum-utils if it's not there
    - name: Install yum-utils
      ansible.builtin.yum:
        name: yum-utils
        state: installed
      check_mode: false

    - name: Include patching role
      ansible.builtin.include_role:
        name: demo.patching.patch_linux

    - name: Tell user when Insights Client is not configured
      ansible.builtin.debug:
        msg: "Insights client does not appear to be configured. Scan will be skipped"
      when:
        - ansible_local.insights.system_id is not defined

    - name: Run the Insights Client Scan  # noqa: no-changed-when
      ansible.builtin.command: insights-client
      when:
        - not ansible_check_mode
        - ansible_local.insights.system_id is defined

    - name: Deploy report server
      when: not ansible_check_mode
      delegate_to: "{{ report_server }}"
      run_once: true  # noqa: run-once[task]
      block:
        - name: Install firewall dependencies
          ansible.builtin.dnf:
            name:
              - firewalld
              - python3-firewall
            state: present

        - name: Start firewalld
          ansible.builtin.service:
            name: firewalld
            state: started

        - name: Enable firewall http service
          ansible.posix.firewalld:
            service: '{{ item }}'
            state: enabled
            immediate: true
            permanent: true
          loop:
            - http
            - https

        - name: Build report server
          ansible.builtin.include_role:
            name: "{{ item }}"
          loop:
            - demo.patching.report_server
            - demo.patching.report_linux
            - demo.patching.report_linux_patching

        - name: Publish landing page
          ansible.builtin.include_role:
            name: demo.patching.report_server
            tasks_from: linux_landing_page