---
# tasks file for ansible-freeipa-client

- name: Assert supported distribution
  tags:
    - assertion
    - freeipaclient
  assert:
    that:
      - ansible_distribution + '-' + ansible_distribution_major_version in freeipaclient_supported_distributions

- name: Assert required variables
  tags:
    - assertion
    - freeipaclient
  assert:
    that:
      - freeipaclient_server is defined
      - freeipaclient_domain is defined
      - freeipaclient_enroll_user is defined
      - freeipaclient_enroll_pass is defined

- name: Import variables
  tags:
    - import
    - freeipaclient
  include_vars: "{{ ansible_distribution }}.yml"

- name: Set DNS server
  tags:
    - dns
    - freeipaclient
  become: true
  when: freeipaclient_dns_server is defined
  lineinfile:
    state: present
    line: "nameserver {{ freeipaclient_dns_server }}"
    dest: /etc/resolv.conf

- name: Update apt cache
  tags:
    - packagemanagement
    - freeipaclient
  become: true
  when: ansible_pkg_mgr  == 'apt'
  apt:
    update_cache: true
    cache_valid_time: 3600

- name: Install required packages
  tags:
    - packagemanagement
    - freeipaclient
  become: true
  with_items: "{{ freeipaclient_packages }}"
  package:
    state: present
    name: "{{ item }}"

- name: Check if host is enrolled
  tags:
    - enroll
    - freeipaclient
  register: freeipaclient_ipaconf
  check_mode: no
  stat:
    path: /etc/ipa/default.conf

- name: Enroll host in domain
  tags:
    - enroll
    - freeipaclient
  become: true
  when: not freeipaclient_ipaconf.stat.exists
  command: >
    {{ freeipaclient_install_command }}
    {{'--hostname=' + freeipaclient_hostname  if freeipaclient_hostname is defined else '--hostname=' + ansible_nodename }}
    --server={{ freeipaclient_server }}
    --domain={{ freeipaclient_domain }}
    --principal={{ freeipaclient_enroll_user }}
    --password={{ freeipaclient_enroll_pass }}
    --ssh-trust-dns
    --mkhomedir
    {{ '--enable-dns-updates' if freeipaclient_enable_dns_updates else ''}}
    --unattended
    {{ '--all-ip-addresses' if freeipaclient_all_ip_addresses else ''}}
    {{ '--no-ntp' if not freeipaclient_enable_ntp else ''}}
    {{ '--force-join' if freeipaclient_force_join else ''}}

- name: Include Ubuntu specific tasks
  tags:
    - ubuntu
    - freeipaclient
  when: ansible_os_family == 'Debian'
  include: ubuntu.yml