---
- name: Gather host facts to get ansible_distribution_version ansible_distribution_major_version
  setup:
    gather_subset: '!all'
    filter: ansible_distribution_*version

- name: Add proxy to yum.conf or dnf.conf if http_proxy is defined
  ini_file:
    path: "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('/etc/yum.conf','/etc/dnf/dnf.conf') }}"
    section: main
    option: proxy
    value: "{{ http_proxy | default(omit) }}"
    state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
    no_extra_spaces: true
    mode: 0644
  become: true
  when: not skip_http_proxy_on_os_packages

- name: Add proxy to RHEL subscription-manager if http_proxy is defined
  command: /sbin/subscription-manager config --server.proxy_hostname={{ http_proxy | regex_replace(':\\d+$') }} --server.proxy_port={{ http_proxy | regex_replace('^.*:') }}
  become: true
  when:
    - not skip_http_proxy_on_os_packages
    - http_proxy is defined

- name: Check RHEL subscription-manager status
  command: /sbin/subscription-manager status
  register: rh_subscription_status
  changed_when: "rh_subscription_status != 0"
  ignore_errors: true  # noqa ignore-errors
  become: true

- name: RHEL subscription Organization ID/Activation Key registration
  redhat_subscription:
    state: present
    org_id: "{{ rh_subscription_org_id }}"
    activationkey: "{{ rh_subscription_activation_key }}"
    auto_attach: true
    force_register: true
    syspurpose:
      usage: "{{ rh_subscription_usage }}"
      role: "{{ rh_subscription_role }}"
      service_level_agreement: "{{ rh_subscription_sla }}"
      sync: true
  notify: RHEL auto-attach subscription
  ignore_errors: true  # noqa ignore-errors
  become: true
  when:
    - rh_subscription_org_id is defined
    - rh_subscription_status.changed

# this task has no_log set to prevent logging security sensitive information such as subscription passwords
- name: RHEL subscription Username/Password registration
  redhat_subscription:
    state: present
    username: "{{ rh_subscription_username }}"
    password: "{{ rh_subscription_password }}"
    auto_attach: true
    force_register: true
    syspurpose:
      usage: "{{ rh_subscription_usage }}"
      role: "{{ rh_subscription_role }}"
      service_level_agreement: "{{ rh_subscription_sla }}"
      sync: true
  notify: RHEL auto-attach subscription
  ignore_errors: true  # noqa ignore-errors
  become: true
  no_log: true
  when:
    - rh_subscription_username is defined
    - rh_subscription_status.changed

# container-selinux is in extras repo
- name: Enable RHEL 7 repos
  rhsm_repository:
    name:
      - "rhel-7-server-rpms"
      - "rhel-7-server-extras-rpms"
    state: enabled
  when:
    - rhel_enable_repos | default(True)
    - ansible_distribution_major_version == "7"

# container-selinux is in appstream repo
- name: Enable RHEL 8 repos
  rhsm_repository:
    name:
      - "rhel-8-for-*-baseos-rpms"
      - "rhel-8-for-*-appstream-rpms"
    state: enabled
  when:
    - rhel_enable_repos | default(True)
    - ansible_distribution_major_version == "8"

- name: Check presence of fastestmirror.conf
  stat:
    path: /etc/yum/pluginconf.d/fastestmirror.conf
    get_attributes: no
    get_checksum: no
    get_mime: no
  register: fastestmirror

# the fastestmirror plugin can actually slow down Ansible deployments
- name: Disable fastestmirror plugin if requested
  lineinfile:
    dest: /etc/yum/pluginconf.d/fastestmirror.conf
    regexp: "^enabled=.*"
    line: "enabled=0"
    state: present
  become: true
  when:
    - fastestmirror.stat.exists
    - not centos_fastestmirror_enabled

# libselinux-python is required on SELinux enabled hosts
# See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements
- name: Install libselinux python package
  package:
    name: "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}"
    state: present
  become: true