# Image configuration for Baserock OpenID provider.
---
- hosts: openid
  gather_facts: False
  sudo: yes
  tasks:
  # See: https://fedoramagazine.org/getting-ansible-working-fedora-23/
  - name: install Python2 and required deps for Ansible modules
    raw: dnf install -y python2 python2-dnf libselinux-python

  - name: enable persistant journal
    shell: mkdir /var/log/journal
    args:
      creates: /var/log/journal

  - name: ensure system up to date
    dnf: name=* state=latest

  - name: install Cherokee web server
    dnf: name=cherokee state=latest

  - name: install Sendmail mail transfer agent
    dnf: name=sendmail state=latest

  - name: install uWSGI application container server and Python plugin
    dnf: name=uwsgi-plugin-python state=latest

  - name: install PyYAML
    dnf: name=PyYAML state=latest

  # Authentication in Gerrit fails if OpenID clock is not set correctly
  - name: Install ntp
    dnf: name=ntp

  # All this stuff is installed with Pip, which isn't really necessary except
  # for django-registration-redux. Fedora packages django-registration but not
  # the better django-registration-redux (I think).
  #
  - name: install Django
    pip: name=django executable=pip2.7

  - name: install South (Django migrations tool)
    pip: name=South executable=pip2.7

  # This is a fork of django-registration which supports Django 1.7.
  # Source: https://github.com/macropin/django-registration
  # The original django-registration (which seems to be abandoned) lives at:
  # https://bitbucket.org/ubernostrum/django-registration/
  - name: install django-registration-redux
    pip: name=django-registration-redux executable=pip2.7

  - name: install python-openid
    pip: name=python-openid executable=pip2.7

  # Install the MySQL-python package from DNF, because if it's installed from
  # PyPI you need to have the mariadb-devel package installed to build the C
  # code and that's an extra 21MB of dependencies or so. Note that this driver
  # doesn't support Python 3, but there is a fork available which does, see:
  # https://docs.djangoproject.com/en/dev/ref/databases/#mysql-db-api-drivers
  - name: install MySQL-python
    dnf: name=MySQL-python state=latest

  - name: install Cherokee configuration
    file: src=/srv/baserock_openid_provider/cherokee.conf dest=/etc/cherokee/cherokee.conf state=link force=yes

  - name: create log directory for baserock_openid_provider
    file: path=/var/log/baserock_openid_provider owner=cherokee group=cherokee state=directory

  - name: upload application
    copy: src=. dest=/srv owner=fedora group=fedora

  # Yes, SELinux prevents Cherokee from working.
  - name: disable SELinux on subsequent boots
    selinux: state=disabled

  - name: disable SELinux on current boot
    command: setenforce 0