---

- name: Set-up fixtures
  hosts: localhost
  connection: local
  gather_facts: false
  tasks:

    - name: Initialise CA hierarchy
      command: "gimmecert init"
      args:
        creates: ".gimmecert/ca/level1.cert.pem"
        chdir: "tests/data/"

    - name: Generate server private keys and certificates
      command:
      args:
        chdir: "tests/data/"
        creates: ".gimmecert/server/{{ item.name }}.cert.pem"
        argv:
          - "gimmecert"
          - "server"
          - "{{ item.name }}"
          - "{{ item.fqdn }}"
      with_items:
        - name: parameters-mandatory-stretch64_ldap
          fqdn: parameters-mandatory
        - name: parameters-optional-stretch64_ldap
          fqdn: parameters-optional
        - name: parameters-mandatory-buster64_ldap
          fqdn: parameters-mandatory
        - name: parameters-optional-buster64_ldap
          fqdn: parameters-optional

    - name: Set-up link to generated X.509 material
      file:
        src: ".gimmecert"
        dest: "tests/data/x509"
        state: link

- name: Prepare
  hosts: all
  gather_facts: false
  tasks:
    - name: Install python for Ansible
      raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
      become: true
      changed_when: false

- hosts: all
  become: true
  tasks:

    - name: Update all caches to avoid errors due to missing remote archives
      apt:
        update_cache: true
      changed_when: false

    - name: Deploy CA certificate
      copy:
        src: tests/data/x509/ca/level1.cert.pem
        dest: /etc/ssl/certs/testca.cert.pem
        owner: root
        group: root
        mode: 0644

- hosts: client
  become: true
  tasks:

    - name: Install tool for teting TCP connectivity
      apt:
        name: hping3
        state: present

    - name: Set-up /etc/hosts with entries for all servers
      lineinfile:
        path: /etc/hosts
        regexp: "^{{ item.key }}"
        line: "{{ item.key }} {{ item.value }}"
        owner: root
        group: root
        mode: 0644
        state: present
      with_dict:
        10.31.127.22: parameters-mandatory-stretch64
        10.31.127.23: parameters-optional-stretch64
        10.31.127.12: parameters-mandatory-buster64
        10.31.127.13: parameters-optional-buster64

- hosts: parameters-optional
  become: true
  tasks:

    - name: Set-up the hosts file
      lineinfile:
        path: /etc/hosts
        regexp: "^{{ item.key }}"
        line: "{{ item.key }} {{ item.value }}"
        owner: root
        group: root
        mode: 0644
        state: present
      with_dict:
        127.0.2.1: parameters-optional

- hosts: parameters-mandatory
  become: true
  tasks:

    - name: Set-up the hosts file
      lineinfile:
        path: /etc/hosts
        regexp: "^{{ item.key }}"
        line: "{{ item.key }} {{ item.value }}"
        owner: root
        group: root
        mode: 0644
        state: present
      with_dict:
        127.0.2.1: parameters-mandatory

- hosts: backup-server
  become: true
  roles:
    - role: backup_server
      backup_host_ssh_private_keys:
        rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
        ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
        ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
      backup_clients:
        - server: localhost
          ip: 127.0.0.1
          public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"

- hosts: parameters-mandatory,parameters-optional
  become: true
  tasks:

    - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
      file:
        path: "/bin/ss"
        state: absent

    - name: Install netstat utility
      apt:
        name: net-tools
        state: present

    - name: Install nmap utility for testing TLS
      apt:
        name: nmap
        state: present