---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# NOTE(mhayden): GPG checking for local package installs is normally disabled
# by default in CentOS, but the openstack-ansible-security role enables GPG
# checking for local packages. The RDO repository package isn't signed, but the
# repos it installs have GPG checking enabled.
# Under CentOS, this will add the RDO repo and its key to the keyring
- name: Install RDO repository and key
  yum:
    name: "{{ pip_install_external_repo_key_package }}"
    state: "{{ pip_install_external_repo_key_package_state | default('present') }}"
    disable_gpg_check: yes
  when:
    - user_external_repo_key is not defined
  tags:
    - add-repo-keys

- name: Install EPEL and yum priorities plugin
  yum:
    name: "{{ item }}"
    state: "{{ pip_install_package_state }}"
  with_items:
    - epel-release
    - yum-plugin-priorities
    - yum-utils
  when:
    - user_external_repo_key is not defined
  tags:
    - add-repo-keys

- name: Enable and set repo priorities
  command: |
    yum-config-manager
      --enable {{ item.name }}
      --setopt="{{ item.name }}.priority={{ item.priority }}"
  changed_when: false
  with_items:
    - name: base
      priority: 50
    - name: epel
      priority: 99
    - name: extras
      priority: 50
    - name: openstack-ocata
      priority: 50
    - name: rdo-qemu-ev
      priority: 50
    - name: updates
      priority: 50
  when:
    - user_external_repo_key is not defined
  tags:
    - add-repo-keys

- name: Install external repo key manually
  rpm_key:
    key: "{{ item.key }}"
    validate_certs: "{{ item.validate_certs | default(omit) }}"
    state: "{{ item.state | default('present') }}"
  register: add_keys
  until: add_keys|success
  retries: 5
  delay: 2
  with_items: "{{ user_external_repo_keys_list }}"
  tags:
    - add-repo-keys

- name: Install external repo manually
  yum_repository:
    name: "{{ item.name }}"
    description: "{{ item.description | default(omit) }}"
    baseurl: "{{ item.baseurl | default(omit) }}"
    gpgkey: "{{ item.gpgkey | default(omit) }}"
    gpgcheck: "{{ item.gpgcheck | default(omit) }}"
    enabled: "{{ item.enabled | default('yes') }}"
  register: use_external_repo_yum
  until: use_external_repo_yum|success
  retries: 5
  delay: 2
  with_items: "{{ user_external_repos_list }}"
  tags:
    - add-external-repo