---
# tasks file for keycloak
- name: Check prerequisites
  ansible.builtin.include_tasks: prereqs.yml
  tags:
    - prereqs
    - always

- name: Distro specific tasks
  ansible.builtin.include_tasks: "{{ ansible_os_family | lower }}.yml"
  tags:
    - unbound

- name: Include install tasks
  ansible.builtin.include_tasks: install.yml
  tags:
    - install

- name: Include systemd tasks
  ansible.builtin.include_tasks: systemd.yml
  tags:
    - systemd

- name: "Configure config for keycloak service"
  ansible.builtin.template:
    src: keycloak.conf.j2
    dest: "{{ keycloak.home }}/conf/keycloak.conf"
    owner: "{{ keycloak.service_user }}"
    group: "{{ keycloak.service_group }}"
    mode: 0644
  become: true
  notify:
    - rebuild keycloak config
    - restart keycloak

- name: "Configure quarkus config for keycloak service"
  ansible.builtin.template:
    src: quarkus.properties.j2
    dest: "{{ keycloak.home }}/conf/quarkus.properties"
    owner: "{{ keycloak.service_user }}"
    group: "{{ keycloak.service_group }}"
    mode: 0644
  become: true
  notify:
    - restart keycloak

- name: Create tcpping cluster node list
  ansible.builtin.set_fact:
    keycloak_quarkus_cluster_nodes: >
      {{ keycloak_quarkus_cluster_nodes | default([]) + [
        {
          "name": item,
          "address": 'jgroups-' + item,
          "inventory_host": hostvars[item].ansible_default_ipv4.address | default(item) + '[' + (keycloak_quarkus_jgroups_port | string) + ']',
          "value": hostvars[item].ansible_default_ipv4.address | default(item)
        }
      ] }}
  loop: "{{ ansible_play_batch }}"
  when: keycloak_quarkus_ha_enabled and keycloak_quarkus_ha_discovery == 'TCPPING'

- name: "Configure infinispan config for keycloak service"
  ansible.builtin.template:
    src: cache-ispn.xml.j2
    dest: "{{ keycloak.home }}/conf/cache-ispn.xml"
    owner: "{{ keycloak.service_user }}"
    group: "{{ keycloak.service_group }}"
    mode: 0644
  become: true
  notify:
    - rebuild keycloak config
    - restart keycloak

- name: Ensure logdirectory exists
  ansible.builtin.file:
    state: directory
    path:  "{{ keycloak.log.file | dirname }}"
    owner: "{{ keycloak.service_user }}"
    group: "{{ keycloak.service_group }}"
    mode: 0775
  become: true

- name: Flush pending handlers
  ansible.builtin.meta: flush_handlers

- name: "Start and wait for keycloak service"
  ansible.builtin.include_tasks: start.yml

- name: Check service status
  ansible.builtin.command: "systemctl status keycloak"
  register: keycloak_service_status
  changed_when: false

- name: Link default logs directory
  ansible.builtin.file:
    state: link
    src: "{{ keycloak.log.file | dirname }}"
    dest: "{{ keycloak_quarkus_log_target }}"
    force: true
  become: true