---
# tasks file for unifi_controller_rhel

- name: abort if os is not suitable
  when: ansible_os_family != "RedHat"
  fail: msg="{{ansible_os_family}} is not supported by this playbook"

- name: create mongo repository
  template: src=mongodb-org-3.2.repo.j2 dest=/etc/yum.repos.d/mongodb-org-3.2.repo owner=root group=root

- name: install java and mongodb
  when: ansible_os_family == "RedHat"
  yum: name={{ item }} state=present
  with_items:
    - java-1.7.0-openjdk
    - mongodb-org

- name: no need for the standard mongod service
  service: name=mongod enabled=no state=stopped

- name: setup unifi group
  group: name={{ unifi_controller_rhel_unifi_gid }} system=yes state=present

- name: setup unifi user
  user: name={{ unifi_controller_rhel_unifi_uid }} home={{ unifi_controller_rhel_unifi_prefix }}/UniFi createhome=no shell=/sbin/nologin system=yes state=present

- name: copy unifi zipball to host
  copy: src={{ unifi_controller_rhel_unifi_zip_file }} dest={{ unifi_controller_rhel_unifi_zip_dest }} force=no

- name: extract unifi
  command: /usr/bin/unzip -o {{ unifi_controller_rhel_unifi_zip_dest }} -d {{ unifi_controller_rhel_unifi_prefix }} creates={{ unifi_controller_rhel_unifi_prefix }}/UniFi

- name: create unifi data directory
  file: dest={{ unifi_controller_rhel_unifi_prefix }}/UniFi/data state=directory

- name: fix permissions
  command: /bin/chown -R {{ unifi_controller_rhel_unifi_uid }}:{{ unifi_controller_rhel_unifi_gid }} {{ unifi_controller_rhel_unifi_prefix }}/UniFi

- name: symlink mongod binary to where unifi path
  file: src=/usr/bin/mongod dest={{ unifi_controller_rhel_unifi_prefix }}/UniFi/bin/mongod state=link

- name: install custom config.properties
  template: src=config.properties.j2 dest={{ unifi_controller_rhel_unifi_prefix }}/UniFi/data/config.properties owner={{ unifi_controller_rhel_unifi_uid }} group={{ unifi_controller_rhel_unifi_gid }}

- name: install init script
  template: src=unifi.init.j2 dest=/etc/init.d/UniFi owner=root group=root mode=755

- name: copy ssl cert
  when: not (unifi_controller_rhel_ssl_cert is none)
  copy: src={{ unifi_controller_rhel_ssl_cert }} dest=/root/cert.crt force=no

- name: copy ssl key
  when: not (unifi_controller_rhel_ssl_key is none)
  copy: src={{ unifi_controller_rhel_ssl_key }} dest=/root/key.crt force=no

- name: copy ssl bundle
  when: not (unifi_controller_rhel_ssl_bundle is none)
  copy: src={{ unifi_controller_rhel_ssl_bundle }} dest=/root/bundle.crt force=no

- name: convert ssl cert to pkcs12 format
  when: not (unifi_controller_rhel_ssl_cert is none or unifi_controller_rhel_ssl_key is none or unifi_controller_rhel_ssl_bundle is none)
  shell: openssl pkcs12 -export -in /root/cert.crt -inkey /root/key.crt -out /root/unifi.p12 -name unifi -CAfile /root/bundle.crt -caname root -password pass:aircontrolenterprise

- name: convert ssl cert to keystore
  when: not (unifi_controller_rhel_ssl_cert is none or unifi_controller_rhel_ssl_key is none or unifi_controller_rhel_ssl_bundle is none)
  shell: keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore {{ unifi_controller_rhel_unifi_prefix }}/UniFi/data/keystore -srckeystore /root/unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi -noprompt

- name: start unifi service
  service: name=UniFi enabled=yes state=started