---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Create apache nogroup group
  group:
    name: "nogroup"
    system: "yes"

- name: Create apache nogroup user
  user:
    name: "nogroup"
    group: "nogroup"
    system: "yes"
    shell: "/bin/false"

- name: Drop apache2 config files
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "root"
    group: "root"
  with_items: "{{ keystone_apache_configs }}"
  notify:
    - Restart service

- name: Disable default apache site
  file:
    path: "{{ item }}"
    state: "absent"
  with_items: "{{ keystone_apache_default_sites }}"
  notify:
    - Restart service

- name: Enabled keystone vhost
  file:
    src: "{{ keystone_apache_site_available }}"
    dest: "{{ keystone_apache_site_enabled }}"
    state: "link"
  when:
    - keystone_apache_site_available is defined
    - keystone_apache_site_enabled is defined
  notify:
    - Restart service

- name: Ensure Apache ServerName
  lineinfile:
    dest: "{{ keystone_apache_conf }}"
    line: "ServerName {{ ansible_hostname }}"
  notify:
    - Restart service

- name: Ensure Apache ServerTokens
  lineinfile:
    dest: "{{ keystone_apache_security_conf }}"
    regexp: '^ServerTokens'
    line: "ServerTokens {{ keystone_apache_servertokens }}"
  notify:
    - Restart service

- name: Ensure Apache ServerSignature
  lineinfile:
    dest: "{{ keystone_apache_security_conf }}"
    regexp: '^ServerSignature'
    line: "ServerSignature {{ keystone_apache_serversignature }}"
  notify:
    - Restart service

## NOTE(cloudnull):
## Module enable/disable process is only functional on Debian based systems.
- name: Enable/disable mod_ssl for apache2
  apache2_module:
    name: ssl
    state: "{{ (keystone_ssl | bool) | ternary('present', 'absent') }}"
  when:
    - ansible_pkg_mgr == 'apt'
  notify:
    - Restart service

## NOTE(cloudnull):
## Module enable/disable process is only functional on Debian based systems.
- name: Enable/disable mod_shib2 for apache2
  apache2_module:
    name: shib2
    state: "{{ ( keystone_sp != {} ) | ternary('present', 'absent') }}"
  ignore_errors: yes
  when:
    - ansible_pkg_mgr == 'apt'
  notify:
    - Restart service