---
##
  - name: debug
    debug:
      var: ansible_facts
      
  - name: debug
    debug:
      var: ansible_fqdn
##prüfen ob die erforderliche Software installiert ist
  - name: ensure software krb5-workstation and krb5-libs are installed
    become_user: root
    become: yes
    yum: 
      name: 
        - krb5-workstation
        - krb5-libs
      state: present
      disable_gpg_check: yes
        
      
##muss noch geklärt werden ob erforderlich
##BitBW hat zudem Änderungen an dem File vorgenommen
##daher u.U. BitBW noch informieren
  - name: Copy file sshd_config with owner and permissions
    become_user: root
    become: yes
    copy:
      src: ./files/sshd_config
      dest: /etc/ssh/sshd_config
      owner: root 
      group: root
      mode: '0600'      
  - name: Template file ssh_config with owner and permissions    
    become_user: root
    become: yes
    template:
      src: ./templates/ssh_config.j2
      dest: /etc/ssh/ssh_config
      owner: root 
      group: root
      mode: '0644'   
  - name: copy File remote from ./files/{{ ansible_hostname }}_krb5.keytab to /etc
    become_user: root
    become: yes
    copy:
      src: ./files/{{ ansible_hostname }}_krb5.keytab
      dest: /etc/krb5.keytab
      owner: root 
      group: root
      mode: '0644'   
     
      
  - name: copy File krb5.conf_devel /etc
    become_user: root
    become: yes
    copy:
      src: krb5.conf_devel
      dest: /etc/krb5.conf
      owner: root 
      group: root
      mode: '0644' 
    when: ansible_fqdn == 'epolsa5069bit03.tpolizei-bw.de' or ansible_fqdn == 'epolsa5073bit03.tpolizei-bw.de'
    
  
  - name: copy File krb5.conf_prod /etc
    become_user: root
    become: yes
    copy:
      src: krb5.conf_prod
      dest: /etc/krb5.conf
      owner: root 
      group: root
      mode: '0644' 
    when: ansible_fqdn == 'polsa5079bit03.polizei-bw.net' or ansible_fqdn == 'polsa5079stu02.polizei-bw.net' or ansible_fqdn == 'polsa5069stu02.spolizei-bw.edu'
    
      
      
      
  #- name: Template file rsWebserviceAppserver.xml.j2 with owner and permissions 
    #template:
      #src: ./templates/rsWebserviceAppserver.xml.j2
      #dest: /opt/rola/ams/linux/Appserver/config/rsWebserviceAppserver.xml
      #owner: jetty
      #group: dba
      #mode: '0644'
  #- name: Template file rsWebserviceAppserverAdmin.xml.j2 with owner and permissions 
    #template:
      #src: ./templates/rsWebserviceAppserverAdmin.xml.j2
      #dest: /opt/rola/ams/linux/Appserveradmin/config/rsWebserviceAppserver.xml
      #owner: jetty
      #group: dba
      #mode: '0644'     
  - name: Kdestroy zum löschen der alten Verbindung
    command: /usr/bin/kdestroy
    become: yes
    become_user: root
  - name: Kinit zum erstellen der erstmaligen Verbindung
    become: yes
    become_user: root
    command: /usr/bin/kinit -k HOST/{{ ansible_fqdn }}@{{ sso_domain_upper }}
    
  - name: commit changes to git
    shell: |
      git add .
      git -c user.name='Ansible Playbook' -c user.email='ansible@playbook' commit -m "ams_sso"
      exit 0
    args:
      chdir: "/opt/rola"