---
# tasks file for linux_onboard-adagility
- name: Install packages
  apt: 
    name: "{{ packages }}"
    state: present
    update_cache: yes
  when: ansible_distribution_file_variety != "SUSE"
- name: install packages (SUSE)
  package:
    name: realmd
    state: present
  when: ansible_distribution_file_variety == "SUSE"

- name: install dnspython
  ansible.builtin.pip:
    name: dnspython
- name: test reachability of kerberos realm
  command: 'nslookup adagility.net'
  register: pingresult
- name: ping result
  debug:
    msg: "{{pingresult}}"
- name: Install pexpect
  pip: 
    name: pexpect
    state: present     
- name: replace or add krb5.conf
  ansible.builtin.copy:
    src: krb5.conf
    dest: /etc/krb5.conf
    follow: yes
- name: Discover realm
  command: /bin/bash -c "/usr/sbin/realm discover adagility.net"
  register: realm_discover_results
  tags: ad

- name: Discover realm debug
  debug: 
    msg: "{{ realm_discover_results.stdout }}"

- name: Create kerberos ticket
  expect:
    command: /bin/bash -c "/usr/bin/kinit -V {{admin_account}}"
    responses:
      (?i)Password: "{{admin_password}}"
  tags: ad
- name: Checking to see if system is already joined to AD
  command: /bin/bash -c "/usr/sbin/realm list"
  register: realm_list_results
  tags: ad

- name: Debug realm_list_results
  debug: var=realm_list_results.stdout
- name: join ad
  ansible.builtin.expect:
    command:  /bin/bash -c "/usr/sbin/realm join adagility.net --computer-ou='OU={{ tstaccprd }},OU=GLB_{{department}},OU=Servers,OU=Aperam,DC=ADAGILITY,DC=NET' -U {{admin_account}}"
 #   command:  /bin/bash -c "/usr/sbin/realm join adagility.net --computer-ou='OU=TST,OU=GLB_Infrastructure,OU=Servers,OU=Aperam,DC=ADAGILITY,DC=NET' -U {{admin_account}}"
    responses:
      (?i): "{{admin_password}}"
  ignore_errors: yes
  when: realm_list_results.stdout == ""
  become: true
  timeout: 10
- name: remove history
  command: /bin/bash -c  "history -c" 

- name: set hostname
  ansible.builtin.command:
    cmd: hostnamectl set-hostname "{{ hostname }}.adagility.net"
  register: hostname_command

- name: edit /etc/sssd/sssd.conf
  lineinfile:
    path: /etc/sssd/sssd.conf
    line: "{{ item }}"
  with_items:
    - "use_fully_qualified_names = True"
    - "dyndns_update = true"
    - "dyndns_refresh_interval = 43200"
    - "dyndns_ttl = 3600"
- name: specify which ad group can login
  ansible.builtin.command:
    cmd: realm permit -g "G-MGMT-LA-DEVADM-{{ hostname|upper }}@adagility.net"
- name: change sudoers file
  lineinfile:
    path: /etc/sudoers
    line: "%G-MGMT-LA-DEVADM-{{ hostname }}@adagility.net     ALL=(ALL)       ALL"
- name: change common-sessions
  ansible.builtin.lineinfile:
    path: /etc/pam.d/common-session
    line: session required pam_mkhomedir.so skel=/etc/skel/ umask=0022



# - name: add users to the domain group
#   community.windows.win_domain_user:
#     name: G-MGMT-LA-DEVADM-{{ hostname}}
#     members: "{{ item }}"
#   loop: "{{users.split('\n')}}"