---
- name: retrieve ssh key fingerprints
  uri:
    url: "https://robot-ws.your-server.de/key"
    method: GET
    user: "{{ hroot_robot_account.username }}"
    password: "{{ hroot_robot_account.password }}"
    force_basic_auth: yes
    status_code: 200
  register: sshkeys
  delegate_to: localhost
  check_mode: no

- name: do not continue in check mode
  fail:
    msg: "can not bootstrap new servers in check mode"
  when: ansible_check_mode | bool
  check_mode: no

- block:
  - name: retrieve server list from robot
    uri:
      url: "https://robot-ws.your-server.de/server"
      method: GET
      user: "{{ hroot_robot_account.username }}"
      password: "{{ hroot_robot_account.password }}"
      force_basic_auth: yes
      status_code: 200
    register: servers
    delegate_to: localhost
    check_mode: no

  - name: extract server IP address from robot result
    set_fact:
      hetzner_main_ip: "{{ servers.json | hroot_extract_serverip(host_name) }}"

  when: hetzner_main_ip is not defined

- name: display warning message
  pause:
    prompt: |
      *** Danger ****
      will be bootstraping host {{ inventory_hostname }} with main IP {{ hetzner_main_ip }} ...
      ALL DATA WILL BE LOST!!! press CTRL-C then A to abort.
    seconds: 15

- name: check if rescue mode is already active
  uri:
    url: "https://robot-ws.your-server.de/boot/{{ hetzner_main_ip }}/rescue"
    method: GET
    user: "{{ hroot_robot_account.username }}"
    password: "{{ hroot_robot_account.password }}"
    force_basic_auth: yes
    status_code: 200
  register: rescuestatus
  delegate_to: localhost
  check_mode: no

### TODO: for now we add all ssh keys that are installed in the robot - this might not be a good idea!
- name: activate rescue mode
  when: not rescuestatus.json.rescue.active
  uri:
    url: "https://robot-ws.your-server.de/boot/{{ hetzner_main_ip }}/rescue"
    method: POST
    user: "{{ hroot_robot_account.username }}"
    password: "{{ hroot_robot_account.password }}"
    force_basic_auth: yes
    body: "os=linux&arch=64&authorized_key[]={{ sshkeys.json | hroot_extract_ssh_key_fingerprints | join('&authorized_key[]=') }}"
    status_code: 200
    headers:
      Content-Type: "application/x-www-form-urlencoded"
  delegate_to: localhost

- name: wait for the rescue mode to become active
  pause:
    seconds: 5

- name: do a hardware reset
  uri:
    url: "https://robot-ws.your-server.de/reset/{{ hetzner_main_ip }}"
    method: POST
    user: "{{ hroot_robot_account.username }}"
    password: "{{ hroot_robot_account.password }}"
    force_basic_auth: yes
    body: "type=hw"
    status_code: 200
    headers:
      Content-Type: "application/x-www-form-urlencoded"
  delegate_to: localhost

### TODO: would be nice to get the SSH host key from robot
- name: completely ignore ssh host keys for now
  set_fact:
    old_ansible_ssh_extra_args: "{{ ansible_ssh_extra_args | default('') }}"
    ansible_ssh_extra_args: "{{ ansible_ssh_extra_args | default('') }} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"

- name: wait for rescue system to start up
  wait_for_connection:
    delay: 30
    timeout: 120

- import_tasks: hetzner_installimage.yml

- name: reboot
  shell: sleep 2 && shutdown -r now "triggered by ansible after running installimage"
  async: 1
  poll: 0
  ignore_errors: True
  changed_when: True

### TODO: SSH host key handling needs to be improved
- name: automatically accept new ssh host key
  set_fact:
    ansible_ssh_extra_args: "{{ old_ansible_ssh_extra_args }} -o StrictHostKeyChecking=no"

- name: wait for host to start up
  wait_for_connection:
    delay: 15
    timeout: 120

### TODO: SSH host key handling needs to be improved
- name: re-enable ssh host key checking
  set_fact:
    ansible_ssh_extra_args: "{{ old_ansible_ssh_extra_args }}"