---

# Copyright 2019 Nokia

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Synchronize controller ssh keys
  hosts: management:!vnf-nodes
  pre_tasks:
    - name: set master_key_holder to installation_controller
      set_fact:
        master_key_holder: "{{ installation_controller }}"

  tasks:
    - name: Copy temporary key to slaves
      shell: |
        sudo -u "{{ users.admin_user_name }}" \
            scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
            "/home/{{ users.admin_user_name }}/.ssh/id_rsa" "{{ hostvars[item]['ansible_host'] }}":/tmp/tmp_rsa
      when: hostname == master_key_holder
      with_items: "{{ groups['management'] }}"

    - name: Copy ssh keys from active haproxyvip or installation controller
      shell: |
        sudo -u "{{ users.admin_user_name }}" \
            ssh -i /tmp/tmp_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
                "{{ hostvars[master_key_holder]['ansible_host'] }}" \
                sudo tar -cf - "{{ item }}" |sudo tar -C / -xf -

      with_items:
        - '/etc/ssh/ssh_host_ecdsa_key'
        - '/etc/ssh/ssh_host_ecdsa_key.pub'
        - '/etc/ssh/ssh_host_ed25519_key'
        - '/etc/ssh/ssh_host_ed25519_key.pub'
        - '/etc/ssh/ssh_host_rsa_key'
        - '/etc/ssh/ssh_host_rsa_key.pub'
      when: master_key_holder != inventory_hostname

    - name: Clean temporary key
      file:
        path: /tmp/tmp_rsa
        state: absent