---
- name: Create group
  ansible.builtin.group:
    name: mongod
    gid: 1006

- name: Create user
  ansible.builtin.user:
    name: mongod
    comment: Service MongoDB
    createhome: false
    group: mongod
    home: /var/empty
    shell: /sbin/nologin
    uid: 1006

- name: Enable repository
  ansible.builtin.yum_repository:
    name: mongodb
    baseurl: https://repo.mongodb.org/yum/redhat/8/mongodb-org/5.0/x86_64
    description: MongoDB
    gpgcheck: true
    gpgkey: https://www.mongodb.org/static/pgp/server-5.0.asc
    enabled: true

- name: Install packages
  ansible.builtin.package:
    name: "{{ item }}"
    state: installed
  with_items:
    - mongodb-org-server
    - mongodb-org-shell

- name: Set SELinux file contexts on data directory
  community.general.sefcontext:
    path: "/export/mongodb(/.*)?"
    setype: mongod_var_lib_t

- name: Create data directory
  ansible.builtin.file:
    path: /export/mongodb
    state: directory
    mode: 0700
    owner: mongod
    group: mongod
    setype: _default

- name: Link data directory
  ansible.builtin.file:
    path: /srv/mongodb
    src: /export/mongodb
    owner: root
    group: "{{ ansible_wheel }}"
    state: link
    follow: false

- name: Generate combined certificate/private key file contents
  ansible.builtin.command:
    argv:
      - /bin/cat
      - "{{ tls_certs }}/{{ inventory_hostname }}.crt"
      - "{{ tls_private }}/{{ inventory_hostname }}.key"
  changed_when: false
  register: mongodb_cert_key

- name: Create combined certificate/private key file
  ansible.builtin.copy:
    dest: "{{ tls_private }}/mongodb.pem"
    content: "{{ mongodb_cert_key.stdout }}"
    mode: 0640
    owner: root
    group: mongod
  notify: restart mongod

- name: Configure logrotate
  ansible.builtin.copy:
    dest: /etc/logrotate.d/mongod
    src: mongod.logrotate
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"

- name: Configure startup options
  ansible.builtin.copy:
    dest: /etc/sysconfig/mongod
    content: |
      OPTIONS="-f /etc/mongod.conf --logRotate reopen"
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart mongod

- name: Create configuration
  ansible.builtin.template:
    dest: /etc/mongod.conf
    src: mongod.conf.j2
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart mongod

- name: Enable service
  ansible.builtin.service:
    name: mongod
    state: started
    enabled: true

- name: Create mongo alias cmd for root
  ansible.builtin.lineinfile:
    path: /root/.bashrc
    line: >
      alias mongo='mongo
      --tlsCertificateKeyFile {{ tls_private }}/mongodb.pem
      --tlsCAFile {{ tls_certs }}/ca.crt
      --tls mongodb://{{ inventory_hostname }}/'
    regexp: ^alias mongo=.*