---

# Needed to write a config.xml which is not changed at each Ansible run
- name: Get current Jenkins version
  shell: "{{ jenkins_cli_command }} version"
  changed_when: False
  check_mode: no
  register: result
- name: Set fact about current Jenkins version
  set_fact:
    current_jenkins_version: "{{ result.stdout_lines[0] }}"

- name: Upload main config.xml
  template:
    src: "{{ item }}"
    dest: "{{ jenkins_home }}/config.xml"
    owner: jenkins
    group: jenkins
    mode: 0644
    backup: yes
  with_first_found:
    - "config.xml.{{ ansible_fqdn }}.j2"
    - "config.xml.j2"
  notify: safe-restart jenkins and wait

- name: Upload JenkinsLocationConfiguration.xml
  template:
    src: "{{ item }}"
    dest: "{{ jenkins_home }}/jenkins.model.JenkinsLocationConfiguration.xml"
    owner: jenkins
    group: jenkins
    mode: 0644
    backup: yes
  with_first_found:
    - "jenkins.model.JenkinsLocationConfiguration.xml.{{ ansible_fqdn }}.j2"
    - "jenkins.model.JenkinsLocationConfiguration.xml.j2"
  notify: safe-restart jenkins and wait

# Generate a SSH RSA key pair if not already present
# (we do it without the Ansible module which is only available starting 2.8)
# (and we don't use become/become_user because it fails with a permission denied on /tmp/.ansible...)
- name: Generate SSH RSA key pair
  command: su -c 'ssh-keygen -q -t rsa -b 2048 -f ~/.ssh/id_rsa -N ""' - jenkins
  args:
    creates: "{{ jenkins_home }}/.ssh/id_rsa"
  #become_user: jenkins  # permission denied
  #become: yes
  register: result
- name: Retrieve the SSH private key
  slurp:
    src: "{{ jenkins_home }}/.ssh/id_rsa.pub"
  register: tmp
  when: result.changed
- name: Ouput public key
  debug:
    msg: "Don't forget to set the public key on the Git repository and the deploy target : {{ tmp.content | b64decode | trim }}"
  when: result.changed

# Upload this new key to the Jenkins credentials plugin system
# (the create/update/import-credential-as-xml is kinda cumbersome for our
#  usecase. No way to export the key or get a MD5/SHA256 of it, so we just
#  go for the credentials.xml file directly :)
- name: Retrieve the SSH private key
  slurp:
    src: "{{ jenkins_home }}/.ssh/id_rsa"
  register: tmp
  no_log: yes
- name: Set fact about SSH key
  set_fact:
    ssh_private_key: "{{ tmp.content | b64decode | trim }}"
  no_log: yes
- name: Upload SSH RSA key pair as credential in Jenkins
  template:
    src: "{{ item }}"
    dest: "{{ jenkins_home }}/credentials.xml"
    owner: jenkins
    group: jenkins
    mode: 0600
    force: yes
    backup: yes
  with_first_found:
    - "credentials.xml.{{ ansible_fqdn }}.j2"
    - "credentials.xml.j2"
  notify: safe-restart jenkins and wait
  #shell: cat /tmp/tmp.xml | java -jar /var/cache/jenkins/war/WEB-INF/jenkins-cli.jar -s http://localhost:8080/  -auth admin:$( cat /var/lib/jenkins/secrets/initialAdminPassword ) create-credentials-by-xml system::system::jenkins _