---
- name: Install grafana
  yum: name=grafana state=present
  register: grafana_install

- name: Create unit snippet dir
  file: path=/etc/systemd/system/grafana-server.service.d state=directory

- name: Tune to restart indefinitely
  copy:
    content: |
      [Service]
      StartLimitInterval=0
      RestartSec=20
    dest: /etc/systemd/system/grafana-server.service.d/restart.conf
  register: grafana_unit

- name: Reload systemd
  systemd: daemon_reload=True
  when: grafana_unit.changed

- name: Install MySQL support
  yum: name=MySQL-python state=present
  when: grafana_db_type == 'mysql'

- name: Install PostgreSQL support
  yum: name=python-psycopg2 state=present
  when: grafana_db_type == 'postgres'

- name: Handle grafana port
  iptables_raw:
    name: grafana_port
    state: "{{ (grafana_src_ip | length > 0) | ternary('present','absent') }}"
    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ grafana_port }} -s {{ grafana_src_ip | join(',') }} -j ACCEPT"
  when: iptables_manage | default(True)

- name: Generate a random pass for database
  shell: openssl rand -base64 45 > /etc/grafana/ansible_db_pass
  args:
    creates: /etc/grafana/ansible_db_pass
  when:
    - grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
    - grafana_db_pass is not defined

- name: Restrict permission on db pass file
  file: path=/etc/grafana/ansible_db_pass mode=600
  when:
    - grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
    - grafana_db_pass is not defined

- name: Read db password
  command: cat /etc/grafana/ansible_db_pass
  register: grafana_rand_db_pass
  when:
    - grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
    - grafana_db_pass is not defined

- name: Set db pass
  set_fact: grafana_db_pass={{ grafana_rand_db_pass.stdout }}
  when:
    - grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
    - grafana_db_pass is not defined

- name: Create MySQL database
  mysql_db:
    name: "{{ grafana_db_name }}"
    state: present
    login_host: "{{ grafana_db_server }}"
    login_user: sqladmin
    login_password: "{{ mysql_admin_pass }}"
  when: grafana_db_type == 'mysql'

- name: Create MySQL User
  mysql_user:
    name: "{{ grafana_db_user | default('grafana') }}"
    password: "{{ grafana_db_pass }}"
    priv: "{{ grafana_db_name | default('grafana') }}.*:ALL"
    host: "{{ (grafana_db_server == 'localhost') | ternary('localhost', item) }}"
    login_host: "{{ grafana_db_server }}"
    login_user: sqladmin
    login_password: "{{ mysql_admin_pass }}"
    state: present
  when: grafana_db_type == 'mysql'
  with_items: "{{ ansible_all_ipv4_addresses }}"

- name: Create the PostgreSQL role
  postgresql_user:
    name: "{{ grafana_db_user }}"
    password: "{{ grafana_db_pass }}"
    login_host: "{{ grafana_db_server }}"
    login_user: sqladmin
    login_password: "{{ pg_admin_pass }}"
  when: grafana_db_type == 'postgres'

- name: Create the PostgreSQL database
  postgresql_db:
    name: "{{ grafana_db_name }}"
    encoding: UTF-8
    lc_collate: C
    lc_ctype: C
    template: template0
    owner: "{{ grafana_db_user }}"
    login_host: "{{ grafana_db_server }}"
    login_user: sqladmin
    login_password: "{{ pg_admin_pass }}"
  when: grafana_db_type == 'postgres'

- name: Generate a secret key
  shell: </dev/urandom tr -dc 'A-Za-z0-9!$%&\()*+,-./:;<=>?@[\]^_`|~' | head -c 50 > /etc/grafana/ansible_secret_key
  args:
    creates: /etc/grafana/ansible_secret_key

- name: Restrict permission on the secret key file
  file: path=/etc/grafana/ansible_secret_key mode=600

- name: Read the secret key
  command: cat /etc/grafana/ansible_secret_key
  register: grafana_secret_key
  changed_when: False

- name: Deploy grafana configuration
  template: src={{ item }}.j2 dest=/etc/grafana/{{ item }} owner=root group=grafana mode=640
  with_items:
    - grafana.ini
    - ldap.toml
  notify: restart grafana

- name: Build a list of installed plugins
  shell: grafana-cli plugins ls | perl -ne '/^(\w[\-\w]+)\s\@\s\d+\./ && print "$1\n"'
  register: grafana_installed_plugins
  changed_when: False

- name: Remove unmanaged plugins
  command: grafana-cli plugins uninstall {{ item }}
  with_items: "{{ grafana_installed_plugins.stdout_lines }}"
  when: item not in grafana_plugins
  notify: restart grafana

- name: Install plugins
  command: grafana-cli plugins install {{ item }}
  with_items: "{{ grafana_plugins }}"
  when: item not in grafana_installed_plugins.stdout_lines
  notify: restart grafana

- name: Check installed plugins versions
  shell: grafana-cli plugins ls | perl -ne '/^(\w[\-\w]+)\s\@\s(\d+[^\s]*)/ && print "$1 $2\n"'
  register: grafana_installed_plugins_versions
  changed_when: False

- name: Check available plugins versions
  shell: grafana-cli plugins list-remote | perl -ne '/^id:\s+(\w[\-\w]+)\sversion:\s+(\d+[^\s]*)/ && print "$1 $2\n"'
  register: grafana_remote_plugins_versions
  changed_when: False

- name: Update grafana plugins
  command: grafana-cli plugins update-all
  when: grafana_installed_plugins_versions.stdout_lines is not subset(grafana_remote_plugins_versions.stdout_lines)
  notify: restart grafana

- name: Start and enable the service
  service: name=grafana-server state=started enabled=yes

- name: Change admin password to a random one
  command: grafana-cli admin reset-admin-password --homepath="/usr/share/grafana" --config /etc/grafana/grafana.ini $(openssl rand -base64 33)
  when: grafana_install.changed