---
- name: Fail early if Python 3 is used on CentOS / RHEL < 8
  fail:
    msg: "The installation of the Agent on CentOS / RHEL versions < 8 requires the 'yum' module, which is not compatible with Python 3.
          To run this role, use a Python 2 interpreter on hosts running CentOS / RHEL < 8."
  when: (not datadog_ignore_old_centos_python3_error)
        and (ansible_facts.distribution_major_version | int <= 7)
        and (ansible_facts.python.version.major | int >= 3)

- name: Find out whether to set repo_gpgcheck or not
  # We turn off repo_gpgcheck on custom repos and on RHEL/CentOS 8.1 because
  # of https://bugzilla.redhat.com/show_bug.cgi?id=1792506
  set_fact:
    do_yum_repo_gpgcheck: >-
      {{ datadog_yum_repo_gpgcheck if datadog_yum_repo_gpgcheck != '' else (
        'no' if (
          ansible_facts.distribution_version.startswith('8.1.') or ansible_facts.distribution_version == '8.1' or
          datadog_yum_repo != ''
        ) else 'yes'
      ) }}

- name: Download current RPM key
  get_url:
    url: "{{ datadog_yum_gpgkey_current }}"
    dest: /tmp/DATADOG_RPM_KEY_CURRENT.public
    force: yes

- name: Import current RPM key
  rpm_key:
    key: /tmp/DATADOG_RPM_KEY_CURRENT.public
    state: present
  when: not ansible_check_mode

- name: Download new RPM key (Expires in 2022)
  get_url:
    url: "{{ datadog_yum_gpgkey_e09422b3 }}"
    dest: /tmp/DATADOG_RPM_KEY_E09422B3.public
    checksum: "sha256:{{ datadog_yum_gpgkey_e09422b3_sha256sum }}"

- name: Import new RPM key (Expires in 2022)
  rpm_key:
    key: /tmp/DATADOG_RPM_KEY_E09422B3.public
    state: present
  when: not ansible_check_mode

- name: Download new RPM key (Expires in 2024)
  get_url:
    url: "{{ datadog_yum_gpgkey_20200908 }}"
    dest: /tmp/DATADOG_RPM_KEY_20200908.public
    checksum: "sha256:{{ datadog_yum_gpgkey_20200908_sha256sum }}"

- name: Import new RPM key (Expires in 2024)
  rpm_key:
    key: /tmp/DATADOG_RPM_KEY_20200908.public
    state: present
  when: not ansible_check_mode

- name: Install Datadog Agent 5 yum repo
  yum_repository:
    name: datadog
    description: Datadog, Inc.
    baseurl: "{{ datadog_agent5_yum_repo }}"
    enabled: yes
    repo_gpgcheck: no  # we don't sign Agent 5 repodata
    gpgcheck: "{{ datadog_yum_gpgcheck }}"
    gpgkey: [
      "{{ datadog_yum_gpgkey_current }}",
      "{{ datadog_yum_gpgkey_20200908 }}",
      "{{ datadog_yum_gpgkey_e09422b3 }}",
      "{{ datadog_yum_gpgkey }}",
    ]
  register: repofile5
  when: (datadog_agent_major_version|int == 5) and (datadog_yum_repo | length == 0) and (not ansible_check_mode)

- name: Install Datadog Agent 6 yum repo
  yum_repository:
    name: datadog
    description: Datadog, Inc.
    baseurl: "{{ datadog_agent6_yum_repo }}"
    enabled: yes
    repo_gpgcheck: "{{ do_yum_repo_gpgcheck }}"
    gpgcheck: "{{ datadog_yum_gpgcheck }}"
    gpgkey: [
      "{{ datadog_yum_gpgkey_current }}",
      "{{ datadog_yum_gpgkey_20200908 }}",
      "{{ datadog_yum_gpgkey_e09422b3 }}",
      "{{ datadog_yum_gpgkey }}",
    ]
  register: repofile6
  when: (datadog_agent_major_version|int == 6) and (datadog_yum_repo | length == 0) and (not ansible_check_mode)

- name: Install Datadog Agent 7 yum repo
  yum_repository:
    name: datadog
    description: Datadog, Inc.
    baseurl: "{{ datadog_agent7_yum_repo }}"
    enabled: yes
    repo_gpgcheck: "{{ do_yum_repo_gpgcheck }}"
    gpgcheck: "{{ datadog_yum_gpgcheck }}"
    gpgkey: [
      "{{ datadog_yum_gpgkey_current }}",
      "{{ datadog_yum_gpgkey_20200908 }}",
      "{{ datadog_yum_gpgkey_e09422b3 }}",
    ]
  register: repofile7
  when: (datadog_agent_major_version|int == 7) and (datadog_yum_repo | length == 0) and (not ansible_check_mode)

- name: Install Datadog Custom yum repo
  yum_repository:
    name: datadog
    description: Datadog, Inc.
    baseurl: "{{ datadog_yum_repo }}"
    enabled: yes
    repo_gpgcheck: "{{ do_yum_repo_gpgcheck }}"
    gpgcheck: "{{ datadog_yum_gpgcheck }}"
    gpgkey: [
      "{{ datadog_yum_gpgkey_current }}",
      "{{ datadog_yum_gpgkey_20200908 }}",
      "{{ datadog_yum_gpgkey_e09422b3 }}",
      "{{ datadog_yum_gpgkey }}",
    ]
  register: repofilecustom
  when: (datadog_yum_repo | length > 0) and (not ansible_check_mode)

- name: Clean repo metadata if repo changed # noqa 503
  command: yum clean metadata --disablerepo="*" --enablerepo=datadog
  ignore_errors: yes # Cleaning the metadata is only needed when downgrading a major version of the Agent, don't fail because of this
  args:
    warn: no
  when: repofile5.changed or repofile6.changed or repofile7.changed or repofilecustom.changed

- name: Remove old yum repo files
  yum_repository:
    name: "ansible_datadog_{{ item }}"
    state: absent
  with_items: [ 5, 6, 7, "custom" ]

- include_tasks: pkg-redhat/install-pinned.yml
  when: datadog_agent_redhat_version is defined

- include_tasks: pkg-redhat/install-latest.yml
  when: datadog_agent_redhat_version is not defined