- name: install fluentbit on debian/ubuntu systems
  gather_facts: no
  hosts: "{{target}}"
  become: "{{become}}"
  tasks:

  - name: install dependencies
    ansible.builtin.apt:
      pkg:
      - ca-certificates
      - curl
      - gnupg1
      - lsb-release
      - logrotate
      update_cache: true
      autoremove: true
      purge: true
    diff: true

  - name: define distro
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: "lsb_release -is 2>/dev/null | tr A-Z a-z || echo unknown"
    register: distro
    changed_when: false
    check_mode: false
  - debug: var=distro.stdout

  - name: define distro release
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: "lsb_release -cs 2>/dev/null || echo unknown"
    register: release
    changed_when: false
    check_mode: false
  - debug: var=release.stdout

  - name: add official signing key
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: curl -s https://packages.fluentbit.io/fluentbit.key | gpg1 --dearmor > /usr/share/keyrings/fluentbit.gpg
      creates: /usr/share/keyrings/fluentbit.gpg
      # pub  4096R/3888C1CD 2022-02-07 Fluentbit releases (Releases signing key) <releases@fluentbit.io>
      # C3C0 A285 34B9 293E AF51  FABD 9F9D DC08 3888 C1CD

  - name: add official repository
    ansible.builtin.template:
      src: templates/fluentbit.list.j2
      dest: /etc/apt/sources.list.d/fluentbit.list
    diff: true

  - name: install fluentbit
    ansible.builtin.apt:
      pkg:
      - fluent-bit
      # eventually for flb_metrics
      - sysstat
      update_cache: true
      autoremove: true
      purge: true
    when: not ansible_check_mode

  - name: cleanup default config
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: |
        set -e
        cd /etc/fluent-bit/
        [[ ! -f fluent-bit.conf.dist ]] && mv -nv fluent-bit.conf fluent-bit.conf.dist
        [[ ! -f fluent-bit.conf.clean ]] && \
          grep -vE '^[[:space:]]*(#|$)' fluent-bit.conf.dist > fluent-bit.conf.clean
        [[ ! -f fluent-bit.conf ]] && cp -nv fluent-bit.conf.clean fluent-bit.conf
      creates: /etc/fluent-bit/fluent-bit.conf.dist

  - name: start and enable service
    ansible.builtin.service:
      name: fluent-bit
      enabled: true
      state: started

  # todo - dedicated role for that?  we need config as file/template instead
  - name: setup logorate
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: |
        set -e
        cd /etc/
        [[ ! -f logrotate.conf.dist ]] && mv -nv logrotate.conf logrotate.conf.dist
        [[ ! -f logrotate.conf.clean ]] && grep -vE '^#|^$' logrotate.conf.dist > logrotate.conf.clean
        [[ ! -f logrotate.conf ]] && cp -nv logrotate.conf.clean logrotate.conf
        grep ^tabooext logrotate.conf | grep .dist$ || echo 'tabooext + .dist' >> logrotate.conf
      creates: /etc/logrotate.conf.dist

  - name: setup fluentbit log rotation
    ansible.builtin.copy:
      src: templates/logrotate_fluentbit
      dest: /etc/logrotate.d/fluentbit
    diff: true

  - name: log helper script
    ansible.builtin.copy:
      content: "tail -F /var/log/fluent*log\n"
      dest: /etc/fluent-bit/logfluent
      mode: 0755
    diff: true