# profiles::cobbler::server
class profiles::cobbler::server (
  Stdlib::Fqdn         $service_cname,
  String               $default_password_crypted,
  Stdlib::Absolutepath $httpd_ssl_certificate = '/etc/pki/tls/vault/certificate.crt',
  Stdlib::Absolutepath $httpd_ssl_privatekey  = '/etc/pki/tls/vault/private.key',
  Stdlib::Absolutepath $tftpboot_path = '/var/lib/tftpboot/boot',
  String               $server        = $::facts['networking']['ip'],
  String               $next_server   = $::facts['networking']['ip'],
  Boolean              $pxe_just_once = true,
) {

  include profiles::cobbler::ipxebins

  # manage the cobbler settings file
  file { '/etc/cobbler/settings.yaml':
    ensure  => 'file',
    content => template('profiles/cobbler/settings.yaml.erb'),
    group   => 'apache',
    owner   => 'root',
    mode    => '0640',
    require => Package['cobbler'],
    notify  => Service['cobblerd'],
  }

  # fix permissions in /var/lib/cobbler/web.ss
  file {'/var/lib/cobbler/web.ss':
    ensure  => 'file',
    group   => 'root',
    owner   => 'apache',
    mode    => '0660',
    require => Package['cobbler'],
    notify  => Service['cobblerd'],
  }

  # manage the debmirror config to meet cobbler requirements
  file { '/etc/debmirror.conf':
    ensure  => 'file',
    content => template('profiles/cobbler/debmirror.conf.erb'),
    group   => 'root',
    owner   => 'root',
    mode    => '0644',
    require => Package['debmirror'],
  }

  # manage the httpd ssl configuration
  file { '/etc/httpd/conf.d/ssl.conf':
    ensure  => 'file',
    content => template('profiles/cobbler/httpd_ssl.conf.erb'),
    group   => 'root',
    owner   => 'root',
    mode    => '0644',
    require => Package['httpd'],
    notify  => Service['httpd'],
  }

  # manage the main ipxe menu script
  file { '/var/lib/tftpboot/main.ipxe':
    ensure  => 'file',
    content => template('profiles/cobbler/main.ipxe.erb'),
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    require => Package['cobbler'],
  }

  # ensure cobblerd is running
  service {'cobblerd':
    ensure  => 'running',
    enable  => true,
    require => File['/etc/cobbler/settings.yaml'],
  }

  # ensure httpd is running
  service {'httpd':
    ensure  => 'running',
    enable  => true,
    require => File['/etc/httpd/conf.d/ssl.conf'],
  }

  # export cnames for cobbler
  profiles::dns::record { "${::facts['networking']['fqdn']}_${service_cname}_CNAME":
    value  => $::facts['networking']['hostname'],
    type   => 'CNAME',
    record => "${service_cname}.",
    zone   => $::facts['networking']['domain'],
    order  => 10,
  }

  # manage selinux requirements for cobbler
  if $::facts['os']['selinux']['config_mode'] == 'enforcing' {

    $enable_sebooleans = [
      'httpd_can_network_connect_cobbler',
      'httpd_serve_cobbler_files',
      'cobbler_can_network_connect'
    ]

    $enable_sebooleans.each |$bool| {
      selboolean { $bool:
        value      => on,
        persistent => true,
      }
    }

    selinux::fcontext { $tftpboot_path:
      ensure   => 'present',
      seltype  => 'cobbler_var_lib_t',
      pathspec => "${tftpboot_path}(/.*)?",
    }

    exec { "restorecon_${tftpboot_path}":
      path        => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
      command     => "restorecon -Rv ${tftpboot_path}",
      refreshonly => true,
      subscribe   => Selinux::Fcontext[$tftpboot_path],
    }
  }
}