---
  - name: "Install qualys-agent using yum/dnf/apt; activation: sudo ***CONTENTS REDACTED***"
    hosts: all
    gather_facts: True
    become: true
    vars:
      - install_file_path: "***CONTENTS REDACTED***Qualys/install_files/"
      - rpm_filename: "qualys-cloud-agent_AMD64-6.1.0-28.rpm"
      - deb_filename: "qualys-cloud-agent_AMD64-6.2.1.9.deb"
      - new_host_fqdn: "{{ ansible_fqdn }}"
####################################  TEST: Customer-specific variables  ####################################
      - cloudagent_ActivationId: "***CONTENTS REDACTED***"
      - cloudagent_CustomerId: "***CONTENTS REDACTED***"
      - cloudagent_ServerUri: "***CONTENTS REDACTED***"

    tasks:

      - name: Populate systemd service_facts
        service_facts:

      - name: "Debug: show var new_host_fqdn, ansible_facts['os_family'] & ['distribution_major_version']"
        debug:
          var: new_host_fqdn
      - name: "Debug: ansible_facts['os_family'] & ['distribution_major_version']"
        debug:
          msg:
            - os_family "{{ ansible_facts['os_family'] }}"
            - distribution_major_version "{{ ansible_facts['distribution_major_version'] }}"

      - name: "Copy rpm file to host if host is RH-like, versions 6-9"
        copy:
          src: "{{ install_file_path }}{{ rpm_filename }}"
          dest: /home/Ansible/{{ rpm_filename }}
        when:
          - ansible_facts['os_family'] == "RedHat"
          - ansible_facts['distribution_major_version'] == '6' or ansible_facts['distribution_major_version'] == '7' or ansible_facts['distribution_major_version'] == '8' or ansible_facts['distribution_major_version'] == '9'


      - name: "Perform installation w/ yum and rpm file if distro is RH-like versions 6-9"
        yum:
          name: /home/Ansible/{{ rpm_filename }}
          state: present
          disable_gpg_check: true
        when:
          - ansible_facts['os_family'] == "RedHat"
          - ansible_facts['distribution_major_version'] == '6' or ansible_facts['distribution_major_version'] == '7' or ansible_facts['distribution_major_version'] == '8' or ansible_facts['distribution_major_version'] == '9'

      - name: "Add firewall rules if firewalld running"
        firewalld:
          permanent: true
          state: enabled
          immediate: true
          rich_rule: rule family=ipv4 source address=***CONTENTS REDACTED***0 port port=10001-10005 protocol=tcp accept
          when: ansible_facts.services['firewalld.service'].state == 'running'
        ignore_errors: yes
        firewalld:
          permanent: true
          state: enabled
          immediate: true
          rich_rule: rule family=ipv4 source address=***CONTENTS REDACTED*** port port=10001-10005 protocol=tcp accept
        when: ansible_facts.services['firewalld.service'].state == 'running'
        ignore_errors: yes
        firewalld:
          permanent: true
          state: enabled
          immediate: true
          rich_rule: rule family=ipv4 source address=***CONTENTS REDACTED*** port port=10001-10005 protocol=tcp accept
        when: ansible_facts.services['firewalld.service'].state == 'running'
        ignore_errors: yes
        firewalld:
          permanent: true
          state: enabled
          immediate: true
          rich_fule: rule family=ipv4 source address=***CONTENTS REDACTED*** port port=10001-10005 protocol=tcp accept
        when: ansible_facts.services['firewalld.service'].state == 'running'
        ignore_errors: yes
        firewalld:
          permanent: true
          state: enabled
          immediate: true
          rich_rule: rule family=ipv4 source address=***CONTENTS REDACTED*** port port=10001-10005 protocol=tcp accept
        when: ansible_facts.services['firewalld.service'].state == 'running'

  # For Deb-like:
      - name: "Copy deb file to host if host is Debian 7 through 12, Bookworm"
        copy:
            src: "{{ install_file_path }}{{ deb_filename }}"
            dest: /home/Ansible/{{ deb_filename }}
        when:
          - ansible_facts['os_family'] == 'Debian'

      - name: "Install deb file on host if distro is Debian-like"
        apt:
          deb: /home/Ansible/{{ deb_filename }}
          state: present
        when:
          - ansible_facts['os_family'] == 'Debian'

######################################### Init agent w/ ActivationID, CustomerID and ServerUri #########################################
      - name: "Make one-liner executable"
        file:
          path: ***CONTENTS REDACTED***/qualys-cloud-agent.sh
          mode: "0750"

      - name: "Run one-liner to provide cloud-agent ActivationID, CustomerID and ServerUri"
        command: /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId="{{  cloudagent_ActivationId }}" CustomerId="{{ cloudagent_CustomerId }}" ServerUri="{{ cloudagent_ServerUri }}"

      - name: "Restart the cloud-agent service"
        service:
          name: qualys-cloud-agent
          state: restarted
          enabled: yes