---
- name: Fix Jenkins and SonarQube connectivity issues
  hosts: jenkins
  become: true
  gather_facts: true

  tasks:
    - name: Display current firewall status
      ansible.builtin.shell: ufw status verbose
      register: ufw_before
      changed_when: false

    - name: Show current firewall rules
      ansible.builtin.debug:
        msg: "{{ ufw_before.stdout_lines }}"

    - name: Apply common role to configure firewall
      ansible.builtin.include_role:
        name: common
        tasks_from: security.yml

    - name: Display updated firewall status
      ansible.builtin.shell: ufw status verbose
      register: ufw_after
      changed_when: false

    - name: Show updated firewall rules
      ansible.builtin.debug:
        msg: "{{ ufw_after.stdout_lines }}"

    - name: Check if SonarQube containers exist
      ansible.builtin.shell: docker ps -a --filter "name=sonarqube" --format "{{.Names}}"
      register: sonarqube_containers
      changed_when: false

    - name: Start PostgreSQL container for SonarQube
      community.docker.docker_container:
        name: postgresql
        state: started
      when: "'postgresql' in sonarqube_containers.stdout"
      register: postgres_start

    - name: Wait for PostgreSQL to be ready
      ansible.builtin.pause:
        seconds: 10
      when: postgres_start.changed

    - name: Start SonarQube container
      community.docker.docker_container:
        name: sonarqube
        state: started
      when: "'sonarqube' in sonarqube_containers.stdout"

    - name: Wait for services to start
      ansible.builtin.pause:
        seconds: 30
      when: postgres_start.changed

    - name: Check Jenkins service status
      ansible.builtin.shell: ps aux | grep -i jenkins | grep -v grep
      register: jenkins_status
      changed_when: false
      failed_when: false

    - name: Display Jenkins status
      ansible.builtin.debug:
        msg: "Jenkins process: {{ 'RUNNING' if jenkins_status.rc == 0 else 'NOT FOUND' }}"

    - name: Check listening ports
      ansible.builtin.shell: ss -tlnp | grep -E ':(8080|9000|5432)'
      register: listening_ports
      changed_when: false
      failed_when: false

    - name: Display listening ports
      ansible.builtin.debug:
        msg: "{{ listening_ports.stdout_lines }}"

    - name: Test Jenkins connectivity from localhost
      ansible.builtin.uri:
        url: "http://localhost:8080"
        status_code: [200, 403]
        timeout: 10
      register: jenkins_test
      failed_when: false

    - name: Display Jenkins connectivity test result
      ansible.builtin.debug:
        msg: "Jenkins HTTP status: {{ jenkins_test.status | default('FAILED') }}"

    - name: Summary
      ansible.builtin.debug:
        msg:
          - "===== Fix Summary ====="
          - "Firewall: Updated to allow ports 22, 8080, 9000, 5432"
          - "Jenkins: {{ 'Running on port 8080' if jenkins_status.rc == 0 else 'NOT RUNNING' }}"
          - "SonarQube: {{ 'Started' if postgres_start.changed else 'Already running or not found' }}"
          - ""
          - "Access URLs:"
          - "  Jenkins: http://192.168.200.91:8080"
          - "  SonarQube: http://192.168.200.91:9000"
          - ""
          - "Next steps:"
          - "  1. Test access from your browser"
          - "  2. Check SonarQube logs: docker logs sonarqube"
          - "  3. Verify PostgreSQL: docker logs postgresql"