---
- name: Decommission Enterprise Infrastructure Nodes
  hosts: all
  become: true
  gather_facts: true
  vars:
    backup_data: true
    export_config: true
    graceful_shutdown: true
    cleanup_inventory: true

  pre_tasks:
    - name: Check node health before decommissioning
      uri:
        url: http://localhost/health
        method: GET
        status_code: 200
      register: health_check
      ignore_errors: true
      when: "'webservers' in group_names"

    - name: Create decommissioning backup directory
      file:
        path: "/var/backups/decommission-{{ ansible_date_time.iso8601 }}"
        state: directory
        mode: '0755'

    - name: Log decommissioning start
      lineinfile:
        path: "/var/log/decommission.log"
        line: "{{ ansible_date_time.iso8601 }} - Starting decommissioning of {{ inventory_hostname }}"
        create: yes

  tasks:
    - name: Stop application services gracefully
      service:
        name: "{{ item }}"
        state: stopped
      loop: "{{ application_services | default(['nginx', 'postgresql', 'haproxy']) }}"
      ignore_errors: true
      when: graceful_shutdown

    - name: Wait for connections to drain
      pause:
        seconds: 30
      when: graceful_shutdown and "'webservers' in group_names or 'loadbalancers' in group_names"

    - name: Export configuration files
      block:
        - name: Create config export directory
          file:
            path: "/var/backups/decommission-{{ ansible_date_time.iso8601 }}/config"
            state: directory

        - name: Archive system configuration
          archive:
            path:
              - /etc/
              - /opt/application/
            dest: "/var/backups/decommission-{{ ansible_date_time.iso8601 }}/config/system_config.tar.gz"
            format: gz

        - name: Export service configurations
          command: >
            tar -czf /var/backups/decommission-{{ ansible_date_time.iso8601 }}/config/services.tar.gz
            /etc/nginx /etc/postgresql /etc/haproxy
          ignore_errors: true
      when: export_config

    - name: Backup application data
      block:
        - name: Create data backup directory
          file:
            path: "/var/backups/decommission-{{ ansible_date_time.iso8601 }}/data"
            state: directory

        - name: Backup database data
          command: >
            pg_dumpall -U postgres > /var/backups/decommission-{{ ansible_date_time.iso8601 }}/data/database_backup.sql
          ignore_errors: true
          when: "'databases' in group_names"

        - name: Backup application files
          archive:
            path: "/var/www/html"
            dest: "/var/backups/decommission-{{ ansible_date_time.iso8601 }}/data/application_data.tar.gz"
            format: gz
          ignore_errors: true
          when: "'webservers' in group_names"

        - name: Backup monitoring data
          archive:
            path: "/var/lib/prometheus"
            dest: "/var/backups/decommission-{{ ansible_date_time.iso8601 }}/data/monitoring_data.tar.gz"
            format: gz
          ignore_errors: true
          when: "'monitoring' in group_names"
      when: backup_data

    - name: Remove from load balancer
      include_tasks: tasks/remove_from_lb.yml
      when: "'webservers' in group_names or 'databases' in group_names"

    - name: Update monitoring alerts
      include_tasks: tasks/update_monitoring.yml
      when: "'monitoring' not in group_names"

    - name: Clean up application directories
      file:
        path: "{{ item }}"
        state: absent
      loop:
        - /opt/application
        - /var/www/html
        - /var/lib/postgresql
        - /var/lib/prometheus
      ignore_errors: true

    - name: Remove application packages
      apt:
        name: "{{ item }}"
        state: absent
        purge: yes
      loop: "{{ application_packages | default(['nginx', 'postgresql', 'haproxy', 'prometheus']) }}"
      when: ansible_os_family == "Debian"
      ignore_errors: true

    - name: Clean up system logs
      command: >
        find /var/log -name "*.log" -type f -exec truncate -s 0 {} \;
      ignore_errors: true

    - name: Remove SSH keys and known hosts
      file:
        path: "{{ item }}"
        state: absent
      loop:
        - /root/.ssh/authorized_keys
        - /root/.ssh/known_hosts
        - /home/infra-admin/.ssh/authorized_keys
      ignore_errors: true

    - name: Generate decommissioning report
      template:
        src: templates/decommission_report.j2
        dest: "/var/log/decommission_report_{{ ansible_date_time.iso8601 }}.log"
      vars:
        decommission_status: "SUCCESS"
        backup_location: "/var/backups/decommission-{{ ansible_date_time.iso8601 }}"

  post_tasks:
    - name: Send decommissioning notification
      mail:
        to: "{{ decommission_notification_email | default('infra-team@company.com') }}"
        subject: "Node Decommissioned - {{ inventory_hostname }}"
        body: |
          Node {{ inventory_hostname }} has been successfully decommissioned.

          Backup location: /var/backups/decommission-{{ ansible_date_time.iso8601 }}
          Services stopped: {{ application_services | default(['nginx', 'postgresql', 'haproxy']) | join(', ') }}
          Configuration exported: {{ export_config }}
          Data backed up: {{ backup_data }}

          See /var/log/decommission_report_{{ ansible_date_time.iso8601 }}.log for details
      when: decommission_notification_email is defined
      ignore_errors: true

    - name: Update dynamic inventory
      include_tasks: tasks/update_inventory.yml
      when: cleanup_inventory

    - name: Final log entry
      lineinfile:
        path: "/var/log/decommission.log"
        line: "{{ ansible_date_time.iso8601 }} - Decommissioning completed for {{ inventory_hostname }}"

    - name: Shutdown node
      command: shutdown -h now
      async: 10
      poll: 0
      when: auto_shutdown | default(false) | bool