---
# Grafana MCP Server - Docker Compose deployment on Miranda
#
# Grafana itself runs inside the PPLG stack on Prospero (see docs/pplg.md).
# This playbook deploys the Grafana MCP server container on Miranda, which
# connects back to Grafana on Prospero via the internal Incus network.
#
# Prerequisites:
#   - PPLG stack deployed on Prospero (ansible-playbook pplg/deploy.yml)
#   - Grafana service account token in vault (vault_grafana_service_account_token)
#   - Docker installed on the target host (ansible-playbook docker/deploy.yml)
#
# See also: docs/grafana_mcp.md

- name: Deploy Grafana MCP Server with Docker Compose
  hosts: ubuntu
  become: true
  vars:
    required_service: grafana_mcp
  tasks:
  - name: Check if host has grafana_mcp service
    ansible.builtin.set_fact:
      has_grafana_mcp_service: "{{ required_service in services | default([]) }}"

  - name: Skip hosts without grafana_mcp service
    ansible.builtin.meta: end_host
    when: not has_grafana_mcp_service

  - name: Verify Grafana is reachable on PPLG host
    ansible.builtin.uri:
      url: "http://{{grafana_mcp_grafana_host}}:{{grafana_mcp_grafana_port}}/api/health"
      method: GET
      status_code: 200
    register: grafana_health
    retries: 3
    delay: 5

  - name: Create grafana_mcp group
    ansible.builtin.group:
      name: "{{grafana_mcp_group}}"

  - name: Create grafana_mcp user
    ansible.builtin.user:
      name: "{{grafana_mcp_user}}"
      comment: "{{grafana_mcp_user}}"
      group: "{{grafana_mcp_group}}"
      system: true

  - name: Add group grafana_mcp to keeper_user
    ansible.builtin.user:
      name: "{{keeper_user}}"
      groups: "{{grafana_mcp_group}}"
      append: true

  - name: Create grafana_mcp directory
    ansible.builtin.file:
      path: "{{grafana_mcp_directory}}"
      owner: "{{grafana_mcp_user}}"
      group: "{{grafana_mcp_group}}"
      state: directory
      mode: '750'

  - name: Template docker-compose file
    ansible.builtin.template:
      src: docker-compose.yml.j2
      dest: "{{grafana_mcp_directory}}/docker-compose.yml"
      owner: "{{grafana_mcp_user}}"
      group: "{{grafana_mcp_group}}"
      mode: '550'

  - name: Reset SSH connection to apply group changes
    meta: reset_connection

  - name: Start Grafana MCP service
    community.docker.docker_compose_v2:
      project_src: "{{grafana_mcp_directory}}"
      state: present
      pull: always

  - name: Verify Grafana MCP container is responding
    ansible.builtin.uri:
      url: "http://localhost:{{grafana_mcp_port}}/mcp"
      method: GET
      status_code: [200, 405]
    register: grafana_mcp_health
    retries: 5
    delay: 5
    ignore_errors: true

  - name: Report Grafana MCP health status
    ansible.builtin.debug:
      msg: "Grafana MCP container is {{ 'responding' if not grafana_mcp_health.failed else 'not responding - check docker logs grafana-mcp' }}"