- hosts: "afs:afsdb:!disabled"
  name: "Base: install and configure puppet on puppet hosts"
  roles:
    - puppet-install
    - disable-puppet-agent

- hosts: "afs:afsdb:!disabled"
  name: "AFS: run puppet on the AFS servers"
  strategy: free
  roles:
    - puppet

- hosts: "mirror-update:!disabled"
  name: "Create key for remote vos release"
  tasks:
    # Note done as root because all the update scripts run as root
    - name: Create vos release keypair
      openssh_keypair:
        path: /root/.ssh/id_vos_release
        type: ed25519
      register: vos_release_keypair

# Note: relies on vos_release_keypair installed to mirror above
- hosts: "afs:!disabled"
  name: "Allow remote vos_release"
  roles:
    - vos-release