---
# tasks/ssl_generate.yml: Generate SSL data and stash to dynamic
# data store for deployment to clients

  - include_vars: "{{ item }}"
    with_first_found:
      - "{{ ansible_distribution }}.yml"

  - name: Ensure Sensu SSL directory exists
    file: dest={{ sensu_config_path }}/ssl state=directory
          owner={{ sensu_user_name }} group={{ sensu_group_name }}

  - name: Ensure SSL generation directory exists
    file: dest={{ sensu_config_path }}/ssl_generation state=directory
          owner={{ sensu_user_name }} group={{ sensu_group_name }}
    when: sensu_master

  - name: Fetch the ssl_certs tarball from sensuapp.org
    get_url: url=http://sensuapp.org/docs/0.20/files/sensu_ssl_tool.tar
             dest={{ sensu_config_path }}/ssl_generation/ssl_certs.tar
    when: sensu_master
    sudo: yes
    sudo_user: "{{ sensu_user_name }}"

  - name: Untar the ssl_certs tarball from sensuapp.org
    shell: tar xf ssl_certs.tar chdir={{ sensu_config_path }}/ssl_generation
    args:
      creates: "{{ sensu_config_path }}/ssl_generation/ssl_certs"
    when: sensu_master
    sudo: yes
    sudo_user: "{{ sensu_user_name }}"

  - name: Generate SSL certs
    shell: ./ssl_certs.sh generate chdir={{ sensu_config_path }}/ssl_generation/ssl_certs
    args:
      creates: "{{ sensu_config_path }}/ssl_generation/ssl_certs/server"
    when: sensu_master
    sudo: yes
    sudo_user: "{{ sensu_user_name }}"

  - name: Stash the Sensu SSL certs/keys
    fetch: src={{ sensu_config_path }}/ssl_generation/ssl_certs/{{ item }}
           dest={{ dynamic_data_store }}
    when: sensu_master
    with_items:
      - sensu_ca/cacert.pem
      - server/cert.pem
      - server/key.pem
      - client/cert.pem
      - client/key.pem