---
# tasks/ssl_generate.yml: Generate SSL data and stash to dynamic
# data store for deployment to clients

  - include_vars: "{{ ansible_distribution }}.yml"

  - name: Ensure SSL generation directory exists
    file:
      dest: "{{ sensu_config_path }}/ssl_generation"
      state: directory
      owner: "{{ sensu_user_name }}"
      group: "{{ sensu_group_name }}"
    when: sensu_master

  - name: Install urllib3 to ensure we can validate the SAN cert
    package:
      name: python-urllib3

  - block:

    - name: Untar the ssl_certs tarball from sensuapp.org
      unarchive:
      args:
        src: http://sensuapp.org/docs/{{ sensu_ssl_tool_version }}/files/sensu_ssl_tool.tar
        dest: "{{ sensu_config_path }}/ssl_generation/"
        creates: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool"
        copy: no

    - name: Generate SSL certs
      command: "{{ __bash_path }} {{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/ssl_certs.sh generate"
      args:
        chdir: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool"
        creates: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/server"

    when: sensu_master|bool
    become: true
    become_user: "{{ sensu_user_name }}"

  - name: Stash the Sensu SSL certs/keys
    fetch:
      src: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/{{ item }}"
      dest: "{{ dynamic_data_store }}"
    when: sensu_master
    with_items:
      - sensu_ca/cacert.pem
      - server/cert.pem
      - server/key.pem
      - client/cert.pem
      - client/key.pem