---
# This playbook is intended to be used i.e. during bootstraping
# of the system to generate required TLS certs using Acme
# (LetsEncrypt) on localhost.
# It expects following variables:
# - :dns_cloud: name of the clouds.yaml entry on the localhost
#       which is hosting target DNS zone
#
# - :certs_path: path to the folder where certificates would be
#       places
#
# - :ssl_certs: a dictionary for the requested certificates
#       key: cert name (file name) to be used
#       value: list of DNS names
- hosts: localhost
  # become: true
  vars_prompt:

    - name: certs_path
      prompt: Path to the certs folder
      default: "certs"

  vars:
    ssl_certs:
      vault1:
        - vault1.scs.otc-service.com
        - vault-lb.scs.otc-service.com
      vault2:
        - vault2.scs.otc-service.com
        - vault-lb.scs.otc-service.com
      vault3:
        - vault3.scs.otc-service.com
        - vault-lb.scs.otc-service.com

  tasks:
    - name: Generate CSRs
      ansible.builtin.include_role:
        name: acme_request_certs

    - name: Add localhost into the ssl_certs group as expected by the role
      ansible.builtin.add_host:
        name: localhost
        group: ssl_certs
        ansible_connection: local

    - name: Install TXT records
      ansible.builtin.include_role:
        name: acme_install_txt_records

    - name: Generate Certs
      ansible.builtin.include_role:
        name: acme_create_certs

    - name: Remove TXT records
      ansible.builtin.include_role:
        name: acme_drop_txt_records