---
# file: roles/base/tasks/core_cert.yml

- name: Install pip
  package:
    name: python3-pip
    state: latest
  register: pip_install
  when: ansible_python_version is version('3', '>=')

- name: Upgrade pip
  pip:
    name: pip
    executable: pip3
    state: latest
    extra_args: --upgrade
  when: ansible_python_version is version('3', '>=')
  become: yes

- name: Install latest python2-cryptography
  package:
    name: python2-cryptography
    state: latest
  when: ((ansible_python_version is version('2', '>=')) and (ansible_python_version is version('3', '<')) )
  become: no

- name: Install latest cryptography
  pip:
    name: cryptography
    executable: pip3
    state: latest
  when: ansible_python_version is version('3', '>=')
  become: yes

- name: Ensure directory exists for local self-signed TLS certs
  file:
    path: /etc/ssl/{{ base_core_cert_common_name }}/live
    state: directory

- name: Generate an OpenSSL private key
  openssl_privatekey:
    path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem

- name: Generate an OpenSSL CSR
  openssl_csr:
    path: /etc/ssl/{{ base_core_cert_common_name }}/{{ base_core_cert_common_name }}.csr
    privatekey_path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem
    common_name: "{{ base_core_cert_common_name }}"

- name: Generate a self signed OpenSSL certificate
  openssl_certificate:
    path: /etc/ssl/{{ base_core_cert_common_name }}/live/fullchain.pem
    privatekey_path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem
    csr_path: /etc/ssl/{{ base_core_cert_common_name }}/{{ base_core_cert_common_name }}.csr
    provider: selfsigned

- name: Create merged certificate
  assemble:
    src: /etc/ssl/{{ base_core_cert_common_name }}/live/
    dest: /etc/ssl/{{ base_core_cert_common_name }}/live/merged.pem
    regexp: '(fullchain.pem$|privkey.pem$)'