---

- name: Playbook to configure IPA server step1

  hosts: ipaserver

  become: true

  vars:

    ipaserver_external_ca: yes

  roles:

  - role: ipaserver

    state: present

  post_tasks:

  - name: Copy CSR /root/ipa.csr from node to "{{ groups.ipaserver[0] + '-ipa.csr' }}"

    fetch:

      src: /root/ipa.csr

      dest: "{{ groups.ipaserver[0] + '-ipa.csr' }}"

      flat: yes

- name: Get /root/ipa.csr, create CA, sign with our CA and copy to node

  hosts: localhost

  gather_facts: false

  tasks:

  - name: Run external-ca.sh

    command: >

      /bin/bash

      external-ca.sh

      "{{ groups.ipaserver[0] }}"

      "{{ ipaserver_domain | default(groups.ipaserver[0].split('.')[1:] | join ('.')) }}"

    args:

      chdir: "{{ playbook_dir }}"

- name: Playbook to configure IPA server step2

  hosts: ipaserver

  become: true

  vars:

    ipaserver_external_cert_files: "/root/chain.crt"

    #ipaserver_external_ca_file: "cacert.asc"

  pre_tasks:

  - name: Copy "{{ groups.ipaserver[0] + '-chain.crt' }}" to /root/chain.crt on node

    copy:

      src: "{{ groups.ipaserver[0] + '-chain.crt' }}"

      dest: "/root/chain.crt"

      force: yes

  roles:

  - role: ipaserver

    state: present