---
- name: Generate certificates
  hosts: localhost
  gather_facts: false

  tasks:
  - name: Run generate-certificates.sh
    command: >
      /bin/bash
      generate-certificates.sh create
      "{{ groups.ipaserver[0] }}"
      "{{ ipaserver_domain | default(groups.ipaserver[0].split('.')[1:] | join ('.')) }}"
    args:
      chdir: "{{ playbook_dir }}"

- name: Test ipaserver installation without CA
  hosts: ipaserver
  become: true

  vars:
    # Root CA certificate
    ipaserver_ca_cert_files:
      - /root/ca-less-test/ca.crt
    # Directory server certificates
    ipaserver_dirsrv_cert_name: dirsrv-cert
    ipaserver_dirsrv_cert_files:
      - /root/ca-less-test/dirsrv.p12
    ipaserver_dirsrv_pin: SomePKCS12password
    # Apache certificates
    ipaserver_http_cert_name: httpd-cert
    ipaserver_http_cert_files:
      - /root/ca-less-test/httpd.p12
    ipaserver_http_pin: SomePKCS12password
    # PKINIT configuration
    ipaserver_no_pkinit: no
    ipaserver_pkinit_cert_name: pkinit-cert
    ipaserver_pkinit_cert_files:
      - /root/ca-less-test/pkinit.p12
    ipaserver_pkinit_pin: SomePKCS12password

  pre_tasks:
    - name: Remove "/root/ca-less-test"
      file:
        path: "/root/ca-less-test"
        state: absent

    - name: Generate "/root/ca-less-test"
      file:
        path: "/root/ca-less-test"
        state: directory

    - name: Copy CA certificate
      copy:
        src: "{{ playbook_dir }}/certificates/root-ca/cert.pem"
        dest: "/root/ca-less-test/ca.crt"
        owner: root
        group: root
        mode: "0644"

    - name: Copy p12 certificates
      copy:
        src: "{{ playbook_dir }}/certificates/{{ item }}/{{ groups.ipaserver[0] }}/cert.p12"
        dest: "/root/ca-less-test/{{ item }}.p12"
        owner: root
        group: root
        mode: "0644"
      with_items:
        - dirsrv
        - httpd
        - pkinit

  roles:
    - role: ipaserver
      state: present