- name: Ensure zk-ca directory exists
  delegate_to: localhost
  file:
    path: "{{ zk_ca_root }}"
    state: directory

# Run this in flock so that we can run it in plays for multiple target
# hosts in parallel while serializing access to the CA files.
- name: Run zk-ca.sh
  delegate_to: localhost
  script: "zk-ca.sh {{ zk_ca_root }} {{ zk_ca_server }}"
  args:
    executable: "flock {{ zk_ca_root }}/lock"

- name: Ensure cert dir exists
  file:
    path: "{{ zk_ca_cert_dir }}/certs"
    state: directory
    owner: "{{ zk_ca_cert_dir_owner }}"
    group: "{{ zk_ca_cert_dir_group }}"
    mode: '0755'

- name: Ensure keys dir exists
  file:
    path: "{{ zk_ca_cert_dir }}/keys"
    state: directory
    owner: "{{ zk_ca_cert_dir_owner }}"
    group: "{{ zk_ca_cert_dir_group }}"
    mode: '0700'

- name: Copy TLS cacert into place
  copy:
    src: "/var/zk-ca/certs/cacert.pem"
    dest: "{{ zk_ca_cert_dir }}/certs/cacert.pem"

- name: Copy TLS cert into place
  copy:
    src: "/var/zk-ca/certs/{{ inventory_hostname }}.pem"
    dest: "{{ zk_ca_cert_dir }}/certs/cert.pem"

- name: Copy TLS key into place
  copy:
    src: "/var/zk-ca/keys/{{ inventory_hostname }}key.pem"
    dest: "{{ zk_ca_cert_dir }}/keys/key.pem"

- name: Copy TLS keystore into place
  copy:
    src: "/var/zk-ca/keystores/{{ inventory_hostname }}.pem"
    dest: "{{ zk_ca_cert_dir }}/keys/keystore.pem"