---
- name: Set etcd facts needed for generating certs
  hosts: oo_etcd_to_config
  roles:
  - openshift_facts
  tasks:
  - openshift_facts:
      role: "{{ item.role }}"
      local_facts: "{{ item.local_facts }}"
    with_items:
      - role: common
        local_facts:
          hostname: "{{ openshift_hostname | default(None) }}"
          public_hostname: "{{ openshift_public_hostname | default(None) }}"
          deployment_type: "{{ openshift_deployment_type }}"
      - role: etcd
        local_facts: {}
  - name: Check status of etcd certificates
    stat:
      path: "{{ item }}"
    with_items:
    - /etc/etcd/server.crt
    - /etc/etcd/peer.crt
    - /etc/etcd/ca.crt
    register: g_etcd_server_cert_stat_result
  - set_fact:
      etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | oo_collect(attribute='stat.exists')
                                    | list | intersect([false])}}"
      etcd_cert_subdir: etcd-{{ openshift.common.hostname }}
      etcd_cert_config_dir: /etc/etcd
      etcd_cert_prefix:

- name: Create temp directory for syncing certs
  hosts: localhost
  connection: local
  become: no
  gather_facts: no
  tasks:
  - name: Create local temp directory for syncing certs
    local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX
    register: g_etcd_mktemp
    changed_when: False

- name: Configure etcd certificates
  hosts: oo_first_etcd
  vars:
    etcd_generated_certs_dir: /etc/etcd/generated_certs
    etcd_needing_server_certs: "{{ hostvars
                                  | oo_select_keys(groups['oo_etcd_to_config'])
                                  | oo_filter_list(filter_attr='etcd_server_certs_missing') }}"
    sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
  roles:
  - etcd_certificates
  post_tasks:
  - name: Create a tarball of the etcd certs
    command: >
      tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz
        -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
    args:
      creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
    with_items: etcd_needing_server_certs
  - name: Retrieve the etcd cert tarballs
    fetch:
      src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
      dest: "{{ sync_tmpdir }}/"
      flat: yes
      fail_on_missing: yes
      validate_checksum: yes
    with_items: etcd_needing_server_certs

- name: Configure etcd hosts
  hosts: oo_etcd_to_config
  vars:
    sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
    etcd_url_scheme: https
    etcd_peer_url_scheme: https
    etcd_peers_group: oo_etcd_to_config
  pre_tasks:
  - name: Ensure certificate directory exists
    file:
      path: "{{ etcd_cert_config_dir }}"
      state: directory
  - name: Unarchive the tarball on the etcd host
    unarchive:
      src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
      dest: "{{ etcd_cert_config_dir }}"
    when: etcd_server_certs_missing
  roles:
  - etcd
  - { role: nickhammond.logrotate, when: not is_atomic }

- name: Delete temporary directory on localhost
  hosts: localhost
  connection: local
  become: no
  gather_facts: no
  tasks:
  - file: name={{ g_etcd_mktemp.stdout }} state=absent
    changed_when: False