- name: make sure directories exist
  become: yes
  file:
    path: "/etc/cockroach"
    state: directory
    mode: "u=rwx,g=rx,o=rx"
    owner: "{{ cockroachdb__uid }}"
    group: "{{ cockroachdb__gid }}"

- name: ensure systemd unit is present
  become: yes
  notify: restart cockroach
  template:
    src: default.env
    dest: /etc/default/cockroach

- name: Create node certs
  become: yes
  when: cockroachdb__create_ca
  command:
    argv:
      - cockroach
      - cert
      - create-ca
      - --certs-dir=/etc/cockroach
      - --ca-key=/etc/cockroach/ca.key
    creates: /etc/cockroach/ca.crt

- name: Create node certs
  become: yes
  command:
    argv:
      - cockroach
      - cert
      - create-node
      - localhost
      - "{{ inventory_hostname }}"
      - --certs-dir=/etc/cockroach
      - --ca-key=/etc/cockroach/ca.key
    creates: /etc/cockroach/node.key
    
- name: Create client.root certs
  become: yes
  command:
    argv:
      - cockroach
      - cert
      - create-client
      - root
      - --certs-dir=/etc/cockroach
      - --ca-key=/etc/cockroach/ca.key
    creates: /etc/cockroach/client.root.key
    
- name: check permission of ca cert
  become: yes
  file:
    path: "/etc/cockroach/ca.crt"
    state: file
    mode: "u=rw,g=r,o=r"
    owner: "{{ cockroachdb__uid }}"
    group: "{{ cockroachdb__gid }}"
    
- name: check permission of cert directory
  become: yes
  file:
    path: "/etc/cockroach/{{ item }}"
    state: file
    mode: "u=rw,g=,o="
    owner: "{{ cockroachdb__uid }}"
    group: "{{ cockroachdb__gid }}"
  loop:
  - ca.key
  - client.root.key
  - client.root.crt
  - node.key
  - node.crt