# Instance configuration for Baserock Trove server.
#
# This configuration can be easily done using the 'TROVE_' variables of trove.configure
# extension, but it's better to deploy the Trove as 'TROVE_GENERIC' and configure
# it later using this playbook. This is for:
#
# - Making upgrades easier. After initial deployment and post-deployment configuration,
#   you will only need to deploy a generic Trove as an upgrade.
#
# - Not storing private data in images in OpenStack. We have shared our images with
#   other tenants by mistake in the past, and I'd like to avoid this possibility.
---
- hosts: git
  gather_facts: False
  sudo: yes
  tasks:

  # To create the .pem file, simply concatenate
  # certs/baserock.org-ssl-certificate-temporary-dsilverstone.full.cert with
  # the private key for that certificate (which is not committed to Git, of
  # course).
    - name: Install SSL certificate
      copy:
        content: "{{ lookup('file', '../private/baserock.org-ssl-certificate-temporary-dsilverstone.pem') }}"
        dest: /etc/trove/baserock.pem
        mode: 400

    - name: Install CA chain certificate
      copy:
        src: ../certs/startcom-class2-ca-chain-certificate.cert
        dest: /etc/trove/startcom-ca.pem

    - name: Install trove.conf configuration file
      copy:
        src: trove.conf
        dest: /etc/trove/trove.conf

    - name: Copy ssh keys
      copy:
        content: "{{ lookup('file', '../private/{{ item }}') }}"
        dest: /etc/trove/{{ item }}
      with_items:
        - admin.key.pub
        - lorry.key
        - lorry.key.pub
        - worker.key.pub

    - name: Restart the trove-setup service to configure the trove
      service:
        name: trove-setup
        state: restarted