---

- name: Create temporary directory
  tempfile:
    state: directory
    prefix: "tower-install-rmq-certs"
  register: rmq_cert_tempdir
  notify: remove-rmq_cert_tempdir

- name: Generate CA private key
  openssl_privatekey:
    path: '{{ rmq_cert_tempdir.path }}/ca.key'
    mode: "0600"

- name: Generate CA CSR
  openssl_csr:
    path: '{{ rmq_cert_tempdir.path }}/ca.csr'
    privatekey_path: '{{ rmq_cert_tempdir.path }}/ca.key'
    common_name: 'rabbitmq-ca'
    basic_constraints: 'CA:TRUE'
    mode: "0600"

- name: Generate CA certificate
  openssl_certificate:
    path: '{{ rmq_cert_tempdir.path }}/ca.crt'
    csr_path: '{{ rmq_cert_tempdir.path }}/ca.csr'
    privatekey_path: '{{ rmq_cert_tempdir.path }}/ca.key'
    provider: selfsigned
    selfsigned_not_after: "+36524d"
    mode: "0600"

- name: Generate server private key
  openssl_privatekey:
    path: '{{ rmq_cert_tempdir.path }}/server.key'
    mode: "0600"

- name: Generate server CSR
  openssl_csr:
    path: '{{ rmq_cert_tempdir.path }}/server.csr'
    privatekey_path: '{{ rmq_cert_tempdir.path }}/server.key'
    common_name: 'rabbitmq-server'
    mode: "0600"

- name: Generate server certificate
  openssl_certificate:
    path: "{{ rmq_cert_tempdir.path }}/server.crt"
    csr_path: "{{ rmq_cert_tempdir.path }}/server.csr"
    privatekey_path: "{{ rmq_cert_tempdir.path }}/server.key"
    provider: ownca
    ownca_path: "{{ rmq_cert_tempdir.path }}/ca.crt"
    ownca_privatekey_path: "{{ rmq_cert_tempdir.path }}/ca.key"
    ownca_not_after: "+36500d"
    mode: "0600"

- name: Create combined certificate
  assemble:
    src: "{{ rmq_cert_tempdir.path }}"
    regexp: "server.crt|server.key"
    dest: "{{ rmq_cert_tempdir.path }}/server-combined.pem"
    mode: "0600"