remove ca-manager dependencies

roles/dovecot/tasks/main.yaml

@@ -75,13 +75,6 @@
         ssl_cert = </etc/dovecot/dovecot.cert
         ssl_key = </etc/dovecot/private/dovecot.key
 
-# # TODO: ssl, remove when dovecot will use a valid ssl certificate
-# - name: generate certificates
-#   shell: openssl req -new -x509 -subj "/C=US/ST=Oregon/L=Portland/O=IT/CN=10.0.58.13" -days 3650 -nodes -newkey rsa:4096 -out /etc/dovecot/dovecot.pem -keyout /etc/dovecot/private/dovecot.pem
-#   args:
-#     creates: /etc/dovecot/dovecot.pem
-#   notify: restart dovecot
-
 - name: generate the RSA key
   shell: "openssl genrsa -out /etc/dovecot/private/dovecot.key 2048"
   args:
@@ -103,41 +96,50 @@
     - name: get pub key
       shell: "cat /etc/dovecot/private/dovecot.csr"
       register: pub_key
-#    - debug: var=pub_key
+    - debug: var=pub_key verbosity=2
     - name: generate host request
-      local_action: command ../ca_manager/make_ssl_host_request.py {{ pub_key.stdout|quote }} {{ fqdn_domain|quote }}
-      register: cert_request
-#    - debug: var=cert_request
+      set_fact:
+        cert_request:
+          type: 'sign_request'
+          request:
+            keyType: 'ssl_host'
+            hostName: '{{ inventory_hostname }}'
+            keyData: '{{ pub_key.stdout }}'
+    - debug: var=cert_request verbosity=2
     - name: start sign request
-      raw: "{{ cert_request.stdout|string }}"
+      raw: "{{ cert_request | to_json }}"
       delegate_to: "{{item}}"
       delegate_facts: True
       with_items: "{{groups['cas']}}"
       register: request_result
-#    - debug: var=request_result
+    - debug: var=request_result verbosity=2
 
     - set_fact:
           request_output: "{{ request_result.results[0].stdout|string|from_json }}"
     - debug: var=request_output
 
     - name: generate get request
-      local_action: command ../ca_manager/make_get_request.py {{ request_output.requestID }}
-      register: get_request
-#    - debug: var=get_request
+      set_fact:
+        get_request:
+          type: 'get_certificate'
+          requestID: '{{ request_output.requestID }}'
+    - debug: var=get_request verbosity=2
 
     - debug: msg="Please manualy confirm sign request with id {{ request_output.requestID }}"
 
     - name: wait for cert
-      raw: "{{ get_request.stdout|string }}"
+      raw: "{{ get_request | to_json }}"
       delegate_to: "{{item}}"
       delegate_facts: True
       with_items: "{{groups['cas']}}"
       register: cert_result
-#    - debug: var=cert_result
+
+    - debug: var=cert_result verbosity=2
 
     - set_fact:
           cert_key: "{{ cert_result.results[0].stdout|string|from_json }}"
-#    - debug: var=request_output
+
+    - debug: var=request_output verbosity=2
 
     - name: set pub key
       shell: "echo '{{ cert_key.result }}' > /etc/dovecot/dovecot.cert"

roles/lxc_guest/tasks/main.yaml

@@ -1,8 +1,8 @@
 - name: check for lxc container existance
-  shell: "[ -d /var/lib/lxc/{{ vm_name }} ] && echo true || echo false"
+  stat:
+    path: '/var/lib/lxc/{{ vm_name }}'
   register: lxc_existance
-  ignore_errors: true
-  changed_when: false
+
 - block:
     - name: create the lxc container
       lxc_container:
@@ -26,7 +26,7 @@
           name: "{{ vm_name }}"
           state: started
       when: auto_start|bool
-  when: "lxc_existance.stdout == 'false'"
+  when: not (lxc_existance.stat.exists and lxc_existance.stat.isdir)
 
 - name: update container config
   template: src=config.j2 dest="/var/lib/lxc/{{ vm_name }}/config"
@@ -52,43 +52,59 @@
     - name: get pub key
       shell: lxc-attach -n {{ vm_name }} --clear-env -e -- bash -c "cat /etc/ssh/ssh_host_ed25519_key.pub"
       register: pub_key
-#    - debug: var=pub_key
+
+    - debug: var=pub_key verbosity=2
+
     - name: generate host request
-      local_action: command ../ca_manager/make_ssh_host_request.py {{ pub_key.stdout|quote }} {{ vm_name|quote }}
-      register: cert_request
-#    - debug: var=cert_request
+      set_fact:
+        cert_request:
+          type: 'sign_request'
+          request:
+            keyType: 'ssh_host'
+            hostName: '{{ vm_name }}'
+            keyData: '{{ pub_key.stdout }}'
+
+    - debug: var=cert_request verbosity=2
+
     - name: start sign request
-      raw: "{{ cert_request.stdout|string }}"
+      raw: "{{ cert_request|to_json }}"
       delegate_to: "{{item}}"
       delegate_facts: True
       with_items: "{{groups['cas']}}"
       register: request_result
-#    - debug: var=request_result
+
+    - debug: var=request_result verbosity=2
 
     - set_fact:
           request_output: "{{ request_result.results[0].stdout|string|from_json }}"
-    - debug: var=request_output
+
+    - debug: var=request_output verbosity=2
 
     - name: generate get request
-      local_action: command ../ca_manager/make_get_request.py {{ request_output.requestID }}
-      register: get_request
-#    - debug: var=get_request
+      set_fact:
+        get_request:
+          type: 'get_certificate'
+          requestID: '{{ request_output.requestID }}'
+
+    - debug: var=get_request verbosity=2
 
     - debug: msg="Please manualy confirm sign request with id {{ request_output.requestID }}"
 
     - name: wait for cert
-      raw: "{{ get_request.stdout|string }}"
+      raw: "{{ get_request|to_json }}"
       delegate_to: "{{item}}"
       delegate_facts: True
       with_items: "{{groups['cas']}}"
       register: cert_result
-#    - debug: var=cert_result
+
+    - debug: var=cert_result verbosity=2
 
     - set_fact:
           cert_key: "{{ cert_result.results[0].stdout|string|from_json }}"
-#    - debug: var=request_output
 
-    - name: set pub key
+    - debug: var=request_output verbosity=2
+
+    - name: set cert key
       shell: lxc-attach -n {{ vm_name }} --clear-env -e -- bash -c "echo '{{ cert_key.result }}' > /etc/ssh/ssh_host_ed25519_key-cert.pub"
       register: set_pub_key
   when: "cert_key_existance.rc != 0"