ansible: Conform to new staking key layout

Refs #145

scripts/ansible/roles/ava-certs/defaults/main.yml

@@ -1,3 +0,0 @@
-staking_tls_key_file: "{{ repo_folder }}/keys/staker.key"
-staking_tls_csr_file: "{{ repo_folder }}/keys/staker.csr"
-staking_tls_cert_file: "{{ repo_folder }}/keys/staker.crt"

scripts/ansible/roles/ava-certs/tasks/main.yml

@@ -1,31 +0,0 @@
-- name: Create staker key
-  openssl_privatekey:
-    path: "{{ staking_tls_key_file }}"
-    type: RSA
-    size: 4096
-
-- name: Create staker certificate request
-  openssl_csr:
-    path: "{{ staking_tls_csr_file }}"
-    C: US
-    ST: NY
-    O: Avalabs
-    CN: ava
-    privatekey_path: "{{ staking_tls_key_file }}"
-    digest: sha256
-    # genStaker.sh doesn't include a subjectAltName in the signing request.
-    # If subject_alt_name isn't specified, then Ansible defaults to using
-    # the CN as the SAN.
-    use_common_name_for_san: false
-
-# genStaker.sh generates a certificate valid for 365250 days (1000 years).
-# That duration is not replicated here, because specifying a relative
-# time to ownca_not_after would make this task non-idempotent.
-- name: Create staker certificate
-  openssl_certificate:
-    path: "{{ staking_tls_cert_file }}"
-    csr_path: "{{ staking_tls_csr_file }}"
-    ownca_path: "{{ repo_folder }}/keys/rootCA.crt"
-    ownca_privatekey_path: "{{ repo_folder }}/keys/rootCA.key"
-    ownca_digest: sha256
-    provider: ownca

scripts/ansible/roles/ava-install/defaults/main.yml

@@ -1,6 +1,8 @@
 ava_daemon_bin_dir: "/usr/bin"
 ava_daemon_data_dir: "/var/lib/{{ ava_daemon_user }}"
 ava_daemon_db_dir: "{{ ava_daemon_data_dir }}/db"
-ava_daemon_keys_dir: "{{ ava_daemon_data_dir }}/keys"
 ava_daemon_log_dir: "/var/log/ava"
 ava_daemon_plugin_dir: "/usr/lib/ava/plugins"
+ava_daemon_staking_dir: "{{ ava_daemon_data_dir }}/staking"
+ava_daemon_staking_tls_cert: "{{ ava_daemon_staking_dir }}/staker.crt"
+ava_daemon_staking_tls_key: "{{ ava_daemon_staking_dir }}/staker.key"

scripts/ansible/roles/ava-install/tasks/main.yml

@@ -10,7 +10,7 @@
   loop:
     - path: "{{ ava_daemon_data_dir }}"
       mode: u=rwX,go=rX
-    - path: "{{ ava_daemon_keys_dir }}"
+    - path: "{{ ava_daemon_staking_dir }}"
       mode: u=rX,go=
     - path: "{{ ava_daemon_log_dir }}"
       mode: u=rwX,go=rX
@@ -49,20 +49,3 @@
     - path: "{{ repo_folder }}/build/plugins/evm"
   notify:
     - Restart AVA service
-
-- name: Install staking files
-  become: true
-  copy:
-    src: "{{ item.src }}"
-    dest: "{{ ava_daemon_keys_dir }}"
-    owner: "{{ ava_daemon_user }}"
-    group: "{{ ava_daemon_group }}"
-    mode: "{{ item.mode }}"
-    remote_src: true
-  loop:
-    - src: "{{ staking_tls_key_file }}"
-      mode: u=r,go=
-    - src: "{{ staking_tls_cert_file }}"
-      mode: ugo=r
-  notify:
-    - Restart AVA service

scripts/ansible/roles/ava-service/templates/ava.service

@@ -17,7 +17,9 @@ ExecStart={{ ava_daemon_bin_dir }}/ava \
             --db-dir="{{ ava_daemon_db_dir }}" \
             --plugin-dir="{{ ava_daemon_plugin_dir }}" \
             --log-dir="{{ ava_daemon_log_dir }}" \
-            --log-level="{{ log_level }}"
+            --log-level="{{ log_level }}" \
+            --staking-tls-cert-file="{{ ava_daemon_staking_tls_cert }}" \
+            --staking-tls-key-file="{{ ava_daemon_staking_tls_key }}"
 
 [Install]
 WantedBy=multi-user.target

scripts/ansible/service_playbook.yml

@@ -4,7 +4,6 @@
     - name: ava-base
     - name: gopath
     - name: ava-build
-    - name: ava-certs
     - name: ava-user
     - name: ava-install
     - name: ava-service