From 74588da411ec7de954fb102b9deb612ec6478fcb Mon Sep 17 00:00:00 2001
From: Alex Willmer <alex@moreati.org.uk>
Date: Tue, 12 May 2020 23:07:06 +0100
Subject: [PATCH] ansible: Conform to new staking key layout

Refs #145
---
 .../ansible/roles/ava-certs/defaults/main.yml |  3 --
 .../ansible/roles/ava-certs/tasks/main.yml    | 31 -------------------
 .../roles/ava-install/defaults/main.yml       |  4 ++-
 .../ansible/roles/ava-install/tasks/main.yml  | 19 +-----------
 .../roles/ava-service/templates/ava.service   |  4 ++-
 scripts/ansible/service_playbook.yml          |  1 -
 6 files changed, 7 insertions(+), 55 deletions(-)
 delete mode 100644 scripts/ansible/roles/ava-certs/defaults/main.yml
 delete mode 100644 scripts/ansible/roles/ava-certs/tasks/main.yml

diff --git a/scripts/ansible/roles/ava-certs/defaults/main.yml b/scripts/ansible/roles/ava-certs/defaults/main.yml
deleted file mode 100644
index acfbb7f..0000000
--- a/scripts/ansible/roles/ava-certs/defaults/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-staking_tls_key_file: "{{ repo_folder }}/keys/staker.key"
-staking_tls_csr_file: "{{ repo_folder }}/keys/staker.csr"
-staking_tls_cert_file: "{{ repo_folder }}/keys/staker.crt"
diff --git a/scripts/ansible/roles/ava-certs/tasks/main.yml b/scripts/ansible/roles/ava-certs/tasks/main.yml
deleted file mode 100644
index 86d00e2..0000000
--- a/scripts/ansible/roles/ava-certs/tasks/main.yml
+++ /dev/null
@@ -1,31 +0,0 @@
-- name: Create staker key
-  openssl_privatekey:
-    path: "{{ staking_tls_key_file }}"
-    type: RSA
-    size: 4096
-
-- name: Create staker certificate request
-  openssl_csr:
-    path: "{{ staking_tls_csr_file }}"
-    C: US
-    ST: NY
-    O: Avalabs
-    CN: ava
-    privatekey_path: "{{ staking_tls_key_file }}"
-    digest: sha256
-    # genStaker.sh doesn't include a subjectAltName in the signing request.
-    # If subject_alt_name isn't specified, then Ansible defaults to using
-    # the CN as the SAN.
-    use_common_name_for_san: false
-
-# genStaker.sh generates a certificate valid for 365250 days (1000 years).
-# That duration is not replicated here, because specifying a relative
-# time to ownca_not_after would make this task non-idempotent.
-- name: Create staker certificate
-  openssl_certificate:
-    path: "{{ staking_tls_cert_file }}"
-    csr_path: "{{ staking_tls_csr_file }}"
-    ownca_path: "{{ repo_folder }}/keys/rootCA.crt"
-    ownca_privatekey_path: "{{ repo_folder }}/keys/rootCA.key"
-    ownca_digest: sha256
-    provider: ownca
diff --git a/scripts/ansible/roles/ava-install/defaults/main.yml b/scripts/ansible/roles/ava-install/defaults/main.yml
index 32509a5..71b190f 100644
--- a/scripts/ansible/roles/ava-install/defaults/main.yml
+++ b/scripts/ansible/roles/ava-install/defaults/main.yml
@@ -1,6 +1,8 @@
 ava_daemon_bin_dir: "/usr/bin"
 ava_daemon_data_dir: "/var/lib/{{ ava_daemon_user }}"
 ava_daemon_db_dir: "{{ ava_daemon_data_dir }}/db"
-ava_daemon_keys_dir: "{{ ava_daemon_data_dir }}/keys"
 ava_daemon_log_dir: "/var/log/ava"
 ava_daemon_plugin_dir: "/usr/lib/ava/plugins"
+ava_daemon_staking_dir: "{{ ava_daemon_data_dir }}/staking"
+ava_daemon_staking_tls_cert: "{{ ava_daemon_staking_dir }}/staker.crt"
+ava_daemon_staking_tls_key: "{{ ava_daemon_staking_dir }}/staker.key"
diff --git a/scripts/ansible/roles/ava-install/tasks/main.yml b/scripts/ansible/roles/ava-install/tasks/main.yml
index 9ea1581..cf8634b 100644
--- a/scripts/ansible/roles/ava-install/tasks/main.yml
+++ b/scripts/ansible/roles/ava-install/tasks/main.yml
@@ -10,7 +10,7 @@
   loop:
     - path: "{{ ava_daemon_data_dir }}"
       mode: u=rwX,go=rX
-    - path: "{{ ava_daemon_keys_dir }}"
+    - path: "{{ ava_daemon_staking_dir }}"
       mode: u=rX,go=
     - path: "{{ ava_daemon_log_dir }}"
       mode: u=rwX,go=rX
@@ -49,20 +49,3 @@
     - path: "{{ repo_folder }}/build/plugins/evm"
   notify:
     - Restart AVA service
-
-- name: Install staking files
-  become: true
-  copy:
-    src: "{{ item.src }}"
-    dest: "{{ ava_daemon_keys_dir }}"
-    owner: "{{ ava_daemon_user }}"
-    group: "{{ ava_daemon_group }}"
-    mode: "{{ item.mode }}"
-    remote_src: true
-  loop:
-    - src: "{{ staking_tls_key_file }}"
-      mode: u=r,go=
-    - src: "{{ staking_tls_cert_file }}"
-      mode: ugo=r
-  notify:
-    - Restart AVA service
diff --git a/scripts/ansible/roles/ava-service/templates/ava.service b/scripts/ansible/roles/ava-service/templates/ava.service
index 65535d7..5195b96 100644
--- a/scripts/ansible/roles/ava-service/templates/ava.service
+++ b/scripts/ansible/roles/ava-service/templates/ava.service
@@ -17,7 +17,9 @@ ExecStart={{ ava_daemon_bin_dir }}/ava \
             --db-dir="{{ ava_daemon_db_dir }}" \
             --plugin-dir="{{ ava_daemon_plugin_dir }}" \
             --log-dir="{{ ava_daemon_log_dir }}" \
-            --log-level="{{ log_level }}"
+            --log-level="{{ log_level }}" \
+            --staking-tls-cert-file="{{ ava_daemon_staking_tls_cert }}" \
+            --staking-tls-key-file="{{ ava_daemon_staking_tls_key }}"
 
 [Install]
 WantedBy=multi-user.target
diff --git a/scripts/ansible/service_playbook.yml b/scripts/ansible/service_playbook.yml
index 6d55d25..6c22bf9 100644
--- a/scripts/ansible/service_playbook.yml
+++ b/scripts/ansible/service_playbook.yml
@@ -4,7 +4,6 @@
     - name: ava-base
     - name: gopath
     - name: ava-build
-    - name: ava-certs
     - name: ava-user
     - name: ava-install
     - name: ava-service