---
- name: Prepare
  hosts: all
  tasks:
    - name: Install sudo
      ansible.builtin.yum:
        name: sudo
        state: present

    - name: "Display hera_home if defined."
      ansible.builtin.set_fact:
        hera_home: "{{ lookup('env', 'HERA_HOME') }}"

    - name: Create certificate request
      ansible.builtin.command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -nodes -subj '/CN=instance'
      delegate_to: localhost
      changed_when: False

    - name: Create conf directory # risky-file-permissions in test user account does not exist yet
      ansible.builtin.file:
        state: directory
        path: /opt/keycloak/keycloak-22.0.5/conf/
        mode: 0755

    - name: Copy certificates
      ansible.builtin.copy:
        src: "{{ item }}"
        dest: "/opt/keycloak/keycloak-22.0.5/conf/{{ item }}"
        mode: 0444
      loop:
        - cert.pem
        - key.pem