split challenger tasks, we need to do some logic AFTER the exchange is installed - ansible-taler-exchange - Ansible playbook to deploy a production Taler Exchange

commit 478590b39c1c22b2d32a549564eede75a1bf0cb9
parent 8ed43b599f3f9a7453b2c2e218c2e05451dac555
Author: Christian Grothoff <christian@grothoff.org>
Date:   Thu, 13 Feb 2025 16:36:58 +0100

split challenger tasks, we need to do some logic AFTER the exchange is installed

Diffstat:
M playbooks/setup.yml  | 4 ++++
M roles/challenger/tasks/main.yml  | 44 +++++++++-----------------------------------
A roles/challenger/tasks/post-exchange.yml  | 34 ++++++++++++++++++++++++++++++++++

3 files changed, 47 insertions(+), 35 deletions(-)
diff --git a/playbooks/setup.yml b/playbooks/setup.yml
@@ -10,5 +10,9 @@
     - role: challenger
       when: DEPLOY_CHALLENGER | bool
     - role: exchange
+    - include_role:
+      name: challenger
+      tasks_from: post-exchange
+      when: DEPLOY_CHALLENGER | bool
     - role: auditor
     - role: monitoring
diff --git a/roles/challenger/tasks/main.yml b/roles/challenger/tasks/main.yml
@@ -23,7 +23,7 @@
     enabled: false
   when: "'Postal Challenger backend' in services"
 
-- name: Install Challenger and Taler exchange packages
+- name: Install Challenger packages
   apt:
     name:
       - challenger-httpd
@@ -98,6 +98,14 @@
     path: "/etc/ansible/facts.d/"
     state: directory
 
+- name: Ensure /etc/taler-exchange/secrets directory exists
+  file:
+    path: "/etc/taler-exchange/secrets"
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+
 - name: sms-challenger access secret setup
   ansible.builtin.shell:
     cmd: echo "[sms-challenger]\nCLIENT_SECRET=secret-token:$(dd if=/dev/random count=1 bs=32 status=none | gnunet-base32)" > /etc/ansible/facts.d/sms-challenger-client-secret.fact
@@ -199,35 +207,6 @@
 - name: sms-challenger force ansible to regather just created fact(s)
   ansible.builtin.setup:
 
-- name: Place SMS challenger exchange config
-  ansible.builtin.template:
-    src: templates/etc/taler-exchange/secrets/challenger-sms.secret.conf.j2
-    dest: /etc/taler-exchange/secrets/challenger-sms.secret.conf
-    owner: taler-exchange-httpd
-    group: taler-exchange-kyc
-    mode: 0440
-
-- name: Place email challenger exchange config
-  ansible.builtin.template:
-    src: templates/etc/taler-exchange/secrets/challenger-email.secret.conf.j2
-    dest: /etc/taler-exchange/secrets/challenger-email.secret.conf
-    owner: taler-exchange-httpd
-    group: taler-exchange-kyc
-    mode: 0440
-
-- name: Place postal challenger exchange config
-  ansible.builtin.template:
-    src: templates/etc/taler-exchange/secrets/challenger-postal.secret.conf.j2
-    dest: /etc/taler-exchange/secrets/challenger-postal.secret.conf
-    owner: taler-exchange-httpd
-    group: taler-exchange-kyc
-    mode: 0440
-
-- name: Place postal challenger exchange config
-  copy:
-    src: files/etc/taler-exchange/conf.d/challenger.conf
-    dest: /etc/taler-exchange/conf.d/challenger.conf
-
 - name: Place sms-challenger systemd service file
   copy:
     src: etc/systemd/system/sms-challenger-httpd.service
@@ -426,8 +405,3 @@
     state: link
   notify: restart nginx
 
-- name: Ensure taler-exchange service is is restarted with new configuration
-  service:
-    name: taler-exchange.target
-    state: restarted
-    enabled: true
diff --git a/roles/challenger/tasks/post-exchange.yml b/roles/challenger/tasks/post-exchange.yml
@@ -0,0 +1,34 @@
+- name: Place SMS challenger exchange config
+  ansible.builtin.template:
+    src: templates/etc/taler-exchange/secrets/challenger-sms.secret.conf.j2
+    dest: /etc/taler-exchange/secrets/challenger-sms.secret.conf
+    owner: taler-exchange-httpd
+    group: taler-exchange-kyc
+    mode: 0440
+
+- name: Place email challenger exchange config
+  ansible.builtin.template:
+    src: templates/etc/taler-exchange/secrets/challenger-email.secret.conf.j2
+    dest: /etc/taler-exchange/secrets/challenger-email.secret.conf
+    owner: taler-exchange-httpd
+    group: taler-exchange-kyc
+    mode: 0440
+
+- name: Place postal challenger exchange config
+  ansible.builtin.template:
+    src: templates/etc/taler-exchange/secrets/challenger-postal.secret.conf.j2
+    dest: /etc/taler-exchange/secrets/challenger-postal.secret.conf
+    owner: taler-exchange-httpd
+    group: taler-exchange-kyc
+    mode: 0440
+
+- name: Place general challenger exchange config
+  copy:
+    src: files/etc/taler-exchange/conf.d/challenger.conf
+    dest: /etc/taler-exchange/conf.d/challenger.conf
+
+- name: Ensure taler-exchange service is is restarted with new configuration
+  service:
+    name: taler-exchange.target
+    state: restarted
+    enabled: true

	ansible-taler-exchange Ansible playbook to deploy a production Taler Exchange
	Log \| Files \| Refs \| Submodules \| README \| LICENSE

M	playbooks/setup.yml	\|	4	++++
M	roles/challenger/tasks/main.yml	\|	44	+++++++++-----------------------------------
A	roles/challenger/tasks/post-exchange.yml	\|	34	++++++++++++++++++++++++++++++++++