---
- name: Set up CA
  hosts: ca_servers
  become: true

  tasks:
    - name: Create step_path
      file:
        path: "{{ step_path }}"
        state: directory
        owner: root
        mode: "0700"

    - name: Install step-ca
      include_role:
        name: maxhoesel.smallstep.step_ca
      vars:
        step_ca_name: TheFij CA
        step_ca_root_password: ...
        step_ca_intermediate_password: ...
        step_cli_steppath: "{{ step_path }}"

    - name: Read fingerprint
      command: "step-cli certificate fingerprint {{ step_path }}/certs/root_ca.crt"
      register: root_ca_fp

- name: Bootstrap other hosts
  hosts: servers

  tasks:
    - name: Boostrap hosts to trust CA
      include_role:
        name: maxhoesel.smallstep.step_bootstrap_host
      vars:
        step_bootstrap_ca_url: http