Deleting unncessary files got copied wrongly

roles/easy-rsa-certificate/vars/meta/main.yml

----
-allow_duplicates: yes
-dependencies:
-  - {role: easy-rsa-common }
-

roles/easy-rsa-certificate/vars/tasks/buildCert.yml

---- 
-- name: "Check client ca certificate"
-  register: ca_cert
-  stat: "path={{ x509_cacert_file }}"
-
-- name: "Check certificate and key"
-  shell: (openssl x509 -noout -modulus -in {{ x509_cert_file }}  | openssl md5 ; openssl rsa -noout -modulus -in {{ x509_key_file }} | openssl md5) | uniq | wc -l
-  register: certcheck
-  sudo: true
-
-- name: "Check certificate"
-  register: cert
-  stat: "path={{ x509_cert_file }}"
-  sudo: true
-
-- name: "Check key"
-  register: key
-  stat: "path={{ x509_key_file }}"
-  sudo: true
-
-- name: "Default: we don't need a new certificate"
-  set_fact: needcert=False
-
-- name: "Set need cert if key is missing"
-  set_fact: needcert=True
-  when: key.stat.exists == false
-
-- name: "set needcert if cert is missing or of zero size"
-  set_fact: needcert=True
-  when: cert.stat.exists == false or cert.stat.size == 0
-
-- name: "Delete Zero Sized Ceritificates"
-  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
-  delegate_to: "{{ x509_ca_server }}"
-  shell: rm -rf /etc/easy-rsa/2.0/keys/{{ x509_common_name }}.*
-  when: cert is defined and cert.stat.size == 0
-  sudo: true
-
-- name: "set needcert if cert doesn't match key"
-  set_fact: needcert=True
-  when: certcheck.stdout == '2'
-
-
-- name: "Creating Keypair"
-  shell: "echo noop when using easy-rsa"
-  when: needcert
-
-- name: "Creating CSR"
-  shell: " cd /etc/easy-rsa/2.0; . ./vars; export EASY_RSA=\"${EASY_RSA:-.}\"; \"$EASY_RSA\"/pkitool --csr {{ x509_csr_args }} {{ x509_common_name }}"
-  when: needcert
-  sudo: true
-
-- name: "Create node tmp directory"
-  delegate_to: 127.0.0.1
-  shell: "mkdir -p /tmp/{{ inventory_hostname }} ; chmod 755 /tmp/{{ inventory_hostname }}"
-  when: x509_ca_server != inventory_hostname
-
-- name: "Copy CSR to ansible host"
-  fetch: "src=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.csr dest=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.csr fail_on_missing=yes validate_md5=yes flat=yes"
-  sudo: true
-  when: needcert and x509_ca_server != inventory_hostname
-
-- name: "Copy CSR to CA"
-  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
-  delegate_to: "{{ x509_ca_server }}"
-  copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.csr dest=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.csr force=yes"
-  when: needcert and x509_ca_server != inventory_hostname
-  sudo: true
-
-- name: "Sign Certificate"
-  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
-  delegate_to: "{{ x509_ca_server }}"
-  shell:    "cd /etc/easy-rsa/2.0; . ./vars; export EASY_RSA=\"${EASY_RSA:-.}\" ;\"$EASY_RSA\"/pkitool --sign {{ x509_sign_args }} {{ x509_common_name }}"
-  when: needcert
-  sudo: true
-
-- name: "Copy the Certificate to ansible host"
-  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
-  delegate_to: "{{ x509_ca_server }}"
-  fetch: "src=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.crt dest=/tmp/{{ inventory_hostname }}/{{ x509_common_name }}.crt fail_on_missing=yes validate_md5=yes flat=yes"
-  sudo: true
-  when: needcert and x509_ca_server != inventory_hostname
-
-- name: "Copy the CA Certificate to the ansible host"
-  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
-  delegate_to: "{{ x509_ca_server }}"
-  fetch: "src=/etc/easy-rsa/2.0/keys/ca.crt dest=/tmp/{{ inventory_hostname }}/ca.crt fail_on_missing=yes validate_md5=yes flat=yes"
-  sudo: true
-  when: ca_cert.stat.exists == false and x509_ca_server != inventory_hostname
-
-- name: "Make sure the path to the certificate exists"
-  shell: "mkdir -p `dirname {{ x509_cert_file }}` ; chmod 755  `dirname {{ x509_cert_file }}`"
-  sudo: true 
-
-- name: "Copy the certificate to the node"
-  copy: "src=/tmp/{{ inventory_hostname }}/{{ x509_common_name }}.crt dest=/tmp/{{ x509_common_name }}.crt force=yes"
-  sudo: true
-  when: needcert and x509_ca_server != inventory_hostname
-
-- name: "Copy the certificate to the right location"
-  shell: "cp -f /tmp/{{ x509_common_name }}.crt {{ x509_cert_file }}"
-  sudo: true
-  when: needcert and x509_ca_server != inventory_hostname
-
-- name: "Copy the CA certificate to the node"
-  copy: "src=/tmp/{{ inventory_hostname }}/ca.crt dest={{ x509_cacert_file }}"
-  sudo: true
-  when: ca_cert.stat.exists == false and x509_ca_server != inventory_hostname
-
-- name: "Copy the key to the correct location"
-  shell: "mkdir -p `dirname {{ x509_key_file }}` ; chmod 700 `dirname {{ x509_key_file }}` ; cp /etc/easy-rsa/2.0/keys/{{ x509_common_name }}.key {{ x509_key_file }}"
-  sudo: true
-  when: needcert and x509_ca_server != inventory_hostname

roles/easy-rsa-certificate/vars/tasks/main.yml

---- 
-- 
-  include: buildCert.yml

roles/easy-rsa-certificate/vars/vars/main.yml

-readme.txt
\ No newline at end of file

roles/easy-rsa-certificate/vars/vars/readme.txt

----
-x509_key_file: "/etc/ssl/private/server.key"
-x509_cert_file: "/etc/ssl/certs/server.crt"
-x509_cacert_file: "/etc/ssl/certs/ca.crt"
-x509_csr_args: ""
-x509_sign_args: "{{ x509_csr_args }}"
-x509_common_name: "{{ ansible_fqdn }}"

roles/ldapserver/vars/meta/main.yml

----
-dependencies:
-  - { role: easy-rsa-certificate, x509_csr_args: "--server" }

roles/ldapserver/vars/tasks/karaageSpecific.yml

----
--
-  name: Adding default ppolicy schema
-  shell: ldapadd -Y EXTERNAL -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif
--
-  name: templating tls settings
-  template: src=tls_settings.ldif.j2 dest=/tmp/tls_settings.ldif mode=600
--
-  name: initialise server ssl
-  shell: ldapmodify -Y EXTERNAL -H ldapi:/// < /tmp/tls_settings.ldif
-  sudo: true
--
-  name: templating ldap.conf
-  template: src=ldap.conf.j2 dest=/etc/ldap/ldap.conf mode=600

roles/ldapserver/vars/tasks/main.yml

----
-
-- include_vars: "{{ hostvars[ansible_hostname]['ansible_distribution'] }}_{{ hostvars[ansible_hostname]['ansible_distribution_version'] }}_{{ ansible_architecture }}.yml"
-
-- name: install system packages apt
-  apt: name={{ item }} state=installed update_cache=true
-  sudo: true
-  with_items: system_packages
-  when: ansible_os_family == 'Debian'
-
-- name: install system packages yum
-  yum: name={{ item }} state=installed
-  sudo: true
-  with_items: system_packages
-  when: ansible_os_family == 'RedHat'
-
-- name: hash password
-  command: /usr/sbin/slappasswd -h {SSHA} -s {{ ldapManagerPassword }}
-  register: ldapManagerHash
-
-- name: hash binddn password
-  command: /usr/sbin/slappasswd -h {SSHA} -s {{ ldapBindDNPassword }}
-  register: ldapBindDNHash
-
-- name: template ssl.ldif
-  template: src=ssl_ldif.j2 dest=/tmp/ssl.ldif mode=600
-
-- name: template manager.ldif
-  template: src=manager_ldif.j2 dest=/tmp/manager.ldif mode=600
-  sudo: true
-
-- name: template binddn.ldif
-  template: src=binddn_ldif.j2 dest=/tmp/binddn.ldif mode=600
-  sudo: true
-
-- name: template root.ldif
-  template: src=root_ldif.j2 dest=/tmp/root.ldif
-
-- name: template accounts.ldif
-  template: src=accounts_ldif.j2 dest=/tmp/accounts.ldif
-
-- name: template groups.ldif
-  template: src=groups_ldif.j2 dest=/tmp/groups.ldif
-
-- name: template acls.ldif
-  template: src=acls_ldif.j2 dest=/tmp/acls.ldif
-
-- name: template ppolicy_moduleload.ldif
-  template: src=ppolicy_moduleload_ldif.j2 dest=/tmp/ppolicy_moduleload.ldif
-
-- name: template ppolicy_overlay.ldif
-  template: src=ppolicy_overlay_ldif.j2 dest=/tmp/ppolicy_overlay.ldif
-
-- name: template pwpolices.ldif
-  template: src=pwpolicies_ldif.j2 dest=/tmp/pwpolicies.ldif
-
-- name: template default_ppolicy.ldif
-  template: src=default_ppolicy_ldif.j2 dest=/tmp/default_ppolicy.ldif
-
-
-- name: copy cert
-  command: cp /etc/ssl/certs/server.crt /etc/openldap/certs/ldapcert.pem
-  sudo: true
-
-- name: copy cacert
-  command: cp /etc/ssl/certs/ca.crt /etc/openldap/certs/cacert.pem
-  sudo: true
-
-- name: copy key
-  command: cp /etc/ssl/private/server.key /etc/openldap/certs/ldapkey.pem
-  sudo: true
-
-- name: chmod key
-  file: path=/etc/openldap/certs/ldapkey.pem owner={{ ldapuser }} group={{ ldapgroup }} mode=600
-  sudo: true
-
-- name: enable ssl centos
-  lineinfile: regexp="SLAPD_LDAPS=no" state=present line="SLAPD_LDAPS=yes" dest=/etc/sysconfig/ldap
-  sudo: true
-  when: ansible_os_family == 'RedHat'
-
-- name: start ldap
-  service: name=slapd state=restarted
-  sudo: true
-
-- name: check TLS config
-  shell: "slapcat -b cn=config | grep 'olcTLSCertificateKeyFile: /etc/openldap/certs/ldapkey.pem'"
-  ignore_errors: true
-  sudo: true
-  register: tlsConfigured
-
-- name: check Manager config
-  shell: "slapcat -b cn=config | grep 'olcRootDN: {{ ldapManager }}'"
-  ignore_errors: true
-  sudo: true
-  register: managerConfigured
-
-# slapcat does a line wrap at character 78. Don't attempt to match on {{ ldapManager }} as it will cross two lines
-- name: check ACL config
-  shell: "slapcat -b cn=config | grep 'olcAccess:' | grep 'cn=Manager'"
-  ignore_errors: true
-  sudo: true
-  register: aclConfigured
-
-
-- name: check DIT config
-  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapBase }} -x -H ldap://localhost objectClass=dcObject"
-  ignore_errors: true
-  register: ditConfigured
-
-- name: check Accounts config
-  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapUserBase }} -x -H ldap://localhost objectClass=*"
-  ignore_errors: true
-  register: accountsConfigured
-
-- name: check Groups config
-  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=*"
-  ignore_errors: true
-  register: groupsConfigured
-
-- name: check binddn config
-  shell: "ldapsearch -D {{ ldapBindDN }} -w {{ ldapBindDNPassword }} -b {{ ldapDomain }} -x -H ldap://localhost objectClass=dcObject"
-  ignore_errors: true
-  register: binddnConfigured
-
-
-- name: initialise server ssl
-  shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/ssl.ldif -D cn=config 
-  sudo: true
-  when: tlsConfigured|failed
-
-- name: initialise server manager
-  shell:  ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/manager.ldif -D cn=config 
-  sudo: true
-  when: managerConfigured|failed
-
-- name: initialise server acls
-  shell:  ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/acls.ldif -D cn=config
-  sudo: true
-  when: aclConfigured|failed
-
-- name: add DIT root
-  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/root.ldif
-  when: ditConfigured|failed
-
-- name: add Accounts OU
-  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/accounts.ldif
-  when: accountsConfigured|failed
-
-- name: add Groups OU
-  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/groups.ldif
-  when: groupsConfigured|failed
-
-- name: add binddn
-  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/binddn.ldif
-  sudo: true
-  when: binddnConfigured|failed

roles/ldapserver/vars/templates/accounts_ldif.j2

-dn: {{ ldapUserBase }}
-objectClass: organizationalUnit

roles/ldapserver/vars/templates/acls_ldif.j2

-dn: olcDatabase={2}bdb,cn=config
-changetype: modify
-add: olcAccess
-olcAccess: {0}to attrs=userPassword by dn="{{ ldapManager }}" write by self write by * auth
-olcAccess: {1}to attrs=shadowLastChange by dn="{{ ldapManager }}" write by self write by * read
-olcAccess: {2}to * by users read by anonymous auth

roles/ldapserver/vars/templates/binddn_ldif.j2

-dn: {{ ldapBindDN }}
-objectClass: inetOrgPerson
-cn: binddn
-sn: binddn
-userPassword: {{ ldapBindDNHash.stdout }}

roles/ldapserver/vars/templates/default_ppolicy_ldif.j2

-dn: cn=default,ou=pwpolicies,{{ ldapDomain }}
-cn: default
-objectClass: pwdPolicy
-objectClass: top
-objectClass: device
-pwdAllowUserChange: TRUE
-pwdAttribute: 2.5.4.35
-pwdExpireWarning: 604800
-pwdFailureCountInterval: 30
-pwdGraceAuthNLimit: 0
-pwdInHistory: 10
-pwdLockout: TRUE
-pwdLockoutDuration: 3600
-pwdMaxAge: 7776000
-pwdMaxFailure: 5
-pwdMinAge: 3600
-pwdMinLength: 12
-pwdMustChange: FALSE
-pwdSafeModify: FALSE

roles/ldapserver/vars/templates/groups_ldif.j2

-dn: {{ ldapGroupBase }}
-objectClass: organizationalUnit

roles/ldapserver/vars/templates/ldap.conf.j2

-#
-# LDAP Defaults
-#
-
-# See ldap.conf(5) for details
-# This file should be world readable but not world writable.
-
-#BASE	dc=example,dc=com
-URI {{ ldapURI }}
-
-#SIZELIMIT	12
-#TIMELIMIT	15
-#DEREF		never
-
-# TLS certificates (needed for GnuTLS)
-TLS_CACERT	{{ x509_cacert_file }}

roles/ldapserver/vars/templates/manager_ldif.j2

-dn: olcDatabase={2}bdb,cn=config
-changetype: modify
-replace: olcSuffix
-olcSuffix: {{ ldapDomain }}
--
-replace: olcRootDN
-olcRootDN: {{ ldapManager }}
--
-add: olcRootPW
-olcRootPW: {{ ldapManagerHash.stdout }}

roles/ldapserver/vars/templates/ppolicy_accountsAndGroups.ldif.j2

-dn: ou=policies,dc=example,dc=org
-objectClass: organizationalUnit
-
-dn: ou=Accounts,dc=example,dc=org
-objectClass: organizationalUnit
-
-dn: ou=Groups,dc=example,dc=org
-objectClass: organizationalUnit
-
-dn: cn=default,ou=policies,dc=example,dc=org
-objectClass: top
-objectClass: device
-objectClass: pwdPolicy
-pwdAttribute: userPassword

roles/ldapserver/vars/templates/ppolicy_moduleload_ldif.j2

-dn: cn=module,cn=config
-objectClass: olcModuleList
-cn: module
-olcModulePath: /usr/lib64/openldap/
-olcModuleLoad: ppolicy.la

roles/ldapserver/vars/templates/ppolicy_overlay_ldif.j2

-dn: olcOverlay=ppolicy,olcDatabase={2}bdb,cn=config
-olcOverlay: ppolicy
-objectClass: olcOverlayConfig
-objectClass: olcPPolicyConfig
-olcPPolicyHashCleartext: TRUE
-olcPPolicyUseLockout: FALSE
-olcPPolicyDefault: cn=default,ou=pwpolicies,{{ ldapDomain }}

roles/ldapserver/vars/templates/pwpolicies_ldif.j2

-dn: ou=pwpolicies,{{ ldapDomain }}
-objectClass: organizationalUnit
-objectClass: top
-ou: pwpolicies

roles/ldapserver/vars/templates/root_ldif.j2

-dn: {{ ldapDomain }}
-objectClass: dcObject
-objectClass: organization
-o: {{ ansible_domain }}
-description: root