73 lines
1.9 KiB
YAML
73 lines
1.9 KiB
YAML
---
|
|
# file: roles/base/tasks/core_root_ca.yml
|
|
|
|
- name: Install ca-certificates package
|
|
package:
|
|
name: ca-certificates
|
|
state: latest
|
|
|
|
- block:
|
|
- name: Create temporary file for cert download
|
|
tempfile:
|
|
state: file
|
|
suffix: temp
|
|
register: cert_download
|
|
changed_when: False
|
|
|
|
- name: Download root CA cert
|
|
get_url:
|
|
url: "{{ base_core_root_ca_url }}"
|
|
dest: "{{ cert_download.path }}"
|
|
force: yes
|
|
changed_when: False
|
|
|
|
- block:
|
|
- name: Convert der to pem
|
|
command: "openssl x509 -inform DER -outform PEM -in '{{ cert_download.path }}' -out '{{ cert_download.path }}.crt'"
|
|
changed_when: False
|
|
|
|
- name: Replace the temp file with the converted cert
|
|
copy:
|
|
src: "{{ cert_download.path }}.crt"
|
|
dest: "{{ cert_download.path }}"
|
|
remote_src: yes
|
|
changed_when: False
|
|
|
|
- name: Remove the temporary converted cert
|
|
file:
|
|
path: "{{ cert_download.path }}.crt"
|
|
state: absent
|
|
changed_when: False
|
|
when: base_core_root_ca_convert == true
|
|
|
|
- name: Ensure CR are removed
|
|
replace:
|
|
dest: "{{ cert_download.path }}"
|
|
regexp: "\r"
|
|
changed_when: False
|
|
|
|
- name: Copy the certificate
|
|
copy:
|
|
src: "{{ cert_download.path }}"
|
|
dest: "/usr/local/share/ca-certificates/{{ base_core_root_ca_basename }}.crt"
|
|
remote_src: yes
|
|
notify: Update CA Debian
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Copy the certificate
|
|
copy:
|
|
src: "{{ cert_download.path }}"
|
|
dest: "/etc/pki/ca-trust/source/anchors/{{ base_core_root_ca_basename }}.crt"
|
|
remote_src: yes
|
|
notify: Update CA RedHat
|
|
when: ansible_os_family == "RedHat"
|
|
|
|
- name: Remove the temporary file
|
|
file:
|
|
path: "{{ cert_download.path }}"
|
|
state: absent
|
|
when: cert_download.path is defined
|
|
changed_when: False
|
|
when: base_core_root_ca_url != "" and base_core_root_ca_basename != ""
|
|
|
|
|