65 lines
2.4 KiB
YAML
65 lines
2.4 KiB
YAML
---
|
|
- name: Manage optional CA files on EL
|
|
block:
|
|
- name: Get the CA files that we want to trust
|
|
get_url: url={{ item.ca_url }} dest=/etc/pki/ca-trust/source/anchors/{{ item.ca }} owner=root group=root mode='0444'
|
|
with_items: '{{ trusted_ca_additional_ca_files }}'
|
|
register: ca_files_installation
|
|
|
|
- name: Trust the CA files
|
|
command: /bin/update-ca-trust extract
|
|
when: ca_files_installation is changed
|
|
|
|
when: ansible_distribution_file_variety == "RedHat"
|
|
tags: [ 'pki', 'trusted_ca', 'letsencrypt_ca' ]
|
|
|
|
- name: Manage the Letsencrypt CA files on EL
|
|
block:
|
|
- name: Copy the letsencrypt CA files on EL
|
|
copy: src=letsencrypt_ca_files/{{ item.ca }} dest=/etc/pki/ca-trust/source/anchors/{{ item.ca }} owner=root group=root mode='0444'
|
|
with_items: '{{ trusted_ca_letsencrypt_ca_files }}'
|
|
register: letsencrypt_ca_files_installation
|
|
|
|
- name: Trust the CA files on EL
|
|
command: /bin/update-ca-trust extract
|
|
when: letsencrypt_ca_files_installation is changed
|
|
|
|
when:
|
|
- trusted_ca_letsencrypt_install
|
|
- ansible_distribution_file_variety == "RedHat"
|
|
tags: [ 'pki', 'trusted_ca', 'letsencrypt_ca' ]
|
|
|
|
- name: Manage optional CA files on deb
|
|
block:
|
|
- name: Ensure that ca-certificates is installed
|
|
apt: pkg=ca-certificates state=present cache_valid_time=1800
|
|
|
|
- name: Get the CA files that we want to trust
|
|
get_url: url={{ item.ca_url }} dest=/etc/ssl/certs/{{ item.ca }} owner=root group=root mode='0444'
|
|
with_items: '{{ trusted_ca_additional_ca_files }}'
|
|
register: ca_files_installation
|
|
|
|
- name: Trust the CA files
|
|
command: /usr/sbin/update-ca-certificates
|
|
when: ca_files_installation is changed
|
|
|
|
when: ansible_distribution_file_variety == "Debian"
|
|
tags: [ 'pki', 'trusted_ca', 'letsencrypt_ca' ]
|
|
|
|
- name: Manage the Letsencrypt CA files on deb
|
|
block:
|
|
- name: Copy the letsencrypt CA files on deb
|
|
copy: src=letsencrypt_ca_files/{{ item.ca }} dest=/etc/pki/ca-trust/source/anchors/{{ item.ca }} owner=root group=root mode='0444'
|
|
with_items: '{{ trusted_ca_letsencrypt_ca_files }}'
|
|
register: letsencrypt_ca_files_installation
|
|
|
|
- name: Trust the CA files on EL
|
|
command: /usr/sbin/update-ca-certificates
|
|
when: letsencrypt_ca_files_installation is changed
|
|
|
|
when:
|
|
- trusted_ca_letsencrypt_install
|
|
- ansible_distribution_file_variety == "Debian"
|
|
tags: [ 'pki', 'trusted_ca', 'letsencrypt_ca' ]
|
|
|