ISTI-ansible-roles
/
ansible-role-basic-system-setup
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use a variable to define the path of deb CAs.

This commit is contained in:
Andrea Dell'Amico 2021-09-30 10:42:01 +02:00
parent 40bd44e50a
commit 714ac353f9
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
defaults/main.yml
View File

@ -76,6 +76,7 @@ no_proxy_targets:
- 'localhost' - 'localhost'
trusted_ca_el_anchors_path: '/etc/pki/ca-trust/source/anchors' trusted_ca_el_anchors_path: '/etc/pki/ca-trust/source/anchors'
trusted_ca_deb_path: '/usr/local/share/ca-certificates'
# it shoudn't be needed # it shoudn't be needed
trusted_ca_letsencrypt_install: False trusted_ca_letsencrypt_install: False
trusted_ca_letsencrypt_ca_certificates_url: https://letsencrypt.org/certs trusted_ca_letsencrypt_ca_certificates_url: https://letsencrypt.org/certs

11
tasks/trusted_ca.yml
View File

@ -51,7 +51,7 @@
apt: pkg=ca-certificates state=present cache_valid_time=1800 apt: pkg=ca-certificates state=present cache_valid_time=1800
- name: Get the CA files that we want to trust on deb - name: Get the CA files that we want to trust on deb
get_url: url={{ item.ca_url }} dest=/usr/local/share/ca-certificates/{{ item.ca }} owner=root group=root mode='0444' get_url: url={{ item.ca_url }} dest={{ trusted_ca_deb_path }}/{{ item.ca }} owner=root group=root mode='0444'
with_items: '{{ trusted_ca_additional_ca_files }}' with_items: '{{ trusted_ca_additional_ca_files }}'
register: ca_files_installation register: ca_files_installation
@ -67,7 +67,7 @@
- name: Download the letsencrypt CA files on deb - name: Download the letsencrypt CA files on deb
get_url: get_url:
url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca }}' url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca }}'
dest: '/usr/local/share/ca-certificates/{{ item.ca }}' dest: '{{ trusted_ca_deb_path }}/{{ item.ca }}'
owner: root owner: root
group: root group: root
mode: 0444 mode: 0444
@ -85,6 +85,13 @@
loop: '{{ expired_ca_letsencrypt_ca_files }}' loop: '{{ expired_ca_letsencrypt_ca_files }}'
register: letsencrypt_ca_files_removal register: letsencrypt_ca_files_removal
- name: Ensure that the expired CA files are not present
file:
dest: '{{ trusted_ca_deb_path }}/{{ item }}'
state: absent
loop: '{{ expired_ca_letsencrypt_ca_files }}'
register: letsencrypt_ca_files_removal
- name: Trust the CA files on deb - name: Trust the CA files on deb
command: /usr/sbin/update-ca-certificates command: /usr/sbin/update-ca-certificates
when: letsencrypt_ca_files_removal is changed when: letsencrypt_ca_files_removal is changed