--- # task/load_ca_certificates file for hashistack - name: "Check if CA directory exists" ansible.builtin.stat: path: "{{ hashistack_sub_configuration_directories['certificates'] }}/ca" register: _hashistack_ca_directory delegate_to: localhost - name: "Find custom ca certificates to copy" ansible.builtin.find: paths: "{{ hashistack_sub_configuration_directories['certificates'] }}/ca" patterns: "*.crt" register: _hashistack_cacert_files delegate_to: localhost when: _hashistack_ca_directory.stat.exists and _hashistack_ca_directory.stat.isdir - name: "Ensure remote ca directory exists" ansible.builtin.file: path: "{{ hashistack_remote_config_dir }}/ca" state: directory owner: root group: root mode: 0755 - name: "Copy custom ca certificates" ansible.builtin.copy: src: "{{ item.path }}" dest: "{{ hashistack_remote_config_dir }}/ca/{{ item.path | basename }}" owner: root group: root mode: 0644 loop: "{{ _hashistack_cacert_files.files }}" register: _hashistack_copied_ca when: not _hashistack_cacert_files.skipped | default(False) - name: "Copy and update trust store" when: not _hashistack_copied_ca.skipped | default(False) block: - name: "Copy ca certificates to /usr/local/share/ca-certificates" ansible.builtin.file: state: link src: "{{ item.dest }}" dest: "/usr/local/share/ca-certificates/hashistack-customca-{{ item.dest | basename }}" owner: root group: root loop: "{{ _hashistack_copied_ca.results }}" register: _hashistack_usr_local_share_ca_certificates - name: "Update the trust store" # noqa: no-handler ansible.builtin.command: update-ca-certificates changed_when: false when: _hashistack_usr_local_share_ca_certificates.changed