Bertrand Lanson
ff66fe22ae
All checks were successful
development / Check commit compliance (push) Successful in 27s
53 lines
1.8 KiB
YAML
53 lines
1.8 KiB
YAML
---
|
|
# task/load_ca_certificates file for hashistack
|
|
- name: "Check if CA directory exists"
|
|
ansible.builtin.stat:
|
|
path: "{{ hashistack_sub_configuration_directories['certificates'] }}/ca"
|
|
register: _hashistack_ca_directory
|
|
delegate_to: localhost
|
|
|
|
- name: "Find custom ca certificates to copy"
|
|
ansible.builtin.find:
|
|
paths: "{{ hashistack_sub_configuration_directories['certificates'] }}/ca"
|
|
patterns: "*.crt"
|
|
register: _hashistack_cacert_files
|
|
delegate_to: localhost
|
|
when: _hashistack_ca_directory.stat.exists and _hashistack_ca_directory.stat.isdir
|
|
|
|
- name: "Ensure remote ca directory exists"
|
|
ansible.builtin.file:
|
|
path: "{{ hashistack_remote_config_dir }}/ca"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
|
|
- name: "Copy custom ca certificates"
|
|
ansible.builtin.copy:
|
|
src: "{{ item.path }}"
|
|
dest: "{{ hashistack_remote_config_dir }}/ca/{{ item.path | basename }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
loop: "{{ _hashistack_cacert_files.files }}"
|
|
register: _hashistack_copied_ca
|
|
when: not _hashistack_cacert_files.skipped | default(False)
|
|
|
|
- name: "Copy and update trust store"
|
|
when: not _hashistack_copied_ca.skipped | default(False)
|
|
block:
|
|
- name: "Copy ca certificates to /usr/local/share/ca-certificates"
|
|
ansible.builtin.file:
|
|
state: link
|
|
src: "{{ item.dest }}"
|
|
dest: "/usr/local/share/ca-certificates/hashistack-customca-{{ item.dest | basename }}"
|
|
owner: root
|
|
group: root
|
|
loop: "{{ _hashistack_copied_ca.results }}"
|
|
register: _hashistack_usr_local_share_ca_certificates
|
|
|
|
- name: "Update the trust store" # noqa: no-handler
|
|
ansible.builtin.command: update-ca-certificates
|
|
changed_when: false
|
|
when: _hashistack_usr_local_share_ca_certificates.changed
|