Skip to content

Commit a3a6b98

Browse files
jovialsjpb
jovial
authored and
sjpb
committed
Add cacert role
Useful if you have to trust a local CA.
1 parent 9816980 commit a3a6b98

File tree

6 files changed

+38
-0
lines changed

6 files changed

+38
-0
lines changed

ansible/.gitignore

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,8 @@ roles/*
3232
!roles/mysql/**
3333
!roles/systemd/
3434
!roles/systemd/**
35+
!roles/cacerts/
36+
!roles/cacerts/**
3537
!roles/cuda/
3638
!roles/cuda/**
3739
!roles/freeipa/

ansible/bootstrap.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -130,6 +130,14 @@
130130
- appliances_mode == 'configure'
131131
- not (dnf_repos_allow_insecure_creds | default(false)) # useful for development
132132

133+
- hosts: cacerts
134+
tags: cacerts
135+
gather_facts: false
136+
tasks:
137+
- name: Install custom cacerts
138+
import_role:
139+
name: cacerts
140+
133141
- hosts: squid
134142
tags: squid
135143
gather_facts: yes

ansible/roles/cacerts/tasks/install.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
---
2+
3+
- name: Install dependencies
4+
ansible.builtin.package:
5+
name: "{{ item }}"
6+
state: present
7+
become: true
8+
with_items:
9+
- ca-certificates

ansible/roles/cacerts/tasks/main.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
- import_tasks: install.yml
2+
- import_tasks: runtime.yml

ansible/roles/cacerts/tasks/runtime.yml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
---
2+
3+
- name: Copy all certificates
4+
copy:
5+
src: "{{ item }}"
6+
dest: /etc/pki/ca-trust/source/anchors
7+
owner: root
8+
mode: 0644
9+
with_fileglob:
10+
- "{{ appliances_environment_root }}/cacerts"
11+
become: true
12+
13+
- name: Update trust store
14+
command: update-ca-trust extract
15+
become: true

ansible/roles/cacerts/tasks/validate.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
---
2+

0 commit comments

Comments
 (0)