add certs role

2020-05-23 16:41:09 -05:00 · 2020-05-23 16:41:09 -05:00 · ca5e9bd44e
commit ca5e9bd44e
parent 6d2c7249bf
5 changed files with 43 additions and 0 deletions
--- a/roles/certs/defaults/main.yaml
+++ b/roles/certs/defaults/main.yaml
@ -0,0 +1,2 @@
+---
+certs_trusted_ca: {}
--- a/roles/certs/handlers/main.yaml
+++ b/roles/certs/handlers/main.yaml
@ -0,0 +1,5 @@
+---
+- name: update-ca-certificates
+  command: update-ca-certificates
+
+# vim:ft=yaml.ansible:
--- a/roles/certs/tasks/Debian.yaml
+++ b/roles/certs/tasks/Debian.yaml
@ -0,0 +1,10 @@
+---
+- name: add trusted ca certificates
+  copy:
+    dest: "{{ certs_trusted_ca_path }}/{{ item.key }}.crt"
+    content: "{{ item.value }}" 
+    owner: root
+    group: root
+    mode: "0644"
+  loop: "{{ certs_trusted_ca | dict2items }}"
+  notify: update-ca-certificates
--- a/roles/certs/tasks/main.yaml
+++ b/roles/certs/tasks/main.yaml
@ -0,0 +1,24 @@
+---
+- name: gather os specific variables
+  include_vars: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: include os specific tasks
+  include_tasks: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - tasks
--- a/roles/certs/vars/Debian.yaml
+++ b/roles/certs/vars/Debian.yaml
@ -0,0 +1,2 @@
+---
+certs_trusted_ca_path: /usr/local/share/ca-certificates