You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 lines
1.3 KiB
44 lines
1.3 KiB
- include_tasks: prepare_item.yml
|
|
|
|
|
|
- name: slurp root from ca
|
|
slurp:
|
|
src: "{{ ca_dir }}/{{ ca_rp }}{{ kt.name }}.{{ ca_crt_ext }}"
|
|
register: root
|
|
delegate_to: "{{ services.ca.hostname }}"
|
|
|
|
|
|
- name: copy root to memory
|
|
set_fact:
|
|
"root_{{ kt.name }}": "{{ root.content | b64decode }}"
|
|
when: (ca_options | combine(item)).memory | d(false) == true
|
|
|
|
|
|
- name: copy root to remote node
|
|
copy:
|
|
dest: "{%- if item.path is defined -%}{{ item.path }}\
|
|
{%- else -%}{{ ca_options.path ~ '/' ~ ca_rp ~ kt.name ~ '.' ~ ca_crt_ext }}\
|
|
{%- endif -%}"
|
|
content: "{{ root.content | b64decode }}"
|
|
mode: "{{ k_mode | d(omit) }}"
|
|
owner: "{{ k_owner | d(omit) }}"
|
|
group: "{{ k_group | d(omit) }}"
|
|
when: (ca_options | combine(item)).path is defined
|
|
|
|
|
|
- name: copy root to system storage
|
|
block:
|
|
- name: ensure ca-certificates is installed
|
|
package:
|
|
name: ca-certificates
|
|
|
|
- name: upload root cert to user cert storage
|
|
copy:
|
|
dest: "/usr/local/share/ca-certificates/{{ ca_rp }}{{ kt.name }}.{{ ca_crt_ext }}"
|
|
content: "{{ root.content | b64decode }}"
|
|
|
|
- name: update ca certificates
|
|
command: /usr/sbin/update-ca-certificates
|
|
changed_when: no
|
|
|
|
when: (ca_options | combine(item)).system | d(false) == true
|
|
|