diff options
Diffstat (limited to 'roles/x509/root-ca/tasks/main.yml')
-rw-r--r-- | roles/x509/root-ca/tasks/main.yml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/roles/x509/root-ca/tasks/main.yml b/roles/x509/root-ca/tasks/main.yml new file mode 100644 index 00000000..31aeae39 --- /dev/null +++ b/roles/x509/root-ca/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: create base directory for root ca + file: + path: "/usr/local/share/ca-certificates/{{ x509_root_ca_name }}" + state: directory + +- name: copy certificates for ca + loop: "{{ x509_root_ca_certificates | dict2items }}" + loop_control: + label: "{{ item.key }}" + copy: + src: "{{ item.value.file | default(omit) }}" + content: "{{ item.value.content | default(omit) }}" + dest: "/usr/local/share/ca-certificates/{{ x509_root_ca_name }}/{{ item.key }}.crt" + notify: update ca certificates + +- name: fetch list of currently installed certificates + find: + paths: "/usr/local/share/ca-certificates/{{ x509_root_ca_name }}" + patterns: "*.crt" + register: x509_root_ca_certificates_installed + +- name: remove superflous certificates + loop: "{{ x509_root_ca_certificates_installed.files | map(attribute='path') | map('basename') | map('splitext') | map('first') | difference(x509_root_ca_certificates | list) }}" + file: + path: "/usr/local/share/ca-certificates/{{ x509_root_ca_name }}/{{ item }}.crt" + state: absent + notify: update ca certificates fresh |