diff options
Diffstat (limited to 'roles/x509/root-ca')
-rw-r--r-- | roles/x509/root-ca/defaults/main.yml | 11 | ||||
-rw-r--r-- | roles/x509/root-ca/handlers/main.yml | 6 | ||||
-rw-r--r-- | roles/x509/root-ca/tasks/main.yml | 28 |
3 files changed, 45 insertions, 0 deletions
diff --git a/roles/x509/root-ca/defaults/main.yml b/roles/x509/root-ca/defaults/main.yml new file mode 100644 index 00000000..b9a326ef --- /dev/null +++ b/roles/x509/root-ca/defaults/main.yml @@ -0,0 +1,11 @@ +--- +# x509_root_ca_name: example + +# x509_root_ca_certificates: +# foo: +# content: | +# -----BEGIN CERTIFICATE----- +# ... +# -----END CERTIFICATE----- +# bar: +# file: path/to/cert.pem diff --git a/roles/x509/root-ca/handlers/main.yml b/roles/x509/root-ca/handlers/main.yml new file mode 100644 index 00000000..00e4f625 --- /dev/null +++ b/roles/x509/root-ca/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: update ca certificates fresh + command: update-ca-certificates --fresh + +- name: update ca certificates + command: update-ca-certificates diff --git a/roles/x509/root-ca/tasks/main.yml b/roles/x509/root-ca/tasks/main.yml new file mode 100644 index 00000000..31aeae39 --- /dev/null +++ b/roles/x509/root-ca/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: create base directory for root ca + file: + path: "/usr/local/share/ca-certificates/{{ x509_root_ca_name }}" + state: directory + +- name: copy certificates for ca + loop: "{{ x509_root_ca_certificates | dict2items }}" + loop_control: + label: "{{ item.key }}" + copy: + src: "{{ item.value.file | default(omit) }}" + content: "{{ item.value.content | default(omit) }}" + dest: "/usr/local/share/ca-certificates/{{ x509_root_ca_name }}/{{ item.key }}.crt" + notify: update ca certificates + +- name: fetch list of currently installed certificates + find: + paths: "/usr/local/share/ca-certificates/{{ x509_root_ca_name }}" + patterns: "*.crt" + register: x509_root_ca_certificates_installed + +- name: remove superflous certificates + loop: "{{ x509_root_ca_certificates_installed.files | map(attribute='path') | map('basename') | map('splitext') | map('first') | difference(x509_root_ca_certificates | list) }}" + file: + path: "/usr/local/share/ca-certificates/{{ x509_root_ca_name }}/{{ item }}.crt" + state: absent + notify: update ca certificates fresh |