# The docker --link functionality gives us an ENV var we can key off of to see if we have access to # the httptester container - set_fact: has_httptester: "{{ lookup('env', 'HTTPTESTER') != '' }}" - name: make sure we have the ansible_os_family and ansible_distribution_version facts setup: gather_subset: distribution when: ansible_facts == {} # If we are running with access to a httptester container, grab it's cacert and install it - block: # Override hostname defaults with httptester linked names - include_vars: httptester.yml # Server 2008 R2 uses a 3rd party program to foward the ports and it may # not be ready straight away, we give it at least 5 minutes before # conceding defeat - name: make sure the port forwarder is active - Windows win_wait_for: host: ansible.http.tests port: 80 state: started timeout: 300 when: ansible_os_family == 'Windows' - name: RedHat - Enable the dynamic CA configuration feature command: update-ca-trust force-enable when: ansible_os_family == 'RedHat' - name: RedHat - Retrieve test cacert get_url: url: "http://ansible.http.tests/cacert.pem" dest: "/etc/pki/ca-trust/source/anchors/ansible.pem" when: ansible_os_family == 'RedHat' - name: Get client cert/key get_url: url: "http://ansible.http.tests/{{ item }}" dest: "{{ remote_tmp_dir }}/{{ item }}" when: ansible_os_family != 'Windows' with_items: - client.pem - client.key - name: Windows - Get client cert/key win_get_url: url: http://ansible.http.tests/{{ item }} dest: '{{ win_output_dir }}\{{ item }}' register: win_download # Server 2008 R2 is slightly slower, we attempt 5 retries retries: 5 until: win_download is successful when: ansible_os_family == 'Windows' with_items: - client.pem - client.key - name: Suse - Retrieve test cacert get_url: url: "http://ansible.http.tests/cacert.pem" dest: "/etc/pki/trust/anchors/ansible.pem" when: ansible_os_family == 'Suse' - name: Debian - Retrieve test cacert get_url: url: "http://ansible.http.tests/cacert.pem" dest: "/usr/local/share/ca-certificates/ansible.crt" when: ansible_os_family == 'Debian' - name: Windows - Retrieve test cacert win_get_url: url: http://ansible.http.tests/cacert.pem dest: '{{ win_output_dir }}\cacert.pem' when: ansible_os_family == 'Windows' - name: Redhat - Update ca trust command: update-ca-trust extract when: ansible_os_family == 'RedHat' - name: Debian/Suse - Update ca certificates command: update-ca-certificates when: ansible_os_family == 'Debian' or ansible_os_family == 'Suse' - name: Windows - Update ca trust win_certificate_store: path: '{{ win_output_dir }}\cacert.pem' state: present store_location: LocalMachine store_name: Root when: ansible_os_family == 'Windows' - name: FreeBSD - Retrieve test cacert get_url: url: "http://ansible.http.tests/cacert.pem" dest: "/tmp/ansible.pem" when: ansible_os_family == 'FreeBSD' - name: FreeBSD - Add cacert to root certificate store blockinfile: path: "/etc/ssl/cert.pem" block: "{{ lookup('file', '/tmp/ansible.pem') }}" when: ansible_os_family == 'FreeBSD' - name: MacOS - Retrieve test cacert get_url: url: "http://ansible.http.tests/cacert.pem" dest: "/usr/local/etc/openssl/certs/ansible.pem" when: ansible_os_family == 'Darwin' - name: MacOS - Update ca certificates command: /usr/local/opt/openssl/bin/c_rehash when: ansible_os_family == 'Darwin' when: - has_httptester|bool # skip the setup if running on Windows Server 2008 as httptester is not available - ansible_os_family != 'Windows' or (ansible_os_family == 'Windows' and not ansible_distribution_version.startswith("6.0."))