mirror of https://github.com/ansible/ansible.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 lines
2.3 KiB
YAML
74 lines
2.3 KiB
YAML
- name: RedHat - Enable the dynamic CA configuration feature
|
|
command: update-ca-trust force-enable
|
|
when: ansible_os_family == 'RedHat'
|
|
|
|
- name: RedHat - Retrieve test cacert
|
|
get_url:
|
|
url: "http://ansible.http.tests/cacert.pem"
|
|
dest: "/etc/pki/ca-trust/source/anchors/ansible.pem"
|
|
when: ansible_os_family == 'RedHat'
|
|
|
|
- name: Get client cert/key
|
|
get_url:
|
|
url: "http://ansible.http.tests/{{ item }}"
|
|
dest: "{{ remote_tmp_dir }}/{{ item }}"
|
|
with_items:
|
|
- client.pem
|
|
- client.key
|
|
|
|
- name: Suse - Retrieve test cacert
|
|
get_url:
|
|
url: "http://ansible.http.tests/cacert.pem"
|
|
dest: "/etc/pki/trust/anchors/ansible.pem"
|
|
when: ansible_os_family == 'Suse'
|
|
|
|
- name: Debian/Alpine - Retrieve test cacert
|
|
get_url:
|
|
url: "http://ansible.http.tests/cacert.pem"
|
|
dest: "/usr/local/share/ca-certificates/ansible.crt"
|
|
when: ansible_os_family in ['Debian', 'Alpine']
|
|
|
|
- name: Redhat - Update ca trust
|
|
command: update-ca-trust extract
|
|
when: ansible_os_family == 'RedHat'
|
|
|
|
- name: Debian/Alpine/Suse - Update ca certificates
|
|
command: update-ca-certificates
|
|
when: ansible_os_family in ['Debian', 'Alpine', 'Suse']
|
|
|
|
- name: Update cacert
|
|
when: ansible_os_family in ['FreeBSD', 'Darwin']
|
|
block:
|
|
- name: Retrieve test cacert
|
|
uri:
|
|
url: "http://ansible.http.tests/cacert.pem"
|
|
return_content: true
|
|
register: cacert_pem
|
|
|
|
- name: Get cafile and capath
|
|
command: '{{ ansible_python_interpreter }} -c "import ssl, json; paths = ssl.get_default_verify_paths(); print(json.dumps(dict(cafile=paths.cafile, capath=paths.capath)));"'
|
|
register: capaths
|
|
|
|
- name: Parse cafile and capath
|
|
set_fact:
|
|
capaths: "{{ capaths.stdout | from_json }}"
|
|
|
|
- name: Add cacert to capath
|
|
copy:
|
|
content: "{{ cacert_pem.content }}"
|
|
dest: "{{ capaths.capath }}/ansible-http-test.pem"
|
|
notify: Remove cacert from capath
|
|
when: capaths.capath is not none
|
|
|
|
- name: Register cacert
|
|
command: openssl rehash {{ capaths.capath }}
|
|
notify: Unregister cacert
|
|
when: capaths.capath is not none
|
|
|
|
- name: Add cacert to cafile
|
|
blockinfile:
|
|
path: "{{ capaths.cafile }}"
|
|
block: "{{ cacert_pem.content }}"
|
|
notify: Remove cacert from cafile
|
|
when: capaths.capath is none
|