[Install VA Root Certificates] This ansible playbook will download and install the VA root certificates. #va #work #ansible

download-va-certs.yaml

---
- hosts: localhost
  gather_facts: true
  gather_subset: distribution
  become: true

  vars:
    ca_path:
      Alpine: /usr/local/share/ca-certificates
      Ubuntu: /usr/local/share/ca-certificates
      RedHat: /etc/pki/ca-trust/source/anchors

  tasks:
    - name: Install ca package
      package:
        name: ca-certificates
        state: present

    - name: Create VA sub-directory for certificates
      file:
        path: '{{ ca_path[ansible_distribution] }}/va'
        state: directory
        mode: '755'

    - name: Download VA certificates
      get_url:
        url: 'http://crl.pki.va.gov/PKI/AIA/VA/{{ item }}'
        dest: '{{ ca_path[ansible_distribution] }}/va'
        mode: '0444'
      loop:
        - VAInternalRoot.cer
        - VA-Internal-E5-ICA1-v1.cer
        - VA-Internal-E5-RCA1-va.cer
        - VA-Internal-S2-ICA1-v1.cer
        - VA-Internal-S2-ICA2-v1.cer
        - VA-Internal-S2-ICA3-v1.cer
        - VA-Internal-S2-RCA1-v1.cer
      notify:
        - Run update-ca-certificates
        - Run update-ca-trust

  handlers:
    - name: Run update-ca-certificates
      shell: /usr/sbin/update-ca-certificates
      when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Alpine'

    - name: Run update-ca-trust
      shell: /bin/update-ca-trust
      when: ansible_distribution == 'RedHat'