Last active
February 21, 2020 16:59
-
-
Save zanloy/2d22fd7149ceb890945adece6ea314b4 to your computer and use it in GitHub Desktop.
[Install VA Root Certificates] This ansible playbook will download and install the VA root certificates. #va #work #ansible
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- hosts: localhost | |
gather_facts: true | |
gather_subset: distribution | |
become: true | |
vars: | |
ca_path: | |
Alpine: /usr/local/share/ca-certificates | |
Ubuntu: /usr/local/share/ca-certificates | |
RedHat: /etc/pki/ca-trust/source/anchors | |
tasks: | |
- name: Install ca package | |
package: | |
name: ca-certificates | |
state: present | |
- name: Create VA sub-directory for certificates | |
file: | |
path: '{{ ca_path[ansible_distribution] }}/va' | |
state: directory | |
mode: '755' | |
- name: Download VA certificates | |
get_url: | |
url: 'http://crl.pki.va.gov/PKI/AIA/VA/{{ item }}' | |
dest: '{{ ca_path[ansible_distribution] }}/va' | |
mode: '0444' | |
loop: | |
- VAInternalRoot.cer | |
- VA-Internal-E5-ICA1-v1.cer | |
- VA-Internal-E5-RCA1-va.cer | |
- VA-Internal-S2-ICA1-v1.cer | |
- VA-Internal-S2-ICA2-v1.cer | |
- VA-Internal-S2-ICA3-v1.cer | |
- VA-Internal-S2-RCA1-v1.cer | |
notify: | |
- Run update-ca-certificates | |
- Run update-ca-trust | |
handlers: | |
- name: Run update-ca-certificates | |
shell: /usr/sbin/update-ca-certificates | |
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Alpine' | |
- name: Run update-ca-trust | |
shell: /bin/update-ca-trust | |
when: ansible_distribution == 'RedHat' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment