commit 455369c98c021803ce58da044c4dc1032776b303 Author: Aaron Guise Date: Mon Nov 23 14:22:21 2020 +1300 Initial Commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..e6747b5 --- /dev/null +++ b/README.md @@ -0,0 +1,40 @@ +ansible-role-customca +========= + +This role exists to ensure that internal trusted ca's are added onto Linux hosts (RHEL 6,7 and 8). + +Requirements +------------ + +The only requirements for this role to function are a CheckMK Enterprise instance. Configured with a baked updating agent. +The only requirements for using this role is a folder at your playbook root (files/ca_certs). + +This folder should contain certs you wish to add to the trust store one per file. + + files/ca_certs/ + ├── SOME_ISSUING_CA.crt + └── SOME-OFFLINE-ROOT-CA.crt + +Role Variables +-------------- + +There are no Role Variables. Just relies on the folder structure outlined above + +Dependencies +------------ + +This role is not dependant on any other. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - customca + +License +------- + +MIT diff --git a/files/ca_certs/README.md b/files/ca_certs/README.md new file mode 100644 index 0000000..3f74485 --- /dev/null +++ b/files/ca_certs/README.md @@ -0,0 +1,7 @@ +# files/cacerts + +Place in this folder all your ca_certs to trust. + +# Suggested use + +Create a folders at the root of your playbook (files/ca_certs) and place all individual certs you wish to trust inside. \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..f23edc2 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,4 @@ +--- + - name: Update Trust Store + command: update-ca-trust extract + become: true diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..bbd94a4 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- name: Copy public certificate files + copy: + src: ca_certs/ + dest: /etc/pki/ca-trust/source/anchors + become: true + notify: Update Trust Store + +- meta: flush_handlers