From 455369c98c021803ce58da044c4dc1032776b303 Mon Sep 17 00:00:00 2001
From: Aaron Guise <aaron.guise@ultrafast.co.nz>
Date: Mon, 23 Nov 2020 14:22:21 +1300
Subject: [PATCH] Initial Commit

---
 README.md                | 40 ++++++++++++++++++++++++++++++++++++++++
 files/ca_certs/README.md |  7 +++++++
 handlers/main.yml        |  4 ++++
 tasks/main.yml           |  9 +++++++++
 4 files changed, 60 insertions(+)
 create mode 100644 README.md
 create mode 100644 files/ca_certs/README.md
 create mode 100644 handlers/main.yml
 create mode 100644 tasks/main.yml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e6747b5
--- /dev/null
+++ b/README.md
@@ -0,0 +1,40 @@
+ansible-role-customca
+=========
+
+This role exists to ensure that internal trusted ca's are added onto Linux hosts (RHEL 6,7 and 8).
+
+Requirements
+------------
+
+The only requirements for this role to function are a CheckMK Enterprise instance.  Configured with a baked updating agent.
+The only requirements for using this role is a folder at your playbook root (files/ca_certs).  
+
+This folder should contain certs you wish to add to the trust store one per file.  
+
+    files/ca_certs/
+    ├── SOME_ISSUING_CA.crt
+    └── SOME-OFFLINE-ROOT-CA.crt
+
+Role Variables
+--------------
+
+There are no Role Variables.  Just relies on the folder structure outlined above
+
+Dependencies
+------------
+
+This role is not dependant on any other. 
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - customca
+
+License
+-------
+
+MIT
diff --git a/files/ca_certs/README.md b/files/ca_certs/README.md
new file mode 100644
index 0000000..3f74485
--- /dev/null
+++ b/files/ca_certs/README.md
@@ -0,0 +1,7 @@
+# files/cacerts
+
+Place in this folder all your ca_certs to trust.  
+
+# Suggested use
+
+Create a folders at the root of your playbook (files/ca_certs) and place all individual certs you wish to trust inside. 
\ No newline at end of file
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..f23edc2
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+  - name: Update Trust Store
+    command: update-ca-trust extract
+    become: true
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..bbd94a4
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+- name: Copy public certificate files
+  copy: 
+    src: ca_certs/
+    dest: /etc/pki/ca-trust/source/anchors
+  become: true
+  notify: Update Trust Store
+
+- meta: flush_handlers