2017-08-30 21:03:22 +08:00
---
- name : Gen_certs | target ca-certificate store file
set_fact :
ca_cert_path : |-
{% if ansible_os_family == "Debian" -%}
/usr/local/share/ca-certificates/etcd-ca.crt
{%- elif ansible_os_family == "RedHat" -%}
/etc/pki/ca-trust/source/anchors/etcd-ca.crt
2020-02-18 16:15:29 +08:00
{%- elif ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk"] -%}
2017-08-30 21:03:22 +08:00
/etc/ssl/certs/etcd-ca.pem
2018-04-26 17:52:06 +08:00
{%- elif ansible_os_family == "Suse" -%}
/etc/pki/trust/anchors/etcd-ca.pem
2018-12-18 17:39:25 +08:00
{%- elif ansible_os_family == "ClearLinux" -%}
/usr/share/ca-certs/etcd-ca.pem
2017-08-30 21:03:22 +08:00
{%- endif %}
2017-10-05 15:43:04 +08:00
tags :
- facts
2017-08-30 21:03:22 +08:00
- name : Gen_certs | add CA to trusted CA dir
copy :
src : "{{ etcd_cert_dir }}/ca.pem"
dest : "{{ ca_cert_path }}"
remote_src : true
register : etcd_ca_cert
2018-04-26 17:52:06 +08:00
- name : Gen_certs | update ca-certificates (Debian/Ubuntu/SUSE/Container Linux by CoreOS)
2017-08-30 21:03:22 +08:00
command : update-ca-certificates
2020-02-18 16:15:29 +08:00
when : etcd_ca_cert.changed and ansible_os_family in ["Debian", "CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "Suse"]
2017-08-30 21:03:22 +08:00
- name : Gen_certs | update ca-certificates (RedHat)
command : update-ca-trust extract
when : etcd_ca_cert.changed and ansible_os_family == "RedHat"
2018-12-18 17:39:25 +08:00
- name : Gen_certs | update ca-certificates (ClearLinux)
command : clrtrust add "{{ ca_cert_path }}"
when : etcd_ca_cert.changed and ansible_os_family == "ClearLinux"