Allow to run PKI role in check mode

Ignore errors when certifcates were not created yet and we're running in
check mode.
Also always create directories to be able to see if action module
changes anything afterwards.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/837706
Change-Id: Icbcf66bd2bdbdbdabe7cecea640efa020f3225fe

tasks/main_ca.yml

@@ -27,6 +27,7 @@
     - "{{ pki_ca_dirs }}"
   delegate_to: "{{ pki_setup_host }}"
   when: pki_create_ca | bool
+  check_mode: no
 
 - name: Create certificate authorities
   include_tasks: "{{ pki_method }}/create_ca.yml"

tasks/main_certs.yml

@@ -28,6 +28,7 @@
   when: pki_create_certificates | default(true)
   delegate_to: "{{ pki_setup_host }}"
   run_once: yes
+  check_mode: no
 
 - name: Create Server certificates
   include_tasks: "{{ pki_method }}/create_cert.yml"
@@ -45,6 +46,7 @@
     src: "{{ item.src }}"
   register: _cert_slurp
   loop: "{{ _pki_install_certificates_defs }}"
+  ignore_errors: "{{ ansible_check_mode }}"
 
 - name: Create certificate destination directories
   file:
@@ -66,5 +68,6 @@
   loop_control:
     loop_var: install
   no_log: true
+  ignore_errors: "{{ ansible_check_mode }}"
   notify:
     - cert installed

tasks/standalone/create_cert.yml

@@ -61,6 +61,7 @@
         - cert_csr is changed
       notify:
         - cert changed
+      ignore_errors: "{{ ansible_check_mode }}"
 
     - name: Get certificate info for {{ cert.name }}
       openssl_certificate_info:

tasks/standalone/install_ca.yml

@@ -20,6 +20,7 @@
   register: _ca_slurp
   run_once: true
   loop: "{{ _pki_install_ca_defs }}"
+  ignore_errors: "{{ ansible_check_mode }}"
 
 - name: Copy CA certificates to target host
   copy:
@@ -28,6 +29,7 @@
   register: ca_copy
   loop: "{{ _ca_slurp.results | default([]) }}"
   when: item.skipped is not defined
+  ignore_errors: "{{ ansible_check_mode }}"
 
 - name: Update CA store
   command: "{{ pki_ca_install_command[ansible_facts['pkg_mgr']] }}"