tripleo-ansible/tripleo_ansible/roles/tripleo_update_trusted_cas/molecule/default/converge.yml

114 lines
5.8 KiB
YAML

---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
vars:
tripleo_update_trusted_cas_ca_map:
ca1:
content: |
-----BEGIN CERTIFICATE-----
MIIDkTCCAnmgAwIBAgIUbRyjH5xf0yGj7larMhEDIrvOgo4wDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMRAwDgYDVQQHDAdSYWxlaWdo
MRQwEgYDVQQKDAtleGFtcGxlLmNvbTEUMBIGA1UEAwwLZXhhbXBsZS5jb20wHhcN
MjAwNzI4MTYxNDM0WhcNMjUwNzI3MTYxNDM0WjBYMQswCQYDVQQGEwJVUzELMAkG
A1UECAwCTkMxEDAOBgNVBAcMB1JhbGVpZ2gxFDASBgNVBAoMC2V4YW1wbGUuY29t
MRQwEgYDVQQDDAtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAOqk0OJOAa64bjF0k4MFJNZrzEsv1/UBReUF3c7NiYLayy5uk9DJghOH
Ic2Nphyafd4EvcoMkoBUe802iOW5zKjIgza/hVtcC6PPWbhkBdGpx832idjrXnWj
EBSbBZLY3Usikp3va9+7mCLcjnBQZ6ngSiqGnSpWhqvtm4eEIi9+CbmfBtWiBBK+
w1glCQY/FZdGcJ0W0XgHLI06muSMujENMjSHiODqCx7QA/aNnW0RiYTENtS1yRdd
8CIGGEf3HkvFFfwrZH6Qj4KW+0GXPkI6VzJCDsVL1YRuayTZl9rn9uGZDOdcljgb
RwbxHQTM3qGvNz2ErhG7PXs0lj/36AECAwEAAaNTMFEwHQYDVR0OBBYEFD8ANnVk
DhcDFLcj0uC3lCG9PMIkMB8GA1UdIwQYMBaAFD8ANnVkDhcDFLcj0uC3lCG9PMIk
MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGsrBZO/vU57lzXh
rFqH8LLPdR8E7amcDj9KZXVLPZlU5DHeyFVbCQ4qq1/p9uCFiJ+VfNKbB1BQW6ds
kK+v7aUmloFS2Yy2cp73CdgXnktglLLxcfp9nCezK+eBsdtAgD0tOSw68rm4Bavd
2sGwTmOHNLllcOaH0yIL6lFWPeNNnEN4/YrKoe12z/aTLcJsMjn4kB3G/CHSZWIf
T0W5eurx1BCXJmSZb3SBuAB0s3K0m2aggZvzLKtYT0f4vnmjeJ4rw0KPGF7bRmxE
tU0ysc4zecSShj3KcwzV5mV6ZhS3TVq4nHgK8m3vv49aGT8ZCLqGFLxKssqg5NFR
A9Z4Owk=
-----END CERTIFICATE-----
ca2:
content: |
-----BEGIN CERTIFICATE-----
MIIDoTCCAomgAwIBAgIUVk/ek5wON2pd8PYSsULNSVag09MwDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJh
bmNpc2NvMRUwEwYDVQQKDAxleGFtcGxlMi5jb20xFTATBgNVBAMMDGV4YW1wbGUy
LmNvbTAeFw0yMDA3MjgxNjE3NDNaFw0yNTA3MjcxNjE3NDNaMGAxCzAJBgNVBAYT
AlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEVMBMGA1UE
CgwMZXhhbXBsZTIuY29tMRUwEwYDVQQDDAxleGFtcGxlMi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqpNDiTgGuuG4xdJODBSTWa8xLL9f1AUXl
Bd3OzYmC2ssubpPQyYIThyHNjaYcmn3eBL3KDJKAVHvNNojlucyoyIM2v4VbXAuj
z1m4ZAXRqcfN9onY6151oxAUmwWS2N1LIpKd72vfu5gi3I5wUGep4Eoqhp0qVoar
7ZuHhCIvfgm5nwbVogQSvsNYJQkGPxWXRnCdFtF4ByyNOprkjLoxDTI0h4jg6gse
0AP2jZ1tEYmExDbUtckXXfAiBhhH9x5LxRX8K2R+kI+ClvtBlz5COlcyQg7FS9WE
bmsk2Zfa5/bhmQznXJY4G0cG8R0EzN6hrzc9hK4Ruz17NJY/9+gBAgMBAAGjUzBR
MB0GA1UdDgQWBBQ/ADZ1ZA4XAxS3I9Lgt5QhvTzCJDAfBgNVHSMEGDAWgBQ/ADZ1
ZA4XAxS3I9Lgt5QhvTzCJDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
A4IBAQBZJF7ryuUD03wxwb4NMyR4AVG0C64/HFDLb+z+6Y6nEWhqFrrDVzVfjF34
vSf7jTx7tckSf0zfRoqnn0q+gqsb0ELenHpmZrMNf6E1GNJIYBsitpV2JB9PPhAi
8aJAyO9Vbe58+kNgGp/3HV5VZgau65HmJjT/a4PJGj6hu/u5dfFo5CdQ3lXyv4sA
VobNkc0Wwwlr1M1a6zDZKoY/hErGsj4py/k59TKQvmL1EVNAovb/lk8GomgI9+Sv
7gnsmyBykIQR1jOU/WadcZgdHw6/jdaksDHvwXH1Ome8JcSgV/E9yP+cf4Es/jku
5fLS6gSAaX1GrrRxqvXNhjvAqb/b
-----END CERTIFICATE-----
ca3:
content: |
-----BEGIN CERTIFICATE-----
MIIDlzCCAn+gAwIBAgIUQYteZnUZo35iDToskO1lP/FVNDAwDQYJKoZIhvcNAQEL
BQAwWzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMREwDwYDVQQHDAhOZXcgWW9y
azEVMBMGA1UECgwMZXhhbXBsZTMuY29tMRUwEwYDVQQDDAxleGFtcGxlMy5jb20w
HhcNMjAwNzI4MTYyMDMwWhcNMjUwNzI3MTYyMDMwWjBbMQswCQYDVQQGEwJVUzEL
MAkGA1UECAwCTlkxETAPBgNVBAcMCE5ldyBZb3JrMRUwEwYDVQQKDAxleGFtcGxl
My5jb20xFTATBgNVBAMMDGV4YW1wbGUzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOqk0OJOAa64bjF0k4MFJNZrzEsv1/UBReUF3c7NiYLayy5u
k9DJghOHIc2Nphyafd4EvcoMkoBUe802iOW5zKjIgza/hVtcC6PPWbhkBdGpx832
idjrXnWjEBSbBZLY3Usikp3va9+7mCLcjnBQZ6ngSiqGnSpWhqvtm4eEIi9+Cbmf
BtWiBBK+w1glCQY/FZdGcJ0W0XgHLI06muSMujENMjSHiODqCx7QA/aNnW0RiYTE
NtS1yRdd8CIGGEf3HkvFFfwrZH6Qj4KW+0GXPkI6VzJCDsVL1YRuayTZl9rn9uGZ
DOdcljgbRwbxHQTM3qGvNz2ErhG7PXs0lj/36AECAwEAAaNTMFEwHQYDVR0OBBYE
FD8ANnVkDhcDFLcj0uC3lCG9PMIkMB8GA1UdIwQYMBaAFD8ANnVkDhcDFLcj0uC3
lCG9PMIkMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJSL5k5q
V+wfsPhp5kQX4V/aEH0O02Ka8f9HvGcohT/PqFltSIY2LNJvoksgIBFja/UhDtUB
cqmK3v+l4C/vIy6S6ouajtRYQ7VmGLxgOg3btPtfPjrFFYH9AwSqwb4w70rCt7EF
CTv2yt6Arjp08BauwqwIQmlhBcmjsNa4/1v0kWlAmT4YOi6iXFN1lqBu4gZw4XDI
4UWJIKkcJIYwXV+wU9WRAu9cNtJyAtanoPXVdsk/zwlmp4rgUOg4ttaY1SekIdC1
z2HOmlkvCVkyuJaHvAwWmUGxMTudLlqQACSHAhprn+r2sKMoCC49j1p1XXR7YVPc
c6FIoPXPEidXLGw=
-----END CERTIFICATE-----
tasks:
- import_role:
name: "tripleo_update_trusted_cas"
- name: check if anchor file created
stat:
path: "/etc/pki/ca-trust/source/anchors/{{item}}.pem"
register: stat_ca
failed_when: not stat_ca.stat.exists
loop: ['ca1', 'ca2', 'ca3']
- name: check if contents in extracted pem
lineinfile:
name: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
line: "# {{item}}"
state: present
check_mode: true
register: conf
failed_when: (conf is changed) or (conf is failed)
loop: ['example.com', 'example2.com', 'example3.com']