diff --git a/group_vars/all b/group_vars/all index 694813bb1b21787e038ed3d174e95cc5def32b0f..bbea0714d8a2b88a3bac149a85d1f417e036a682 100644 --- a/group_vars/all +++ b/group_vars/all @@ -29,11 +29,6 @@ admin_software: - ansible-lint - ansible-inventory-grapher -python_software: - - python3-scipy - - python3-matplotlib - # - anaconda3 - desktop_software: - thunderbird - firefox diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index dd9db74bf3859d0cdb0988787e14e79b4c66518d..5e89703038505094bab27798d49204fd451821b1 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -26,3 +26,7 @@ - name: lock root user become: yes shell: passwd -l root + +- name: update-ca-trust + become: yes + command: update-ca-trust extract diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 457bef57f00a483ca0fa5ed5a0c16d1760485464..cffa84c1df438a362e5153892eb0d5a2123519b3 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -7,4 +7,5 @@ - include: sysupdate.yml - include: ntp.yml - include: yumrepos.yml + tags: lasrepo - include: software.yml diff --git a/roles/common/tasks/yumrepos.yml b/roles/common/tasks/yumrepos.yml index a7a740b1e93c4c2950616a3c2e93944d9c229b26..000ea1a6c46a935b7243ce0c596df607ccb60584 100644 --- a/roles/common/tasks/yumrepos.yml +++ b/roles/common/tasks/yumrepos.yml @@ -1,4 +1,14 @@ --- +- name: download SSL-Cert + #shell: openssl s_client -connect las101.las.kit.edu:443 <<<'' | openssl x509 -out /etc/pki/ca-trust/source/anchors/las101.crt + # shell: echo -n |openssl s_client -connect las101.las.kit.edu:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/pki/ca-trust/source/anchors/las101.pem + shell: echo -n |openssl s_client -connect las101.las.kit.edu:443 -showcerts |sed -n '/^-----BEGIN CERT/,/^-----END CERT/p' > /etc/pki/ca-trust/source/anchors/las101.pem + args: + creates: /etc/pki/ca-trust/source/anchors/las101.pem + become: yes + notify: update-ca-trust + when: (ansible_distribution == "Fedora" or ansible_distribution == "CentOS") + - name: Add LAS dnf repository yum_repository: name: lasrepo-nonfree @@ -8,6 +18,7 @@ gpgcheck: no keepalive: yes keepcache: 0 + sslcacert: /etc/pki/ca-trust/source/anchors/las101.pem become: yes when: (ansible_distribution == "Fedora" or ansible_distribution == "CentOS")