Fix lasrepo SSL-Cert issue

group_vars/all

@@ -29,11 +29,6 @@ admin_software:
   - ansible-lint
   - ansible-inventory-grapher
 
-python_software:
-  - python3-scipy
-  - python3-matplotlib
-  # - anaconda3
-
 desktop_software:
   - thunderbird
   - firefox

roles/common/handlers/main.yml

@@ -26,3 +26,7 @@
 - name: lock root user
   become: yes
   shell: passwd -l root
+
+- name: update-ca-trust
+  become: yes
+  command: update-ca-trust extract

roles/common/tasks/main.yml

@@ -7,4 +7,5 @@
 - include: sysupdate.yml
 - include: ntp.yml
 - include: yumrepos.yml
+  tags: lasrepo
 - include: software.yml

roles/common/tasks/yumrepos.yml

 ---
+- name: download SSL-Cert
+  #shell: openssl s_client -connect las101.las.kit.edu:443 <<<'' | openssl x509 -out /etc/pki/ca-trust/source/anchors/las101.crt
+  # shell: echo -n |openssl s_client -connect las101.las.kit.edu:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/pki/ca-trust/source/anchors/las101.pem
+  shell: echo -n |openssl s_client -connect las101.las.kit.edu:443 -showcerts |sed -n '/^-----BEGIN CERT/,/^-----END CERT/p' > /etc/pki/ca-trust/source/anchors/las101.pem
+  args:
+    creates: /etc/pki/ca-trust/source/anchors/las101.pem
+  become: yes
+  notify: update-ca-trust
+  when: (ansible_distribution == "Fedora" or ansible_distribution == "CentOS")
+
 - name: Add LAS dnf repository
   yum_repository:
     name: lasrepo-nonfree
@@ -8,6 +18,7 @@
     gpgcheck: no
     keepalive: yes
     keepcache: 0
+    sslcacert: /etc/pki/ca-trust/source/anchors/las101.pem
   become: yes
   when: (ansible_distribution == "Fedora" or ansible_distribution == "CentOS")