Commit 8170880c authored by julian.gethmann's avatar julian.gethmann

Fix lasrepo SSL-Cert issue

parent 5a42a396
......@@ -29,11 +29,6 @@ admin_software:
- ansible-lint
- ansible-inventory-grapher
python_software:
- python3-scipy
- python3-matplotlib
# - anaconda3
desktop_software:
- thunderbird
- firefox
......
......@@ -26,3 +26,7 @@
- name: lock root user
become: yes
shell: passwd -l root
- name: update-ca-trust
become: yes
command: update-ca-trust extract
......@@ -7,4 +7,5 @@
- include: sysupdate.yml
- include: ntp.yml
- include: yumrepos.yml
tags: lasrepo
- include: software.yml
---
- name: download SSL-Cert
#shell: openssl s_client -connect las101.las.kit.edu:443 <<<'' | openssl x509 -out /etc/pki/ca-trust/source/anchors/las101.crt
# shell: echo -n |openssl s_client -connect las101.las.kit.edu:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/pki/ca-trust/source/anchors/las101.pem
shell: echo -n |openssl s_client -connect las101.las.kit.edu:443 -showcerts |sed -n '/^-----BEGIN CERT/,/^-----END CERT/p' > /etc/pki/ca-trust/source/anchors/las101.pem
args:
creates: /etc/pki/ca-trust/source/anchors/las101.pem
become: yes
notify: update-ca-trust
when: (ansible_distribution == "Fedora" or ansible_distribution == "CentOS")
- name: Add LAS dnf repository
yum_repository:
name: lasrepo-nonfree
......@@ -8,6 +18,7 @@
gpgcheck: no
keepalive: yes
keepcache: 0
sslcacert: /etc/pki/ca-trust/source/anchors/las101.pem
become: yes
when: (ansible_distribution == "Fedora" or ansible_distribution == "CentOS")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment