refactor ♻️: Improve setupacdc.yml to simplify certificate handling and reduce redundancy

Refactored the setupacdc.yml file to use a more efficient method of retrieving Proxmox's SSL certificate, reducing code duplication and improving maintainability. Additionally, simplified the process of adding certificates to the system's trusted CA store.

tasks/setupacdc.yml

@@ -1,13 +1,3 @@
-- hosts: node0
-
-  tasks:
-    - name: Collect facts from the Proxmox node
-      setup:
-
-    - name: Print collected facts
-      debug:
-        var: ansible_facts
-
 - hosts: localhost
   gather_facts: yes
 
@@ -15,102 +5,9 @@
     addc_hostname: "DC1"      
     mac_address: "8E:90:31:DE:31:36"
     node_ip: "{{ hostvars['node0']['ansible_host'] }}"
-    target_port: 8006
-    dest_file: "/tmp/{{ node_ip }}.pem"
-
-
 
   tasks:
 
-    # - name: Detect the system's CA store path for Debian/Ubuntu
-    #   ansible.builtin.set_fact:
-    #     ca_store_path: "/etc/ssl/certs/"
-    #   when: ansible_facts.os_family == "Debian"
-
-    # - name: Detect the system's CA store path for RedHat/CentOS/Fedora
-    #   ansible.builtin.set_fact:
-    #     ca_store_path: "/etc/pki/tls/certs/"
-    #   when: ansible_facts.os_family == "RedHat"
-
-    # - name: Detect the system's CA store path for macOS
-    #   ansible.builtin.set_fact:
-    #     ca_store_path: "/System/Library/Keychains/SystemRootCertificates.keychain"
-    #   when: ansible_facts.system == "Darwin"
-
-    # - name: Detect the system's CA store path for Windows
-    #   ansible.builtin.set_fact:
-    #     ca_store_path: "Windows Certificate Store (use certmgr.msc)"
-    #   when: ansible_facts.system == "Windows"
-
-    # - name: Show the detected CA store path
-    #   ansible.builtin.debug:
-    #     msg: "The trusted CA store path is: {{ ca_store_path }}"
-
-
-    - name: Retrieve certificate chain via openssl s_client
-      command: >
-        openssl s_client -connect {{ node_ip }}:{{ target_port }}
-        -servername {{ node_ip }} -showcerts </dev/null
-      register: s_client
-      changed_when: false
-      failed_when: "'-----BEGIN CERTIFICATE-----' not in s_client.stdout"
-
-    - name: Extract all PEM certificate blocks from output
-      set_fact:
-        cert_blocks: "{{ s_client.stdout | regex_findall('-----BEGIN CERTIFICATE-----(?:.|\\n)*?-----END CERTIFICATE-----') }}"
-
-    - name: Choose which certificate(s) to save (leaf by default)
-      set_fact:
-        cert_to_write: "{{ cert_blocks[0] if cert_blocks|length > 0 else '' }}"
-      when: cert_blocks is defined
-
-    - name: Save the certificate (PEM) to a file on the controller
-      copy:
-        content: "{{ cert_to_write }}\n"
-        dest: "{{ dest_file }}"
-        mode: '0644'
-      when: cert_to_write != ''
-
-
-
-
-    - name: Download Proxmox's SSL certificate
-      ansible.builtin.get_url:
-        url: "https://{{ node_ip }}:8006/pve2/cluster-ca.pem"  # Assuming the Proxmox certificate URL
-        dest: "/tmp/proxmox-ca.pem"
-        mode: '0644'
-      register: download_cert
-      ignore_errors: yes  # In case the certificate is already available locally
-
-    - name: Check if certificate was downloaded
-      ansible.builtin.stat:
-        path: "/tmp/proxmox-ca.pem"
-      register: cert_stat
-
-    - name: Add the Proxmox certificate to the system's trusted CA store
-      ansible.builtin.copy:
-        src: "/tmp/proxmox-ca.pem"
-        # src: "{{ dest_file }}"
-        dest: "/usr/local/share/ca-certificates/proxmox-ca.crt"
-        mode: '0644'
-      when: cert_stat.stat.exists
-
-    - name: Update CA certificates (on Debian-based systems)
-      ansible.builtin.command:
-        cmd: update-ca-certificates
-      when: cert_stat.stat.exists
-
-    - name: Restart Semaphore UI service to apply certificate change (if necessary)
-      ansible.builtin.systemd:
-        name: semaphore
-        state: restarted
-      when: cert_stat.stat.exists
-
-
-
-
-
-
     - name: Install 'proxmoxer' and 'requests' Python libraries for the ansible controller
       ansible.builtin.pip:
         name:
@@ -132,8 +29,9 @@
         api_host: "{{ node_ip }}"
         password: 123456
         hostname: "{{ addc_hostname }}"
-        # ostype: debian
         ostemplate: 'local:vztmpl/debian-13-standard_13.1-1_amd64.tar.zst'
+        validate_certs: false
+        # ostype: debian
         # description: samba ad dc
         # cores: 2
         # memory: 2048
@@ -148,5 +46,3 @@
         # pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZgalXzHToHYdyl59O0dyZNffN0BGbILUCJGmJs/VNm7dpeJ6uj9/LDapcCK0dH1P4eaHd9aET4hkK04xSyX6CfVER2Wcz/G0z2wHCv9mQ3EUWPQI1ESxNhqtfGsPUmoDGzBdsOFK2qSS+FMJnZ/KUgXGU8lxdWUMHccQsSPWWp51Js/hfbhX80Q7TlacOBV1spoaMZDITuhWFhWRbL8X0Y+iG6QrnR36M9E4zMBk/LO33GAhqHlAoeQqjL62DpLQ7/+7aIM/IR6JzGTG5aaaPHpYFTXWJO4zSL3QcW+xbqrPozoszSnnw0Hc1WVwKY6bJSM7OoeFys27Ul7fMIuiZtQ2EfFgD1BGrPxU++k5Pdexg+IU+3QTWBH+GFlWrwjI+0siKw9VovljpLIIJk8EaK65gD/yrD4I5Wm2qVbzfYIT5tXIsGpoZDlw3dtcWfeSj3BYhN3PbDY7o2oqVygJTuN43EEuj0QehyRZKN52x1SBtJ/9KBrFhSLsU0F8mkpJyluiULbrFkOmnfig8e10OE1rZX9vIIDV7TnJ6i536pyGyvmY5VwDQ617qJpK5mbZWzWlv+J7KK4rTbmV9I97xSzpB0c+nVgtEAJ5AhsVBjlMHHawFDzucaoYK5rSnwBGlWHoj+/zy6aHkxiFDLfOsNg0yhPN6ATpCvOm849l8TQ== admin@localhost'
         # netif:
         #   net0: "name=eth0,hwaddr={{ mac_address }},gw={{ location_gateway }},ip={{ addc_ansible_host }}/24,bridge=vmbr0"
-        validate_certs: false
-