feat ✨: Added detection of system's CA store path for various OS families

This commit introduces new tasks to detect and set the trusted CA store path based on the operating system family. The changes include adding support for Debian/Ubuntu, RedHat/CentOS/Fedora, macOS, and Windows systems. Additionally, it downloads Proxmox's SSL certificate and adds it to the system's trusted CA store.
2025-11-01 12:26:37 +01:00
parent 19f66e4a37
commit c4d76c5cb1
1 changed files with 58 additions and 0 deletions
--- a/tasks/setupacdc.yml
+++ b/tasks/setupacdc.yml
@@ -7,6 +7,64 @@
    node_ip: "{{ hostvars['node0']['ansible_host'] }}"

  tasks:
+
+    - name: Detect the system's CA store path for Debian/Ubuntu
+      ansible.builtin.set_fact:
+        ca_store_path: "/etc/ssl/certs/"
+      when: ansible_facts.os_family == "Debian"
+
+    - name: Detect the system's CA store path for RedHat/CentOS/Fedora
+      ansible.builtin.set_fact:
+        ca_store_path: "/etc/pki/tls/certs/"
+      when: ansible_facts.os_family == "RedHat"
+
+    - name: Detect the system's CA store path for macOS
+      ansible.builtin.set_fact:
+        ca_store_path: "/System/Library/Keychains/SystemRootCertificates.keychain"
+      when: ansible_facts.system == "Darwin"
+
+    - name: Detect the system's CA store path for Windows
+      ansible.builtin.set_fact:
+        ca_store_path: "Windows Certificate Store (use certmgr.msc)"
+      when: ansible_facts.system == "Windows"
+
+    - name: Show the detected CA store path
+      ansible.builtin.debug:
+        msg: "The trusted CA store path is: {{ ca_store_path }}"
+
+
+
+    - name: Download Proxmox's SSL certificate
+      ansible.builtin.get_url:
+        url: "https://{{ node_ip }}:8006/pve2/cluster-ca.pem"  # Assuming the Proxmox certificate URL
+        dest: "/tmp/proxmox-ca.pem"
+        mode: '0644'
+      register: download_cert
+      ignore_errors: yes  # In case the certificate is already available locally
+
+    - name: Check if certificate was downloaded
+      ansible.builtin.stat:
+        path: "/tmp/proxmox-ca.pem"
+      register: cert_stat
+
+    - name: Add the Proxmox certificate to the system's trusted CA store
+      ansible.builtin.copy:
+        src: "/tmp/proxmox-ca.pem"
+        dest: "/usr/local/share/ca-certificates/proxmox-ca.crt"
+        mode: '0644'
+      when: cert_stat.stat.exists
+
+    - name: Update CA certificates (on Debian-based systems)
+      ansible.builtin.command:
+        cmd: update-ca-certificates
+      when: cert_stat.stat.exists
+
+    - name: Restart Semaphore UI service to apply certificate change (if necessary)
+      ansible.builtin.systemd:
+        name: semaphore
+        state: restarted
+      when: cert_stat.stat.exists
+
    - name: Install 'proxmoxer' and 'requests' Python libraries for the ansible controller
      ansible.builtin.pip:
        name: