Merge pull request #1 from Oefenweb/initial-working-version

Initial working version

.gitignore

@@ -0,0 +1,30 @@
+# OS generated files #
+######################
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+Icon?
+ehthumbs.db
+Thumbs.db
+
+# IDE files #
+#################
+/.settings
+/.buildpath
+/.project
+/nbproject
+*.komodoproject
+*.kpf
+/.idea
+
+# Vagrant files #
+.virtualbox/
+.vagrant/
+vagrant_ansible_inventory_*
+ansible.cfg
+
+# Other files #
+###############
+!empty

.travis.yml

@@ -0,0 +1,86 @@
+---
+sudo: required
+dist: trusty
+
+language: python
+python: "2.7"
+
+env:
+  - ANSIBLE_VERSION=latest
+  - ANSIBLE_VERSION=2.0.2.0
+  - ANSIBLE_VERSION=2.0.1.0
+  - ANSIBLE_VERSION=2.0.0.2
+  - ANSIBLE_VERSION=2.0.0.1
+  - ANSIBLE_VERSION=2.0.0.0
+  - ANSIBLE_VERSION=1.9.6
+  - ANSIBLE_VERSION=1.9.5
+  - ANSIBLE_VERSION=1.9.4
+  - ANSIBLE_VERSION=1.9.3
+  - ANSIBLE_VERSION=1.9.2
+  - ANSIBLE_VERSION=1.9.1
+  - ANSIBLE_VERSION=1.9.0.1
+  - ANSIBLE_VERSION=1.8.4
+  - ANSIBLE_VERSION=1.8.3
+  - ANSIBLE_VERSION=1.8.2
+  - ANSIBLE_VERSION=1.8.1
+  - ANSIBLE_VERSION=1.8
+  - ANSIBLE_VERSION=1.7.2
+  - ANSIBLE_VERSION=1.7.1
+  - ANSIBLE_VERSION=1.7
+  - ANSIBLE_VERSION=1.6.9
+  - ANSIBLE_VERSION=1.6.8
+  - ANSIBLE_VERSION=1.6.7
+  - ANSIBLE_VERSION=1.6.6
+  - ANSIBLE_VERSION=1.6.5
+  - ANSIBLE_VERSION=1.6.4
+  - ANSIBLE_VERSION=1.6.3
+  - ANSIBLE_VERSION=1.6.2
+  - ANSIBLE_VERSION=1.6.10
+  - ANSIBLE_VERSION=1.6.1
+  - ANSIBLE_VERSION=1.6
+
+branches:
+  only:
+    - master
+
+before_install:
+  - sudo apt-get update -qq
+
+  # Remove ca-certificates
+  - sudo apt-get remove --purge --yes ca-certificates
+
+  # Generate ca key and certificate
+  - openssl genrsa -out files/ca-oefenweb-nl.key 2048;
+  - >
+    openssl req \
+      -subj '/C=NL/ST=NH/L=Amsterdam/O=Oefenweb.nl B.V./OU=Systeembeheer/CN=oefenweb.nl/[email protected]/' \
+      -x509 -new -nodes \
+      -key files/ca-oefenweb-nl.key \
+      -days 1 \
+      -out files/ca-oefenweb-nl.crt \
+    ;
+
+install:
+  # Install Ansible.
+  - if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install --no-binary ansible ansible; else pip install --no-binary ansible ansible==$ANSIBLE_VERSION; fi
+
+script:
+  # Check the role/playbook's syntax.
+  - ansible-playbook -i tests/inventory tests/test.yml --syntax-check
+
+  # Run the role/playbook with ansible-playbook.
+  - ansible-playbook -i tests/inventory tests/test.yml -vvvv
+
+  # Run the role/playbook again, checking to make sure it's idempotent.
+  - >
+    ansible-playbook -i tests/inventory tests/test.yml
+    | grep -q 'changed=0.*failed=0'
+    && (echo 'Idempotence test: pass' && exit 0)
+    || (echo 'Idempotence test: fail' && exit 1)
+
+notifications:
+  email: false
+  hipchat:
+    rooms:
+      secure: iaja/8Vwt/5H40o47PbPvX1VWMlsjvJQIzkYz3HpVrcqQhf8ttjHr+IOm0SZfho82jCg8gzMID1oHGpUk7mhFxv7pCZiWUacIMsfdWrYkAaHc6wv2gWojPTEI82tRqG7qbCHIQo4gpR2eMqnO6iqUvEUXeGvPjVCRGbzjCPGm4n0/qOn0DGBOCoJEpH0y+R4lorkC5AUwXIzAIIhaEVLQidCInthWilTRrNlIwZu2JDAauYhiIFC/l8AqtuXYX01TCkbhMqZBk6xSfvfeg+Ey76V/34YCUr/zu7xrGsR3swn9siNEPAXYVEt2DbzsZa18FAffczd4G7E2Uo/eeBUiLay61PllP2pdUH7T+YIVSp6WiSHGQR/gpjSFMvS5O7Q2RNcwUfgt8QNlKe1qa9G3tiYxucS5raBmgz+Cx3v/ttDTzoOHusfa/ZemSn7kyqB/QXp/SnX42gNVkJ0WrmGfg2QOfvx0vF+XHJ6Gg6a49tWZJd4+COSj+cpGojxmXZGjoRimT7ezgnEfnsvMRXjd/aHuMFSJbUqnvMoDKymP5TgwVlrYqbSaSq52rAvMSUy6X87M3a/nqTBwXNGFW5567EsiZjwOHPjm2SdnjqGfHFN6z3bidC96emw2BV1/knJxVjyeYwvaEyZQnfdEMPgc+kN5LjWEUO3lLtx5uF1NKo=
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

README.md

@@ -0,0 +1,44 @@
+## ca-certificates
+
+[![Build Status](https://travis-ci.org/Oefenweb/ansible-ca-certificates.svg?branch=master)](https://travis-ci.org/Oefenweb/ansible-ca-certificates) [![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-ca--certificates-blue.svg)](https://galaxy.ansible.com/Oefenweb/ansible-ca-certificates)
+
+Manage ca-certificates in Debian-like systems.
+
+#### Requirements
+
+None
+
+#### Variables
+
+* `ca_certificates_certificate_map`: [default: `[]`]: Certificate declarations
+* `ca_certificates_certificate_map.{n}.src`: [required]: The local path of the certificate
+* `ca_certificates_certificate_map.{n}.dest`: [required]: The remote path of the certificate (relative to `/usr/share/ca-certificates`)
+
+## Dependencies
+
+None
+
+#### Example
+
+```yaml
+---
+- hosts: all
+  roles:
+    - ca-certificates
+  vars:
+    ca_certificates_certificate_map:
+      - src: ca-oefenweb-nl.crt
+        dest: oefenweb/Oefenweb_nl-B_V.crt
+```
+
+#### License
+
+MIT
+
+#### Author Information
+
+Mischa ter Smitten
+
+#### Feedback, bug-reports, requests, ...
+
+Are [welcome](https://github.com/Oefenweb/ansible-ca-certificates/issues)!

Vagrantfile

@@ -0,0 +1,61 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby ts=2 sw=2 tw=0 et :
+
+role = File.basename(File.expand_path(File.dirname(__FILE__)))
+
+boxes = [
+  {
+    :name => "ubuntu-1204",
+    :box => "opscode-ubuntu-12.04",
+    :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-12.04_chef-provisionerless.box",
+    :ip => '10.0.0.11',
+    :cpu => "50",
+    :ram => "256"
+  },
+  {
+    :name => "ubuntu-1404",
+    :box => "opscode-ubuntu-14.04",
+    :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-14.04_chef-provisionerless.box",
+    :ip => '10.0.0.12',
+    :cpu => "50",
+    :ram => "256"
+  },
+  {
+    :name => "debian-79",
+    :box => "opscode-debian-7.9",
+    :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-7.9_chef-provisionerless.box",
+    :ip => '10.0.0.14',
+    :cpu => "50",
+    :ram => "256"
+  },
+  {
+    :name => "debian-83",
+    :box => "opscode-debian-8.3",
+    :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-8.3_chef-provisionerless.box",
+    :ip => '10.0.0.15',
+    :cpu => "50",
+    :ram => "256"
+  },
+]
+
+Vagrant.configure("2") do |config|
+  boxes.each do |box|
+    config.vm.define box[:name] do |vms|
+      vms.vm.box = box[:box]
+      vms.vm.box_url = box[:url]
+      vms.vm.hostname = "ansible-#{role}-#{box[:name]}"
+
+      vms.vm.provider "virtualbox" do |v|
+        v.customize ["modifyvm", :id, "--cpuexecutioncap", box[:cpu]]
+        v.customize ["modifyvm", :id, "--memory", box[:ram]]
+      end
+
+      vms.vm.network :private_network, ip: box[:ip]
+
+      vms.vm.provision :ansible do |ansible|
+        ansible.playbook = "tests/vagrant.yml"
+        ansible.verbose = "vv"
+      end
+    end
+  end
+end

defaults/main.yml

@@ -0,0 +1,3 @@
+# defaults file for ca-certificates
+---
+ca_certificates_certificate_map: []

handlers/main.yml

@@ -0,0 +1,4 @@
+# handlers file for ca-certificates
+---
+- name: update ca-certificates
+  command: update-ca-certificates

meta/main.yml

@@ -0,0 +1,22 @@
+# meta file for ca-certificates
+---
+galaxy_info:
+  author: Mischa ter Smitten
+  company: Oefenweb.nl B.V.
+  description: Manage ca-certificates in Debian-like systems
+  license: MIT
+  min_ansible_version: 1.6
+  platforms:
+    - name: Ubuntu
+      versions:
+        - precise
+        - trusty
+    - name: Debian
+      versions:
+        - wheezy
+        - jessie
+  galaxy_tags:
+    - system
+    - certificates
+    - ssl
+dependencies: []

tasks/main.yml

@@ -0,0 +1,67 @@
+# tasks file for ca-certificates
+---
+- name: install dependencies
+  apt:
+    name: "{{ item }}"
+    state: latest
+    update_cache: true
+    cache_valid_time: "{{ apt_update_cache_valid_time | default(3600) }}"
+  with_items: "{{ ca_certificates_dependencies }}"
+  tags:
+    - configuration
+    - ca-certificates
+    - ca-certificates-install
+    - ca-certificates-install-dependencies
+
+- name: stat directories
+  stat:
+    path: "{{ ca_certificates_base_dir }}/{{ item.dest | dirname }}"
+  register: stat_directories
+  with_items: "{{ ca_certificates_certificate_map }}"
+  tags:
+    - configuration
+    - ca-certificates
+    - ca-certificates-directories
+    - ca-certificates-directories-stat
+
+- name: create directories
+  file:
+    path: "{{ ca_certificates_base_dir }}/{{ item.item.dest | dirname }}"
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+  with_items: "{{ stat_directories.results | default([]) }}"
+  when: item.stat.exists == false
+  tags:
+    - configuration
+    - ca-certificates
+    - ca-certificates-directories
+    - ca-certificates-directories-create
+
+- name: copy ca files
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ ca_certificates_base_dir }}/{{ item.dest }}"
+    owner: "{{ item.owner | default('root') }}"
+    group: "{{ item.group | default('root') }}"
+    mode: "{{ item.mode | default('0644') }}"
+  with_items: "{{ ca_certificates_certificate_map }}"
+  notify: update ca-certificates
+  tags:
+    - configuration
+    - ca-certificates
+    - ca-certificates-files
+    - ca-certificates-files-copy
+
+- name: trust ca files
+  lineinfile:
+    dest: "{{ ca_certificates_trust_file }}"
+    line: "{{ item.dest }}"
+  with_items: "{{ ca_certificates_certificate_map }}"
+  notify: update ca-certificates
+  tags:
+    - configuration
+    - ca-certificates
+    - ca-certificates-files
+    - ca-certificates-files-trust

tests/inventory

@@ -0,0 +1 @@
+localhost

tests/test.yml

@@ -0,0 +1,11 @@
+# test file for ca-certificates
+---
+- hosts: localhost
+  connection: local
+  sudo: true
+  roles:
+    - ../../
+  vars:
+    ca_certificates_certificate_map:
+      - src: ca-oefenweb-nl.crt
+        dest: oefenweb/Oefenweb_nl-B_V.crt

tests/vagrant.yml

@@ -0,0 +1,7 @@
+# test file for ca-certificates
+---
+- hosts: all
+  remote_user: vagrant
+  sudo: true
+  roles:
+    - ../../

vars/main.yml

@@ -0,0 +1,7 @@
+# vars file for ca-certificates
+---
+ca_certificates_dependencies:
+  - ca-certificates
+
+ca_certificates_base_dir: /usr/share/ca-certificates
+ca_certificates_trust_file: /etc/ca-certificates.conf