From a6dc9c574e88c400a99556c289ac695461fdf9fc Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mtersmitten@oefenweb.nl>
Date: Wed, 20 Apr 2016 09:39:09 +0200
Subject: [PATCH 1/2] Initial working version

---
 .gitignore        | 30 +++++++++++++++++
 .travis.yml       | 86 +++++++++++++++++++++++++++++++++++++++++++++++
 README.md         | 44 ++++++++++++++++++++++++
 Vagrantfile       | 61 +++++++++++++++++++++++++++++++++
 defaults/main.yml |  3 ++
 files/empty       |  0
 handlers/main.yml |  4 +++
 meta/main.yml     | 22 ++++++++++++
 tasks/main.yml    | 67 ++++++++++++++++++++++++++++++++++++
 templates/empty   |  0
 tests/inventory   |  1 +
 tests/test.yml    | 11 ++++++
 tests/vagrant.yml |  7 ++++
 vars/main.yml     |  7 ++++
 14 files changed, 343 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 .travis.yml
 create mode 100644 README.md
 create mode 100644 Vagrantfile
 create mode 100644 defaults/main.yml
 create mode 100644 files/empty
 create mode 100644 handlers/main.yml
 create mode 100644 meta/main.yml
 create mode 100644 tasks/main.yml
 create mode 100644 templates/empty
 create mode 100644 tests/inventory
 create mode 100644 tests/test.yml
 create mode 100644 tests/vagrant.yml
 create mode 100644 vars/main.yml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f74c83a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,30 @@
+# OS generated files #
+######################
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+Icon?
+ehthumbs.db
+Thumbs.db
+
+# IDE files #
+#################
+/.settings
+/.buildpath
+/.project
+/nbproject
+*.komodoproject
+*.kpf
+/.idea
+
+# Vagrant files #
+.virtualbox/
+.vagrant/
+vagrant_ansible_inventory_*
+ansible.cfg
+
+# Other files #
+###############
+!empty
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..0dbc522
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,86 @@
+---
+sudo: required
+dist: trusty
+
+language: python
+python: "2.7"
+
+env:
+  - ANSIBLE_VERSION=latest
+  - ANSIBLE_VERSION=2.0.2.0
+  - ANSIBLE_VERSION=2.0.1.0
+  - ANSIBLE_VERSION=2.0.0.2
+  - ANSIBLE_VERSION=2.0.0.1
+  - ANSIBLE_VERSION=2.0.0.0
+  - ANSIBLE_VERSION=1.9.6
+  - ANSIBLE_VERSION=1.9.5
+  - ANSIBLE_VERSION=1.9.4
+  - ANSIBLE_VERSION=1.9.3
+  - ANSIBLE_VERSION=1.9.2
+  - ANSIBLE_VERSION=1.9.1
+  - ANSIBLE_VERSION=1.9.0.1
+  - ANSIBLE_VERSION=1.8.4
+  - ANSIBLE_VERSION=1.8.3
+  - ANSIBLE_VERSION=1.8.2
+  - ANSIBLE_VERSION=1.8.1
+  - ANSIBLE_VERSION=1.8
+  - ANSIBLE_VERSION=1.7.2
+  - ANSIBLE_VERSION=1.7.1
+  - ANSIBLE_VERSION=1.7
+  - ANSIBLE_VERSION=1.6.9
+  - ANSIBLE_VERSION=1.6.8
+  - ANSIBLE_VERSION=1.6.7
+  - ANSIBLE_VERSION=1.6.6
+  - ANSIBLE_VERSION=1.6.5
+  - ANSIBLE_VERSION=1.6.4
+  - ANSIBLE_VERSION=1.6.3
+  - ANSIBLE_VERSION=1.6.2
+  - ANSIBLE_VERSION=1.6.10
+  - ANSIBLE_VERSION=1.6.1
+  - ANSIBLE_VERSION=1.6
+
+branches:
+  only:
+    - master
+
+before_install:
+  - sudo apt-get update -qq
+
+  # Remove ca-certificates
+  - sudo apt-get remove --purge --yes ca-certificates
+
+  # Generate ca key and certificate
+  - openssl genrsa -out files/ca-oefenweb-nl.key 2048;
+  - >
+    openssl req \
+      -subj '/C=NL/ST=NH/L=Amsterdam/O=Oefenweb.nl B.V./OU=Systeembeheer/CN=oefenweb.nl/emailAddress=root@oefenweb.nl/' \
+      -x509 -new -nodes \
+      -key files/ca-oefenweb-nl.key \
+      -days 1 \
+      -out files/ca-oefenweb-nl.crt \
+    ;
+
+install:
+  # Install Ansible.
+  - if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install --no-binary ansible ansible; else pip install --no-binary ansible ansible==$ANSIBLE_VERSION; fi
+
+script:
+  # Check the role/playbook's syntax.
+  - ansible-playbook -i tests/inventory tests/test.yml --syntax-check
+
+  # Run the role/playbook with ansible-playbook.
+  - ansible-playbook -i tests/inventory tests/test.yml -vvvv
+
+  # Run the role/playbook again, checking to make sure it's idempotent.
+  - >
+    ansible-playbook -i tests/inventory tests/test.yml
+    | grep -q 'changed=0.*failed=0'
+    && (echo 'Idempotence test: pass' && exit 0)
+    || (echo 'Idempotence test: fail' && exit 1)
+
+notifications:
+  email: false
+  hipchat:
+    rooms:
+      secure: iaja/8Vwt/5H40o47PbPvX1VWMlsjvJQIzkYz3HpVrcqQhf8ttjHr+IOm0SZfho82jCg8gzMID1oHGpUk7mhFxv7pCZiWUacIMsfdWrYkAaHc6wv2gWojPTEI82tRqG7qbCHIQo4gpR2eMqnO6iqUvEUXeGvPjVCRGbzjCPGm4n0/qOn0DGBOCoJEpH0y+R4lorkC5AUwXIzAIIhaEVLQidCInthWilTRrNlIwZu2JDAauYhiIFC/l8AqtuXYX01TCkbhMqZBk6xSfvfeg+Ey76V/34YCUr/zu7xrGsR3swn9siNEPAXYVEt2DbzsZa18FAffczd4G7E2Uo/eeBUiLay61PllP2pdUH7T+YIVSp6WiSHGQR/gpjSFMvS5O7Q2RNcwUfgt8QNlKe1qa9G3tiYxucS5raBmgz+Cx3v/ttDTzoOHusfa/ZemSn7kyqB/QXp/SnX42gNVkJ0WrmGfg2QOfvx0vF+XHJ6Gg6a49tWZJd4+COSj+cpGojxmXZGjoRimT7ezgnEfnsvMRXjd/aHuMFSJbUqnvMoDKymP5TgwVlrYqbSaSq52rAvMSUy6X87M3a/nqTBwXNGFW5567EsiZjwOHPjm2SdnjqGfHFN6z3bidC96emw2BV1/knJxVjyeYwvaEyZQnfdEMPgc+kN5LjWEUO3lLtx5uF1NKo=
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e16ab8c
--- /dev/null
+++ b/README.md
@@ -0,0 +1,44 @@
+## ca-certificates
+
+[![Build Status](https://travis-ci.org/Oefenweb/ansible-ca-certificates.svg?branch=master)](https://travis-ci.org/Oefenweb/ansible-ca-certificates) [![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-ca--certificates-blue.svg)](https://galaxy.ansible.com/Oefenweb/ansible-ca-certificates)
+
+Manage ca-certificates in Debian-like systems.
+
+#### Requirements
+
+None
+
+#### Variables
+
+* `ca_certificates_certificate_map`: [default: `[]`]: Certificate declarations
+* `ca_certificates_certificate_map.{n}.src`: [required]: The local path of the certificate
+* `ca_certificates_certificate_map.{n}.dest`: [required]: The remote path of the certificate (relative to `/usr/share/ca-certificates`)
+
+## Dependencies
+
+None
+
+#### Example
+
+```yaml
+---
+- hosts: all
+  roles:
+    - ca-certificates
+  vars:
+    ca_certificates_map:
+      - src: ca-oefenweb-nl.crt
+        dest: oefenweb/Oefenweb_nl-B_V.crt
+```
+
+#### License
+
+MIT
+
+#### Author Information
+
+Mischa ter Smitten
+
+#### Feedback, bug-reports, requests, ...
+
+Are [welcome](https://github.com/Oefenweb/ansible-ca-certificates/issues)!
diff --git a/Vagrantfile b/Vagrantfile
new file mode 100644
index 0000000..db08a4e
--- /dev/null
+++ b/Vagrantfile
@@ -0,0 +1,61 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby ts=2 sw=2 tw=0 et :
+
+role = File.basename(File.expand_path(File.dirname(__FILE__)))
+
+boxes = [
+  {
+    :name => "ubuntu-1204",
+    :box => "opscode-ubuntu-12.04",
+    :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-12.04_chef-provisionerless.box",
+    :ip => '10.0.0.11',
+    :cpu => "50",
+    :ram => "256"
+  },
+  {
+    :name => "ubuntu-1404",
+    :box => "opscode-ubuntu-14.04",
+    :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-14.04_chef-provisionerless.box",
+    :ip => '10.0.0.12',
+    :cpu => "50",
+    :ram => "256"
+  },
+  {
+    :name => "debian-79",
+    :box => "opscode-debian-7.9",
+    :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-7.9_chef-provisionerless.box",
+    :ip => '10.0.0.14',
+    :cpu => "50",
+    :ram => "256"
+  },
+  {
+    :name => "debian-83",
+    :box => "opscode-debian-8.3",
+    :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-8.3_chef-provisionerless.box",
+    :ip => '10.0.0.15',
+    :cpu => "50",
+    :ram => "256"
+  },
+]
+
+Vagrant.configure("2") do |config|
+  boxes.each do |box|
+    config.vm.define box[:name] do |vms|
+      vms.vm.box = box[:box]
+      vms.vm.box_url = box[:url]
+      vms.vm.hostname = "ansible-#{role}-#{box[:name]}"
+
+      vms.vm.provider "virtualbox" do |v|
+        v.customize ["modifyvm", :id, "--cpuexecutioncap", box[:cpu]]
+        v.customize ["modifyvm", :id, "--memory", box[:ram]]
+      end
+
+      vms.vm.network :private_network, ip: box[:ip]
+
+      vms.vm.provision :ansible do |ansible|
+        ansible.playbook = "tests/vagrant.yml"
+        ansible.verbose = "vv"
+      end
+    end
+  end
+end
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..8c1c4c4
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,3 @@
+# defaults file for ca-certificates
+---
+ca_certificates_certificate_map: []
diff --git a/files/empty b/files/empty
new file mode 100644
index 0000000..e69de29
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..9b8bcb2
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,4 @@
+# handlers file for ca-certificates
+---
+- name: update ca-certificates
+  command: update-ca-certificates
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..de275cf
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,22 @@
+# meta file for ca-certificates
+---
+galaxy_info:
+  author: Mischa ter Smitten
+  company: Oefenweb.nl B.V.
+  description: Manage ca-certificates in Debian-like systems
+  license: MIT
+  min_ansible_version: 1.6
+  platforms:
+    - name: Ubuntu
+      versions:
+        - precise
+        - trusty
+    - name: Debian
+      versions:
+        - wheezy
+        - jessie
+  galaxy_tags:
+    - system
+    - certificates
+    - ssl
+dependencies: []
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..398dc53
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,67 @@
+# tasks file for ca-certificates
+---
+- name: install dependencies
+  apt:
+    name: "{{ item }}"
+    state: latest
+    update_cache: true
+    cache_valid_time: "{{ apt_update_cache_valid_time | default(3600) }}"
+  with_items: "{{ ca_certificates_dependencies }}"
+  tags:
+    - configuration
+    - ca-certificates
+    - ca-certificates-install
+    - ca-certificates-install-dependencies
+
+- name: stat directories
+  stat:
+    path: "{{ ca_certificates_base_dir }}/{{ item.dest | dirname }}"
+  register: stat_directories
+  with_items: "{{ ca_certificates_certificate_map }}"
+  tags:
+    - configuration
+    - ca-certificates
+    - ca-certificates-directories
+    - ca-certificates-directories-stat
+
+- name: create directories
+  file:
+    path: "{{ ca_certificates_base_dir }}/{{ item.item.dest | dirname }}"
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+  with_items: "{{ stat_directories.results | default([]) }}"
+  when: item.stat.exists == false
+  tags:
+    - configuration
+    - ca-certificates
+    - ca-certificates-directories
+    - ca-certificates-directories-create
+
+- name: copy ca files
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ ca_certificates_base_dir }}/{{ item.dest }}"
+    owner: "{{ item.owner | default('root') }}"
+    group: "{{ item.group | default('root') }}"
+    mode: "{{ item.mode | default('0644') }}"
+  with_items: "{{ ca_certificates_certificate_map }}"
+  notify: update ca-certificates
+  tags:
+    - configuration
+    - ca-certificates
+    - ca-certificates-files
+    - ca-certificates-files-copy
+
+- name: trust ca files
+  lineinfile:
+    dest: "{{ ca_certificates_trust_file }}"
+    line: "{{ item.dest }}"
+  with_items: "{{ ca_certificates_certificate_map }}"
+  notify: update ca-certificates
+  tags:
+    - configuration
+    - ca-certificates
+    - ca-certificates-files
+    - ca-certificates-files-trust
diff --git a/templates/empty b/templates/empty
new file mode 100644
index 0000000..e69de29
diff --git a/tests/inventory b/tests/inventory
new file mode 100644
index 0000000..2fbb50c
--- /dev/null
+++ b/tests/inventory
@@ -0,0 +1 @@
+localhost
diff --git a/tests/test.yml b/tests/test.yml
new file mode 100644
index 0000000..d555156
--- /dev/null
+++ b/tests/test.yml
@@ -0,0 +1,11 @@
+# test file for ca-certificates
+---
+- hosts: localhost
+  connection: local
+  sudo: true
+  roles:
+    - ../../
+  vars:
+    ca_certificates_map:
+      - src: ca-oefenweb-nl.crt
+        dest: oefenweb/Oefenweb_nl-B_V.crt
diff --git a/tests/vagrant.yml b/tests/vagrant.yml
new file mode 100644
index 0000000..f8f95cb
--- /dev/null
+++ b/tests/vagrant.yml
@@ -0,0 +1,7 @@
+# test file for ca-certificates
+---
+- hosts: all
+  remote_user: vagrant
+  sudo: true
+  roles:
+    - ../../
diff --git a/vars/main.yml b/vars/main.yml
new file mode 100644
index 0000000..2d84b22
--- /dev/null
+++ b/vars/main.yml
@@ -0,0 +1,7 @@
+# vars file for ca-certificates
+---
+ca_certificates_dependencies:
+  - ca-certificates
+
+ca_certificates_base_dir: /usr/share/ca-certificates
+ca_certificates_trust_file: /etc/ca-certificates.conf

From 5539337c34b3ff2a079a6410fdb5b703a3b3c65b Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mtersmitten@oefenweb.nl>
Date: Wed, 20 Apr 2016 09:43:33 +0200
Subject: [PATCH 2/2] Fixed typo

---
 README.md      | 2 +-
 tests/test.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index e16ab8c..f88d052 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ None
   roles:
     - ca-certificates
   vars:
-    ca_certificates_map:
+    ca_certificates_certificate_map:
       - src: ca-oefenweb-nl.crt
         dest: oefenweb/Oefenweb_nl-B_V.crt
 ```
diff --git a/tests/test.yml b/tests/test.yml
index d555156..9ff4a9f 100644
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -6,6 +6,6 @@
   roles:
     - ../../
   vars:
-    ca_certificates_map:
+    ca_certificates_certificate_map:
       - src: ca-oefenweb-nl.crt
         dest: oefenweb/Oefenweb_nl-B_V.crt