From e2bc722718ef1e767177c3fdac8b70997c849ed6 Mon Sep 17 00:00:00 2001 From: Ranabir Chakraborty Date: Wed, 3 Apr 2024 13:05:05 +0530 Subject: [PATCH] SET-742 Zeus: don't import specific service certificates into truststore --- roles/java_certs/tasks/java_certs.yml | 31 ++------------------------- 1 file changed, 2 insertions(+), 29 deletions(-) diff --git a/roles/java_certs/tasks/java_certs.yml b/roles/java_certs/tasks/java_certs.yml index e87e2d41..8c795122 100644 --- a/roles/java_certs/tasks/java_certs.yml +++ b/roles/java_certs/tasks/java_certs.yml @@ -1,8 +1,8 @@ --- - ansible.builtin.assert: that: - - certificate_list is defined - - certificate_list is iterable + - root_ca_certs is defined + - root_ca_certs is iterable # reset cacerts_file fact between iterations - ansible.builtin.set_fact: @@ -46,20 +46,6 @@ loop_control: loop_var: cert -- name: Remove SSL certificates in {{ jdk.name }} - when: rebuild_keystore|default(false) - community.general.java_cert: - cert_url: "{{ removessl.cert_url }}" - keystore_path: "{{ cacerts_file }}" - cert_alias: "{{ removessl.alias }}" - executable: "{{ jdk.home }}/{{ jdk.name }}/bin/keytool" - keystore_pass: changeit - keystore_create: no - state: absent - with_items: "{{ certificate_list }}" - loop_control: - loop_var: removessl - - name: Import Root CA in {{ jdk.name }} {{ cacerts_file }} community.general.java_cert: cert_path: "{{ jdk_home }}/{{ cert.url | basename }}" @@ -72,16 +58,3 @@ with_items: "{{ root_ca_certs }}" loop_control: loop_var: cert - -- name: Import SSL certificates in {{ jdk.name }} - community.general.java_cert: - cert_url: "{{ importssl.cert_url }}" - keystore_path: "{{ cacerts_file }}" - cert_alias: "{{ importssl.alias }}" - executable: "{{ jdk.home }}/{{ jdk.name }}/bin/keytool" - keystore_pass: changeit - keystore_create: no - state: present - with_items: "{{ certificate_list }}" - loop_control: - loop_var: importssl