roles/trustca: Generic role for adding CA certs

The `trustca` role can be used to add CA certificates to the system
trust store. It requires a variable, `ca`, to be defined, referring to
the name of a file containing a CA certificate to install.

roles/trustca/handlers/main.yml

@@ -0,0 +1,2 @@
+- name: update ca certs
+  command: '{{ ca_update_cmd }}'

roles/trustca/tasks/main.yml

@@ -0,0 +1,16 @@
+- name: load distribution-specific variables
+  include_vars: '{{ item }}'
+  with_first_found:
+  - '{{ ansible_distribution }}.yml'
+  - '{{ ansible_os_family }}.yml'
+  - defaults.yml
+- name: ensure ca cert dir exists
+  file:
+    path={{ ca_store_dir }}
+    state=directory
+- name: ensure ca cert is installed
+  copy:
+    src={{ ca }}.crt
+    dest={{ ca_store_dir }}
+  notify: update ca certs
+- meta: flush_handlers

roles/trustca/vars/CentOS.yml

@@ -0,0 +1,2 @@
+ca_store_dir: /etc/pki/ca-trust/source/anchors
+ca_update_cmd: update-ca-trust

roles/trustca/vars/Fedora.yml

@@ -0,0 +1,2 @@
+ca_store_dir: /etc/pki/ca-trust/source/anchors
+ca_update_cmd: update-ca-trust

roles/trustca/vars/defaults.yml

@@ -0,0 +1,2 @@
+ca_store_dir: /usr/local/share/ca-certificates
+ca_update_cmd: update-ca-certificates