Add pki_system_ca_certificates_download_all_hosts_force

debops · drybjed · Sep 26, 2016 · Aug 14, 2016 · Aug 14, 2016 · Aug 14, 2016
commit 23b4c42b14430ee7dca647d8921b2a3363b2b771
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -29,6 +29,8 @@ Added
 
 - Allow to disable CA certificates download for the different levels. [ypid_]
 
+- Added :envvar:`pki_system_ca_certificates_download_all_hosts_force`. [ypid_]
+
 Changed
 ~~~~~~~
 

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -718,4 +718,13 @@ pki_system_ca_certificates_download_by_group: '{{ pki_enabled|bool }}'
 # hosts.
 pki_system_ca_certificates_download_all_hosts: '{{ pki_enabled|bool }}'
 
+
+# .. envvar:: pki_system_ca_certificates_download_all_hosts_force
+#
+# If ``True``, force the download of CA certificates intended for all hosts.
+# Note that this will overwrite by-host and by-group CA certificates.
+# This option can be used to push new root certificates from a internal CA to
+# hosts.
+pki_system_ca_certificates_download_all_hosts_force: False
+
 # ]]]
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -448,7 +448,7 @@
     dest: '/usr/local/share/ca-certificates/pki/'
     owner: 'root'
     group: 'root'
-    force: False
+    force: '{{ pki_system_ca_certificates_download_all_hosts_force|bool }}'
   notify: [ 'Regenerate ca-certificates.crt' ]
   when: pki_system_ca_certificates_download_all_hosts|d(pki_enabled) | bool
 # ]]]
-Original file line number
+Diff line change
@@ @@ -29,6 +29,8 @@ Added @@
     - Allow to disable CA certificates download for the different levels. [ypid_]
+    - Added :envvar:`pki_system_ca_certificates_download_all_hosts_force`. [ypid_]
     Changed
     ~~~~~~~