Merge pull request 'Remove certificates from IPA tracking on repo rebuild' (#39) from dev into master

Reviewed-on: https://remvpn.olssonul.com/IaC/rproxy/pulls/39
2025-08-16 15:30:31 +03:00
parent 81af5f3922 11cf16ff53
commit c5dead142f
1 changed files with 10 additions and 1 deletions
--- a/roles/rproxy/tasks/repo.yml
+++ b/roles/rproxy/tasks/repo.yml
@@ -36,7 +36,16 @@
        -N CN={{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
        -F {{ rproxy_dir }}/certs/RootCA.crt

-    # sudo ipa-getcert stop-tracking -i 20250813210258 if track already exists
+    - name: Get all tracking certificates
+      ansible.builtin.shell:
+        cmd: ipa-getcert list | grep "ID" | awk '{print $NF}' | tr -d "'\|:"
+      register: tracking_list
+
+    - name: Remove certificates from IPA tracking
+      ansible.builtin.shell:
+        cmd: "ipa-getcert stop-tracking -i {{ item }}"
+      loop: "{{ tracking_list.stdout_lines }}"
+      ignore_errors: true

    - name: Wait for certificate to appear
      ansible.builtin.wait_for: