From f1caad541e800a3be9a00c79f56b659715166be1 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Fri, 24 May 2019 12:48:39 +0300
Subject: [PATCH] store local ca certificate hash in variable

---
 roles/pki/tasks/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/pki/tasks/main.yml b/roles/pki/tasks/main.yml
index 6606ba5..1969340 100644
--- a/roles/pki/tasks/main.yml
+++ b/roles/pki/tasks/main.yml
@@ -13,6 +13,14 @@
     owner: root
     group: "{{ ansible_wheel }}"
 
+- name: get ca certificate hash
+  command: "openssl x509 -in /srv/ca/certs/ca.crt -noout -hash"
+  delegate_to: localhost
+  register: result
+- name: store ca certificate hash
+  set_fact:
+    pki_cacert_hash: "{{ result.stdout }}"
+
 - name: copy host certificate
   copy:
     src: "/srv/ca/certs/{{ inventory_hostname }}.crt"