add states to remove ca and ssl keys and certs and call them during reinstall.

2026-06-14 14:18:40 +02:00 · 2022-01-26 09:33:19 -05:00
parent 8ce0f5b7be
commit 8aa002b82e
4 changed files with 165 additions and 1 deletions
@@ -0,0 +1,22 @@
+{% if grains.role in ['so-helix', 'so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import' ] %}
+
+pki_private_key:
+  file.absent:
+    - name: /etc/pki/ca.key
+
+pki_public_ca_crt:
+  file.absent:
+    - name: /etc/pki/ca.crt
+
+{% else %}
+
+not_a_ca:
+  test.succeed_without_changes:
+    - name: no_ca
+    - comment: "Not a CA, so no CA to remove."
+
+{% endif %}
+
+remove_ca-certificates.crt:
+  file.absent:
+    - name: /etc/ssl/certs/ca-certificates.crt