From 82ccfbf9707f13055ec45e9f7da2c950aab60961 Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Fri, 1 Jul 2022 17:48:41 +0200
Subject: [PATCH] update-ca-trust is also necessary

---
 roles/rke2/tasks/setup_host.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/roles/rke2/tasks/setup_host.yml b/roles/rke2/tasks/setup_host.yml
index 65ff584..307c2b3 100644
--- a/roles/rke2/tasks/setup_host.yml
+++ b/roles/rke2/tasks/setup_host.yml
@@ -72,7 +72,15 @@
 #     policy: targeted
 #     state: permissive
 #   when: ( 'control-plane' in group_names )
-
+#Download the mozilla root CA into the right directory, and update the trust chain
+- name: Download root CA
+  get_url:
+    url: https://curl.se/ca/cacert.pem
+    dest: /etc/ssl/certs
+
+- name: Update CA trust
+  shell: update-ca-trust
+  
 - name: Disable SELinux
   selinux:
     policy: targeted
-- 
GitLab