ansible-repo/playbooks/pmc314-ca.yml

---
- name: Install root CA certificate on Debian nodes
  hosts: all
  become: true
  tasks:
    - name: Copy root CA certificate to trust store
      ansible.builtin.get_url:
        url: http://example.lan
        dest: /usr/local/share/ca-certificates/pmc314_root-ca.crt
        owner: root
        group: root
        mode: '0644'
        # Игнорируем ошибку недоверенного SSL при первом подключении
        validate_certs: false
      register: ca_cert_downloaded

    - name: Update CA certificates certificates store
      ansible.builtin.command: update-ca-certificates
      when: ca_cert_downloaded.changed