fixed build error

roles/extra_rpms/tasks/main.yml

 ---
-
-- name: "update cache"
-  shell: yum update -y
-  sudo: true
-  when: ansible_os_family == 'RedHat'
-
 - name: "Install extra packages"
   yum: "name={{ item }} state=latest"
   with_items:

roles/karaage3.1.17/tasks/main.yml

 ---
  - name: "Copying the apache key file"
-   template: src="files/{{ apache_key_file }}" dest="{{ x509_key_file }}" mode=0644
+   template: src="files/{{ apache_key_file }}" dest="/etc/ssl/private/{{ apache_key_file }}" mode=0600 owner=www-data group=www-data
    sudo: true
    when: apache_key_file is defined
  
  - name: "Copying the apache cert file"
-   template: src="files/{{ apache_cert_file }}" dest="{{ x509_cert_file }}" mode=0644
+   template: src="files/{{ apache_cert_file }}" dest="/etc/ssl/certs/{{ apache_cert_file }}" mode=0644 owner=www-data group=www-data
    sudo: true
    when: apache_cert_file is defined
+ 
+ - name: "Copying the apache cert chain file"
+   template: src="files/{{ apache_chain_file }}" dest="/etc/ssl/certs/{{ apache_chain_file }}" mode=0644 owner=www-data group=www-data
+   sudo: true
+   when: apache_chain_file is defined
 
  - include: prerequisitesDebian.yml
    when: ansible_os_family == "Debian"

roles/karaage3.1.17/templates/default-ssl.j2

@@ -42,15 +42,16 @@
 	#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
 	#   If both key and certificate are stored in the same file, only the
 	#   SSLCertificateFile directive is needed.
-	SSLCertificateFile    {{ x509_cert_file }}
-	SSLCertificateKeyFile {{ x509_key_file }} 
+	SSLCertificateFile    /etc/ssl/certs/{{ apache_cert_file }}
+	SSLCertificateKeyFile /etc/ssl/private/{{ apache_key_file }} 
+
 	#   Server Certificate Chain:
 	#   Point SSLCertificateChainFile at a file containing the
 	#   concatenation of PEM encoded CA certificates which form the
 	#   certificate chain for the server certificate. Alternatively
 	#   when the CA certificates are directly appended to the server
 	#   certificate for convinience.
-	#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+	SSLCertificateChainFile /etc/ssl/certs/{{ apache_chain_file }} 
 
 	#   Certificate Authority (CA):
 	#   Set the CA certificate verification path where to find CA
@@ -59,13 +60,6 @@
 	#   Note: Inside SSLCACertificatePath you need hash symlinks
 	#         to point to the certificate files. Use the provided
 	#         Makefile to update the hash symlinks after changes.
-    {% if ldapCaCertFile is defined and ldapCaCertDir is defined %}
-    SSLCACertificatePath {{ ldapCaCertDir }} 
-    SSLCACertificateFile {{ ldapCaCertDir }}/{{ ldapCaCertFile }}
-    {% else %}
-    SSLCACertificatePath /etc/ssl/certs/
-    SSLCACertificateFile {{ x509_cacert_file }}
-    {% endif %}
 
 	#   Certificate Revocation Lists (CRL):
 	#   Set the CA revocation path where to find CA CRLs for client

roles/karaage3.1.17/vars/readme.txt

 
 apache_cert_file: "{{ inventory_hostname }}.{{ domain }}.crt"
 apache_key_file: "{{ inventory_hostname }}.{{ domain }}.key"
+apache_chain_file: "merc_hpc_apache_chain.pem"
 

roles/package_update/tasks/main.yml

+---
+
+- name: "update cache centos"
+  shell: yum update -y
+  sudo: true
+  when: ansible_os_family == 'RedHat'
+
+- name: "update cache debian"
+  shell: apt-get update -y
+  sudo: true
+  when: ansible_os_family == 'Debian'
+
+

roles/shibboleth-sp/tasks/shibbolethConfig.yml

@@ -101,7 +101,7 @@
   file: path=/etc/shibboleth/private, state=directory, mode=700, owner=_shibd
   sudo: true
 
-- name: copy shib key:
+- name: copy shib key
   sudo: true
   copy: src=files/{{ shib_key }} dest=/etc/shibboleth/private/{{ shib_key }} owner=_shibd, mode=600
 
@@ -109,7 +109,7 @@
   file: path=/etc/shibboleth/certs, state=directory, mode=755, owner=_shibd
   sudo: true
 
-- name: copy shib cert:
+- name: copy shib cert
   sudo: true
   copy: src=files/{{ shib_cert }} dest=/etc/shibboleth/certs/{{ shib_cert }} owner=_shibd, mode=644