A play to do what fabric currently does for the certs servers.

playbooks/edx-east/legacy_certificates.yml

+# ansible-playbook -i ec2.py --limit="tag_cluster_certificates:&tag_environment_loadtest" legacy_certificates.yml
+- name: Deploy legacy_certs
+  hosts: all
+  sudo: True
+  gather_facts: True
+  vars:
+    serial_count: 1
+    repo_url: "git@github.com/edx/certificates.git"
+    repo_path: "/opt/wwc/certificates"
+    certificates_version: "master"
+    git_ssh_script: "/tmp/git.sh"
+  serial: "{{ serial_count }}"
+  tasks:
+    - name: stop certs service
+      service: name="certificates" state="stopped"
+    - name: checkout code
+      git: >
+        repo="{{ repo_url }}"
+        dest="{{ repo_path }}"
+        version="{{ certificates_version }}"
+        accept_hostkey=yes
+      environment:
+        GIT_SSH: "{{ git_ssh_script }}"
+    # Need to do this because the www-data user is not properly setup
+    # and can't run ssh.
+    - name: change owner to www-data
+      file: >
+        path="{{ repo_path }}"
+        owner="www-data"
+        group="www-data"
+        recurse=yes
+        state="directory"
+    - name: stop certs service
+      service: name="certificates" state="started"