diff options
Diffstat (limited to 'baserock_gerrit/instance-ca-certificate-config.yml')
-rw-r--r-- | baserock_gerrit/instance-ca-certificate-config.yml | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/baserock_gerrit/instance-ca-certificate-config.yml b/baserock_gerrit/instance-ca-certificate-config.yml deleted file mode 100644 index 60ab9e8f..00000000 --- a/baserock_gerrit/instance-ca-certificate-config.yml +++ /dev/null @@ -1,30 +0,0 @@ -# The CA chain needed for the baserock.org certificate we use is present in -# the system, but it's not present in the set of trusted root certificates -# bundled with Java. -# -# We need Gerrit to trust the baserock.org certificate so that it will trust -# https://openid.baserock.org/. -# -# This playbook is a hack at present: the second time you run it, the command -# will fail because the certificate is already present. There is a proposed -# Ansible module that can do this in a nicer way: -# <https://github.com/ansible/ansible-modules-extras/pull/286/commits>. ---- -- hosts: gerrit - gather_facts: False - vars: - JRE_DIR: /opt/jdk1.8.0_40 - tasks: - - name: baserock.org SSL certificate with chain of trust - copy: - src: ../certs/frontend.pem - dest: /home/gerrit - - - name: install SSL certificate into Java certificate keystore - java_cert: - cert_alias: baserock-frontent-cert - cert_path: /home/gerrit/frontend.pem - keystore_path: "{{ JRE_DIR }}/jre/lib/security/cacerts" - executable: "{{ JRE_DIR }}/jre/bin/keytool" - keystore_pass: changeit - state: present |