diff options
author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2017-05-02 14:28:50 +0100 |
---|---|---|
committer | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2017-05-02 14:28:50 +0100 |
commit | 65ba468bf9277393a861ef61f5f6ba77523edfd5 (patch) | |
tree | 10cab29fd7735e89e9fef993d82d13415710fad6 | |
parent | bebf9edadbb0a29af8471d39e0e7d57c9c695ceb (diff) | |
download | infrastructure-65ba468bf9277393a861ef61f5f6ba77523edfd5.tar.gz |
Update certificates in Gerrit instance
-rw-r--r-- | README.mdwn | 2 | ||||
-rw-r--r-- | baserock_gerrit/instance-ca-certificate-config.yml | 17 |
2 files changed, 11 insertions, 8 deletions
diff --git a/README.mdwn b/README.mdwn index c5834255..7285511d 100644 --- a/README.mdwn +++ b/README.mdwn @@ -893,6 +893,8 @@ For the frontend, run: ansible-playbook -i hosts baserock_frontend/instance-config.yml ansible -i hosts -m service -a 'name=haproxy enabled=true state=restarted' --sudo frontend-haproxy + ansible-playbook -i hosts baserock_gerrit/instance-ca-certificate-config.yml + ansible -i hosts -m service -a 'name=gerrit enabled=true state=restarted' --sudo gerrit Which will install the certificates and then restart the services needed. diff --git a/baserock_gerrit/instance-ca-certificate-config.yml b/baserock_gerrit/instance-ca-certificate-config.yml index 0424b176..afc08fa3 100644 --- a/baserock_gerrit/instance-ca-certificate-config.yml +++ b/baserock_gerrit/instance-ca-certificate-config.yml @@ -16,13 +16,14 @@ JRE_DIR: /opt/jdk1.8.0_40 tasks: - name: baserock.org SSL certificate with chain of trust - copy: src=../certs/baserock.org-ssl-certificate-temporary-dsilverstone.full.cert dest=/home/gerrit + copy: + src: ../certs/frontend.pem + dest: /home/gerrit - name: install SSL certificate into Java certificate keystore - shell: > - {{ JRE_DIR }}/jre/bin/keytool \ - -file /home/gerrit/baserock.org-ssl-certificate-temporary-dsilverstone.full.cert \ - -importcert \ - -keystore {{ JRE_DIR }}/jre/lib/security/cacerts \ - -storepass changeit \ - -noprompt + java_cert: + cert_path: /home/gerrit/frontend.pem + keystore_path: "{{ JRE_DIR }}/jre/lib/security/cacerts" + executable: "{{ JRE_DIR }}/jre/bin/keytool" + keystore_pass: changeit + state: present |