diff options
-rw-r--r-- | README.mdwn | 2 | ||||
-rw-r--r-- | baserock_gerrit/instance-ca-certificate-config.yml | 17 |
2 files changed, 11 insertions, 8 deletions
diff --git a/README.mdwn b/README.mdwn index c5834255..7285511d 100644 --- a/README.mdwn +++ b/README.mdwn @@ -893,6 +893,8 @@ For the frontend, run: ansible-playbook -i hosts baserock_frontend/instance-config.yml ansible -i hosts -m service -a 'name=haproxy enabled=true state=restarted' --sudo frontend-haproxy + ansible-playbook -i hosts baserock_gerrit/instance-ca-certificate-config.yml + ansible -i hosts -m service -a 'name=gerrit enabled=true state=restarted' --sudo gerrit Which will install the certificates and then restart the services needed. diff --git a/baserock_gerrit/instance-ca-certificate-config.yml b/baserock_gerrit/instance-ca-certificate-config.yml index 0424b176..afc08fa3 100644 --- a/baserock_gerrit/instance-ca-certificate-config.yml +++ b/baserock_gerrit/instance-ca-certificate-config.yml @@ -16,13 +16,14 @@ JRE_DIR: /opt/jdk1.8.0_40 tasks: - name: baserock.org SSL certificate with chain of trust - copy: src=../certs/baserock.org-ssl-certificate-temporary-dsilverstone.full.cert dest=/home/gerrit + copy: + src: ../certs/frontend.pem + dest: /home/gerrit - name: install SSL certificate into Java certificate keystore - shell: > - {{ JRE_DIR }}/jre/bin/keytool \ - -file /home/gerrit/baserock.org-ssl-certificate-temporary-dsilverstone.full.cert \ - -importcert \ - -keystore {{ JRE_DIR }}/jre/lib/security/cacerts \ - -storepass changeit \ - -noprompt + java_cert: + cert_path: /home/gerrit/frontend.pem + keystore_path: "{{ JRE_DIR }}/jre/lib/security/cacerts" + executable: "{{ JRE_DIR }}/jre/bin/keytool" + keystore_pass: changeit + state: present |