1 files changed, 0 insertions, 30 deletions

diff --git a/baserock_gerrit/instance-ca-certificate-config.yml b/baserock_gerrit/instance-ca-certificate-config.yml
deleted file mode 100644
index 60ab9e8f..00000000
--- a/baserock_gerrit/instance-ca-certificate-config.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-# The CA chain needed for the baserock.org certificate we use is present in
-# the system, but it's not present in the set of trusted root certificates
-# bundled with Java.
-#
-# We need Gerrit to trust the baserock.org certificate so that it will trust
-# https://openid.baserock.org/.
-#
-# This playbook is a hack at present: the second time you run it, the command
-# will fail because the certificate is already present. There is a proposed
-# Ansible module that can do this in a nicer way:
-# <https://github.com/ansible/ansible-modules-extras/pull/286/commits>.
----
-- hosts: gerrit
-  gather_facts: False
-  vars:
-    JRE_DIR: /opt/jdk1.8.0_40
-  tasks:
-    - name: baserock.org SSL certificate with chain of trust
-      copy:
-          src: ../certs/frontend.pem
-          dest: /home/gerrit
-
-    - name: install SSL certificate into Java certificate keystore
-      java_cert:
-          cert_alias: baserock-frontent-cert
-          cert_path: /home/gerrit/frontend.pem
-          keystore_path: "{{ JRE_DIR }}/jre/lib/security/cacerts"
-          executable: "{{ JRE_DIR }}/jre/bin/keytool"
-          keystore_pass: changeit
-          state: present