blob: 60ab9e8fcc732a6507303fa94b160c4367678029 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
# The CA chain needed for the baserock.org certificate we use is present in
# the system, but it's not present in the set of trusted root certificates
# bundled with Java.
#
# We need Gerrit to trust the baserock.org certificate so that it will trust
# https://openid.baserock.org/.
#
# This playbook is a hack at present: the second time you run it, the command
# will fail because the certificate is already present. There is a proposed
# Ansible module that can do this in a nicer way:
# <https://github.com/ansible/ansible-modules-extras/pull/286/commits>.
---
- hosts: gerrit
gather_facts: False
vars:
JRE_DIR: /opt/jdk1.8.0_40
tasks:
- name: baserock.org SSL certificate with chain of trust
copy:
src: ../certs/frontend.pem
dest: /home/gerrit
- name: install SSL certificate into Java certificate keystore
java_cert:
cert_alias: baserock-frontent-cert
cert_path: /home/gerrit/frontend.pem
keystore_path: "{{ JRE_DIR }}/jre/lib/security/cacerts"
executable: "{{ JRE_DIR }}/jre/bin/keytool"
keystore_pass: changeit
state: present
|
