More intelligent, easier SSL setup about puppet-rundeck HOT 9 CLOSED

Thanks for pointing this out. Given that it's now possible to properly configure and merge all of the framework properties I don't think that the ssl_enabled flag actually makes much sense any more and I should remove it.

from puppet-rundeck.

ssl_enabled is still used in templates/profile.erb. From a user point of view, it would be simpler to say in one variable that I want ssl, instead of providing values for framework properties and grails url that only differ in protocol and port.

from puppet-rundeck.

@ak0ska just wanted to follow up on this as I am working on this module again. Do you actually have a working SSL setup configured now? We are trying to get ssl working with our instances and we are having problems getting it working. I was hoping we could work together to improve the module for this use-case.

from puppet-rundeck.

Yes, I have, using the module. If you like, I could share the relevant configuration bits.
When you say you have problems seting up ssl, you mean using puppet and this module, or just in general?

from puppet-rundeck.

Just in general. Once we have it up and running internally I hope to improve the module to deal with any of the issues.

The problem we are facing at the moment is with configuring the keystore/truststore with our go-daddy cert. We believe this is due to the version of java we are running but java 8 which apparently fixes the issue is not supported by rundeck yet.

Which versions of rundeck/java are you running?

Drop me an email: liamjbennett gmail if it's easier than here.

from puppet-rundeck.

Using the java_ks module we have it working with this configuration:

    java_ks { 'rundeck:/etc/rundeck/ssl/keystore':
      ensure => present,
      private_key => $certificate_keyfile,
      certificate => $certificate_certfile,
      password => 'adminadmin',
      ks_keypassword => 'adminadmin',
      trustcacerts => true,
      require => [
        File[$certificate_certfile],
        File[$certificate_keyfile]
      ]
    } ->

    java_ks { 'rundeck:/etc/rundeck/ssl/truststore':
      ensure => present,
      private_key => $certificate_keyfile,
      certificate => $certificate_certfile,
      password => 'adminadmin',
      ks_keypassword => 'adminadmin',
      trustcacerts => true,
      require => [
        File[$certificate_certfile],
        File[$certificate_keyfile]
      ]
    }

This should be added somewhere in the module to make it easy for people to configure.

from puppet-rundeck.

Besides setting up the keystores, I think some parameters of the module could be somehow 'streamlined'. For enabling HTTPS on Rundeck, I have to set the following parameters (unless I overlooked something):

rundeck::ssl_enabled: true
rundeck::grails_server_url: https://%{::fqdn}:4443
rundeck::framework_config:
  framework.server.url:  https://%{::fqdn}:4443
  framework.server.port: 4443
  framework.rundeck.url: https://%{::fqdn}:4443

Anything below ssl_enabled is superfluous in my opinion, and should be set by the module when the user tells it to enable SSL.

from puppet-rundeck.

I may take a look at this soon.

from puppet-rundeck.

I think this is now handled in at least a semi-intelligent way.
I made some additional fixes in #356, though there are probably some use cases this still doesn't handle perfectly. For example, it would be nice to allow overriding framework.server.url in the case where one wants it to be different from the setting of ssl_port. Still, going to close this one out.

from puppet-rundeck.