Comments (9)
Thanks for pointing this out. Given that it's now possible to properly configure and merge all of the framework properties I don't think that the ssl_enabled flag actually makes much sense any more and I should remove it.
from puppet-rundeck.
ssl_enabled
is still used in templates/profile.erb
. From a user point of view, it would be simpler to say in one variable that I want ssl, instead of providing values for framework properties and grails url that only differ in protocol and port.
from puppet-rundeck.
@ak0ska just wanted to follow up on this as I am working on this module again. Do you actually have a working SSL setup configured now? We are trying to get ssl working with our instances and we are having problems getting it working. I was hoping we could work together to improve the module for this use-case.
from puppet-rundeck.
Yes, I have, using the module. If you like, I could share the relevant configuration bits.
When you say you have problems seting up ssl, you mean using puppet and this module, or just in general?
from puppet-rundeck.
Just in general. Once we have it up and running internally I hope to improve the module to deal with any of the issues.
The problem we are facing at the moment is with configuring the keystore/truststore with our go-daddy cert. We believe this is due to the version of java we are running but java 8 which apparently fixes the issue is not supported by rundeck yet.
Which versions of rundeck/java are you running?
Drop me an email: liamjbennett gmail if it's easier than here.
from puppet-rundeck.
Using the java_ks module we have it working with this configuration:
java_ks { 'rundeck:/etc/rundeck/ssl/keystore':
ensure => present,
private_key => $certificate_keyfile,
certificate => $certificate_certfile,
password => 'adminadmin',
ks_keypassword => 'adminadmin',
trustcacerts => true,
require => [
File[$certificate_certfile],
File[$certificate_keyfile]
]
} ->
java_ks { 'rundeck:/etc/rundeck/ssl/truststore':
ensure => present,
private_key => $certificate_keyfile,
certificate => $certificate_certfile,
password => 'adminadmin',
ks_keypassword => 'adminadmin',
trustcacerts => true,
require => [
File[$certificate_certfile],
File[$certificate_keyfile]
]
}
This should be added somewhere in the module to make it easy for people to configure.
from puppet-rundeck.
Besides setting up the keystores, I think some parameters of the module could be somehow 'streamlined'. For enabling HTTPS on Rundeck, I have to set the following parameters (unless I overlooked something):
rundeck::ssl_enabled: true
rundeck::grails_server_url: https://%{::fqdn}:4443
rundeck::framework_config:
framework.server.url: https://%{::fqdn}:4443
framework.server.port: 4443
framework.rundeck.url: https://%{::fqdn}:4443
Anything below ssl_enabled
is superfluous in my opinion, and should be set by the module when the user tells it to enable SSL.
from puppet-rundeck.
I may take a look at this soon.
from puppet-rundeck.
I think this is now handled in at least a semi-intelligent way.
I made some additional fixes in #356, though there are probably some use cases this still doesn't handle perfectly. For example, it would be nice to allow overriding framework.server.url
in the case where one wants it to be different from the setting of ssl_port
. Still, going to close this one out.
from puppet-rundeck.
Related Issues (20)
- What about a new module release? HOT 3
- secrets / keys are not stored in the database when using rundeck::key_storage_type: db
- How to: rundeck.storage.provider.'1'.type = 'vault-storage'
- Incorrect configuration key for threadcount HOT 2
- rundeck project type/provider
- on VMWare, UUID is created in framework.properties that is overwritten by rundeck
- Support for Rundeck 3.3.x HOT 3
- Release v7.0.0 without CentOS 6 support!
- a colon is added to realm.properties file even when auth_users hash is empty
- Support for Rundeck >3.3.10
- Module doesn't support apt-key through proxy HOT 1
- Rundeck 3.4 no longer supports the rundeck.projectsStorageType configuration property
- Deprecate Bintray and use the newer repositories
- Re-release required HOT 1
- Add sensitive option for database_config HOT 5
- RSpec error if used with inifile >= 4.2.0
- Missing rundeck.security.syncLdapUser config setting HOT 1
- ACLs render incorrectly when using attributes filters
- Please update dependent modules to allow for their latest versions
- manage SCM configuration of projects HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-rundeck.