From 6d7a7c1b6e82c92e37eb0b23b892418b82af026f Mon Sep 17 00:00:00 2001 From: Tal Gitelman Date: Thu, 31 Aug 2017 15:51:10 +0300 Subject: Jetty default ssl certificate fix Recipes alignment for ssl.ini new keystore Change-Id: Ibe5a04712b5fb7c3c7e0adfa0bcb23d260b77479 Issue-ID:SDC-264 Signed-off-by: Tal Gitelman --- .../recipes/BE_10_import_Normatives.rb | 16 ++++ .../recipes/BE_2_setup_configuration.rb | 15 ---- .../recipes/BE_3_create_DMaaP_keys.rb | 34 -------- .../sdc-catalog-be/recipes/BE_3_locate_keystore.rb | 16 ++++ .../recipes/BE_4_create_DMaaP_keys.rb | 34 ++++++++ .../sdc-catalog-be/recipes/BE_4_jetty_Modules.rb | 15 ---- .../sdc-catalog-be/recipes/BE_5_jetty_Modules.rb | 22 ++++++ .../recipes/BE_5_setup_elasticsearch.rb | 15 ---- .../recipes/BE_6_setup_elasticsearch.rb | 15 ++++ .../recipes/BE_6_setup_portal_properties.rb | 17 ---- .../sdc-catalog-be/recipes/BE_7_logback.rb | 7 -- .../recipes/BE_7_setup_portal_properties.rb | 17 ++++ .../sdc-catalog-be/recipes/BE_8_errors_config.rb | 14 ---- .../sdc-catalog-be/recipes/BE_8_logback.rb | 7 ++ .../sdc-catalog-be/recipes/BE_9_errors_config.rb | 14 ++++ .../recipes/BE_9_import_Normatives.rb | 16 ---- .../sdc-catalog-be/templates/default/ssl-ini.erb | 90 ++++++++++++++++++++++ .../sdc-backend/chef-solo/roles/catalog-be.json | 11 +-- 18 files changed, 237 insertions(+), 138 deletions(-) create mode 100644 sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_import_Normatives.rb delete mode 100644 sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_create_DMaaP_keys.rb create mode 100644 sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb create mode 100644 sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_create_DMaaP_keys.rb delete mode 100644 sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb create mode 100644 sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_5_jetty_Modules.rb delete mode 100644 sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_5_setup_elasticsearch.rb create mode 100644 sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_6_setup_elasticsearch.rb delete mode 100644 sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_6_setup_portal_properties.rb delete mode 100644 sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_7_logback.rb create mode 100644 sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_7_setup_portal_properties.rb delete mode 100644 sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_8_errors_config.rb create mode 100644 sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_8_logback.rb create mode 100644 sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_9_errors_config.rb delete mode 100644 sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_9_import_Normatives.rb create mode 100644 sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb (limited to 'sdc-os-chef/sdc-backend') diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_import_Normatives.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_import_Normatives.rb new file mode 100644 index 0000000000..6e9b24133d --- /dev/null +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_import_Normatives.rb @@ -0,0 +1,16 @@ +cookbook_file "/tmp/normatives.tar.gz" do + source "normatives.tar.gz" +end + +working_directory = "/tmp" + +bash "import-normatives" do + cwd "#{working_directory}" + code <<-EOH + tar xvfz /tmp/normatives.tar.gz + cd scripts/import/tosca/ + /bin/chmod +x importNormativeAll.py + python importNormativeAll.py + EOH +end + diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb index ac1614a253..067642fed9 100644 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb @@ -51,18 +51,3 @@ cookbook_file "ArtifactGenerator" do group "jetty" mode "0755" end - -directory "Jetty_etcdir_creation" do - path "/#{jetty_base}/etc" - owner 'jetty' - group 'jetty' - mode '0755' - action :create -end - -cookbook_file "/#{jetty_base}/etc/keystore" do - source "keystore" - owner "jetty" - group "jetty" - mode 0755 -end diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_create_DMaaP_keys.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_create_DMaaP_keys.rb deleted file mode 100644 index 583dfff7b2..0000000000 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_create_DMaaP_keys.rb +++ /dev/null @@ -1,34 +0,0 @@ -http_request 'create-DMaaP-apiKeys' do - action :post - url 'http://23.253.97.75:3904/apiKeys/create' - message ({:some => 'data'}.to_json) - headers({ - 'Content-Type' => 'application/json' - }) -end - - -selfEnviroment = node.chef_environment - -ruby_block "create-DMaaP-apiKeys" do - block do - sleep(15) - #tricky way to load this Chef::Mixin::ShellOut utilities - Chef::Resource::RubyBlock.send(:include, Chef::Mixin::ShellOut) - curl_command = "https://es_admin:Aa123456@#{application_host}:9200/_cluster/health?pretty=true --insecure" - resp = Net::HTTP.get_response URI.parse(curl_command) - stat = JSON.parse(resp.read_body)['status'] - - case stat - when "green" - printf("\033[32m%s\n\033[0m", " ElasticSearch tests completed successfully.") - when "yellow" - printf("\033[33m%s\n\033[0m", " ElasticSearch tests completed successfully, with warnings") - when "red" - printf("\033[31m%s\n\033[0m", " ElasticSearch tests failed!!!") - end - end -end - -curl POST -d '{"email":"Grinberg.Moti","description":"New Api Key for ASDC OS"}' http://23.253.97.75:3904/apiKeys/create - diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb new file mode 100644 index 0000000000..148eaaf4d3 --- /dev/null +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb @@ -0,0 +1,16 @@ +jetty_base="/var/lib/jetty" + +directory "Jetty_etcdir_creation" do + path "/#{jetty_base}/etc" + owner 'jetty' + group 'jetty' + mode '0755' + action :create +end + +cookbook_file "/#{jetty_base}/etc/keystore" do + source "keystore" + owner "jetty" + group "jetty" + mode 0755 +end diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_create_DMaaP_keys.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_create_DMaaP_keys.rb new file mode 100644 index 0000000000..583dfff7b2 --- /dev/null +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_create_DMaaP_keys.rb @@ -0,0 +1,34 @@ +http_request 'create-DMaaP-apiKeys' do + action :post + url 'http://23.253.97.75:3904/apiKeys/create' + message ({:some => 'data'}.to_json) + headers({ + 'Content-Type' => 'application/json' + }) +end + + +selfEnviroment = node.chef_environment + +ruby_block "create-DMaaP-apiKeys" do + block do + sleep(15) + #tricky way to load this Chef::Mixin::ShellOut utilities + Chef::Resource::RubyBlock.send(:include, Chef::Mixin::ShellOut) + curl_command = "https://es_admin:Aa123456@#{application_host}:9200/_cluster/health?pretty=true --insecure" + resp = Net::HTTP.get_response URI.parse(curl_command) + stat = JSON.parse(resp.read_body)['status'] + + case stat + when "green" + printf("\033[32m%s\n\033[0m", " ElasticSearch tests completed successfully.") + when "yellow" + printf("\033[33m%s\n\033[0m", " ElasticSearch tests completed successfully, with warnings") + when "red" + printf("\033[31m%s\n\033[0m", " ElasticSearch tests failed!!!") + end + end +end + +curl POST -d '{"email":"Grinberg.Moti","description":"New Api Key for ASDC OS"}' http://23.253.97.75:3904/apiKeys/create + diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb deleted file mode 100644 index 3ec16e8924..0000000000 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb +++ /dev/null @@ -1,15 +0,0 @@ -jetty_base="/var/lib/jetty" -jetty_home="/usr/local/jetty" - -###### create Jetty modules -bash "create-jetty-modules" do -cwd "#{jetty_base}" -code <<-EOH - cd "#{jetty_base}" - java -jar "/#{jetty_home}"/start.jar --add-to-start=deploy - java -jar "/#{jetty_home}"/start.jar --add-to-startd=http,https,logging,setuid -EOH -not_if "ls /#{jetty_base}/start.d/https.ini" -end - - diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_5_jetty_Modules.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_5_jetty_Modules.rb new file mode 100644 index 0000000000..046e3c6919 --- /dev/null +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_5_jetty_Modules.rb @@ -0,0 +1,22 @@ +jetty_base="/var/lib/jetty" +jetty_home="/usr/local/jetty" + +###### create Jetty modules +bash "create-jetty-modules" do +cwd "#{jetty_base}" +code <<-EOH + cd "#{jetty_base}" + java -jar "/#{jetty_home}"/start.jar --add-to-start=deploy + java -jar "/#{jetty_home}"/start.jar --add-to-startd=http,https,logging,setuid +EOH +not_if "ls /#{jetty_base}/start.d/https.ini" +end + +template "ssl-ini" do + path "/#{jetty_base}/start.d/ssl.ini" + source "ssl-ini.erb" + owner "jetty" + group "jetty" + mode "0755" + variables :https_port => "#{node['BE'][:https_port]}" +end diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_5_setup_elasticsearch.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_5_setup_elasticsearch.rb deleted file mode 100644 index 39fc5af883..0000000000 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_5_setup_elasticsearch.rb +++ /dev/null @@ -1,15 +0,0 @@ -clusterName = node['elasticsearch'][:cluster_name]+node.chef_environment -node_name = node[:hostname] - -template "elasticsearch.yml-config" do - path "/var/lib/jetty/config/elasticsearch.yml" - source "BE-elasticsearch.yml.erb" - owner "jetty" - group "jetty" - mode "0755" - variables({ - :cluster_name => "#{clusterName}", - :es_host_ip => node['Nodes']['ES'] - }) -end - diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_6_setup_elasticsearch.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_6_setup_elasticsearch.rb new file mode 100644 index 0000000000..39fc5af883 --- /dev/null +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_6_setup_elasticsearch.rb @@ -0,0 +1,15 @@ +clusterName = node['elasticsearch'][:cluster_name]+node.chef_environment +node_name = node[:hostname] + +template "elasticsearch.yml-config" do + path "/var/lib/jetty/config/elasticsearch.yml" + source "BE-elasticsearch.yml.erb" + owner "jetty" + group "jetty" + mode "0755" + variables({ + :cluster_name => "#{clusterName}", + :es_host_ip => node['Nodes']['ES'] + }) +end + diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_6_setup_portal_properties.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_6_setup_portal_properties.rb deleted file mode 100644 index 8c57de6caf..0000000000 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_6_setup_portal_properties.rb +++ /dev/null @@ -1,17 +0,0 @@ -template "template portal.properties" do - path "/var/lib/jetty/resources/portal.properties" - source "BE-portal.properties.erb" - owner "jetty" - group "jetty" - mode "0755" - variables ({ - :ecomp_rest_url => node['ECompP']['ecomp_rest_url'], - :ecomp_redirect_url => node['ECompP']['ecomp_redirect_url'], - :ueb_url_list => node['ECompP']['ueb_url_list'], - :inbox_name => node['ECompP']['inbox_name'], - :app_key => node['ECompP']['app_key'], - :app_secret => node['ECompP']['app_secret'], - :app_topic_name => node['ECompP']['app_topic_name'], - :decrypt_key => node['ECompP']['decryption_key'] - }) -end diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_7_logback.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_7_logback.rb deleted file mode 100644 index 2dfc4f1089..0000000000 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_7_logback.rb +++ /dev/null @@ -1,7 +0,0 @@ -cookbook_file "/var/lib/jetty/config/catalog-be/logback.xml" do - source "logback.xml" - mode 0755 - owner "jetty" - group "jetty" -end - diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_7_setup_portal_properties.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_7_setup_portal_properties.rb new file mode 100644 index 0000000000..8c57de6caf --- /dev/null +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_7_setup_portal_properties.rb @@ -0,0 +1,17 @@ +template "template portal.properties" do + path "/var/lib/jetty/resources/portal.properties" + source "BE-portal.properties.erb" + owner "jetty" + group "jetty" + mode "0755" + variables ({ + :ecomp_rest_url => node['ECompP']['ecomp_rest_url'], + :ecomp_redirect_url => node['ECompP']['ecomp_redirect_url'], + :ueb_url_list => node['ECompP']['ueb_url_list'], + :inbox_name => node['ECompP']['inbox_name'], + :app_key => node['ECompP']['app_key'], + :app_secret => node['ECompP']['app_secret'], + :app_topic_name => node['ECompP']['app_topic_name'], + :decrypt_key => node['ECompP']['decryption_key'] + }) +end diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_8_errors_config.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_8_errors_config.rb deleted file mode 100644 index 684d730709..0000000000 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_8_errors_config.rb +++ /dev/null @@ -1,14 +0,0 @@ -cookbook_file "/var/lib/jetty/config/catalog-be/ecomp-error-configuration.yaml" do - source "ecomp-error-configuration.yaml" - mode 0755 - owner "jetty" - group "jetty" -end - -cookbook_file "/var/lib/jetty/config/catalog-be/error-configuration.yaml" do - source "error-configuration.yaml" - mode 0755 - owner "jetty" - group "jetty" -end - diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_8_logback.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_8_logback.rb new file mode 100644 index 0000000000..2dfc4f1089 --- /dev/null +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_8_logback.rb @@ -0,0 +1,7 @@ +cookbook_file "/var/lib/jetty/config/catalog-be/logback.xml" do + source "logback.xml" + mode 0755 + owner "jetty" + group "jetty" +end + diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_9_errors_config.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_9_errors_config.rb new file mode 100644 index 0000000000..684d730709 --- /dev/null +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_9_errors_config.rb @@ -0,0 +1,14 @@ +cookbook_file "/var/lib/jetty/config/catalog-be/ecomp-error-configuration.yaml" do + source "ecomp-error-configuration.yaml" + mode 0755 + owner "jetty" + group "jetty" +end + +cookbook_file "/var/lib/jetty/config/catalog-be/error-configuration.yaml" do + source "error-configuration.yaml" + mode 0755 + owner "jetty" + group "jetty" +end + diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_9_import_Normatives.rb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_9_import_Normatives.rb deleted file mode 100644 index 6e9b24133d..0000000000 --- a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_9_import_Normatives.rb +++ /dev/null @@ -1,16 +0,0 @@ -cookbook_file "/tmp/normatives.tar.gz" do - source "normatives.tar.gz" -end - -working_directory = "/tmp" - -bash "import-normatives" do - cwd "#{working_directory}" - code <<-EOH - tar xvfz /tmp/normatives.tar.gz - cd scripts/import/tosca/ - /bin/chmod +x importNormativeAll.py - python importNormativeAll.py - EOH -end - diff --git a/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb new file mode 100644 index 0000000000..effbfa7918 --- /dev/null +++ b/sdc-os-chef/sdc-backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb @@ -0,0 +1,90 @@ +# --------------------------------------- +# Module: ssl +--module=ssl + +### TLS(SSL) Connector Configuration + +## Connector host/address to bind to +# jetty.ssl.host=0.0.0.0 + +## Connector port to listen on +jetty.ssl.port=<%= @https_port %> + +## Connector idle timeout in milliseconds +# jetty.ssl.idleTimeout=30000 + +## Connector socket linger time in seconds (-1 to disable) +# jetty.ssl.soLingerTime=-1 + +## Number of acceptors (-1 picks default based on number of cores) +# jetty.ssl.acceptors=-1 + +## Number of selectors (-1 picks default based on number of cores) +# jetty.ssl.selectors=-1 + +## ServerSocketChannel backlog (0 picks platform default) +# jetty.ssl.acceptorQueueSize=0 + +## Thread priority delta to give to acceptor threads +# jetty.ssl.acceptorPriorityDelta=0 + +## Whether request host names are checked to match any SNI names +# jetty.ssl.sniHostCheck=true + +## max age in seconds for a Strict-Transport-Security response header (default -1) +# jetty.ssl.stsMaxAgeSeconds=31536000 + +## include subdomain property in any Strict-Transport-Security header (default false) +# jetty.ssl.stsIncludeSubdomains=true + +### SslContextFactory Configuration +## Note that OBF passwords are not secure, just protected from casual observation +## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html + +## Keystore file path (relative to $jetty.base) +# jetty.sslContext.keyStorePath=etc/keystore + +## Truststore file path (relative to $jetty.base) +# jetty.sslContext.trustStorePath=etc/keystore + +## Keystore password +# jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 +jetty.sslContext.keyStorePassword=OBF:1cp61iuj194s194u194w194y1is31cok + +## Keystore type and provider +# jetty.sslContext.keyStoreType=JKS +# jetty.sslContext.keyStoreProvider= + +## KeyManager password +# jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g +jetty.sslContext.keyManagerPassword=OBF:1cp61iuj194s194u194w194y1is31cok + +## Truststore password +# jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 +jetty.sslContext.trustStorePassword=OBF:1cp61iuj194s194u194w194y1is31cok + +## Truststore type and provider +# jetty.sslContext.trustStoreType=JKS +# jetty.sslContext.trustStoreProvider= + +## whether client certificate authentication is required +# jetty.sslContext.needClientAuth=false + +## Whether client certificate authentication is desired +# jetty.sslContext.wantClientAuth=false + +## Whether cipher order is significant (since java 8 only) +# jetty.sslContext.useCipherSuitesOrder=true + +## To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at +## https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites + +## Set the size of the SslSession cache +# jetty.sslContext.sslSessionCacheSize=-1 + +## Set the timeout (in seconds) of the SslSession cache timeout +# jetty.sslContext.sslSessionTimeout=-1 + +## Allow SSL renegotiation +# jetty.sslContext.renegotiationAllowed=true +# jetty.sslContext.renegotiationLimit=5 diff --git a/sdc-os-chef/sdc-backend/chef-solo/roles/catalog-be.json b/sdc-os-chef/sdc-backend/chef-solo/roles/catalog-be.json index 9fc7b8d1dc..a05a2830eb 100644 --- a/sdc-os-chef/sdc-backend/chef-solo/roles/catalog-be.json +++ b/sdc-os-chef/sdc-backend/chef-solo/roles/catalog-be.json @@ -12,11 +12,12 @@ "run_list": [ "recipe[sdc-catalog-be::BE_1_cleanup_jettydir]", "recipe[sdc-catalog-be::BE_2_setup_configuration]", - "recipe[sdc-catalog-be::BE_4_jetty_Modules]", - "recipe[sdc-catalog-be::BE_5_setup_elasticsearch]", - "recipe[sdc-catalog-be::BE_6_setup_portal_properties]", - "recipe[sdc-catalog-be::BE_7_logback]", - "recipe[sdc-catalog-be::BE_8_errors_config]" + "recipe[sdc-catalog-be::BE_3_locate_keystore]", + "recipe[sdc-catalog-be::BE_5_jetty_Modules]", + "recipe[sdc-catalog-be::BE_6_setup_elasticsearch]", + "recipe[sdc-catalog-be::BE_7_setup_portal_properties]", + "recipe[sdc-catalog-be::BE_8_logback]", + "recipe[sdc-catalog-be::BE_9_errors_config]" ], "env_run_lists": { } -- cgit 1.2.3-korg