From a1ceb60843508b0ef23f3f8ec29d8808722fada3 Mon Sep 17 00:00:00 2001
From: Michael Lando <ml636r@att.com>
Date: Tue, 20 Feb 2018 16:14:11 +0200
Subject: add https support to simulato

Change-Id: I16f68532a7e7a09fbf96c09dff19d857c03fedd8
Issue-ID: SDC-832
Signed-off-by: Michael Lando <ml636r@att.com>
---
 .../recipes/SDC_Simulator_2_setup_configuration.rb | 11 ++++++--
 .../SDC_Simulator_5_create_jetty_modules.rb        | 26 +++++++++++++++++--
 .../templates/default/SDC-Simulator-https-ini.erb  | 29 ++++++++++++++++++++++
 .../templates/default/SDC-Simulator-ssl-ini.erb    |  9 ++++++-
 .../default/SDC-Simulator-webseal.conf.erb         |  2 +-
 5 files changed, 71 insertions(+), 6 deletions(-)
 create mode 100644 utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-https-ini.erb

(limited to 'utils/webseal-simulator/sdc-simulator/chef-repo')

diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb
index 85fedfd9e5..6c081d685d 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb
@@ -1,5 +1,13 @@
 jetty_base="/var/lib/jetty"
 
+if !ENV['FE_URL'].nil?
+    fe_url="#{ENV['FE_URL']}"
+elsif  node['disableHttp']
+    fe_url="https://#{node['Nodes']['FE']}:#{node['FE'][:https_port]}"
+else
+    fe_url="http://#{node['Nodes']['FE']}:#{node['FE'][:http_port]}"
+end
+
 
 template "webseal.conf" do
    path "#{jetty_base}/config/sdc-simulator/webseal.conf"
@@ -8,7 +16,6 @@ template "webseal.conf" do
    group "jetty"
    mode "0755"
    variables({
-      :fe_host_ip   => node['HOST_IP'],
-      :fe_http_port => "#{node['FE'][:http_port]}"
+      :fe_url  =>"#{fe_url}"
    })
 end
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb
index 38b87fa65d..3dde6ee38f 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb
@@ -1,7 +1,6 @@
 jetty_base="/var/lib/jetty"
 jetty_home="/usr/local/jetty"
 
-###### create Jetty modules
 bash "create-jetty-modules" do
 cwd "#{jetty_base}"
 code <<-EOH
@@ -9,6 +8,29 @@ code <<-EOH
    java -jar "/#{jetty_home}"/start.jar --add-to-start=deploy
    java -jar "/#{jetty_home}"/start.jar --add-to-startd=http,https,logging,setuid
 EOH
-not_if "ls /#{jetty_base}/start.d/https.ini"
+end
+
+template "ssl-ini" do
+   path "/#{jetty_base}/start.d/ssl.ini"
+   source "SDC-Simulator-ssl-ini.erb"
+   owner "jetty"
+   group "jetty"
+   mode "0755"
+   variables({
+        :https_port           => "8443",
+        :jetty_keystore_pwd   => "OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4",
+        :jetty_keymanager_pwd => "OBF:1u2u1wml1z7s1z7a1wnl1u2g"
+   })
+end
+
+template "https-ini" do
+   path "/#{jetty_base}/start.d/https.ini"
+   source "SDC-Simulator-https-ini.erb"
+   owner "jetty"
+   group "jetty"
+   mode "0755"
+   variables ({
+        :https_port => "8443"
+   })
 end
 
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-https-ini.erb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-https-ini.erb
new file mode 100644
index 0000000000..9999a4109b
--- /dev/null
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-https-ini.erb
@@ -0,0 +1,29 @@
+# ---------------------------------------
+# Module: https
+--module=https
+
+### HTTPS Connector Configuration
+
+## Connector host/address to bind to
+# jetty.https.host=0.0.0.0
+
+## Connector port to listen on
+jetty.https.port=<%= @https_port %>
+
+## Connector idle timeout in milliseconds
+jetty.https.idleTimeout=30000
+
+## Connector socket linger time in seconds (-1 to disable)
+# jetty.https.soLingerTime=-1
+
+## Number of acceptors (-1 picks default based on number of cores)
+# jetty.https.acceptors=-1
+
+## Number of selectors (-1 picks default based on number of cores)
+# jetty.https.selectors=-1
+
+## ServerSocketChannel backlog (0 picks platform default)
+# jetty.https.acceptorQueueSize=0
+
+## Thread priority delta to give to acceptor threads
+# jetty.https.acceptorPriorityDelta=0
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb
index 426e0e44b5..86848bf282 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb
@@ -8,7 +8,7 @@
 # jetty.ssl.host=0.0.0.0
 
 ## Connector port to listen on
-jetty.ssl.port=<%= @FE_https_port %>
+jetty.ssl.port=<%= @https_port %>
 
 ## Connector idle timeout in milliseconds
 # jetty.ssl.idleTimeout=30000
@@ -49,6 +49,7 @@ jetty.ssl.port=<%= @FE_https_port %>
 
 ## Keystore password
 # jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
+jetty.sslContext.keyStorePassword=<%= @jetty_keystore_pwd %>
 
 ## Keystore type and provider
 # jetty.sslContext.keyStoreType=JKS
@@ -56,9 +57,11 @@ jetty.ssl.port=<%= @FE_https_port %>
 
 ## KeyManager password
 # jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g
+jetty.sslContext.keyManagerPassword=<%= @jetty_keymanager_pwd %>
 
 ## Truststore password
 # jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
+#jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %>
 
 ## Truststore type and provider
 # jetty.sslContext.trustStoreType=JKS
@@ -81,3 +84,7 @@ jetty.ssl.port=<%= @FE_https_port %>
 
 ## Set the timeout (in seconds) of the SslSession cache timeout
 # jetty.sslContext.sslSessionTimeout=-1
+
+## Allow SSL renegotiation
+# jetty.sslContext.renegotiationAllowed=true
+# jetty.sslContext.renegotiationLimit=5
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb
index d5e2cbeaac..e4c5d753fa 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb
@@ -1,6 +1,6 @@
 {
 	webseal {
-		fe="http://<%= @fe_host_ip %>:<%= @fe_http_port %>"
+		fe="<%= @fe_url %>"
 		users = [
 			{
 				userId="cs0008"
-- 
cgit 1.2.3-korg