-
-
Save scalp42/7fb4fa48e7ec69a73d8a to your computer and use it in GitHub Desktop.
snippets of how we get rundeck behind nginx+ssl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Import the self-signed certificate from chef-server for rundeck's store | |
| cert_alias = "#{node['fqdn']}-selfsigned-crt" | |
| execute "import-rundeck-self-signed-cert" do | |
| not_if "keytool -list -keystore /etc/rundeck/ssl/truststore -storepass adminadmin | grep #{cert_alias}" | |
| command "keytool -import -alias #{cert_alias} -file /var/opt/chef-server/nginx/ca/*.crt -keystore /etc/rundeck/ssl/truststore -storepass adminadmin -noprompt" | |
| action :run | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Hack to tell rundeck it's behind an SSL proxy instead of | |
| # shipping an entire custom profile file | |
| rundeck_profile = "/etc/rundeck/profile" | |
| rundeck_jvm_proxy_on='RDECK_JVM="$RDECK_JVM -Drundeck.jetty.connector.forwarded=true -Dserver.web.context=/rundeck"' | |
| if File.exist?(rundeck_profile) and File.readlines(rundeck_profile).grep(/jetty/).empty? | |
| ruby_block "add_rundeck_proxy_args" do | |
| block do | |
| file = Chef::Util::FileEdit.new(rundeck_profile) | |
| file.insert_line_if_no_match(rundeck_jvm_proxy_on, rundeck_jvm_proxy_on) | |
| file.write_file | |
| end | |
| notifies :restart, "service[rundeckd]", :delayed | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment