Merge branch 'issue104' into development

rundeck · Dec 2, 2010 · 6e133e5 · 6e133e5
2 parents 62d0d37 + 3dffab6
commit 6e133e5
Show file tree

Hide file tree

Showing 18 changed files with 128 additions and 25 deletions.
diff --git a/core/src/sh/dispatch b/core/src/sh/dispatch
@@ -38,9 +38,7 @@ fi
 exec $JAVA_HOME/bin/java ${RDECK_JVM} -classpath ${CLI_CP} \
      -Drdeck.base=$RDECK_BASE \
      -Drdeck.home=$RDECK_HOME \
-     -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol  \
-     -Djavax.net.ssl.trustStore=$RDECK_BASE/etc/truststore \
-     -Djavax.net.ssl.trustStoreType=jks  \
+     $RDECK_SSL_OPTS \
      -Drdeck.traceExceptions=$RUNDECK_TRACE_EXCEPTIONS \
      -Drdeck.cli.terse=$RUNDECK_CLI_TERSE \
      com.dtolabs.rundeck.core.cli.ExecTool "$@"
diff --git a/core/src/sh/dispatch.bat b/core/src/sh/dispatch.bat
@@ -43,9 +43,7 @@ call "%JAVA_HOME%\bin\java.exe" ^
     -Drdeck.base="%RDECK_BASE%" ^
 	-Drdeck.home="%RDECK_HOME%" ^
 	-Dant.home="%ANT_HOME%" ^
-    -Djava.protocol.handler.pkgs="com.sun.net.ssl.internal.www.protocol"  ^
-    -Djavax.net.ssl.trustStore="%RDECK_BASE%\etc\truststore" ^
-    -Djavax.net.ssl.trustStoreType="jks"  ^
+    %RDECK_SSL_OPTS% ^
     -Drdeck.traceExceptions="%RUNDECK_TRACE_EXCEPTIONS%" ^
     -Drdeck.cli.terse="%RUNDECK_CLI_TERSE%" ^
 	com.dtolabs.rundeck.core.cli.ExecTool %*
diff --git a/core/src/sh/rd-jobs b/core/src/sh/rd-jobs
@@ -39,5 +39,5 @@ exec $JAVA_HOME/bin/java ${RDECK_JVM} -classpath ${CLI_CP} \
      -Duser.java_home=$JAVA_HOME \
      -Drdeck.base=$RDECK_BASE \
      -Drdeck.home=$RDECK_HOME \
-     -Dant.home=$ANT_HOME \
+     $RDECK_SSL_OPTS \
      com.dtolabs.rundeck.core.cli.jobs.JobsTool "$@"
diff --git a/core/src/sh/rd-jobs.bat b/core/src/sh/rd-jobs.bat
@@ -67,6 +67,7 @@ CALL %JAVA_HOME%\bin\java "-Dant.home=%ANT_HOME%" ^
                           "-Duser.java_home=%JAVA_HOME%" ^
                           "-Drdeck.home=%RDECK_HOME%" ^
                           "-Drdeck.base=%RDECK_BASE%" ^
+                          %RDECK_SSL_OPTS% ^
                           -cp  ^
                           com.dtolabs.rundeck.core.cli.ctljobs.JobsTool %*
 

diff --git a/core/src/sh/rd-project b/core/src/sh/rd-project
@@ -38,8 +38,6 @@ fi
 exec $JAVA_HOME/bin/java ${RDECK_JVM} -classpath ${CLI_CP} \
      -Drdeck.base=$RDECK_BASE \
      -Drdeck.home=$RDECK_HOME \
-     -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol  \
-     -Djavax.net.ssl.trustStore=$RDECK_BASE/etc/truststore \
-     -Djavax.net.ssl.trustStoreType=jks  \
      -Drdeck.traceExceptions=$RUNDECK_TRACE_EXCEPTIONS \
+     $RDECK_SSL_OPTS \
      com.dtolabs.rundeck.core.cli.project.ProjectTool "$@"
diff --git a/core/src/sh/rd-project.bat b/core/src/sh/rd-project.bat
@@ -58,9 +58,7 @@ CALL %JAVA_HOME%\bin\java "-Dant.home=%ANT_HOME%" ^
                           "-Drdeck.home=%RDECK_HOME%" ^
                           "-Drdeck.base=%RDECK_BASE%" ^
                           "-Duser.name=%USER_NAME%" ^
-                           -Djava.protocol.handler.pkgs="com.sun.net.ssl.internal.www.protocol"  ^
-                           -Djavax.net.ssl.trustStore="%RDECK_BASE%\etc\truststore" ^
-                           -Djavax.net.ssl.trustStoreType="jks"  ^
+                           %RDECK_SSL_OPTS% ^
                           -cp "%RDECK_HOME%\classes;%ANT_HOME%\lib\xerces-2.6.0.jar;%ANT_HOME%\lib\xml-apis.jar" ^
                           com.dtolabs.rundeck.core.cli.project.ProjectTool %*
 

diff --git a/core/src/sh/rd-queue b/core/src/sh/rd-queue
@@ -39,4 +39,5 @@ exec $JAVA_HOME/bin/java ${RDECK_JVM} -classpath ${CLI_CP} \
      -Duser.java_home=$JAVA_HOME \
      -Drdeck.base=$RDECK_BASE \
      -Drdeck.home=$RDECK_HOME \
+     $RDECK_SSL_OPTS \
      com.dtolabs.rundeck.core.cli.queue.QueueTool "$@"
diff --git a/core/src/sh/rd-queue.bat b/core/src/sh/rd-queue.bat
@@ -57,6 +57,7 @@ CALL %JAVA_HOME%\bin\java "-Dant.home=%ANT_HOME%" ^
                           "-Duser.java_home=%JAVA_HOME%" ^
                           "-Drdeck.home=%RDECK_HOME%" ^
                           "-Drdeck.base=%RDECK_BASE%" ^
+                          %RDECK_SSL_OPTS% ^
                           -cp "%RDECK_HOME%\classes;%ANT_HOME%\lib\ant.jar;%ANT_HOME%\lib\ant-launcher.jar;%ANT_HOME%\lib\regexp-1.5.jar;%ANT_HOME%\lib\ant-apache-regexp.jar" ^
                           com.dtolabs.rundeck.core.cli.queue.QueueTool %*
 

diff --git a/core/src/sh/run b/core/src/sh/run
@@ -39,4 +39,5 @@ exec $JAVA_HOME/bin/java ${RDECK_JVM} -classpath ${CLI_CP} \
      -Duser.java_home=$JAVA_HOME \
      -Drdeck.base=$RDECK_BASE \
      -Drdeck.home=$RDECK_HOME \
+     $RDECK_SSL_OPTS \
      com.dtolabs.rundeck.core.cli.run.RunTool "$@"
diff --git a/core/src/sh/run.bat b/core/src/sh/run.bat
@@ -57,6 +57,7 @@ CALL %JAVA_HOME%\bin\java "-Dant.home=%ANT_HOME%" ^
                           "-Duser.java_home=%JAVA_HOME%" ^
                           "-Drdeck.home=%RDECK_HOME%" ^
                           "-Drdeck.base=%RDECK_BASE%" ^
+                          %RDECK_SSL_OPTS% ^
                           -cp "%RDECK_HOME%\classes;%ANT_HOME%\lib\ant.jar;%ANT_HOME%\lib\ant-launcher.jar;%ANT_HOME%\lib\regexp-1.5.jar;%ANT_HOME%\lib\ant-apache-regexp.jar" ^
                           com.dtolabs.rundeck.core.cli.run.RunTool %*
 

diff --git a/core/src/templates/etc/profile.bat.template b/core/src/templates/etc/profile.bat.template
@@ -7,4 +7,6 @@ set JAVA_HOME=@user.java_home@
 :: Unsetting JRE_HOME to ensure there is no conflict with JAVA_HOME
 (set JRE_HOME=)
 
-set Path=%JAVA_HOME%\bin;%RDECK_HOME%\bin;%Path%
+set Path=%JAVA_HOME%\bin;%RDECK_HOME%\bin;%Path%
+
+set RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=%RDECK_BASE%\etc\truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
diff --git a/core/src/templates/etc/profile.template b/core/src/templates/etc/profile.template
@@ -30,4 +30,6 @@ do
 done
 export CLI_CP
 
+export RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=$RDECK_BASE/etc/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
+
 umask 002
diff --git a/rundeckapp/etc/config-defaults.properties b/rundeckapp/etc/config-defaults.properties
@@ -22,6 +22,7 @@ loginmodule.conf.name=jaas-loginmodule.conf
 rundeck.config.name=rundeck-config.properties
 server.hostname=localhost
 server.http.port=4440
+server.https.port=4443
 server.reportservice.port=4435
 server.datastore.path=rundeck/data/grailsdb
 default.admin.name=admin

diff --git a/rundeckapp/etc/templates/ssl.properties.template b/rundeckapp/etc/templates/ssl.properties.template
@@ -0,0 +1,5 @@
+keystore=${rdeck.base}/etc/keystore
+keystore.password=admin
+key.password=admin
+truststore=${rdeck.base}/etc/keystore
+truststore.password=admin
diff --git a/rundeckapp/src/java/com/dtolabs/rundeck/ExpandRunServer.java b/rundeckapp/src/java/com/dtolabs/rundeck/ExpandRunServer.java
@@ -69,6 +69,7 @@ public class ExpandRunServer {
      */
     final static String[] configProperties = {
         "server.http.port",
+        "server.https.port",
         "server.hostname",
         "server.reportservice.port",
         "rdeck.base",

diff --git a/rundeckapp/src/java/com/dtolabs/rundeck/RunServer.java b/rundeckapp/src/java/com/dtolabs/rundeck/RunServer.java
@@ -17,19 +17,22 @@
 package com.dtolabs.rundeck;
 
 import org.mortbay.jetty.Server;
+import org.mortbay.jetty.bio.SocketConnector;
 import org.mortbay.jetty.plus.jaas.JAASUserRealm;
 import org.mortbay.jetty.security.HashUserRealm;
+import org.mortbay.jetty.security.SslSocketConnector;
 import org.mortbay.jetty.webapp.WebAppContext;
 
 import java.io.*;
-import java.util.Map;
+import java.util.Properties;
 
 /**
  * Run the jetty server using system properties and commandline input for configuration
  */
 public class RunServer {
 
     int port = Integer.getInteger("server.http.port", 4440);
+    int httpsPort = Integer.getInteger("server.https.port", 4443);
     File basedir;
     File serverdir;
     private static final String REALM_NAME = "rundeckrealm";
@@ -38,6 +41,19 @@ public class RunServer {
     String loginmodulename;
     private boolean useJaas;
     private static final String RUNDECK_JAASLOGIN = "rundeck.jaaslogin";
+    public static final String RUNDECK_SSL_CONFIG = "rundeck.ssl.config";
+    public static final String RUNDECK_KEYSTORE = "keystore";
+    public static final String RUNDECK_KEYSTORE_PASSWORD = "keystore.password";
+    public static final String RUNDECK_KEY_PASSWORD = "key.password";
+    public static final String RUNDECK_TRUSTSTORE = "truststore";
+    public static final String RUNDECK_TRUSTSTORE_PASSWORD = "truststore.password";
+    private String keystore;
+    private String keystorePassword;
+    private String keyPassword;
+    private String truststore;
+    private String truststorePassword;
+    private static final String RUNDECK_SERVER_SERVER_DIR = "rundeck.server.serverDir";
+    private static final String RUNDECK_SERVER_CONFIG_DIR = "rundeck.server.configDir";
 
     public static void main(final String[] args) throws Exception {
         new RunServer().run(args);
@@ -61,7 +77,14 @@ public void run(final String[] args) throws Exception {
         if (null != basedir) {
             System.setProperty("rdeck.base", basedir.getAbsolutePath());
         }
-        final Server server = new Server(port);
+        final Server server = new Server();
+        if(isSSLEnabled()){
+            configureSSLConnector(server);
+        }else{
+            warnNoSSLConfig();
+            configureHTTPConnector(server);
+        }
+
         server.setStopAtShutdown(true);
         final WebAppContext context = createWebAppContext(new File(serverdir, "exp/webapp"));
         server.addHandler(context);
@@ -76,6 +99,45 @@ public void run(final String[] args) throws Exception {
         }
     }
 
+    private void warnNoSSLConfig() {
+        System.err.println("WARNING: HTTPS is not enabled, specify -Drundeck.ssl.config="+basedir+"/server/config/ssl.properties to enable.");
+    }
+
+    private boolean isSSLEnabled() {
+        if (null == System.getProperty(RUNDECK_SSL_CONFIG)) {
+            return false;
+        }
+        if (null != keystore) {
+            if (!new File(keystore).exists()) {
+                System.err.println("ERROR: keystore file does not exist, you must create it: " + keystore);
+                return false;
+            }
+        } else {
+            System.err.println("ERROR: keystore property not specified: " + System.getProperty(RUNDECK_SSL_CONFIG));
+            return false;
+        }
+        return true;
+    }
+
+    private void configureHTTPConnector(final Server server) {
+        final SocketConnector connector = new SocketConnector();
+        connector.setPort(port);
+        server.addConnector(connector);
+    }
+
+    private void configureSSLConnector(final Server server) {
+        //configure ssl
+        final SslSocketConnector connector = new SslSocketConnector();
+        connector.setPort(httpsPort);
+        connector.setMaxIdleTime(30000);
+        connector.setKeystore(keystore);
+        connector.setPassword(keystorePassword);
+        connector.setKeyPassword(keyPassword);
+        connector.setTruststore(truststore);
+        connector.setTrustPassword(truststorePassword);
+        server.addConnector(connector);
+    }
+
     /**
      * Configure jetty realm.  if system property "rundeck.jaaslogin" is false, then use a simple HashRealm, otherwise
      * use a JAAS realm.
@@ -144,16 +206,31 @@ private WebAppContext createWebAppContext(final File webapp) throws IOException
      * serverdir/config
      */
     private void init() {
-        if (null != System.getProperty("rundeck.server.serverDir")) {
-            serverdir = new File(System.getProperty("rundeck.server.serverDir"));
+        if (null != System.getProperty(RUNDECK_SERVER_SERVER_DIR)) {
+            serverdir = new File(System.getProperty(RUNDECK_SERVER_SERVER_DIR));
         } else {
             serverdir = new File(basedir, "server");
         }
-        if (null != System.getProperty("rundeck.server.configDir")) {
-            configdir = new File(System.getProperty("rundeck.server.configDir"));
+        if (null != System.getProperty(RUNDECK_SERVER_CONFIG_DIR)) {
+            configdir = new File(System.getProperty(RUNDECK_SERVER_CONFIG_DIR));
         } else {
             configdir = new File(serverdir, "config");
         }
+        if(null!=System.getProperty(RUNDECK_SSL_CONFIG)){
+            final Properties sslProperties = new Properties();
+            try{
+                sslProperties.load(new FileInputStream(System.getProperty(RUNDECK_SSL_CONFIG)));
+            } catch (IOException e) {
+                System.err.println("Could not load specified rundeck.ssl.config file: " + System.getProperty(
+                    RUNDECK_SSL_CONFIG) + ": " + e.getMessage());
+                e.printStackTrace(System.err);
+            }
+            keystore = sslProperties.getProperty(RUNDECK_KEYSTORE);
+            keystorePassword = sslProperties.getProperty(RUNDECK_KEYSTORE_PASSWORD);
+            keyPassword = sslProperties.getProperty(RUNDECK_KEY_PASSWORD);
+            truststore = sslProperties.getProperty(RUNDECK_TRUSTSTORE);
+            truststorePassword = sslProperties.getProperty(RUNDECK_TRUSTSTORE_PASSWORD);
+        }
     }
 
     /**
@@ -170,5 +247,8 @@ private void parseArgs(final String[] args) {
         if (args.length > 1) {
             port = Integer.parseInt(args[1]);
         }
+        if (args.length > 2) {
+            httpsPort = Integer.parseInt(args[2]);
+        }
     }
 }
diff --git a/test/test.sh b/test/test.sh
@@ -72,7 +72,18 @@ fi
 
 rm $DIR/exec.out
 
-sh $DIR/testweb.sh
+egrep 'https://' $RDECK_BASE/etc/framework.properties > /dev/null
+if [ 0 = $? ] ; then
+    # call testweb and use -k curl option to ignore server certificate
+    sh $DIR/testweb.sh "https://localhost:4443" -k
+    #################
+    # alternate args to curl to use a pem formatted cert to verify server cert:
+    #sh $DIR/testweb.sh "https://localhost:4443" "--cacert $RDECK_BASE/etc/rundeck.server.pem"
+    ################
+else
+    sh $DIR/testweb.sh "http://localhost:4440"
+fi
+
 if [ 0 != $? ] ; then
 	echo Failed to run testweb.sh : $!
 	exit 2

diff --git a/test/testweb.sh b/test/testweb.sh
@@ -15,13 +15,17 @@ fi
 
 # test log in 
 
-url='http://localhost:4440'
+url=$1
+if [ -z "$url" ] ; then
+    url='http://localhost:4440'
+fi
 loginurl="${url}/j_security_check"
+curlopts=$2
 
 # get main page for login
 echo "WEB Starting tests."
 echo "WEB Trying login..."
-curl -s -S -L -c $DIR/cookies ${url}/menu/index > $DIR/curl.out 
+curl $curlopts -s -S -L -c $DIR/cookies ${url}/menu/index > $DIR/curl.out 
 if [ 0 != $? ] ; then
     errorMsg "failed menu request to ${url}/menu/index"
     exit 2
@@ -34,7 +38,7 @@ if [ 0 != $? ] ; then
 fi
 
 
-curl -s -S -L -c $DIR/cookies -b $DIR/cookies -d j_username=admin -d j_password=admin $loginurl > $DIR/curl.out 
+curl $curlopts -s -S -L -c $DIR/cookies -b $DIR/cookies -d j_username=admin -d j_password=admin $loginurl > $DIR/curl.out 
 if [ 0 != $? ] ; then
     errorMsg "failed login request to ${loginurl}"
     exit 2
@@ -55,7 +59,7 @@ fi
 echo "WEB Login OK"
 echo "WEB Testing Nodes..."
 # get nodes page
-curl -s -S -L -c $DIR/cookies -b $DIR/cookies ${url}/resources/nodes?project=test > $DIR/curl.out
+curl $curlopts -s -S -L -c $DIR/cookies -b $DIR/cookies ${url}/resources/nodes?project=test > $DIR/curl.out
 if [ 0 != $? ] ; then
     errorMsg "failed nodes request"
     exit 2