Merge "add getAt regex.Matcher to approved_scripts" into release/proposed/2019.2.0
diff --git a/defaults/jenkins.yml b/defaults/jenkins.yml
index d01bf4e..68d843d 100644
--- a/defaults/jenkins.yml
+++ b/defaults/jenkins.yml
@@ -1,6 +1,6 @@
parameters:
_param:
jenkins_master_port: 8081
- jenkins_master_protocol: http
+ jenkins_master_protocol: https
jenkins_pipelines_branch: "master"
jenkins_salt_api_url: "https://${_param:salt_master_host}:${_param:nginx_proxy_salt_api_site_port}"
diff --git a/gerrit/client/init.yml b/gerrit/client/init.yml
index 16e4231..4ed374e 100644
--- a/gerrit/client/init.yml
+++ b/gerrit/client/init.yml
@@ -19,7 +19,7 @@
auth_method: basic
http_port: 8080
ssh_port: 29418
- protocol: http
+ protocol: https
password: ${_param:gerrit_admin_password}
key: ${_param:gerrit_admin_private_key}
user:
diff --git a/haproxy/proxy/listen/cicd/gerrit.yml b/haproxy/proxy/listen/cicd/gerrit.yml
index f6ded20..9e11f03 100644
--- a/haproxy/proxy/listen/cicd/gerrit.yml
+++ b/haproxy/proxy/listen/cicd/gerrit.yml
@@ -1,3 +1,5 @@
+classes:
+ - system.salt.minion.cert.proxy.drivetrain_ssl
parameters:
_param:
haproxy_gerrit_bind_host: ${_param:haproxy_bind_address}
@@ -5,7 +7,8 @@
haproxy_gerrit_ssh_bind_host: ${_param:haproxy_gerrit_bind_host}
haproxy_gerrit_ssh_bind_port: 29418
haproxy_gerrit_ssl:
- enabled: false
+ enabled: true
+ pem_file: /etc/haproxy/ssl/drivetrain.pem
haproxy:
proxy:
listen:
diff --git a/haproxy/proxy/listen/cicd/jenkins.yml b/haproxy/proxy/listen/cicd/jenkins.yml
index d8c67d0..9f3bf07 100644
--- a/haproxy/proxy/listen/cicd/jenkins.yml
+++ b/haproxy/proxy/listen/cicd/jenkins.yml
@@ -1,3 +1,5 @@
+classes:
+ - system.salt.minion.cert.proxy.drivetrain_ssl
parameters:
_param:
haproxy_jenkins_bind_host: ${_param:haproxy_bind_address}
@@ -5,7 +7,8 @@
haproxy_jenkins_jnlp_bind_host: ${_param:haproxy_jenkins_bind_host}
haproxy_jenkins_jnlp_bind_port: 50000
haproxy_jenkins_ssl:
- enabled: false
+ enabled: true
+ pem_file: /etc/haproxy/ssl/drivetrain.pem
haproxy:
proxy:
listen:
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index 11b5430..aa8cf0d 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -18,6 +18,7 @@
master:
host: ${_param:jenkins_master_host}
port: ${_param:jenkins_master_port}
+ proto: https
username: ${_param:jenkins_client_user}
password: ${_param:jenkins_client_password}
lib:
diff --git a/salt/minion/cert/proxy/drivetrain_ssl.yml b/salt/minion/cert/proxy/drivetrain_ssl.yml
new file mode 100644
index 0000000..aecb5fb
--- /dev/null
+++ b/salt/minion/cert/proxy/drivetrain_ssl.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ gerrit:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: drivetrain
+ signing_policy: cert_server
+ alternative_names: "DNS:${_param:cluster_public_host}, DNS:*.${_param:cluster_public_host}, DNS:${_param:cicd_control_address}, IP:${_param:cicd_control_address}"
+ key_file: /etc/haproxy/ssl/drivetrain.key
+ cert_file: /etc/haproxy/ssl/drivetrain.crt
+ ca_file: /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem
+ all_file: /etc/haproxy/ssl/drivetrain.pem
+ user: root
+ group: haproxy
+ mode: 640
+ enabled: true