Switch Jenkins DT on TLS/HTTPS scheme Change-Id: I82b2d094da87668eb762ad4e5674e4e67561edd4 Related-Prod: PROD-27541 (PROD:27541)

commit: 1cfead8d9d2c13241a5b62b4dac657b6bb1cd479 [log] [tgz]
author: Denis Egorenko <degorenko@mirantis.com> Tue Jun 11 18:52:16 2019 +0400
committer: Denis Egorenko <degorenko@mirantis.com> Thu Jun 13 14:21:45 2019 +0400
tree: 4d109116117896c1847afaf4749dc1b00f5ae56e
parent: 5a05161a8d07a2658b57d119eaa49125311fea64 [diff]
diff --git a/defaults/jenkins.yml b/defaults/jenkins.yml
index d01bf4e..68d843d 100644
--- a/defaults/jenkins.yml
+++ b/defaults/jenkins.yml

@@ -1,6 +1,6 @@
 parameters:
   _param:
     jenkins_master_port: 8081
-    jenkins_master_protocol: http
+    jenkins_master_protocol: https
     jenkins_pipelines_branch: "master"
     jenkins_salt_api_url: "https://${_param:salt_master_host}:${_param:nginx_proxy_salt_api_site_port}"

diff --git a/haproxy/proxy/listen/cicd/jenkins.yml b/haproxy/proxy/listen/cicd/jenkins.yml
index d8c67d0..9f3bf07 100644
--- a/haproxy/proxy/listen/cicd/jenkins.yml
+++ b/haproxy/proxy/listen/cicd/jenkins.yml

@@ -1,3 +1,5 @@
+classes:
+  - system.salt.minion.cert.proxy.drivetrain_ssl
 parameters:
   _param:
     haproxy_jenkins_bind_host: ${_param:haproxy_bind_address}
@@ -5,7 +7,8 @@
     haproxy_jenkins_jnlp_bind_host: ${_param:haproxy_jenkins_bind_host}
     haproxy_jenkins_jnlp_bind_port: 50000
     haproxy_jenkins_ssl:
-      enabled: false
+      enabled: true
+      pem_file: /etc/haproxy/ssl/drivetrain.pem
   haproxy:
     proxy:
       listen:

diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index dd136ad..8a9964f 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml

@@ -15,6 +15,7 @@
       master:
         host: ${_param:jenkins_master_host}
         port: ${_param:jenkins_master_port}
+        proto: https
         url_prefix: ${_param:jenkins_master_url_prefix}
         username: ${_param:jenkins_client_user}
         password: ${_param:jenkins_client_password}

diff --git a/salt/minion/cert/proxy/drivetrain_ssl.yml b/salt/minion/cert/proxy/drivetrain_ssl.yml
index ac32e90..aecb5fb 100644
--- a/salt/minion/cert/proxy/drivetrain_ssl.yml
+++ b/salt/minion/cert/proxy/drivetrain_ssl.yml

@@ -7,7 +7,7 @@
           authority: ${_param:salt_minion_ca_authority}
           common_name: drivetrain
           signing_policy: cert_server
-          alternative_names: "DNS:${_param:cluster_public_host}, DNS:*.${_param:cluster_public_host}, DNS:${_param:cicd_control_address}, IP:${_param:control_vip_address}"
+          alternative_names: "DNS:${_param:cluster_public_host}, DNS:*.${_param:cluster_public_host}, DNS:${_param:cicd_control_address}, IP:${_param:cicd_control_address}"
           key_file: /etc/haproxy/ssl/drivetrain.key
           cert_file: /etc/haproxy/ssl/drivetrain.crt
           ca_file: /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem
commit	1cfead8d9d2c13241a5b62b4dac657b6bb1cd479	[log] [tgz]
author	Denis Egorenko <degorenko@mirantis.com>	Tue Jun 11 18:52:16 2019 +0400
committer	Denis Egorenko <degorenko@mirantis.com>	Thu Jun 13 14:21:45 2019 +0400
tree	4d109116117896c1847afaf4749dc1b00f5ae56e
parent	5a05161a8d07a2658b57d119eaa49125311fea64 [diff]