When you're using PE and install Razor on a Puppet-managed node, protocol security using HTTPS and TLS/SSL is enabled by default. However, if you want to use your own CA certificate or you're using Razor in an environment that's not Puppet-managed, you must secure communication between the Razor server and client.
Version and installation information
PE version: 3.7 to 2019.2
OS: Any Unix
Complete the following steps to configure communication ports for the Razor server and to configure communication between the Razor server and client.
Configure communication ports for the Razor server
Configure HTTP communication on port 8150 and HTTPS communication on port 8151.
In the config.yaml file, located on your master at
/etc/puppetlabs/razor-server/config.yaml, make sure that
secure_apiis set to
Use your own
.ksfile or self-sign a certificate.
You might already have a
.ksfile that you are using for communication between the Razor server and client. If not, create a self-signed certificate file called
keystore.jksin your current working directory by running the Java
keytoolcommand on your master:
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -keypass password -validity 3600 -keysize 2048 -dname "CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, S=Unknown, C=Unknown"
Note: The default password for
Configure Torquebox by adding a web connector in the
The location of the
standalone.xml.erbfile varies. On the puppet master, use the command
find / -name standalone.xml.erbto locate it. Edit the file to add the connector as follows:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"> <ssl name="https" key-alias="<%= @java_ssl_alias %>" password-file="<PATH_TO_A_PLAINTEXT_PASSWORD_FILE>"