When you're using PE and install Razor on a Puppet-managed node, protocol security using HTTPS and TLS/SSL is enabled by default. However, if you want to use your own CA certificate or you're using Razor in an environment that's not Puppet-managed, you must secure communication between the Razor server and client.
Version and installation information
PE version: 3.7 to 2019.2
OS: Any Unix
Solution
Complete the following steps to configure communication ports for the Razor server and to configure communication between the Razor server and client.
Configure communication ports for the Razor server
-
Configure HTTP communication on port 8150 and HTTPS communication on port 8151.
-
In the config.yaml file, located on your master at
/etc/puppetlabs/razor-server/config.yaml
, make sure thatsecure_api
is set totrue
. -
Use your own
.jks
or.ks
file or self-sign a certificate.You might already have a
.jks
or.ks
file that you are using for communication between the Razor server and client. If not, create a self-signed certificate file calledkeystore.jks
in your current working directory by running the Javakeytool
command on your master:keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -keypass password -validity 3600 -keysize 2048 -dname "CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, S=Unknown, C=Unknown"
Note: The default password for
keytool
ispassword
. -
Configure Torquebox by adding a web connector in the
standalone.xml.erb
file:The location of the
standalone.xml.erb
file varies. On the puppet master, use the commandfind / -name standalone.xml.erb
to locate it. Edit the file to add the connector as follows:<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"> <ssl name="https" key-alias="<%= @java_ssl_alias %>" password-file="<PATH_TO_A_PLAINTEXT_PASSWORD_FILE>"
Comments
0 comments
Please sign in to leave a comment.