This change clears up some ambiguity in the hostname and port that
is used for Conjur access in various Conjur-Puppet smoketests.
In the current Conjur Puppet smoketests, the hostname conjur-https
is used as a hostname for accessing Conjur. However, the interface/IP
that is associated with this hostname (and which port to use) varies
for the different smoketests:
For Linux puppet agents, conjur-https refers to the Docker Compose
service inside the compose cluster, and a (fixed) container port needs
to be used with this.
For Windows puppet agents, conjur-https refers to a host interface/IP
(Windows VM is accessing from outside the compose cluster), and the
associated port is a random host port (random so that Jenkins tests can
be parallelized).
To get this to work, there's a workaround of adding an /etc/hosts
entry added to Puppet master container for conjur-https for Windows
VM testing, but this is a bit awkward since this /etc/hosts entry
needs to be deleted/cleaned up for the current Linux puppet tests.
This ambiguity/confusion is cleared up as follows:
Use a distinct DNS name conjur.cyberark.com as a SANS hostname
in the Conjur TLS certificates (rather than an internal Docker compose
service name such as conjur-https). Use a Conjur URL of the form
https://conjur.cyberark.com:<host-port>.
For the Linux agent smoketests, use external (w.r.t. the compose cluster)
access for Conjur. Add an /etc/hosts entry in Puppet master/agents
to associate the name conjur.cyberark.com with a host IP.
For Windows agent tests, use the hostname conjur.cyberark.com to
access Conjur, and continue to use an /etc/hosts entry in Puppet
master/agents to associate that hostname to the well known host IP
address of 10.0.2.2 used by VirtualBox.
What ticket does this PR close?
Connected to #165
Checklists
Change log
[ ] The CHANGELOG has been updated, or
[x] This PR does not include user-facing changes and doesn't require a CHANGELOG update
Test coverage
[ ] This PR includes new unit and integration tests to go with the code changes, or
[x] The changes in this PR do not require tests
Documentation
[ ] Docs (e.g. READMEs) were updated in this PR, and/or there is a follow-on issue to update docs, or
[x] This PR does not require updating any documentation
What does this PR do?
This change clears up some ambiguity in the hostname and port that is used for Conjur access in various Conjur-Puppet smoketests.
In the current Conjur Puppet smoketests, the hostname
conjur-https
is used as a hostname for accessing Conjur. However, the interface/IP that is associated with this hostname (and which port to use) varies for the different smoketests:conjur-https
refers to the Docker Compose service inside the compose cluster, and a (fixed) container port needs to be used with this.conjur-https
refers to a host interface/IP (Windows VM is accessing from outside the compose cluster), and the associated port is a random host port (random so that Jenkins tests can be parallelized).To get this to work, there's a workaround of adding an /etc/hosts entry added to Puppet master container for
conjur-https
for Windows VM testing, but this is a bit awkward since this /etc/hosts entry needs to be deleted/cleaned up for the current Linux puppet tests.This ambiguity/confusion is cleared up as follows:
Use a distinct DNS name
conjur.cyberark.com
as a SANS hostname in the Conjur TLS certificates (rather than an internal Docker compose service name such asconjur-https
). Use a Conjur URL of the formhttps://conjur.cyberark.com:<host-port>
.For the Linux agent smoketests, use external (w.r.t. the compose cluster) access for Conjur. Add an /etc/hosts entry in Puppet master/agents to associate the name
conjur.cyberark.com
with a host IP.For Windows agent tests, use the hostname
conjur.cyberark.com
to access Conjur, and continue to use an /etc/hosts entry in Puppet master/agents to associate that hostname to the well known host IP address of 10.0.2.2 used by VirtualBox.What ticket does this PR close?
Connected to #165
Checklists
Change log
Test coverage
Documentation
README
s) were updated in this PR, and/or there is a follow-on issue to update docs, or