search

rundeck-plugins / salt-step

Rundeck Salt Plugin
BSD 3-Clause "New" or "Revised" License
31 stars 30 forks source link

Support unencrypted connections #21

Closed guice closed 6 years ago

guice commented 6 years ago

When using http endpoints, you're given "ARGUMENTS_INVALID: is not a valid endpoint."

This is a dev box. I cannot create a fully valid, signed certificate for testing purposes. I need the ability to connect to salt-api with disable_ssh: true enabled.

ghost commented 6 years ago

It no more uses http, you will need to use https.

On Saturday, April 14, 2018, Philip notifications@github.com wrote:

When using http endpoints, you're given "ARGUMENTS_INVALID"

This is a dev box. I cannot create a fully valid, signed certificate for testing purposes. I need the ability to connect to salt-api with disable_ssh: true enabled.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/rundeck-plugins/salt-step/issues/21, or mute the thread https://github.com/notifications/unsubscribe-auth/ATKJO7P22Ky1hrkADTvux-t10eV2nZ58ks5toSXmgaJpZM4TUr4r .

guice commented 6 years ago

Correct. That's the reason for this ticket.

How do you support self-signed certificates? How can I use a self-sign so I can work on development work? I don't see an option to supply a certificate for authenticating.

guice commented 6 years ago

I'm attempting to connect to a salt-api host, with a fresh valid localhost certificate, but I'm getting an error when attempting to connect: SSLPeerUnverifiedException

Authenticating with salt-api endpoint: [https://salt.localhost:8000/login]
Failed: COMMUNICATION_FAILURE: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

Curl on the Rundeck docker works (added the root ca to /usr/local/share/ca-certificates):

root@c40de08d367c:/# curl https://salt.localhost:8000/login       
{"status": null, "return": "Please log in"}

I cannot figure out how to set the CA Cert for the plugin so I can get this working.

Since you require SSL enabled, there has to be a way for us developers to build a local instance for testing / developing. :/

guice commented 6 years ago

Okay, I found out how to add the certificate to Rundeck. For those who may find this via Google:

keytool -importcert -trustcacerts -file yourRootCA.pem -alias localhost -keystore $RDECK_BASE/etc/rundeck/ssl/truststore