search

voxpupuli / puppet-jira

Atlassian JIRA Puppet Module
https://forge.puppet.com/puppet/jira
Apache License 2.0
62 stars 144 forks source link

scheme written twice in server.xml when using tomcat_native_ssl and supplying proxy settings #395

Closed jmcnatt closed 2 years ago

jmcnatt commented 2 years ago

Affected Puppet, Ruby, OS and module versions/distributions

How to reproduce (e.g Puppet code you use)

A simple Puppet class including jira:

class profile::jira {
  include jira
}

And supplying the parameters in hiera:

# jira
jira::datacenter: false
jira::db: 'mysql'
jira::dbdriver: 'com.mysql.cj.jdbc.Driver'
jira::dbname: 'jiradb'
jira::dbuser: 'jira'
jira::connection_settings: 'serverTimezone=America/Los_Angeles'
jira::pool_max_size: 50
jira::homedir: '/var/atlassian/application-data/jira'
jira::group: 'jira'
jira::installdir: '/opt/atlassian/jira'
jira::javahome: '/usr/java/latest'
jira::java_opts: >-
  -Duser.timezone=America/Los_Angeles
  -XX:ReservedCodeCacheSize=1024m
  -Xmn4608m
  -XX:+HeapDumpOnOutOfMemoryError
  -XX:HeapDumpPath=/var/atlassian/application-data/jira/log/
  -XX:+UseCompressedOops
  -XX:+UseG1GC
  -XX:+PrintGCDetails
  -XX:+PrintGCDateStamps
  -XX:+PrintGCTimeStamps
  -verbose:gc
  -Xloggc:/var/atlassian/application-data/jira/log/atlassian-jira-gc.log
jira::jvm_type: 'oracle-jdk-1.8'
jira::jvm_xms: '8g'
jira::jvm_xmx: '8g'
jira::mysql_connector_manage: false
jira::service_manage: false
jira::shell: '/bin/bash'
jira::tomcat_accept_count: 100
jira::tomcat_connection_timeout: 20000
jira::tomcat_enable_lookups: false
jira::tomcat_https_port: 8443
jira::tomcat_max_http_header_size: 8192
jira::tomcat_max_threads: 150
jira::tomcat_min_spare_threads: 25
jira::tomcat_native_ssl: true
jira::tomcat_port: 8080
jira::tomcat_shutdown_port: 8005
jira::proxy:
  proxyPort: '443'
  proxyName: "dev-jira.example.com"
  scheme: 'https'
jira::user: 'jira'
jira::version: '8.13.13'

The issue is surfaced by specifying:

jira::proxy:
  scheme: 'https'

What are you seeing

scheme = https is written into server.xml twice when using jira::tomcat_native_ssl: true. The The server.xml.epp template contains logic to write scheme = 'https' when jira::proxy contains scheme. But then this key and value are written again when interrating through the hash.

<%   if $jira::proxy['scheme'] { -%>
                    scheme="https"
<%   } -%>
                    secure="true"
                    clientAuth="false"
                    sslProtocol="TLS"
                    useBodyEncodingForURI="true"
                    keyAlias="<%= $jira::tomcat_key_alias %>"
                    keystoreFile="<%= $jira::tomcat_keystore_file %>"
                    keystorePass="<%= $jira::tomcat_keystore_pass %>"
                    keystoreType="<%= $jira::tomcat_keystore_type %>"
<%   if $jira::proxy { -%>
<%     jira::sort_hash($jira::proxy).each |$key, $value| { -%>
                    <%= $key %> = '<%= $value %>'
<%     } -%>

Here is the output:

-- /opt/atlassian/jira/atlassian-jira-software-8.13.13-standalone/conf/server.xml      2021-11-18 18:39:38.643724968
-0800
+++ /tmp/puppet-file20211118-14384-p00455       2021-11-18 18:43:49.658039364 -0800
@@ -36,12 +36,12 @@
                    protocol="HTTP/1.1"
                    useBodyEncodingForURI="true"
                    acceptCount="100"
-                   scheme="http"
                    disableUploadTimeout="true"
                    bindOnInit="false"
                    redirectPort="8443"
                    proxyName = 'dev-jira.example.com'
                    proxyPort = '443'
+                   scheme = 'https'
         />

         <Connector
@@ -56,6 +56,7 @@
                     enableLookups="false"
                     disableUploadTimeout="true"
                     acceptCount="100"
+                    scheme="https"
                     secure="true"
                     clientAuth="false"
                     sslProtocol="TLS"
@@ -66,6 +67,7 @@
                     keystoreType="JKS"
                     proxyName = 'dev-jira.example.com
                     proxyPort = '443'
+                    scheme = 'https'
         />

What behaviour did you expect instead

Expected to see scheme = https written only once.

                    protocol="HTTP/1.1"
                    useBodyEncodingForURI="true"
                    acceptCount="100"
-                   scheme="http"
                    disableUploadTimeout="true"
                    bindOnInit="false"
                    redirectPort="8443"
                    proxyName = 'dev-jira.example.com'
                    proxyPort = '443'
+                   scheme = 'https'
         />

         <Connector
@@ -66,6 +66,7 @@
                     keystoreType="JKS"
                     proxyName = 'dev-jira.example.com'
                     proxyPort = '443'
+                    scheme = 'https'
         />

Output log

Any additional information you'd like to impart

N/A