Project

General

Profile

Feature #1132

Make SSL requirement optional for method ":show" in hosts_controller

Added by Marcello de Sousa almost 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
API
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Working on the rundeck integration I noticed it's quite hard to make the hosts_controller :show work through SSL. This is not a Foreman issue but, because the I don't really see critical risks with this, I'm suggesting this as a "feature" :

The possibility to read host information via the API with or without SSL adding an exception to :show in "app/controllers/hosts_controller.rb"

 skip_before_filter :require_ssl, :only => ANONYMOUS_ACTIONS + [:show]

PS: I'm submitting the patch in a moment.

@Ohad: If you see that as a problem, is there a way to bypass SSL only for rundeck ?


Related issues

Related to Foreman - Feature #1057: Allow foreman search to output multiple hosts when outputting to rundeckClosed2011-07-20

History

#1 Updated by Marcello de Sousa almost 8 years ago

:(
Since #1057 , index should also allow non SSL requests for rundeck:

skip_before_filter :require_ssl, :only => ANONYMOUS_ACTIONS + [:show, :index]

That I don't like, but... well.... Better idea anyone ?

#2 Updated by Marcello de Sousa almost 8 years ago

Ok, so after hours of trying to make rundeck accept a self signed certificate I finally discovered how to do it. using keytool you have to import foreman's certificate to the java's keystore. In my Centos 6 machine it looks like this:

> keytool -importcert -file /etc/httpd/conf.d/foreman.crt -keystore /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/security/cacerts -alias foreman -storepass changeit

Then restart rundeck.

If you don't do it, you might get an error similar to :

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

With this issue solved, this ticket becomes obsolete and I guess it can be closed.

#3 Updated by Marcello de Sousa almost 8 years ago

  • Status changed from New to Closed

Also available in: Atom PDF