From 9841874debdac68123bdc5fe4968d34d3e1db69f Mon Sep 17 00:00:00 2001
From: Arne Oslebo <arne.oslebo@uninett.no>
Date: Tue, 6 Oct 2020 12:31:58 +0200
Subject: [PATCH] added ssl to port 9200

---
 group_vars/all/main.yml                 |  2 +-
 roles/build/files/haproxy-entrypoint.sh | 17 -----------------
 roles/haproxy/templates/haproxy.cfg.j2  |  4 ++--
 roles/nifi/templates/users.xml.j2       |  2 +-
 4 files changed, 4 insertions(+), 21 deletions(-)
 delete mode 100755 roles/build/files/haproxy-entrypoint.sh

diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index 54f8d45..a2bccd5 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -1,6 +1,6 @@
 ---
 
-dslproxy: "arne-centos2.cert-labs.uninett.no"
+dslproxy: "<CHANGE_ME:hostname>"
 
 # TheHive Button plugin
 THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"
diff --git a/roles/build/files/haproxy-entrypoint.sh b/roles/build/files/haproxy-entrypoint.sh
deleted file mode 100755
index 8b2093b..0000000
--- a/roles/build/files/haproxy-entrypoint.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/sh
-set -e
-
-# first arg is `-f` or `--some-option`
-if [ "${1#-}" != "$1" ]; then
-	set -- haproxy "$@"
-fi
-
-if [ "$1" = 'haproxy' ]; then
-	shift # "haproxy"
-	# if the user wants "haproxy", let's add a couple useful flags
-	#   -W  -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
-	#   -db -- disables background mode
-	set -- haproxy -W -db "$@"
-fi
-
-exec "$@"
diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2
index 9583375..ad77710 100644
--- a/roles/haproxy/templates/haproxy.cfg.j2
+++ b/roles/haproxy/templates/haproxy.cfg.j2
@@ -36,14 +36,14 @@ listen nifiserv
 {% endfor %}
 
 listen odfeserv
-        bind *:9200
+        bind *:9200 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
         mode http
         maxconn 5000
         fullconn 5000
         balance source
         option tcpka
 {% for odfehost in groups['odfeescontainers'] %}
-     	server {{odfehost}} {{odfehost}}:9200 check
+     	server {{odfehost}} {{odfehost}}:9200 ssl check verify none
 {% endfor %}
 	
 listen keycloakserv
diff --git a/roles/nifi/templates/users.xml.j2 b/roles/nifi/templates/users.xml.j2
index 92adb5d..a579698 100644
--- a/roles/nifi/templates/users.xml.j2
+++ b/roles/nifi/templates/users.xml.j2
@@ -17,7 +17,7 @@
         <user identifier="c78caf19-016f-1000-0001-{{'%012d'|format(loop.index) }}" identity="CN={{ nifi }}"/>
         {% endfor %}
 	{% for user in soctools_users %}
-        <user identifier="c78caf19-016f-1000-0002-{{'%012d'|format(loop.index) }}" identity="{{ user.DN }}"/>
+        <user identifier="c78caf19-016f-1000-0002-{{'%012d'|format(loop.index) }}" identity="{{ user.username }}"/>
         {% endfor %}        
     </users>
 </tenants>
-- 
GitLab