INTPAK-152 Disable HTTP when TLS is enabled

There are port conflicts when TLS is enabled due to HTTP and HTTPS
starting on the same port.

Changes-Include:
 - Explicitly disables HTTP when TLS is enabled
 - Fix missing match on HTTP Pax port
 - Only configuring HTTP pax port when TLS is not enabled

Change-Id: Ie077c9ff7edeb34c91186ca1f492d607f0e55cc4
Signed-off-by: Tim Rozet <trozet@redhat.com>
Signed-off-by: Daniel Farrell <dfarrell@redhat.com>

diff --git a/manifests/config.pp b/manifests/config.pp
index d309c8f9837d47137fe9118cd5296d8580449ac9..d6ad9eadd598fcd8d7372ce24deb4361ef0835d6 100644 (file)
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -92,6 +92,14 @@ class opendaylight::config {
       require => File['org.ops4j.pax.web.cfg']
     }
 
+    file_line { 'disable pax HTTP':
+      ensure  => present,
+      path    => '/opt/opendaylight/etc/org.ops4j.pax.web.cfg',
+      line    => 'org.osgi.service.http.enabled = false',
+      match   => '^#?org.osgi.service.http.enabled.*$',
+      require => File['org.ops4j.pax.web.cfg']
+    }
+
     file {'aaa-cert-config.xml':
       ensure  => file,
       path    => '/opt/opendaylight/etc/opendaylight/datastore/initial/config/aaa-cert-config.xml',
@@ -144,6 +152,14 @@ class opendaylight::config {
         "set Call[1]/Arg/New/Set[#attribute[name='port']]/Property/#attribute/default
           ${opendaylight::odl_rest_port}"]
     }
+
+    file_line { 'set pax bind port':
+      ensure  => present,
+      path    => '/opt/opendaylight/etc/org.ops4j.pax.web.cfg',
+      line    => "org.osgi.service.http.port = ${opendaylight::odl_rest_port}",
+      match   => '^#?org.osgi.service.http.port\s.*$',
+      require => File['org.ops4j.pax.web.cfg']
+    }
   }
   # Configure OpenFlow plugin to use TCP/TLS
   file { 'default-openflow-connection-config.xml':
@@ -196,13 +212,6 @@ class opendaylight::config {
     }
   }
 
-  file_line { 'set pax bind port':
-    ensure  => present,
-    path    => '/opt/opendaylight/etc/org.ops4j.pax.web.cfg',
-    line    => "org.osgi.service.http.port = ${opendaylight::odl_rest_port}",
-    require => File['org.ops4j.pax.web.cfg']
-  }
-
   # Set any custom log levels
   $opendaylight::log_levels.each |$log_name, $logging_level| {
     $underscored_version = regsubst($log_name, '\.', '_', 'G')

diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 5d60a6500c40fefbe989f979d602fd8f7585e0d2..93a66cd8c447897d289abef92509bd6137afd7ec 100644 (file)
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -181,6 +181,7 @@ def odl_rest_port_tests(options = {})
         'ensure'  => 'present',
         'path'    => '/opt/opendaylight/etc/org.ops4j.pax.web.cfg',
         'line'    => "org.osgi.service.http.port = #{odl_rest_port}",
+        'match'   => '^#?org.osgi.service.http.port\s.*$',
         'require' => 'File[org.ops4j.pax.web.cfg]'
     )
   }
@@ -547,6 +548,12 @@ def odl_tls_tests(options = {})
         'line'   => 'org.osgi.service.http.secure.enabled = true',
         'match'  => '^#?org.osgi.service.http.secure.enabled.*$',
       )
+      should contain_file_line('disable pax HTTP').with(
+        'ensure' => 'present',
+        'path'   => '/opt/opendaylight/etc/org.ops4j.pax.web.cfg',
+        'line'   => 'org.osgi.service.http.enabled = false',
+        'match'  => '^#?org.osgi.service.http.enabled.*$',
+      )
       should contain_file('org.ops4j.pax.web.cfg').with(
         'ensure' => 'file',
         'path'   => '/opt/opendaylight/etc/org.ops4j.pax.web.cfg',

diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb
index 16b5045447cc0688acc08209162aef8b900ad94c..79b0c5d1d3739b999119c987170acfab56f02dfa 100644 (file)
--- a/spec/spec_helper_acceptance.rb
+++ b/spec/spec_helper_acceptance.rb
@@ -498,6 +498,7 @@ def tls_validations(options = {})
     its(:content) { should match /org.ops4j.pax.web.ssl.password = #{tls_keystore_password}/ }
     its(:content) { should match /org.ops4j.pax.web.ssl.keypassword = #{tls_keystore_password}/ }
     its(:content) { should match /org.osgi.service.http.secure.enabled = true/ }
+    its(:content) { should match /org.osgi.service.http.enabled = false/ }
   end
 
   describe file('/opt/opendaylight/etc/org.opendaylight.ovsdb.library.cfg') do