diff --git a/cmd/ltkeycloak/from_mattermost.go b/cmd/ltkeycloak/from_mattermost.go index 9406aa6ad..553d80706 100644 --- a/cmd/ltkeycloak/from_mattermost.go +++ b/cmd/ltkeycloak/from_mattermost.go @@ -203,7 +203,7 @@ func RunSyncFromMattermostCommandF(cmd *cobra.Command, _ []string) error { siteURL = mattermostHost } - mmClient := model.NewAPIv4Client("http://" + siteURL) + mmClient := model.NewAPIv4Client(deploymentConfig.ServerScheme + "://" + siteURL) _, _, err = mmClient.Login(cmd.Context(), deploymentConfig.AdminEmail, deploymentConfig.AdminPassword) if err != nil { diff --git a/config/deployer.sample.json b/config/deployer.sample.json index 341c4f27d..84485082c 100644 --- a/config/deployer.sample.json +++ b/config/deployer.sample.json @@ -55,6 +55,8 @@ "S3BucketDumpURI" : "", "DBDumpURI": "", "SiteURL": "", + "ServerURL": "", + "ServerScheme": "http", "EnableNetPeekMetrics": false, "TerraformDBSettings": { "InstanceCount": 1, diff --git a/config/deployer.sample.toml b/config/deployer.sample.toml index 7a0972c1e..caf57bbe0 100644 --- a/config/deployer.sample.toml +++ b/config/deployer.sample.toml @@ -13,7 +13,8 @@ MattermostDownloadURL = 'https://latest.mattermost.com/mattermost-enterprise-lin MattermostLicenseFile = '' S3BucketDumpURI = '' SiteURL = '' -EnableNetPeekMetrics = false +ServerURL = '' +ServerScheme = 'http' # Agent configuration AgentInstanceCount = 2 @@ -46,6 +47,9 @@ ProxyInstanceType = 'c5.xlarge' ProxyInstanceCount = 1 ProxyAllocatePublicIPAddress = true +# Metrics +EnableNetPeekMetrics = false + [ClusterSubnetIDs] App = [] Job = [] diff --git a/deployment/config.go b/deployment/config.go index 6fb0d8ce9..fa0ee25f0 100644 --- a/deployment/config.go +++ b/deployment/config.go @@ -119,6 +119,8 @@ type Config struct { // Mattermost servers. This is used to override the server URL in the agent's config in case there's a // proxy in front of the Mattermost server. ServerURL string `default:""` + // ServerScheme is the scheme to use when connecting to the Mattermost server. + ServerScheme string `default:"http" validate:"oneof:{http,https}"` // UsersFilePath specifies the path to an optional file containing a list of credentials for the controllers // to use. If present, it is used to automatically upload it to the agents and override the agent's config's // own UsersFilePath. diff --git a/deployment/terraform/agent.go b/deployment/terraform/agent.go index b73c771e3..a03249553 100644 --- a/deployment/terraform/agent.go +++ b/deployment/terraform/agent.go @@ -28,8 +28,13 @@ func (t *Terraform) generateLoadtestAgentConfig() (*loadtest.Config, error) { url := getServerURL(t.output, t.config) - cfg.ConnectionConfiguration.ServerURL = "http://" + url - cfg.ConnectionConfiguration.WebSocketURL = "ws://" + url + websocketScheme := "ws" + if t.config.ServerScheme == "https" { + websocketScheme = "wss" + } + + cfg.ConnectionConfiguration.ServerURL = url + cfg.ConnectionConfiguration.WebSocketURL = strings.Replace(url, t.config.ServerScheme+"://", websocketScheme+"://", 1) cfg.ConnectionConfiguration.AdminEmail = t.config.AdminEmail cfg.ConnectionConfiguration.AdminPassword = t.config.AdminPassword diff --git a/deployment/terraform/create.go b/deployment/terraform/create.go index 741e28eeb..b0a0aca41 100644 --- a/deployment/terraform/create.go +++ b/deployment/terraform/create.go @@ -213,19 +213,21 @@ func (t *Terraform) Create(extAgent *ssh.ExtAgent, initData bool) error { switch { // SiteURL defined, multiple app nodes: we use SiteURL, since that points to the proxy itself case t.config.SiteURL != "" && t.output.HasProxy(): - siteURL = "http://" + t.config.SiteURL + siteURL = t.config.ServerScheme + "://" + t.config.SiteURL // SiteURL defined, single app node: we use SiteURL plus the port, since SiteURL points to the app node (which is listening in 8065) case t.config.SiteURL != "": - siteURL = "http://" + t.config.SiteURL + ":8065" + siteURL = t.config.ServerScheme + "://" + t.config.SiteURL + ":8065" // SiteURL not defined, multiple app nodes: we use the proxy's public DNS case t.output.HasProxy(): // This case will only succeed if siteURL is empty. // And it's an error to have siteURL empty and set multiple proxies. (see (c *Config) validateProxyConfig) // So we can safely take the DNS of the first entry. - siteURL = "http://" + t.output.Proxies[0].PublicDNS + siteURL = t.config.ServerScheme + "://" + t.output.Proxies[0].PublicDNS // SiteURL not defined, single app node: we use the app node's public DNS plus port + case t.config.ServerURL != "": + siteURL = t.config.ServerScheme + "://" + t.config.ServerURL default: - siteURL = "http://" + t.output.Instances[0].PublicDNS + ":8065" + siteURL = t.config.ServerScheme + "://" + t.output.Instances[0].PublicDNS + ":8065" } // Updating the config.json for each instance of app server @@ -245,6 +247,7 @@ func (t *Terraform) Create(extAgent *ssh.ExtAgent, initData bool) error { pingURL = t.output.Proxies[0].PublicDNS } + // Non-ssl is used for pinging the server if err := pingServer("http://" + pingURL); err != nil { return fmt.Errorf("error whiling pinging server: %w", err) } diff --git a/deployment/terraform/keycloak.go b/deployment/terraform/keycloak.go index f3eb0298a..348a3a069 100644 --- a/deployment/terraform/keycloak.go +++ b/deployment/terraform/keycloak.go @@ -374,7 +374,7 @@ func (t *Terraform) setupKeycloakAppConfig(sshc *ssh.Client, cfg *model.Config) cfg.SamlSettings.IdpDescriptorURL = model.NewPointer(keycloakUrl + "/realms/" + t.config.ExternalAuthProviderSettings.KeycloakRealmName) cfg.SamlSettings.IdpMetadataURL = model.NewPointer(keycloakUrl + "/realms/" + t.config.ExternalAuthProviderSettings.KeycloakRealmName + "/protocol/saml/descriptor") cfg.SamlSettings.ServiceProviderIdentifier = model.NewPointer(t.config.ExternalAuthProviderSettings.KeycloakSAMLClientID) - cfg.SamlSettings.AssertionConsumerServiceURL = model.NewPointer("http://" + getServerURL(t.output, t.config) + "/login/sso/saml") + cfg.SamlSettings.AssertionConsumerServiceURL = model.NewPointer(t.config.ServerScheme + "://" + getServerURL(t.output, t.config) + "/login/sso/saml") cfg.SamlSettings.SignatureAlgorithm = model.NewPointer("RSAwithSHA1") cfg.SamlSettings.CanonicalAlgorithm = model.NewPointer("Canonical1.0") cfg.SamlSettings.ScopingIDPProviderId = model.NewPointer("") diff --git a/deployment/terraform/utils.go b/deployment/terraform/utils.go index 50ea878c0..e47efd38c 100644 --- a/deployment/terraform/utils.go +++ b/deployment/terraform/utils.go @@ -328,7 +328,7 @@ func (t *Terraform) getAsset(filename string) string { // 4. First app server IP func getServerURL(output *Output, deploymentConfig *deployment.Config) string { if deploymentConfig.ServerURL != "" { - return deploymentConfig.ServerURL + return deploymentConfig.ServerScheme + "://" + deploymentConfig.ServerURL } url := output.Instances[0].PrivateIP @@ -344,7 +344,7 @@ func getServerURL(output *Output, deploymentConfig *deployment.Config) string { url = output.Proxies[0].PrivateIP } - return url + return deploymentConfig.ServerScheme + "://" + url } // GetAWSConfig returns the AWS config, using the profile configured in the diff --git a/deployment/terraform/utils_test.go b/deployment/terraform/utils_test.go index 1c0c580d4..75665cac4 100644 --- a/deployment/terraform/utils_test.go +++ b/deployment/terraform/utils_test.go @@ -50,8 +50,10 @@ func TestGetServerURL(t *testing.T) { PrivateIP: "localhost", }}, }, - config: &deployment.Config{}, - expected: "localhost:8065", + config: &deployment.Config{ + ServerScheme: "http", + }, + expected: "http://localhost:8065", }, { name: "proxy, no siteurl", output: &Output{ @@ -62,8 +64,10 @@ func TestGetServerURL(t *testing.T) { PrivateIP: "proxy_ip", }}, }, - config: &deployment.Config{}, - expected: "proxy_ip", + config: &deployment.Config{ + ServerScheme: "http", + }, + expected: "http://proxy_ip", }, { name: "no proxy, siteurl", output: &Output{ @@ -72,9 +76,10 @@ func TestGetServerURL(t *testing.T) { }}, }, config: &deployment.Config{ - SiteURL: "ltserver", + SiteURL: "ltserver", + ServerScheme: "http", }, - expected: "ltserver:8065", + expected: "http://ltserver:8065", }, { name: "proxy, siteurl", output: &Output{ @@ -86,9 +91,10 @@ func TestGetServerURL(t *testing.T) { }}, }, config: &deployment.Config{ - SiteURL: "ltserver", + SiteURL: "ltserver", + ServerScheme: "http", }, - expected: "ltserver", + expected: "http://ltserver", }, { name: "serverurl takes priority", output: &Output{ @@ -100,10 +106,23 @@ func TestGetServerURL(t *testing.T) { }}, }, config: &deployment.Config{ - SiteURL: "siteurl", - ServerURL: "serverurl", + SiteURL: "siteurl", + ServerURL: "serverurl", + ServerScheme: "http", + }, + expected: "http://serverurl", + }, { + name: "https is supported", + output: &Output{ + Instances: []Instance{{ + PrivateIP: "localhost", + }}, + }, + config: &deployment.Config{ + SiteURL: "ltserver", + ServerScheme: "https", }, - expected: "serverurl", + expected: "https://ltserver:8065", }, } { t.Run(tc.name, func(t *testing.T) { diff --git a/docs/config/deployer.md b/docs/config/deployer.md index 74f6a1581..a2dedbea9 100644 --- a/docs/config/deployer.md +++ b/docs/config/deployer.md @@ -581,6 +581,18 @@ The name of a host that will be used for two purposes: - It will populate a new entry in the /etc/hosts file of the app nodes, so that it points to the proxy private IP or, if there's no proxy, to the current app node. This config is used for tests that require an existing database dump that contains permalinks. These permalinks point to a specific hostname. Without this setting, that hostname is not known by the nodes of a new deployment and the permalinks cannot be resolved. +## ServerURL + +*string* + +The URL of the Mattermost server. This is used to override the server's `SiteURL` setting for specific scenarios where a different URL is needed on deployments without the proxy server. + +## ServerScheme + +*string* + +The scheme of the Mattermost server. Defaults to `http`. + ## UsersFilePath *string*