ansible-middleware · rpelisse · Mar 22, 2022 · Mar 16, 2022 · Mar 22, 2022
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
@@ -47,7 +47,7 @@
           - ansible_facts.services is defined
           - ansible_facts.services['tomcat.service'] is defined
           - ansible_facts.services['tomcat.service']['state'] is defined
-          - ansible_facts.services["tomcat.service"]['state'] == 'running'
+          - ansible_facts.services['tomcat.service']['state'] == 'running'
         quiet: true
         fail_msg: "Service is not started."
 

diff --git a/roles/jws/README.md b/roles/jws/README.md
@@ -41,6 +41,8 @@ Role Defaults
 |`tomcat_listen_http_bind_address`| Service bind address | `localhost` |
 |`tomcat_listen_http_enabled`| Enable listening on http port | `yes` |
 |`tomcat_listen_https_port`| Enable listening on https port | `8443` |
+|`tomcat_listen_https_bind_address`| Bind address for https | `::1` |
+|`tomcat_listen_https_enabled`| Enable listening on https port | `false` |
 |`tomcat_listen_ajp_enabled`| Enable listening on ajp port | `False` |
 |`tomcat_listen_ajp_address`| Bind address for ajp | `::1` |
 |`tomcat_listen_ajp_port`| Tomcat ajp listen port | `8009` |

diff --git a/roles/jws/defaults/main.yml b/roles/jws/defaults/main.yml
@@ -27,6 +27,8 @@ tomcat_listen_http_port: '8080'
 tomcat_listen_http_bind_address: 'localhost'
 tomcat_listen_http_enabled: 'yes'
 tomcat_listen_https_port: '8443'
+tomcat_listen_https_bind_address: 'localhost'
+tomcat_listen_https_enabled: 'False'
 
 tomcat_listen_ajp_enabled: 'False'
 tomcat_listen_ajp_address: '::1'

diff --git a/roles/jws/meta/argument_specs.yml b/roles/jws/meta/argument_specs.yml
@@ -120,11 +120,19 @@ argument_specs:
                 default: "yes"
                 description: "Enable listening on http port"
                 type: "str"
+            tomcat_listen_https_enabled:
+                default: "false"
+                description: "Enable listening on https connector"
+                type: "str"
             tomcat_listen_https_port:
                 # line 26 of jws/defaults/main.yml
                 default: "8443"
                 description: "Enable listening on https port"
                 type: "str"
+            tomcat_listen_https_bind_address:
+                default: "localhost"
+                description: "HTTPS Connector bind address"
+                type: "str"
             tomcat_listen_ajp_enabled:
                 # line 28 of jws/defaults/main.yml
                 default: "False"

diff --git a/roles/jws/templates/server.xml.j2 b/roles/jws/templates/server.xml.j2
@@ -102,26 +102,25 @@
          Either JSSE or OpenSSL style configuration may be used regardless of
          the SSLImplementation selected. JSSE style configuration is used below.
     -->
-{% if tomcat.listen.https.enabled is defined %}
+{% if tomcat.listen.https.enabled is defined and tomcat.listen.https.enabled %}
     <Connector port="{{ tomcat.listen.https.port }}"
                protocol="org.apache.coyote.http11.Http11NioProtocol"
-{% if tomcat.listen.https.bind_address is defined %}address="{{ tomcat.listen.https.bind_address }}"
+{% if tomcat.listen.https.bind_address is defined %}               address="{{ tomcat.listen.https.bind_address }}"
 {% endif %}
                maxThreads="150"
                SSLEnabled="true"
                sslProtocol="TLS"
-               allowTrace="false"
+	           allowTrace="false"
+	           scheme="https"
                secure="true"
                xpoweredBy="false"
                server="My Server"
-               clientAuth="true"
                connectionTimeout="6000"
-               maxHttpHeaderSize="8192">
-        <SSLHostConfig>
-            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
-                         type="RSA" />
-        </SSLHostConfig>
-    </Connector>
+	           maxHttpHeaderSize="8192"
+	           keystoreFile="keystore.jks"
+	           keyAlias="alias"
+               keystorePass="password"
+	           clientAuth="false"/>
 {% endif %}
     <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
          This connector uses the APR/native implementation which always uses

diff --git a/roles/jws/vars/main.yml b/roles/jws/vars/main.yml
@@ -37,6 +37,8 @@ tomcat:
       enabled: "{{ tomcat_listen_http_enabled }}"
     https:
       port: "{{ tomcat_listen_https_port }}"
+      bind_address: "{{ tomcat_listen_https_bind_address }}"
+      enabled: "{{ tomcat_listen_https_enabled }}"
     ajp:
       enabled: "{{ tomcat_listen_ajp_enabled }}"
       address: "{{ tomcat_listen_ajp_address }}"