Fix #4; enable Nexus to use reserved ports

This change allows the Nexus service to bind reserved ports (< 1024) and answer requests on default HTTP (80) and HTTPS (443) ports.
instruct-br-archive · Mar 30, 2018 · 07a73d5 · 07a73d5
1 parent 5365661
commit 07a73d5
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -232,6 +232,12 @@ Type: String
 
 Java's desired distribution
 
+#### `use_reserved_ports`
+
+Type: Boolean
+
+Whether reserved ports (80 and 443) should be used. Default to false
+
 ### Hiera Keys
 
 #### Common

diff --git a/manifests/config.pp b/manifests/config.pp
@@ -4,6 +4,14 @@
   $nexus_config_dir  = "${nexus::nexus_data_path}/nexus3/etc"
   $nexus_config_file = "${nexus::nexus_data_path}/nexus3/etc/nexus.properties"
 
+  if $nexus::use_reserved_ports {
+    $real_http_port  = 80
+    $real_https_port = 443
+  } else {
+    $real_http_port  = $nexus::http_port
+    $real_https_port = $nexus::https_port
+  }
+
   file { $nexus_config_dir:
     ensure => directory,
     owner  => $nexus::nexus_user,
@@ -28,8 +36,8 @@
     owner   => $nexus::nexus_user,
     group   => $nexus::nexus_group,
     content => epp('nexus/nexus.properties.epp', {
-      http_port      => $nexus::http_port,
-      https_port     => $nexus::https_port,
+      http_port      => $real_http_port,
+      https_port     => $real_https_port,
       enable_https   => $nexus::enable_https,
       listen_address => $nexus::listen_address,
     }),

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -26,6 +26,7 @@
 # @param [String] https_keystore_password Password to access the keystore
 # @param [Boolean] manage_java Whether this module will manage Java or not
 # @param [String] java_distribution Java's desired distribution
+# @param [Boolean] use_reserved_ports Whether reserved ports (80 and 443) should be used. Default to false
 #
 class nexus (
   String $nexus_user,
@@ -47,6 +48,7 @@
   Boolean $enable_https           = false,
   String $https_keystore          = '',
   String $https_keystore_password = '',
+  Boolean $use_reserved_ports     = false,
   Boolean $manage_java            = true,
   String $java_distribution       = 'jre'
 ) {

diff --git a/manifests/java.pp b/manifests/java.pp
@@ -5,4 +5,29 @@
     distribution => $nexus::java_distribution,
   }
 
+  $java_path = "/etc/alternatives/${nexus::java_distribution}"
+
+  if $nexus::use_reserved_ports {
+    ldconfig::entry { 'java':
+      paths   => [
+        "${java_path}/lib/amd64/jli",
+        "${java_path}/lib/i386/jli",
+      ],
+      require => [
+        Class['java'],
+      ],
+    }
+
+    # http://man7.org/linux/man-pages/man7/capabilities.7.html
+    file_capability { "${java_path}/bin/java":
+      ensure     => present,
+      capability => [
+        'cap_net_bind_service=epi',
+      ],
+      require    => [
+        Ldconfig::Entry['java'],
+      ],
+    }
+  }
+
 }
diff --git a/metadata.json b/metadata.json
@@ -39,6 +39,14 @@
     },
     {
       "name":"puppet/archive"
+    },
+    {
+      "name":"crayfishx/ldconfig",
+      "version_requirement": ">= 0.1.0 < 2.0.0"
+    },
+    {
+      "name":"stm/file_capability",
+      "version_requirement": ">= 1.0.1 < 2.0.0"
     }
   ],
   "pdk-version": "1.2.1",