Like LDAP, Jetty comprises two installations, the server itself and then the Shibboleth IDP installation.
To install Jetty, the tar file is downloaded and untarred, and then Jetty is configured by Salt. We wrote our own init.d file, which is also installed during that process, which better handles the forking process for starting Jetty.
The tuning recommendations from the Jetty wiki are implemented and propagated using Salt.
We also configured Jetty to listen on a port to know when to be shut down, rather than using the typical init.d technique of saving and looking for a pid. To test if Jetty is up, it does a quick connection to the expected open Jetty port.
Right now we don't have SSL installed, or a way to add the certs to the keystore. For more information on the complexity of ssl certs in general, please review the LDAP section above.
The following commands will restart all the Jetty servers:
salt -G "roles:jetty" service.stop jetty
salt -G "roles:jetty" service.start jetty
And as we move these servers into different tiers, we will add
that to the -G.