Jetty
Like LDAP, Jetty comprises two installations, the server itself and then the Shibboleth IDP installation.
The Jetty installation is a bit involved because it does not come in a handy rpm from yum. Instead the tar file is downloaded, and untarred, and then Jetty is configured in the salt process. We had to write our own init.d file, which is also installed during that process, which better handles the forking process for starting Jetty.
We also configured Jetty to listen on a port to know when to be shut down, rather than using the typical init.d technique of saving and looking for a pid. To test if Jetty is up, it does a quick connection to the expected open Jetty port.
Right now we don't have SSL installed, or a way to add the certs to the keystore. For more information on the complexity of ssl certs in general, please review the LDAP section above.
The following commands will restart all the Jetty servers:
salt -G "roles:jetty" service.stop jetty
salt -G "roles:jetty" service.start jetty
And as we move these servers into different tiers, we will add
that to the -G.