Re-enable the websockets tls port

Since we re-enabled the websockets port in change Id9bb77ef9a2ac70eec74db4ea64423b5d6351a06 things having quite stable. Connections to mosquitto over websockets hasn't crashed. Since things have been stable this commit unblocks the tls websockets port for firehose.o.o and switches it to the standard 443 for https instead of the default 8080 we were using before. This should enable websites trying to use the firehose over websockets from https server. Change-Id: I1b08eabf22f5345a9b4ebfae5d3dab08270efbf9
2018-04-13 16:06:36 -04:00 · 2018-04-13 16:06:36 -04:00 · 0d799489ce
parent eb0dde2559
commit 0d799489ce
3 changed files with 4 additions and 1 deletions
--- a/doc/source/firehose.rst
+++ b/doc/source/firehose.rst
@ -42,6 +42,7 @@ firehose.openstack.org has 2 open ports for MQTT traffic:
 * **1883** - The default MQTT port
 * **80** - Uses websockets for the MQTT communication
 * **8883** - The default SSL/TLS MQTT port
+ * **443** - The SSL/TLS websockets port


 Topics
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -594,7 +594,7 @@ node /^firehose\d+\.openstack\.org$/ {
    # NOTE(mtreinish) Port 80 and 8080 are disabled because websocket
    # connections seem to crash mosquitto. Once this is fixed we should add
    # them back
-    iptables_public_tcp_ports => [22, 25, 80, 1883, 8883],
+    iptables_public_tcp_ports => [22, 25, 80, 1883, 8883, 443],
    sysadmins                 => hiera('sysadmins', []),
    manage_exim               => false,
  }
--- a/modules/openstack_project/manifests/firehose.pp
+++ b/modules/openstack_project/manifests/firehose.pp
@ -36,9 +36,11 @@ class openstack_project::firehose (
    infra_service_username => $mqtt_username,
    infra_service_password => $mqtt_password,
    enable_tls             => true,
+    enable_tls_websocket   => true,
    ca_file                => $ca_file,
    cert_file              => $cert_file,
    key_file               => $key_file,
+    websocket_tls_port     => 443,
  }

  include germqtt