diff --git a/doc/source/firehose.rst b/doc/source/firehose.rst index 732b9c35e3..c82037d090 100644 --- a/doc/source/firehose.rst +++ b/doc/source/firehose.rst @@ -42,6 +42,7 @@ firehose.openstack.org has 2 open ports for MQTT traffic: * **1883** - The default MQTT port * **80** - Uses websockets for the MQTT communication * **8883** - The default SSL/TLS MQTT port + * **443** - The SSL/TLS websockets port Topics diff --git a/manifests/site.pp b/manifests/site.pp index 02b4f51a45..e037208335 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -594,7 +594,7 @@ node /^firehose\d+\.openstack\.org$/ { # NOTE(mtreinish) Port 80 and 8080 are disabled because websocket # connections seem to crash mosquitto. Once this is fixed we should add # them back - iptables_public_tcp_ports => [22, 25, 80, 1883, 8883], + iptables_public_tcp_ports => [22, 25, 80, 1883, 8883, 443], sysadmins => hiera('sysadmins', []), manage_exim => false, } diff --git a/modules/openstack_project/manifests/firehose.pp b/modules/openstack_project/manifests/firehose.pp index 1eadf8e6f6..eebdc4d61c 100644 --- a/modules/openstack_project/manifests/firehose.pp +++ b/modules/openstack_project/manifests/firehose.pp @@ -36,9 +36,11 @@ class openstack_project::firehose ( infra_service_username => $mqtt_username, infra_service_password => $mqtt_password, enable_tls => true, + enable_tls_websocket => true, ca_file => $ca_file, cert_file => $cert_file, key_file => $key_file, + websocket_tls_port => 443, } include germqtt