From 0d799489ceedf41e6da5e790ad0e0e267c280488 Mon Sep 17 00:00:00 2001
From: Matthew Treinish <mtreinish@kortar.org>
Date: Fri, 13 Apr 2018 16:06:36 -0400
Subject: [PATCH] Re-enable the websockets tls port

Since we re-enabled the websockets port in change
Id9bb77ef9a2ac70eec74db4ea64423b5d6351a06 things having quite stable.
Connections to mosquitto over websockets hasn't crashed. Since things
have been stable this commit unblocks the tls websockets port for
firehose.o.o and switches it to the standard 443 for https instead of
the default 8080 we were using before. This should enable websites
trying to use the firehose over websockets from https server.

Change-Id: I1b08eabf22f5345a9b4ebfae5d3dab08270efbf9
---
 doc/source/firehose.rst                         | 1 +
 manifests/site.pp                               | 2 +-
 modules/openstack_project/manifests/firehose.pp | 2 ++
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/doc/source/firehose.rst b/doc/source/firehose.rst
index 732b9c35e3..c82037d090 100644
--- a/doc/source/firehose.rst
+++ b/doc/source/firehose.rst
@@ -42,6 +42,7 @@ firehose.openstack.org has 2 open ports for MQTT traffic:
  * **1883** - The default MQTT port
  * **80** - Uses websockets for the MQTT communication
  * **8883** - The default SSL/TLS MQTT port
+ * **443** - The SSL/TLS websockets port
 
 
 Topics
diff --git a/manifests/site.pp b/manifests/site.pp
index 02b4f51a45..e037208335 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -594,7 +594,7 @@ node /^firehose\d+\.openstack\.org$/ {
     # NOTE(mtreinish) Port 80 and 8080 are disabled because websocket
     # connections seem to crash mosquitto. Once this is fixed we should add
     # them back
-    iptables_public_tcp_ports => [22, 25, 80, 1883, 8883],
+    iptables_public_tcp_ports => [22, 25, 80, 1883, 8883, 443],
     sysadmins                 => hiera('sysadmins', []),
     manage_exim               => false,
   }
diff --git a/modules/openstack_project/manifests/firehose.pp b/modules/openstack_project/manifests/firehose.pp
index 1eadf8e6f6..eebdc4d61c 100644
--- a/modules/openstack_project/manifests/firehose.pp
+++ b/modules/openstack_project/manifests/firehose.pp
@@ -36,9 +36,11 @@ class openstack_project::firehose (
     infra_service_username => $mqtt_username,
     infra_service_password => $mqtt_password,
     enable_tls             => true,
+    enable_tls_websocket   => true,
     ca_file                => $ca_file,
     cert_file              => $cert_file,
     key_file               => $key_file,
+    websocket_tls_port     => 443,
   }
 
   include germqtt