From 94d824dd0eec3f1a37586c03d0b79b074c37653e Mon Sep 17 00:00:00 2001
From: Will Szumski <will@stackhpc.com>
Date: Thu, 29 Aug 2019 11:02:28 +0100
Subject: [PATCH] Use secure websocket for nova serial console proxy when TLS
 enabled

This resolves an issue where the web browser would complain that it
was trying to connect to insecure websocket when using HTTPS with
horizon.

Change-Id: Ib75cc2bc1b3811bc31badd5fda3db3ed0c59b119
Closes-Bug: #1841914
---
 ansible/group_vars/all.yml                | 1 +
 ansible/roles/nova/templates/nova.conf.j2 | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 1e59d9d4e6..afc557c2ab 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -346,6 +346,7 @@ nova_spicehtml5proxy_listen_port: "{{ nova_spicehtml5proxy_port }}"
 nova_serialproxy_fqdn: "{{ kolla_external_fqdn }}"
 nova_serialproxy_port: "6083"
 nova_serialproxy_listen_port: "{{ nova_serialproxy_port }}"
+nova_serialproxy_protocol: "{{ 'wss' if kolla_enable_tls_external | bool else 'ws' }}"
 
 octavia_internal_fqdn: "{{ kolla_internal_fqdn }}"
 octavia_external_fqdn: "{{ kolla_external_fqdn }}"
diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2
index 47770893c1..ed6e73c758 100644
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@@ -97,7 +97,7 @@ enabled = false
 {% if enable_nova_serialconsole_proxy | bool %}
 [serial_console]
 enabled = true
-base_url = ws://{{ nova_serialproxy_fqdn }}:{{ nova_serialproxy_port }}/
+base_url = {{ nova_serialproxy_protocol }}://{{ nova_serialproxy_fqdn }}:{{ nova_serialproxy_port }}/
 serialproxy_host = {{ api_interface_address }}
 serialproxy_port = {{ nova_serialproxy_listen_port }}
 proxyclient_address = {{ api_interface_address }}