move setting of novncproxy_base_url

The fixes introduced in order to resolve https://bugs.launchpad.net/nova/+bug/1409142 (CVE-2015-0259) make novncproxy_base_url relevant on hosts running the nova-novncproxy service, whereas previously it was only used by nova-compute to construct VNC console urls. This change moves the setting of the novncproxy_base_url option out of compute.pp and into nova::vncproxy_common, where it can be used both by compute.pp and vncproxy.pp. Change-Id: I7af4cf8257f2bdbc7d3cc57930fd6371571db531
2015-03-27 22:44:57 -04:00 · 2015-03-27 22:44:57 -04:00 · 28268ad9c7
commit 28268ad9c7
parent 2aa85630db
4 changed files with 75 additions and 15 deletions
--- a/manifests/compute.pp
+++ b/manifests/compute.pp
@ -42,7 +42,7 @@
 #
 # [*vncproxy_path*]
 #   (optional) The path at the end of the uri for communication with the VNC proxy server
-#   Defaults to './vnc_auto.html'
+#   Defaults to '/vnc_auto.html'
 #
 # [*vnc_keymap*]
 #   (optional) The keymap to use with VNC (ls -alh /usr/share/qemu/keymaps to list available keymaps)
@ -142,13 +142,7 @@ class nova::compute (
  }

  if ($vnc_enabled) {
-    if ($vncproxy_host) {
-      $vncproxy_base_url = "${vncproxy_protocol}://${vncproxy_host}:${vncproxy_port}${vncproxy_path}"
-      # config for vnc proxy
-      nova_config {
-        'DEFAULT/novncproxy_base_url': value => $vncproxy_base_url;
-      }
-    }
+    include ::nova::vncproxy::common
  }

  nova_config {
--- a/manifests/vncproxy.pp
+++ b/manifests/vncproxy.pp
@ -24,18 +24,27 @@
 #   (optional) The state of the nova-novncproxy package
 #   Defaults to 'present'
 #
+# [*vncproxy_protocol*]
+#   (optional) The protocol to communicate with the VNC proxy server
+#   Defaults to 'http'
+#
+# [*vncproxy_path*]
+#   (optional) The path at the end of the uri for communication with the VNC
+#   proxy server
+#   Defaults to '/vnc_auto.html'
+#
 class nova::vncproxy(
-  $enabled        = false,
-  $manage_service = true,
-  $host           = '0.0.0.0',
-  $port           = '6080',
-  $ensure_package = 'present'
+  $enabled           = false,
+  $manage_service    = true,
+  $vncproxy_protocol = 'http',
+  $host              = '0.0.0.0',
+  $port              = '6080',
+  $vncproxy_path     = '/vnc_auto.html',
+  $ensure_package    = 'present'
 ) {

  include ::nova::params

-  # TODO make this work on Fedora
-
  # See http://nova.openstack.org/runnova/vncconsole.html for more details.

  nova_config {
@ -43,6 +52,8 @@ class nova::vncproxy(
    'DEFAULT/novncproxy_port': value => $port;
  }

+  include ::nova::vncproxy::common
+
  if ! defined(Package['python-numpy']) {
    package { 'python-numpy':
      ensure => present,
--- a/manifests/vncproxy/common.pp
+++ b/manifests/vncproxy/common.pp
@ -0,0 +1,54 @@
+# == Class: nova::vncproxy::common
+#
+# [*vncproxy_host*]
+#   (optional) The host of the VNC proxy server
+#   Defaults to false
+#
+# [*vncproxy_protocol*]
+#   (optional) The protocol to communicate with the VNC proxy server
+#   Defaults to 'http'
+#
+# [*vncproxy_port*]
+#   (optional) The port to communicate with the VNC proxy server
+#   Defaults to '6080'
+#
+# [*vncproxy_path*]
+#   (optional) The path at the end of the uri for communication with the VNC proxy server
+#   Defaults to '/vnc_auto.html'
+#
+class nova::vncproxy::common (
+  $vncproxy_host     = undef,
+  $vncproxy_protocol = undef,
+  $vncproxy_port     = undef,
+  $vncproxy_path     = undef,
+) {
+
+  $vncproxy_host_real     = pick(
+    $vncproxy_host,
+    $::nova::compute::vncproxy_host,
+    $::nova::vncproxy::host,
+    false)
+  $vncproxy_protocol_real = pick(
+    $vncproxy_protocol,
+    $::nova::compute::vncproxy_protocol,
+    $::nova::vncproxy::vncproxy_protocol,
+    'http')
+  $vncproxy_port_real     = pick(
+    $vncproxy_port,
+    $::nova::compute::vncproxy_port,
+    $::nova::vncproxy::port,
+    6080)
+  $vncproxy_path_real     = pick(
+    $vncproxy_path,
+    $::nova::compute::vncproxy_path,
+    $::nova::vncproxy::vncproxy_path,
+    '/vnc_auto.html')
+
+  if ($vncproxy_host_real) {
+    $vncproxy_base_url = "${vncproxy_protocol_real}://${vncproxy_host_real}:${vncproxy_port_real}${vncproxy_path_real}"
+    # config for vnc proxy
+    nova_config {
+      'DEFAULT/novncproxy_base_url': value => $vncproxy_base_url;
+    }
+  }
+}
--- a/spec/classes/nova_vnc_proxy_spec.rb
+++ b/spec/classes/nova_vnc_proxy_spec.rb
@ -22,6 +22,7 @@ describe 'nova::vncproxy' do

    it { is_expected.to contain_nova_config('DEFAULT/novncproxy_host').with(:value => '0.0.0.0') }
    it { is_expected.to contain_nova_config('DEFAULT/novncproxy_port').with(:value => '6080') }
+    it { is_expected.to contain_nova_config('DEFAULT/novncproxy_base_url').with(:value => 'http://0.0.0.0:6080/vnc_auto.html') }

    it { is_expected.to contain_package('nova-vncproxy').with(
      :name   => 'nova-novncproxy',