From dd7602ad82100617126be26d80a6d3f67cb739ac Mon Sep 17 00:00:00 2001 From: Ben Nemec Date: Fri, 15 Jan 2016 16:31:36 -0600 Subject: [PATCH] Allow vncproxy to work with ssl enabled Right now our vncproxy settings are hard-coded to http and the non-ssl port. This change adds a vncproxy entry to the endpoint map and uses those values to configure the proxy correctly on compute nodes. This is sufficient to get it working in my environment with ssl enabled. Change-Id: I9d69b088eef4700959b33c7e0eb44932949d7b71 --- environments/enable-tls.yaml | 3 +++ network/endpoints/endpoint_map.yaml | 28 ++++++++++++++++++++++++++++ puppet/compute.yaml | 6 ++++++ 3 files changed, 37 insertions(+) diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml index bc4d1befae..5794c6b45d 100644 --- a/environments/enable-tls.yaml +++ b/environments/enable-tls.yaml @@ -33,6 +33,9 @@ parameter_defaults: NovaEC2Admin: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'} NovaEC2Internal: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'} NovaEC2Public: {protocol: 'https', port: '13773', host: 'CLOUDNAME'} + NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index f6063c0e4a..278c26058e 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -74,6 +74,9 @@ parameters: NovaEC2Admin: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'} NovaEC2Internal: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'} NovaEC2Public: {protocol: 'http', port: '8773', host: 'IP_ADDRESS'} + NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyPublic: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} @@ -364,6 +367,28 @@ resources: CloudName: {get_param: CloudName} UriSuffix: '/services/Admin' + NovaVNCProxyInternal: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaVNCProxyInternal + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NovaApiVirtualIP} + CloudName: {get_param: CloudName} + NovaVNCProxyPublic: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaVNCProxyPublic + EndpointMap: { get_param: EndpointMap } + IP: {get_param: PublicVirtualIP} + CloudName: {get_param: CloudName} + NovaVNCProxyAdmin: + type: OS::TripleO::Endpoint + properties: + EndpointName: NovaVNCProxyAdmin + EndpointMap: { get_param: EndpointMap } + IP: {get_param: NovaApiVirtualIP} + CloudName: {get_param: CloudName} + SwiftInternal: type: OS::TripleO::Endpoint properties: @@ -473,6 +498,9 @@ outputs: NovaEC2Internal: {get_attr: [ NovaEC2Internal, endpoint] } NovaEC2Public: {get_attr: [ NovaEC2Public, endpoint] } NovaEC2Admin: {get_attr: [ NovaEC2Admin, endpoint] } + NovaVNCProxyInternal: {get_attr: [ NovaVNCProxyInternal, endpoint] } + NovaVNCProxyPublic: {get_attr: [ NovaVNCProxyPublic, endpoint] } + NovaVNCProxyAdmin: {get_attr: [ NovaVNCProxyAdmin, endpoint] } SwiftInternal: {get_attr: [ SwiftInternal, endpoint] } SwiftPublic: {get_attr: [ SwiftPublic, endpoint] } SwiftAdmin: {get_attr: [ SwiftAdmin, endpoint] } diff --git a/puppet/compute.yaml b/puppet/compute.yaml index f416575614..1f7f0c2312 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -463,6 +463,9 @@ resources: rbd_persistent_storage: {get_input: cinder_enable_rbd_backend} nova_password: {get_input: nova_password} nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address} + nova::vncproxy::common::vncproxy_protocol: {get_input: nova_vncproxy_protocol} + nova::vncproxy::common::vncproxy_host: {get_input: nova_vncproxy_host} + nova::vncproxy::common::vncproxy_port: {get_input: nova_vncproxy_port} nova::network::neutron::neutron_ovs_bridge: {get_input: nova_ovs_bridge} nova::network::neutron::security_group_api: {get_input: nova_security_group_api} ceilometer::debug: {get_input: debug} @@ -533,6 +536,9 @@ resources: nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend} cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]} + nova_vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} + nova_vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host]} + nova_vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} nova_ovs_bridge: {get_param: NovaOVSBridge} nova_security_group_api: {get_param: NovaSecurityGroupAPI} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}