diff --git a/manifests/compute/consoleproxy.pp b/manifests/compute/consoleproxy.pp index cef616a1..376b0e86 100644 --- a/manifests/compute/consoleproxy.pp +++ b/manifests/compute/consoleproxy.pp @@ -15,10 +15,15 @@ # # Compute Proxy Console node # +# [*secure*] +# (optionnal) Enabled or not WSS in spice-html5 code +# Defaults to false. +# class cloud::compute::consoleproxy( $api_eth = '127.0.0.1', - $spice_port = '6082' + $spice_port = '6082', + $secure = false, ){ include 'cloud::compute' @@ -28,6 +33,15 @@ class cloud::compute::consoleproxy( host => $api_eth } + # Horrible Hack to allow spice-html5 to connect on the web service + # by SSL. Since "ws" is hardcoded, there is no way to use HTTPS otherwise. + if $secure { + exec { 'enable_wss_spice_html5': + command => '/bin/sed -i "s/ws:\/\//wss:\/\//g" /usr/share/spice-html5/spice_auto.html', + unless => '/bin/grep -F "wss://" /usr/share/spice-html5/spice_auto.html', + } + } + @@haproxy::balancermember{"${::fqdn}-compute_spice": listening_service => 'spice_cluster', server_names => $::hostname, diff --git a/spec/classes/cloud_compute_consoleproxy_spec.rb b/spec/classes/cloud_compute_consoleproxy_spec.rb index 318c2750..1825dee0 100644 --- a/spec/classes/cloud_compute_consoleproxy_spec.rb +++ b/spec/classes/cloud_compute_consoleproxy_spec.rb @@ -45,7 +45,8 @@ describe 'cloud::compute::consoleproxy' do let :params do { :api_eth => '10.0.0.1', - :spice_port => '6082' } + :spice_port => '6082', + :secure => false } end it 'configure nova common' do @@ -94,6 +95,19 @@ describe 'cloud::compute::consoleproxy' do ) end + context 'when using secure console' do + before :each do + params.merge!( :secure => true ) + end + + it 'replace ws by wss in spice html5 code' do + should contain_exec('enable_wss_spice_html5').with( + :command => '/bin/sed -i "s/ws:\/\//wss:\/\//g" /usr/share/spice-html5/spice_auto.html', + :unless => '/bin/grep -F "wss://" /usr/share/spice-html5/spice_auto.html' + ) + end + end + end context 'on Debian platforms' do