spice-html5: hack to enable secure console

This is an horrible hack to fix spice-html5 code while this is fixed upstream. It aims to create a new parameter (false by default to maintain backward compatibility) which enable or not secure console. If enabled, it will replace the hardcoded "ws" to "wss" and then make the secure Spice console working. Closes-bug #604 Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>
2014-09-09 10:25:37 -04:00
parent 89341d6003
commit 1a3518050a
2 changed files with 30 additions and 2 deletions
--- a/manifests/compute/consoleproxy.pp
+++ b/manifests/compute/consoleproxy.pp
@@ -15,10 +15,15 @@
 #
 # Compute Proxy Console node
 #
+# [*secure*]
+# (optionnal) Enabled or not WSS in spice-html5 code
+# Defaults to false.
+#

 class cloud::compute::consoleproxy(
  $api_eth    = '127.0.0.1',
-  $spice_port = '6082'
+  $spice_port = '6082',
+  $secure     = false,
 ){

  include 'cloud::compute'
@@ -28,6 +33,15 @@ class cloud::compute::consoleproxy(
    host    => $api_eth
  }

+  # Horrible Hack to allow spice-html5 to connect on the web service
+  # by SSL. Since "ws" is hardcoded, there is no way to use HTTPS otherwise.
+  if $secure {
+    exec { 'enable_wss_spice_html5':
+      command => '/bin/sed -i "s/ws:\/\//wss:\/\//g" /usr/share/spice-html5/spice_auto.html',
+      unless  => '/bin/grep -F "wss://" /usr/share/spice-html5/spice_auto.html',
+    }
+  }
+
  @@haproxy::balancermember{"${::fqdn}-compute_spice":
    listening_service => 'spice_cluster',
    server_names      => $::hostname,
--- a/spec/classes/cloud_compute_consoleproxy_spec.rb
+++ b/spec/classes/cloud_compute_consoleproxy_spec.rb
@@ -45,7 +45,8 @@ describe 'cloud::compute::consoleproxy' do

    let :params do
      { :api_eth    => '10.0.0.1',
-        :spice_port => '6082' }
+        :spice_port => '6082',
+        :secure     => false }
    end

    it 'configure nova common' do
@@ -94,6 +95,19 @@ describe 'cloud::compute::consoleproxy' do
      )
    end

+    context 'when using secure console' do
+      before :each do
+        params.merge!( :secure => true )
+      end
+
+      it 'replace ws by wss in spice html5 code' do
+        should contain_exec('enable_wss_spice_html5').with(
+          :command => '/bin/sed -i "s/ws:\/\//wss:\/\//g" /usr/share/spice-html5/spice_auto.html',
+          :unless  => '/bin/grep -F "wss://" /usr/share/spice-html5/spice_auto.html'
+        )
+      end
+    end
+
  end

  context 'on Debian platforms' do