Adding option to enable SSL to horizon

Adding a new option "CONFIG_HORIZON_SSL" if set to 'y' will cause apache to open ssl communications to port 443 https://bugzilla.redhat.com/show_bug.cgi?id=903813 Change-Id: I6a9960706f35823e7fa9a1913274bbfc51d6b99a
2013-02-22 11:16:35 -05:00
parent efc9e74bf9
commit 6a1736117e
3 changed files with 36 additions and 4 deletions
--- a/packstack/installer/output_messages.py
+++ b/packstack/installer/output_messages.py
@@ -84,4 +84,3 @@ ERR_ONLY_1_FLAG="Error: The %s flag is mutually exclusive to all other command l
 ERR_REMOVE_REMOTE_VAR="Error: Failed to remove directory %s on %s, it contains sensitive data and should be removed"

 #
-INFO_DASHBOARD="To use the console, browse to http://%s/dashboard"
--- a/packstack/plugins/dashboard_500.py
+++ b/packstack/plugins/dashboard_500.py
@@ -38,6 +38,18 @@ def initConfig(controllerObject):
                   "USE_DEFAULT"     : False,
                   "NEED_CONFIRM"    : False,
                   "CONDITION"       : False },
+                  {"CMD_OPTION"      : "os-horizon-ssl",
+                   "USAGE"           : "To set up Horizon communication over https set this to \"y\"",
+                   "PROMPT"          : "Would you like to set up Horizon communication over https",
+                   "OPTION_LIST"     : ["y", "n"],
+                   "VALIDATORS"      : [validate.validate_options],
+                   "DEFAULT_VALUE"   : "n",
+                   "MASK_INPUT"      : False,
+                   "LOOSE_VALIDATION": True,
+                   "CONF_NAME"       : "CONFIG_HORIZON_SSL",
+                   "USE_DEFAULT"     : False,
+                   "NEED_CONFIRM"    : False,
+                   "CONDITION"       : False },
                 ]

    groupDict = { "GROUP_NAME"            : "OSHORIZON",
@@ -59,9 +71,30 @@ def initSequences(controller):
    ]
    controller.addSequence("Installing OpenStack Horizon", [], [], steps)

+
 def createmanifest():
    controller.CONF["CONFIG_HORIZON_SECRET_KEY"] = uuid.uuid4().hex
-    manifestfile = "%s_horizon.pp"%controller.CONF['CONFIG_HORIZON_HOST']
+    horizon_host = controller.CONF['CONFIG_HORIZON_HOST']
+    manifestfile = "%s_horizon.pp" % horizon_host
+
+    proto = "http"
+    controller.CONF["CONFIG_HORIZON_PORT"] = "'80'"
+    sslmanifestdata = ''
+    if controller.CONF["CONFIG_HORIZON_SSL"] == 'y':
+        controller.CONF["CONFIG_HORIZON_PORT"] = "'443'"
+        controller.MESSAGES.append(
+            "%sNOTE%s : A default self signed certificate was used for ssl, "
+            "You should change the ssl certificate configured in "
+            "/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert."
+            % (basedefs.RED, basedefs.NO_COLOR, horizon_host))
+        proto = "https"
+        sslmanifestdata += ("class {'apache::mod::ssl': }\n"
+                            "file {'/etc/httpd/conf.d/ssl.conf':}\n")
+
    manifestdata = getManifestTemplate("horizon.pp")
+    manifestdata += sslmanifestdata
    appendManifestFile(manifestfile, manifestdata)
-    controller.MESSAGES.append(output_messages.INFO_DASHBOARD%controller.CONF['CONFIG_HORIZON_HOST'])
+
+    msg = "To use the console, browse to %s://%s/dashboard" % \
+        (proto,  controller.CONF['CONFIG_HORIZON_HOST'])
+    controller.MESSAGES.append(msg)
--- a/packstack/puppet/templates/horizon.pp
+++ b/packstack/puppet/templates/horizon.pp
@@ -23,7 +23,7 @@ file { '/etc/httpd/conf.d/openstack-dashboard.conf':}

 firewall { '001 horizon incoming':
    proto    => 'tcp',
-    dport    => ['80'],
+    dport    => [%(CONFIG_HORIZON_PORT)s],
    action   => 'accept',
 }