From 6a1736117ea71bcc04e206dbfaddbe2664923dd7 Mon Sep 17 00:00:00 2001 From: Derek Higgins Date: Fri, 22 Feb 2013 11:16:35 -0500 Subject: [PATCH] Adding option to enable SSL to horizon Adding a new option "CONFIG_HORIZON_SSL" if set to 'y' will cause apache to open ssl communications to port 443 https://bugzilla.redhat.com/show_bug.cgi?id=903813 Change-Id: I6a9960706f35823e7fa9a1913274bbfc51d6b99a --- packstack/installer/output_messages.py | 1 - packstack/plugins/dashboard_500.py | 37 ++++++++++++++++++++++++-- packstack/puppet/templates/horizon.pp | 2 +- 3 files changed, 36 insertions(+), 4 deletions(-) diff --git a/packstack/installer/output_messages.py b/packstack/installer/output_messages.py index 5b8be8efd..e81daf154 100644 --- a/packstack/installer/output_messages.py +++ b/packstack/installer/output_messages.py @@ -84,4 +84,3 @@ ERR_ONLY_1_FLAG="Error: The %s flag is mutually exclusive to all other command l ERR_REMOVE_REMOTE_VAR="Error: Failed to remove directory %s on %s, it contains sensitive data and should be removed" # -INFO_DASHBOARD="To use the console, browse to http://%s/dashboard" diff --git a/packstack/plugins/dashboard_500.py b/packstack/plugins/dashboard_500.py index 72f7bdc37..a78ad7f05 100644 --- a/packstack/plugins/dashboard_500.py +++ b/packstack/plugins/dashboard_500.py @@ -38,6 +38,18 @@ def initConfig(controllerObject): "USE_DEFAULT" : False, "NEED_CONFIRM" : False, "CONDITION" : False }, + {"CMD_OPTION" : "os-horizon-ssl", + "USAGE" : "To set up Horizon communication over https set this to \"y\"", + "PROMPT" : "Would you like to set up Horizon communication over https", + "OPTION_LIST" : ["y", "n"], + "VALIDATORS" : [validate.validate_options], + "DEFAULT_VALUE" : "n", + "MASK_INPUT" : False, + "LOOSE_VALIDATION": True, + "CONF_NAME" : "CONFIG_HORIZON_SSL", + "USE_DEFAULT" : False, + "NEED_CONFIRM" : False, + "CONDITION" : False }, ] groupDict = { "GROUP_NAME" : "OSHORIZON", @@ -59,9 +71,30 @@ def initSequences(controller): ] controller.addSequence("Installing OpenStack Horizon", [], [], steps) + def createmanifest(): controller.CONF["CONFIG_HORIZON_SECRET_KEY"] = uuid.uuid4().hex - manifestfile = "%s_horizon.pp"%controller.CONF['CONFIG_HORIZON_HOST'] + horizon_host = controller.CONF['CONFIG_HORIZON_HOST'] + manifestfile = "%s_horizon.pp" % horizon_host + + proto = "http" + controller.CONF["CONFIG_HORIZON_PORT"] = "'80'" + sslmanifestdata = '' + if controller.CONF["CONFIG_HORIZON_SSL"] == 'y': + controller.CONF["CONFIG_HORIZON_PORT"] = "'443'" + controller.MESSAGES.append( + "%sNOTE%s : A default self signed certificate was used for ssl, " + "You should change the ssl certificate configured in " + "/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert." + % (basedefs.RED, basedefs.NO_COLOR, horizon_host)) + proto = "https" + sslmanifestdata += ("class {'apache::mod::ssl': }\n" + "file {'/etc/httpd/conf.d/ssl.conf':}\n") + manifestdata = getManifestTemplate("horizon.pp") + manifestdata += sslmanifestdata appendManifestFile(manifestfile, manifestdata) - controller.MESSAGES.append(output_messages.INFO_DASHBOARD%controller.CONF['CONFIG_HORIZON_HOST']) + + msg = "To use the console, browse to %s://%s/dashboard" % \ + (proto, controller.CONF['CONFIG_HORIZON_HOST']) + controller.MESSAGES.append(msg) diff --git a/packstack/puppet/templates/horizon.pp b/packstack/puppet/templates/horizon.pp index 4af865a7d..c6bb6581e 100644 --- a/packstack/puppet/templates/horizon.pp +++ b/packstack/puppet/templates/horizon.pp @@ -23,7 +23,7 @@ file { '/etc/httpd/conf.d/openstack-dashboard.conf':} firewall { '001 horizon incoming': proto => 'tcp', - dport => ['80'], + dport => [%(CONFIG_HORIZON_PORT)s], action => 'accept', }