Set up NOVNC with https when using SSL on HORIZON

Change-Id: I98d053f2d1558f39fe116a7f90bc6f1b6a4f93f4
Fixes: rhbz#1115896
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>

packstack/puppet/modules/packstack/templates/ssl/generate_ssl_certs.sh.erb

@@ -51,3 +51,10 @@ cp /etc/pki/CA/cacert.pem $SSLCHAIN
 openssl genrsa 2048 > $SSLKEY 2> /dev/null
 answers $FQDN | openssl req -new -nodes -key $SSLKEY -out ${SSLCERT}.req
 yes | openssl ca -in ${SSLCERT}.req -out ${SSLCERT}
+
+# gen key and self signed cert for novnc
+SSL_NOVA_NOVNC_CERT=/etc/nova/nova.crt
+SSL_NOVA_NOVNC_KEY=/etc/nova/nova.key
+answers $FQDN | openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout $SSL_NOVA_NOVNC_KEY -out $SSL_NOVA_NOVNC_CERT
+chown root.nova $SSL_NOVA_NOVNC_CERT $SSL_NOVA_NOVNC_KEY
+chmod 440 $SSL_NOVA_NOVNC_CERT $SSL_NOVA_NOVNC_KEY

packstack/puppet/templates/horizon.pp

@@ -41,6 +41,13 @@ if %(CONFIG_HORIZON_SSL)s {
     require => File['/etc/pki/tls/certs/ps_generate_ssl_certs.ssh'],
     notify  => Service['httpd'],
     before  => Class['horizon'],
+  } ->
+  exec { 'nova-novncproxy-restart':
+    # ps_generate_ssl_certs.ssh is generating ssl certs for nova-novncproxy
+    # so openstack-nova-novncproxy should be restarted.
+    path      => ['/sbin', '/usr/sbin', '/bin', '/usr/bin'],
+    command   => 'systemctl restart openstack-nova-novncproxy.service',
+    logoutput => 'on_failure',
   }
 
   apache::listen { '443': }

packstack/puppet/templates/nova_vncproxy.pp

@@ -1,3 +1,13 @@
+$is_using_ssl_on_horizon = '%(CONFIG_HORIZON_SSL)s'
+
+if $is_using_ssl_on_horizon == 'y' {
+  nova_config {
+    'DEFAULT/ssl_only': value => 'true';
+    'DEFAULT/cert':     value => '/etc/nova/nova.crt';
+    'DEFAULT/key':      value => '/etc/nova/nova.key';
+  }
+}
+
 class {"nova::vncproxy":
     enabled => true,
 }