From d8c73aa2064767f3cfe6090daf3503f369ec1bd1 Mon Sep 17 00:00:00 2001
From: Buddhika Sanjeewa <bsanjeewa@kln.ac.lk>
Date: Tue, 11 Jan 2022 22:21:00 +0000
Subject: [PATCH] Access to zun container fails when tls_external enabled.

Access to console of any zun container fails when
kolla_enable_tls_external is true.
This is due to the protocol of the base_url of the websocket_proxy
section in zun.conf is hardcoded to 'ws'.
[base_url = ws://<external_fqdn>:<port>]

This fix adds a new variable zun_wsproxy_protocol
and sets it's value to 'wss' when kolla_enable_tls_external is true
or to 'ws' otherwise

Then the base url's protocol of the websocket_proxy section
in zun.conf is set by zun_wsproxy_protocol
[base_url = "{{ zun_wsproxy_protocol }}://<external_fqdn>:<port>"]

Closes-Bug: 1957117
Change-Id: Ibd9ca6e40ee8c265775b0657d318aa3f82e4cccb
---
 ansible/group_vars/all.yml                           |  1 +
 ansible/roles/zun/templates/zun.conf.j2              |  2 +-
 releasenotes/notes/bug-1957117-7832104d66a91da7.yaml | 11 +++++++++++
 3 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/bug-1957117-7832104d66a91da7.yaml

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 002e9a5690..16d92f5943 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -521,6 +521,7 @@ zookeeper_quorum_port: "3888"
 
 zun_api_port: "9517"
 zun_wsproxy_port: "6784"
+zun_wsproxy_protocol: "{{ 'wss' if kolla_enable_tls_external | bool else 'ws' }}"
 zun_cni_daemon_port: "9036"
 
 vitrage_api_port: "8999"
diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2
index 4600a48229..491b821c07 100644
--- a/ansible/roles/zun/templates/zun.conf.j2
+++ b/ansible/roles/zun/templates/zun.conf.j2
@@ -118,7 +118,7 @@ host_shared_with_nova = {{ inventory_hostname in groups['compute'] and enable_no
 [websocket_proxy]
 wsproxy_host = {{ api_interface_address }}
 wsproxy_port = {{ zun_wsproxy_port }}
-base_url = ws://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ zun_wsproxy_port }}
+base_url = {{ zun_wsproxy_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ zun_wsproxy_port }}
 
 [docker]
 api_url = tcp://{{ api_interface_address | put_address_in_context('url') }}:2375
diff --git a/releasenotes/notes/bug-1957117-7832104d66a91da7.yaml b/releasenotes/notes/bug-1957117-7832104d66a91da7.yaml
new file mode 100644
index 0000000000..5d0dfd8bf6
--- /dev/null
+++ b/releasenotes/notes/bug-1957117-7832104d66a91da7.yaml
@@ -0,0 +1,11 @@
+---
+fixes:
+  - |
+    Fixes unable to connect to zun console when
+    ``kolla_enable_tls_external`` is true.
+    Access to console of any zun container fails when
+    ``kolla_enable_tls_external`` is true.
+    This fix sets the protocol for wsproxy ``base_url``
+    in ``zun.conf`` according to the value of
+    ``kolla_enable_tls_external``
+    `LP#1957117 <https://launchpad.net/bugs/1957117>`__