Distributions provide packages for the OpenStack services so we add
support for using these instead of the pip ones.
Implements: blueprint openstack-distribution-packages
Change-Id: Ie6eeff541a319967715e619dcdc26177aec5be72
Set to False if you don't want router support in Horizon or if you don't
have Neutron L3 agent deployed.
Change-Id: I72eaa7829372b91c286efa06263e3f78b86ef35c
This variable was introduced in Newton and allows you to specify a
list of default DNS servers populated when creating a tenant subnet.
Change-Id: I7c6767bb883296c55b7a7302d7af8a8721fd2844
When 'horizon_galera_use_ssl' is True, use an encrypted connection to
the database using either a self-signed or user-provided CA certificate.
A new non-voting test has been added to verify that the role remains
functional when enabling SSL features.
Change-Id: Ie7e0e5f7fc89978126d0d735367d8ecf3e007cfc
Partial-Bug: 1667789
This patch removes the enable_firewall/enable_vpn options since
they were removed in Pike (deprecated since Juno). The FWaaS panel
is still enabled via the modern method (copying files into place).
The VPNaaS variable is no longer being used, so it is being removed.
Closes-Bug: 1735199
Change-Id: I7d42b2a857a7f0c9401becc68a152102fb702508
In the template file horizon_local_settings.py.j2, the
IMAGES_ALLOW_LOCATION value is being set as a string, when it should
be a bool.
Change-Id: I6589fe93abab76243d30136babaa7b1e95989243
Closes-Bug: 1727438
The AVAILABLE_THEMES and LAUNCH_INSTANCE_DEFAULTS options are currently
templated as unsorted dictionaries. Sort them to avoid unnecessary
config changes and service restarts.
Change-Id: I7bfd5248be78efa3a87bd56637ea1082d391a3e0
Use dict.items() instead of dict.iteritems() for Python 3 compatibility.
Change-Id: If2484febbab4db20539749094517240b5f17d1ab
Implements: blueprint goal-python35
This variable allows customizing the default values for properties found
in the Launch Instance modal, using the LAUNCH_INSTANCE_DEFAULTS config
option.
Change-Id: I1a795b788b3fbc78e814c93f56fd996090c7463b
syncdb is deprecated since Django 1.7 and removed in 1.9, using the "new"
command.
Configure the logging NullHandler properly
Change-Id: If1365e76cdd0f66b7ef2a90cc52b4692f68a149f
Currently, WEBSSO_INITIAL_CHOICE is hard-coded in template, this patchset
convert WEBSSO_INITIAL_CHOICE setting to variable horizon_websso_initial_choice
in main.yml
Change-Id: I7e18ec981f6a575ee81da1429545f8b46a771fb8
Closes-bug: #1660322
This is being moved in the template file such that it will ensure the
variable is always rendered. This change is needed for multi-region
clouds.
Change-Id: Ib3fa401e6ecf4053ef0a4a5bb9d18ae18ae7f07a
Closes-Bug: #1660344
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
In order to expose the variable in documentation,
it is defined in defaults and the value is always
templated. The default value is set to the same
as the upstream default.
Change-Id: I3a8785de414a82931b1089f7396b0fbe3b68ae7d
Because horizon local settings cannot use config_template, we
have to maintain the features possible in the template ourselves.
This adds the possibility to allow/deny the use of embedded
iframes.
Change-Id: I12470ac156a433eee795b4090b21d106418ecd5a
In patch https://review.openstack.org/#/c/309425/ we defaulted the
keystone_sp var to exist and be set to "{}". All conditionals were
changed to check if keytone_sp was "{}" rather than to check if it is
defined.
The horizon role still does a conditional to check if the var is
defined, rather than a check to see if it is "{}". This causes the
conditional to fail when the var is defaulted in user_variables, but has
no values in it.
Change-Id: Ib4cd0b168ec09a222e7a1da5672395852f3f8a1c
In Newton several config settings were added which are missing from our
configuration. Without these options Horizon is incomplete.
Change-Id: Ie6e9f65153bf5305ee197a81df28ff4e52f9a572
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
When running a multi-domain cloud the constant
"OPENSTACK_KEYSTONE_DEFAULT_DOMAIN" needs to be omitted from the
rendered "local_setting.py" file. This change keys off of the
"horizon_keystone_multidomain_support" value and should it be `true`
the constant "OPENSTACK_KEYSTONE_DEFAULT_DOMAIN" will be omitted from
config.
Closes-Bug: #1629865
Change-Id: I81c5d17bfd4d946567a49db9adfb4285d05303c3
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
As Horizon treats admins differently and can't discern what roles are
administrative in nature, we have to tell it if there are roles
beyond/besides "admin".
If not overriden by the user, then the default is `['admin']` as seen
in the code:
https://github.com/openstack/horizon/blob/stable/mitaka/openstack_dashboard/utils/identity.py#L20-L25.
Closes-Bug: #1614213
Change-Id: I5e475db52be7d6390a1ab29a08b58fc102e16037
Co-Author: Corey Wright <corey.wright@rackspace.com>
Deployers can now configure their own custom
themes and set them as the default theme using the
Horizon configuration values AVAILABLE_THEMES and
DEFAULT_THEME
See http://docs.openstack.org/developer/horizon/topics/settings.html#available-themes
for further details on the configuration.
Change-Id: I90b1cb45c851eb654638d82b83af56f93a642895
Closes-Bug: #1590839
A new variable has been added to allow a deployer to set arbitrary
configuration options.
Closes-Bug: #1598143
Change-Id: Ic2d83d5b581046314145ecd0201087cc1682716b
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The change from I7b384c2f78aa0aa622d23b8b4ee317dd99f396e0 in the
neutron-lbaas-dashboard brought back the ``enable_lb`` option. This
patch adds the option back into the Horizon configuration. The option
is only needed when the next-gen LBaaSv2 panels are activated.
Closes-bug: 1593074
Change-Id: I166512fc77e48c123116dc6dd95262b2e1d5f6cf
Operators may want to mask certain Nova extensions
in Horizon for performance reasons. This change
adds configurable extensions list to mask.
Change-Id: I8dff0647608833ac370a4fdab7db7dd6f39aa7c3
This patch creates a variable to control ha router support in Horizon
and enables it by default.
Release notes are included.
Change-Id: I5edb7576d977bc558d9411dca62a029eb1856000
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This patch creates a variable to control IPv6 support in Horizon
and enables it by default.
Release notes are included.
Depends-On: I2d5300d4d5b02df3351ab52b1be32dd60241d34b
Change-Id: I4133d97f3a0aa4886b4b6f6ca3d6fb151231b0ef
The new LBaaS v2 panel for Horizon in Mitaka and Newton is installed
as a plugin. This patch enables the plugin as long as
`horizon_enable_neutron_lbaas` is set to True. The reference to the
older built-in LBaaS dashboard has been removed since it only works
with LBaaS v1.
Release notes are included with the patch.
Depends-On: I2d5300d4d5b02df3351ab52b1be32dd60241d34b
Change-Id: I2b1d77983598fb14fbf9ff7f23870cf767135811
Horizon disables password autocompletion by default. This causes
problems for users who use password managers and want to store
their Horizon credentials. This patch adds a variable that allows
a deployer to override this default.
Release notes are included.
Change-Id: I8eaa5a1773e6f182c436b312f2733a21505a867c
Closes-Bug: 1570505
This change simple provides an option to enable vpnaas panels
within horizon.
Change-Id: I2343f91e5ae1664fc8ab9ba1fbc3196b4d92078c
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This patch adds the ability for a deployer to enable the FWaaS panels
in Horizon.
Re-Implementation-Of: https://review.openstack.org/#/c/275894/9
Change-Id: I682171333328e42895ec1a4d2d0cc5d2b2fcdcd9
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This decouples the role more completely from the AIO
build default configuration in
Id87fab39c929e0860abbc3755ad386aa6893b151
which enables SSL termination at the HAProxy LB.
Variable naming should match what is in
Id87fab39c929e0860abbc3755ad386aa6893b151 to allow
the AIO configuration to enable external SSL termination.
And, bringing in changes from
I1c654501d0c8573734c52b9c20ba4b5713d667c1
that were missed.
Change-Id: I0fd26ec60f02e68688ea864d0d7880f73e6df780
This introduces 2 variables:
``horizon_site_name`` and ``horizon_custom_uploads``.
The former needs to set with a string. It will edit the
local settings of horizon to add the cloud's name.
The latter is a dict, that contains path to source and destination
files that the deployer wants to upload.
For example, if setting the dict as followed:
horizon_custom_uploads:
logo:
src: '/etc/openstack_deploy/files/logo.png'
dest: "img/logo.png"
logosplash:
src: '/etc/openstack_deploy/files/logo-splash.png'
dest: "img/logo-splash.png"
You'll overwrite the img/logo.png and img/logo-splash.png files
on the horizon nodes (inside their folder
"{{ horizon_lib_dir }}/openstack_dashboard/static/dashboard/")
with the files stored on the deployment node at the src location.
Change-Id: I1a74e74968d09f6e299dbd965f9c87368c4d646c
This patch implements the LBAAS agent using haproxy into the
neutron_agents container group.
The neutron-lbaas-agent service is disabled by default but can be
enabled by setting neutron_plugin_base in user_variables to include
'neutron.services.loadbalancer.plugin.LoadBalancerPlugin'.
The LBaaS Agent conf file entries can be set using the dict
'neutron_lbaas_agent_ini_overrides'
DocImpact
Closes-Bug: #1491968
Change-Id: I0aacdde6001836b7c0d881d935a5531d3ce04590
Co-Authored-By: Serge van Ginderachter <serge@vanginderachter.be>
Update Horizon local settings to include changes in Liberty. Some of
the configuration changes have been made to bring the comments into
line with the upstream configuration file to make comparing them
simpler in the future.
DocImpact
UpgradeImpact
Implements: blueprint liberty-release
Change-Id: Ib9546e6c8542981691348c23f7c475535efeb6da
This change makes the cinder backup enable flag in the Horizon
configuration a variable.
It also enables this flag automatically through group_vars when
cinder_service_backup_program_enabled = True.
Change-Id: Ib64532bbd7a3774f16766de0d3d221579aecc9ff
Closes-Bug: #1504279
This patch implements the ability to configure Horizon for use with multiple
Keystone v3 Domains.
Change-Id: I0872e0aa5c40c9e8b27597ae684468f7fb47a285
Closes-Bug: #1489406
In Keystone v3, the _member_ role is not implicitly created on first
use like it is in v2.
This patch adds variables to define the default role name for users:
- keystone_default_role_name:
this is the default role name from Keystone's point of view
- horizon_default_role_name:
this is the default user role from Horizon's point of view
Both Keystone and Horizon's tasks ensure that the role they're using
are registered in the Keystone database.
To maintain backwards compatibility the default value for both
variables is '_member_'.
DocImpact
Closes-bug: 1474916
Change-Id: Ie01e1771c0b435815dfe55fc0ba9a6d803ebe958
This commit adds the following new variables to customise whether nova
will allow key/partition/password injection:
nova_libvirt_inject_key
nova_libvirt_inject_partition
nova_libvirt_inject_password
Additionally, the following variable has been added to allow setting
password via Horizon:
horizon_can_set_password
Lastly, password injection can now be tested with tempest via:
tempest_compute_change_password
Note that all variables have been defaulted to their current values.
Closes-Bug: #1469238
Change-Id: Iff434ed7c042f7990990485c34d0f35b9a7baa7a
This patch adds the ability to configure Keystone as a Service
Provider (SP) for a Federated Identity Provider (IdP).
* New variables to configure Keystone as a service provider are now
supported under a root `keystone_sp` variable. Example configurations
can be seen in Keystone's defaults file. This configuration includes
the list of identity providers and trusted dashboards. (At this time
only one identity provider is supported).
* Identity provider configuration includes the remote-to-local user
mapping and the list of remote attributes the SP can obtain from the
IdP.
* Shibboleth is installed and configured in the Keystone containers when
SP configuration is present.
* Horizon is configured for SSO login
DocImpact
UpgradeImpact
Implements: blueprint keystone-federation
Change-Id: I78b3d740434ea4b3ca0bd9f144e4a07026be23c6
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
This patch enables Horizon to consume a Keystone v3 API endpoint.
This patch also introduces two variables to allow the endpoint to be
specified independently if required:
- horizon_keystone_host: this defaults to the internal LB IP address
- horizon_keystone_endpoint: this defaults to the internal Keystone
endpoint
This patch also does the following:
- properly consumes the horizon_ssl_no_verify role setting;
- includes a little comment cleanup which does nothing but clutter
the local_settings configuration file.
Closes-Bug: #1478996
Change-Id: I5b7ceeecab072ead6fd380dcef7a48f1978a56f2
This patch introduces an insecure flag for the Keystone internal
and admin endpoints:
* keystone_service_adminuri_insecure
* keystone_service_internaluri_insecure
Both values default to false. If you have setup SSL endpoints
for Keystone using an untrusted certificate then you should
set the appropriate flag to true in your user_variables.
This patch is used to enable testing and development with
Keystone SSL endpoints without having to make use of SSL
certificates signed by a trusted, public CA.
The patch introduces a new optional argument (insecure) to the
keystone, glance and neutron Ansible libraries. This is a
boolean value which, when true, enables these libraries to
access Keystone endpoints 'insecurely'. When these libraries
are used in plays, the appropriate value is set automatically
as per the above conditions.
Implements: blueprint keystone-federation
Change-Id: Ia07e7e201f901042dd06a86efe5c6f6725e9ce13
