OpenStack-Ansible Horizon
#########################

This Ansible role installs and configures OpenStack Horizon served by the
Apache webserver. Horizon is configured to use Galera for session caching and
memcached for other caching.

Default Variables
=================

.. literalinclude:: ../../defaults/main.yml
   :language: yaml
   :start-after: under the License.


Required Variables
==================

This list is not exhaustive at present. See role internals for further
details.

.. code-block:: yaml

      horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
      horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
      horizon_galera_address: 10.100.100.101
      horizon_container_mysql_password: "SuperSecrete"
      horizon_secret_key: "SuperSecreteHorizonKey"


Example Playbook
================

.. code-block:: yaml

    - name: Installation and setup of horizon
      hosts: horizon_all
      user: root
      roles:
        - { role: "os_horizon", tags: [ "os-horizon" ] }
      vars:
        galera_client_drop_config_file: false
        external_lb_vip_address: 10.100.100.101
        internal_lb_vip_address: 10.100.100.101
        horizon_galera_address: 10.100.100.101
        horizon_container_mysql_password: "SuperSecrete"
        horizon_secret_key: "SuperSecreteHorizonKey"
        horizon_external_ssl: true
        horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
        horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
        galera_root_password: "secrete"
        rabbitmq_servers: 10.100.100.101
        rabbitmq_use_ssl: false
        rabbitmq_port: 5671
        keystone_auth_admin_token: "SuperSecreteTestToken"
        keystone_auth_admin_password: "SuperSecretePassword"
        keystone_service_adminuri_insecure: false
        keystone_service_internaluri_insecure: false
        keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
        keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
        keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
        keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
        openrc_os_password: "{{ keystone_auth_admin_password }}"
        openrc_os_domain_name: "Default"
        memcached_servers: 10.100.100.101
        memcached_encryption_key: "secrete"