cc71003acb
These changes allow the role to be tested on Xenial hosts
while also ensuring that the tests are testing everything
within the container as expected.
Overview:
* Included in this PR is a manual-test.rc. This has been
added to allow developers to run tests locally without
having to invoke tox. This RC file was lifed from the
os_keystone role.
* The git package was added to the install list. This is
needed on the target when the role is running with developer
mode enabled.
* Connection settings within the container create prep playbook
were removed. A``connection: local`` setting forces all
commands to be executed against the host regardless of a
delegated task.
* A task has been added to the horizon role to when SSL is
enabled. This task ensures that that ca certificates are
updated. Without this change, when running on Xenial,
tempest will fail due to the following error:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
By updating the ca certificats on tempest is able to verify
the certificate and pass the tests. NOTE: This fix came from
the puppet-OpenStack community where they ran into the same
problems in Xenial as discussed here: [0]
[0] - https://irclogs.ubuntu.com/2016/05/18/%23ubuntu-server.html#t13:37
Change-Id: I1e6808c49a8faaba5b2748918be5d6b5a59fd3d1
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
OpenStack-Ansible Horizon
This Ansible role installs and configures OpenStack Horizon served by the Apache webserver. Horizon is configured to use Galera for session caching and memcached for other caching.
Default Variables
../../defaults/main.yml
Required Variables
This list is not exhaustive at present. See role internals for further details.
horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
horizon_galera_address: 10.100.100.101
horizon_container_mysql_password: "SuperSecrete"
horizon_secret_key: "SuperSecreteHorizonKey"Example Playbook
- name: Installation and setup of horizon
hosts: horizon_all
user: root
roles:
- { role: "os_horizon", tags: [ "os-horizon" ] }
vars:
galera_client_drop_config_file: false
external_lb_vip_address: 10.100.100.101
internal_lb_vip_address: 10.100.100.101
horizon_galera_address: 10.100.100.101
horizon_container_mysql_password: "SuperSecrete"
horizon_secret_key: "SuperSecreteHorizonKey"
horizon_external_ssl: true
horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
galera_root_password: "secrete"
rabbitmq_servers: 10.100.100.101
rabbitmq_use_ssl: false
rabbitmq_port: 5671
keystone_admin_user_name: admin
keystone_auth_admin_password: "SuperSecretePassword"
keystone_admin_tenant_name: admin
keystone_service_adminuri_insecure: false
keystone_service_internaluri_insecure: false
keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
openrc_os_password: "{{ keystone_auth_admin_password }}"
openrc_os_domain_name: "Default"
memcached_servers: 10.100.100.101
memcached_encryption_key: "secrete"