8612724097
Depends-On: https://review.opendev.org/756168 Change-Id: I28467c053dec67a1a9b31d59267a61ce3b1072dc Signed-off-by: Lance Albertson <lance@osuosl.org>
226 lines
11 KiB
Ruby
226 lines
11 KiB
Ruby
#
|
|
# Cookbook:: openstack-dashboard
|
|
# Attributes:: default
|
|
#
|
|
# Copyright:: 2012, AT&T, Inc.
|
|
# Copyright:: 2013-2014, IBM, Corp.
|
|
# Copyright:: 2016-2020, Oregon State University
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
# Set to some text value if you want templated config files
|
|
# to contain a custom banner at the top of the written file
|
|
default['openstack']['dashboard']['custom_template_banner'] = '
|
|
# This file is automatically generated by Chef
|
|
# Any changes will be overwritten
|
|
'
|
|
# ****************** OpenStack Dashboard Endpoints ******************************
|
|
|
|
# The OpenStack Dashboard non-SSL endpoint
|
|
default['openstack']['bind_service']['dashboard_http']['host'] = '0.0.0.0'
|
|
default['openstack']['bind_service']['dashboard_http']['port'] = '80'
|
|
|
|
# The OpenStack Dashboard SSL endpoint
|
|
default['openstack']['bind_service']['dashboard_https']['host'] = '0.0.0.0'
|
|
default['openstack']['bind_service']['dashboard_https']['port'] = '443'
|
|
|
|
# ********************************************************************************
|
|
|
|
default['openstack']['dashboard']['debug'] = false
|
|
|
|
# Don't cache html pages.
|
|
# NOTE: This setting requires apache 2.4 or greater is used
|
|
default['openstack']['dashboard']['cache_html'] = false
|
|
|
|
# The Keystone role used by default for users logging into the dashboard
|
|
default['openstack']['dashboard']['keystone_default_role'] = 'member'
|
|
|
|
default['openstack']['dashboard']['server_hostname'] = nil
|
|
default['openstack']['dashboard']['server_aliases'] = []
|
|
default['openstack']['dashboard']['server_admin'] = 'root@localhost'
|
|
default['openstack']['dashboard']['use_ssl'] = true
|
|
# When using a remote certificate and key, the names of the actual installed certificate
|
|
# and key in the file system are determined by the following two attributes.
|
|
# If you want the name of the installed files to match the name of the files from the URL,
|
|
# they need to be manually set below, if not the conventional horizon.* names will be used.
|
|
default['openstack']['dashboard']['ssl']['cert'] = 'horizon.pem'
|
|
default['openstack']['dashboard']['ssl']['key'] = 'horizon.key'
|
|
# Optional Chain cert
|
|
default['openstack']['dashboard']['ssl']['chain'] = nil
|
|
# Which versions of the SSL/TLS protocol will be accepted in new connections.
|
|
default['openstack']['dashboard']['ssl']['protocol'] = 'All -SSLv2 -SSLv3'
|
|
# Which ciphers to use with the SSL/TLS protocol.
|
|
# Example: 'RSA:HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK!RC4:!RC4-MD5:!RC4-SHA'
|
|
default['openstack']['dashboard']['ssl']['ciphers'] = nil
|
|
# Use the 'certs' databag for managing certs to disable it to use something
|
|
# external
|
|
default['openstack']['dashboard']['ssl']['use_data_bag'] = true
|
|
|
|
# List of hosts/domains the dashboard can serve. This should be changed, a '*'
|
|
# allows everything
|
|
default['openstack']['dashboard']['allowed_hosts'] = ['*']
|
|
|
|
# Allow TRACE method
|
|
#
|
|
# Set to "extended" to also reflect the request body (only for testing and
|
|
# diagnostic purposes).
|
|
#
|
|
# Set to one of: On | Off | extended
|
|
default['openstack']['dashboard']['traceenable'] = 'Off'
|
|
|
|
default['openstack']['dashboard']['secret_key_content'] = nil
|
|
|
|
default['openstack']['dashboard']['ssl_no_verify'] = 'True'
|
|
default['openstack']['dashboard']['ssl_cacert'] = nil
|
|
|
|
default['openstack']['dashboard']['webroot'] = '/'
|
|
|
|
# Dashboard specific database packages
|
|
# Put common ones here and platform specific ones below.
|
|
default['openstack']['dashboard']['db_python_packages'] = {
|
|
mysql: [],
|
|
sqlite: [],
|
|
}
|
|
|
|
case node['platform_family']
|
|
when 'rhel'
|
|
default['openstack']['dashboard']['key_group'] = 'root'
|
|
default['openstack']['dashboard']['horizon_user'] = 'apache'
|
|
default['openstack']['dashboard']['horizon_group'] = 'apache'
|
|
default['openstack']['dashboard']['secret_key_path'] =
|
|
'/usr/share/openstack-dashboard/openstack_dashboard/local/.secret_key_store'
|
|
default['openstack']['dashboard']['ssl']['cert_dir'] = '/etc/pki/tls/certs/'
|
|
default['openstack']['dashboard']['ssl']['key_dir'] = '/etc/pki/tls/private/'
|
|
default['openstack']['dashboard']['local_settings_path'] = '/etc/openstack-dashboard/local_settings'
|
|
default['openstack']['dashboard']['django_path'] = '/usr/share/openstack-dashboard'
|
|
default['openstack']['dashboard']['static_path'] = '/usr/share/openstack-dashboard/static'
|
|
default['openstack']['dashboard']['policy_files_path'] = '/etc/openstack-dashboard'
|
|
default['openstack']['dashboard']['login_url'] = "#{node['openstack']['dashboard']['webroot']}auth/login/"
|
|
default['openstack']['dashboard']['logout_url'] = "#{node['openstack']['dashboard']['webroot']}auth/logout/"
|
|
default['openstack']['dashboard']['login_redirect_url'] = node['openstack']['dashboard']['webroot']
|
|
default['openstack']['dashboard']['platform'] = {
|
|
'horizon_packages' => %w(openstack-dashboard mod_wsgi),
|
|
'memcache_python_packages' => %w(python-memcached),
|
|
'package_overrides' => '',
|
|
}
|
|
when 'debian'
|
|
default['openstack']['dashboard']['key_group'] = 'ssl-cert'
|
|
default['openstack']['dashboard']['horizon_user'] = 'horizon'
|
|
default['openstack']['dashboard']['horizon_group'] = 'horizon'
|
|
default['openstack']['dashboard']['secret_key_path'] = '/var/lib/openstack-dashboard/secret_key'
|
|
default['openstack']['dashboard']['ssl']['cert_dir'] = '/etc/ssl/certs/'
|
|
default['openstack']['dashboard']['ssl']['key_dir'] = '/etc/ssl/private/'
|
|
default['openstack']['dashboard']['local_settings_path'] = '/etc/openstack-dashboard/local_settings.py'
|
|
default['openstack']['dashboard']['django_path'] = '/usr/share/openstack-dashboard'
|
|
default['openstack']['dashboard']['static_path'] = '/var/lib/openstack-dashboard/static'
|
|
default['openstack']['dashboard']['policy_files_path'] = '/usr/share/openstack-dashboard/openstack_dashboard/conf'
|
|
default['openstack']['dashboard']['login_url'] = nil
|
|
default['openstack']['dashboard']['logout_url'] = nil
|
|
default['openstack']['dashboard']['login_redirect_url'] = nil
|
|
default['openstack']['dashboard']['platform'] = {
|
|
'memcache_python_packages' => %w(python3-memcache),
|
|
'package_overrides' => '',
|
|
}
|
|
default['openstack']['dashboard']['platform']['horizon_packages'] =
|
|
%w(
|
|
node-less
|
|
libapache2-mod-wsgi-py3
|
|
python3-django-horizon
|
|
openstack-dashboard
|
|
)
|
|
else
|
|
default['openstack']['dashboard']['key_group'] = 'root'
|
|
end
|
|
|
|
default['openstack']['dashboard']['dash_path'] = "#{node['openstack']['dashboard']['django_path']}/openstack_dashboard"
|
|
default['openstack']['dashboard']['wsgi_path'] = node['openstack']['dashboard']['dash_path'] + '/wsgi.py'
|
|
default['openstack']['dashboard']['wsgi_socket_prefix'] = nil
|
|
default['openstack']['dashboard']['session_backend'] = 'memcached'
|
|
|
|
default['openstack']['dashboard']['ssl_offload'] = true
|
|
default['openstack']['dashboard']['plugins'] = nil
|
|
|
|
default['openstack']['dashboard']['file_upload_temp_dir'] = nil
|
|
|
|
# disable the v2 openrc download panel by default since v2 has been deprecated for a while
|
|
# TODO: remove this option completely for Train
|
|
default['openstack']['dashboard']['show_keystone_v2_rc'] = 'False'
|
|
|
|
default['openstack']['dashboard']['error_log'] = 'openstack-dashboard-error.log'
|
|
default['openstack']['dashboard']['access_log'] = 'openstack-dashboard-access.log'
|
|
|
|
default['openstack']['dashboard']['help_url'] = 'https://docs.openstack.org'
|
|
|
|
default['openstack']['dashboard']['csrf_cookie_secure'] = true
|
|
default['openstack']['dashboard']['session_cookie_secure'] = true
|
|
|
|
default['openstack']['dashboard']['keystone_multidomain_support'] = false
|
|
default['openstack']['dashboard']['keystone_default_domain'] = 'default'
|
|
default['openstack']['dashboard']['identity_api_version'] = 3
|
|
|
|
default['openstack']['dashboard']['volume_api_version'] = 2
|
|
default['openstack']['dashboard']['console_type'] = 'AUTO'
|
|
|
|
default['openstack']['dashboard']['keystone_backend']['name'] = 'native'
|
|
default['openstack']['dashboard']['keystone_backend']['can_edit_user'] = true
|
|
default['openstack']['dashboard']['keystone_backend']['can_edit_group'] = true
|
|
default['openstack']['dashboard']['keystone_backend']['can_edit_project'] = true
|
|
default['openstack']['dashboard']['keystone_backend']['can_edit_domain'] = true
|
|
default['openstack']['dashboard']['keystone_backend']['can_edit_role'] = true
|
|
|
|
default['openstack']['dashboard']['log_level']['horizon'] = 'INFO'
|
|
default['openstack']['dashboard']['log_level']['horizon_log'] = 'INFO'
|
|
default['openstack']['dashboard']['log_level']['openstack_dashboard'] = 'INFO'
|
|
default['openstack']['dashboard']['log_level']['novaclient'] = 'INFO'
|
|
default['openstack']['dashboard']['log_level']['cinderclient'] = 'INFO'
|
|
default['openstack']['dashboard']['log_level']['keystoneclient'] = 'INFO'
|
|
default['openstack']['dashboard']['log_level']['glanceclient'] = 'INFO'
|
|
default['openstack']['dashboard']['log_level']['neutronclient'] = 'INFO'
|
|
default['openstack']['dashboard']['log_level']['heatclient'] = 'INFO'
|
|
default['openstack']['dashboard']['log_level']['ceilometerclient'] = 'INFO'
|
|
default['openstack']['dashboard']['log_level']['troveclient'] = 'INFO'
|
|
default['openstack']['dashboard']['log_level']['swiftclient'] = 'INFO'
|
|
default['openstack']['dashboard']['log_level']['openstack_auth'] = 'INFO'
|
|
default['openstack']['dashboard']['log_level']['nose.plugins.manager'] = 'INFO'
|
|
default['openstack']['dashboard']['log_level']['django'] = 'INFO'
|
|
|
|
default['openstack']['dashboard']['heat_stack']['enable_user_pass'] = true
|
|
|
|
default['openstack']['dashboard']['password_autocomplete'] = 'off'
|
|
default['openstack']['dashboard']['simple_ip_management'] = false
|
|
default['openstack']['dashboard']['neutron']['enable_quotas'] = true
|
|
default['openstack']['dashboard']['neutron']['enable_lb'] = false
|
|
default['openstack']['dashboard']['neutron']['enable_vpn'] = false
|
|
# Allow for misc sections to be added to the local_settings template
|
|
# For example: {
|
|
# 'CUSTOM_CONFIG_A' => {
|
|
# 'variable1': 'value1',
|
|
# 'variable2': 'value2'
|
|
# }
|
|
# 'CUSTOM_CONFIG_B' => {
|
|
# 'variable1': 'value1',
|
|
# 'variable2': 'value2'
|
|
# }
|
|
# }
|
|
# will generate:
|
|
# CUSTOM_CONFIG_A = {
|
|
# 'varable1': 'value1',
|
|
# 'varable2': 'value2',
|
|
# }
|
|
# CUSTOM_CONFIG_A = {
|
|
# 'varable1': 'value1',
|
|
# 'varable2': 'value2',
|
|
# }
|
|
default['openstack']['dashboard']['misc_local_settings'] = nil
|