(FUEL-450) Horizon https support

deployment/puppet/horizon/.gitignore

@@ -3,3 +3,4 @@ pkg/
 .DS_Store
 metadata.json
 coverage/
+.project

deployment/puppet/horizon/files/horizon.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCkwgscebSTSLwU
+TunIz7UI3JzQTSmsbhW28euCPHpPV20vNOxMsxSNMCCmuLRxpz4P2nxdD5OE5hNC
+x40ih3BEgcfvGO7lGoNSWaj0wx0gRqtNjl1HoNGfZlMhM1Hw6csnp+IHNcXChYzn
+qTQO8AfIbtkwIClxPvC2FLngiFfcBK2vcwh6cE+0RHdwU3+XS7ZENhoJP0XvtXTB
+OlGM+G0td/1y8zOkAzqhVk6g7TByRL2AaPrgHUlRVVmnFI5HjVMVmSbSF3o0NadT
+NfJiMpozzUMLzmPvjLgUh+Yua7x2yCTgst4VjhqdEATfWMNPpNz10xPQ6sA0fJmh
+PD7ES2glAgMBAAECggEASGZYuZ+lwV8h/w6aXzsfA5DmfAacfIA3nJf8dNOcr8bs
+XOU1vZKoQk7W2kyqRpNGi3LoWYChw7HS3vKPy4+WvxQExsW/HQAkmwh5XW1sHCXR
+2xfnV7WMyC4P87P4mxQxyPBWO/LeP1eujpJlJPdHhEVpvWM0suYEow7Ci69+ZFkZ
+Ks2ocAfy22QngHNel7cpP9sjuAOnKKjtqhSweX00el2usuhXru/dUIja5zzAaEFo
+MH+HWzaPtv0kIJsCZHquzP6RaedyNjZt/SlUQAzuDELFZkDpzN0itoOFRHMyVYtG
+ihKuJQmJjvz34P2YmoMKhDTB1EvmtmI6RpOiKGf49QKBgQDZeKHq/ESC7h7R9Tm6
+eG94l8q79OzDRgzdkxK4x3NTmEZos7TY9bkq0ZTo77DilqH0tI/lf5hGkQDYPQLL
+2+HlPoNkBYT82ejX5AXLDQdTTSLjE/ACQS/7aueNjfRmKaiiA5CQDKudIzVff2LO
+H+ycdYGwdcw3UW2OWi1spIuKbwKBgQDB8pyRqyWhvQbR0t1nMAlTxZuhd47ZRrra
+3xdMRQC0Wz5ar7tHGrS62puPmF3dL/OZ2nAKiNUzai1iFQi6YWJZNhJaTWnbKdkk
+ay9k944o1gkTE5LSqi9VrzKjPjWxOy3kppjJeP09x7yOp4hJVKF+z/Qs+Ko4MDMj
+IQfc6AEQqwKBgFJ4OccYFY8laBCtE1BQnc04mww+LI89AGIChSYHlQeNhp3sEFf6
+j1balcLkKssy3oYi9zLL+V5BXPWj5WyTnQ3HcCI9KZqNtIwyj7PZ4/5GEUXV6L2i
+JOUOPHNk8trPT4DpIyhNdcMod/QYJcsPNjZ7JUxaz6/mtEo4jmNV3wkHAoGBALY/
+Ew7ywu7joBfkzHWdNvaIFsE4hnv3MbhfsBXUNWBE6SfwP8wF9VQr/ceGRpWE7KRj
+Fatgfu7MVA75cvUoc3EfFUnTuqfeABRvv95hnS0USvypBOt+TfJ3Kd8pouyCjpJw
+VdvkHBtEqBNoq/E0XHi8Ulc75z/bUwIslKXpQK73AoGAZ3t8bDYkN56pZnJvTqaP
+ufy1LxEmYyxVp+qLYaGOr0VA09Zl21hDZMQTBFvPe9aLkd0RSCBE73iusDGe0AWd
+XBp4RcZO2Ah6hEpKG8OfY8slZxKGsd3ef0TjCxJpsg3daMyRhgMVJym9lhbKnWxJ
+vXMnw+DdqdSM7mpg3GG73OQ=
+-----END PRIVATE KEY-----

deployment/puppet/horizon/files/horizon.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0jCCAboCCQDwxZM4yuJRajANBgkqhkiG9w0BAQUFADArMSkwJwYDVQQDEyBj
+aGVmLWNvbnRyb2xsZXIuc3J0Lm1pcmFudGlzLm5ldDAeFw0xMjEyMDYxMTMwMTVa
+Fw0yMjEyMDQxMTMwMTVaMCsxKTAnBgNVBAMTIGNoZWYtY29udHJvbGxlci5zcnQu
+bWlyYW50aXMubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMIL
+HHm0k0i8FE7pyM+1CNyc0E0prG4VtvHrgjx6T1dtLzTsTLMUjTAgpri0cac+D9p8
+XQ+ThOYTQseNIodwRIHH7xju5RqDUlmo9MMdIEarTY5dR6DRn2ZTITNR8OnLJ6fi
+BzXFwoWM56k0DvAHyG7ZMCApcT7wthS54IhX3AStr3MIenBPtER3cFN/l0u2RDYa
+CT9F77V0wTpRjPhtLXf9cvMzpAM6oVZOoO0wckS9gGj64B1JUVVZpxSOR41TFZkm
+0hd6NDWnUzXyYjKaM81DC85j74y4FIfmLmu8dsgk4LLeFY4anRAE31jDT6Tc9dMT
+0OrANHyZoTw+xEtoJQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQB0oX7/m89rtNrW
+eMcDKdwSZGbkM35GWhPHnnr8gNfxsC0hnuitPbVylkDhLCSBy+krw/rZpV8jZ5V2
+NhvaPb5FkXz5VuQIK4YfEtNz4zKl04NeKUS3EoqJt0zZnNAwAhT/CjWocfB+/IWR
+lmqKaiyl3ZW+wLTUII1YkST1QsBl8tY5Eh6V6tj6qauB2mzNEQp8SvTh/8NWtSFp
+geIQ08CXZAh1PCPNRXH3MIsb7w4HNn5MgTXIGf02oQqXyMYUdr5s+YZjc389EoNg
+BhOVZaF6iRKfqISSgcfXk4as2CsV5X08WbML9uc1So2p2FlMepSsXI33ccw3pVF6
+c7XxlUvG
+-----END CERTIFICATE-----

deployment/puppet/horizon/lib/puppet/provider/a2mod/a2mod.rb

@@ -0,0 +1,22 @@
+Puppet::Type.type(:a2mod).provide(:a2mod) do
+    desc "Manage Apache 2 modules on Debian and Ubuntu"
+
+    optional_commands :encmd => "a2enmod"
+    optional_commands :discmd => "a2dismod"
+
+    confine :osfamily => :debian
+    defaultfor :operatingsystem => [:debian, :ubuntu]
+
+    def create
+        encmd resource[:name]
+    end
+
+    def destroy
+        discmd resource[:name]
+    end
+
+    def exists?
+        mod= "/etc/apache2/mods-enabled/" + resource[:name] + ".load"
+        File.exists?(mod)
+    end
+end

deployment/puppet/horizon/lib/puppet/provider/a2mod/gentoo.rb

@@ -0,0 +1,116 @@
+require 'puppet/util/filetype'
+Puppet::Type.type(:a2mod).provide(:gentoo, :parent => Puppet::Provider) do
+  desc "Manage Apache 2 modules on Gentoo"
+
+  confine :operatingsystem => :gentoo
+  defaultfor :operatingsystem => :gentoo
+
+  attr_accessor :property_hash
+
+  def create
+    @property_hash[:ensure] = :present
+  end
+
+  def exists?
+    (!(@property_hash[:ensure].nil?) and @property_hash[:ensure] == :present)
+  end
+
+  def destroy
+    @property_hash[:ensure] = :absent
+  end
+
+  def flush
+    self.class.flush
+  end
+
+  class << self
+    attr_reader :conf_file
+  end
+
+  def self.clear
+    @mod_resources = []
+    @modules       = []
+    @other_args    = ""
+  end
+
+  def self.initvars
+    @conf_file     = "/etc/conf.d/apache2"
+    @filetype      = Puppet::Util::FileType.filetype(:flat).new(conf_file)
+    @mod_resources = []
+    @modules       = []
+    @other_args    = ""
+  end
+
+  self.initvars
+
+  # Retrieve an array of all existing modules
+  def self.modules
+    if @modules.length <= 0
+      # Locate the APACHE_OPTS variable
+      records = filetype.read.split(/\n/)
+      apache2_opts = records.grep(/^\s*APACHE2_OPTS=/).first
+
+      # Extract all defines
+      while apache2_opts.sub!(/-D\s+(\w+)/, '')
+        @modules << $1.downcase
+      end
+
+      # Hang on to any remaining options.
+      if apache2_opts.match(/APACHE2_OPTS="(.+)"/)
+        @other_args = $1.strip
+      end
+
+      @modules.sort!.uniq!
+    end
+
+    @modules
+  end
+
+  def self.prefetch(resources={})
+    # Match resources with existing providers
+    instances.each do |provider|
+      if resource = resources[provider.name]
+        resource.provider = provider
+      end
+    end
+
+    # Store all resources using this provider for flushing
+    resources.each do |name, resource|
+      @mod_resources << resource
+    end
+  end
+
+  def self.instances
+    modules.map {|mod| new(:name => mod, :provider => :gentoo, :ensure => :present)}
+  end
+
+  def self.flush
+
+    mod_list       = modules
+    mods_to_remove = @mod_resources.select {|mod| mod.should(:ensure) == :absent}.map {|mod| mod[:name]}
+    mods_to_add    = @mod_resources.select {|mod| mod.should(:ensure) == :present}.map {|mod| mod[:name]}
+
+    mod_list -= mods_to_remove
+    mod_list += mods_to_add
+    mod_list.sort!.uniq!
+
+    if modules != mod_list
+      opts = @other_args + " "
+      opts << mod_list.map {|mod| "-D #{mod.upcase}"}.join(" ")
+      opts.strip!
+      opts.gsub!(/\s+/, ' ')
+
+      apache2_opts = %Q{APACHE2_OPTS="#{opts}"}
+      Puppet.debug("Writing back \"#{apache2_opts}\" to #{conf_file}")
+
+      records = filetype.read.split(/\n/)
+
+      opts_index = records.find_index {|i| i.match(/^\s*APACHE2_OPTS/)}
+      records[opts_index] = apache2_opts
+
+      filetype.backup
+      filetype.write(records.join("\n"))
+      @modules = mod_list
+    end
+  end
+end

deployment/puppet/horizon/lib/puppet/provider/a2mod/modfix.rb

@@ -0,0 +1,12 @@
+Puppet::Type.type(:a2mod).provide :modfix do
+    desc "Dummy provider for A2mod.
+
+    Fake nil resources when there is no crontab binary available. Allows
+    puppetd to run on a bootstrapped machine before a Cron package has been
+    installed. Workaround for: http://projects.puppetlabs.com/issues/2384
+    "
+
+    def self.instances
+        []
+    end
+end

deployment/puppet/horizon/lib/puppet/provider/a2mod/redhat.rb

@@ -0,0 +1,61 @@
+Puppet::Type.type(:a2mod).provide(:redhat) do
+  desc "Manage Apache 2 modules on RedHat family OSs"
+
+  confine :osfamily => :redhat
+  defaultfor :osfamily => :redhat
+
+  require 'pathname'
+
+  # modpath: Path to default apache modules directory /etc/httpd/mod.d
+  # modfile: Path to module load configuration file; Default: resides under modpath directory
+  # libfile: Path to actual apache module library. Added in modfile LoadModule
+
+  attr_accessor :modfile, :libfile
+  class << self
+    attr_accessor :modpath
+    def preinit
+      @modpath = "/etc/httpd/mod.d"
+    end
+  end
+
+  self.preinit
+
+  def create
+    File.open(modfile,'w') do |f|
+      f.puts "LoadModule #{resource[:identifier]} #{libfile}"
+    end
+  end
+
+  def destroy
+    File.delete(modfile)
+  end
+
+  def exists?
+    File.exists?(modfile) and File.read(modfile).match(libfile)
+  end
+
+  def self.instances
+    modules = []
+    Dir.glob("#{modpath}/*.load").each do |file|
+      m = file.match(/(\w+)\.load$/)
+      modules << m[1] if m
+    end
+
+    modules.map  do |mod|
+      new(
+        :name     => mod,
+        :ensure   => :present,
+        :provider => :redhat
+      )
+    end
+  end
+
+  def modfile
+    modfile ||= "#{self.class.modpath}/#{resource[:name]}.load"
+  end
+
+  # Set libfile path: If absolute path is passed, then maintain it. Else, make it default from 'modules' dir.
+  def libfile
+    libfile = Pathname.new(resource[:lib]).absolute? ? resource[:lib] : "modules/#{resource[:lib]}"
+  end
+end

deployment/puppet/horizon/lib/puppet/type/a2mod.rb

@@ -0,0 +1,29 @@
+Puppet::Type.newtype(:a2mod) do
+    @doc = "Manage Apache 2 modules"
+
+    ensurable
+
+    newparam(:name) do
+       desc "The name of the module to be managed"
+
+       isnamevar
+
+    end
+
+    newparam(:lib) do
+      desc "The name of the .so library to be loaded"
+
+      defaultto { "mod_#{@resource[:name]}.so" }
+    end
+ 
+    newparam(:identifier) do
+      desc "Module identifier string used by LoadModule. Default: module-name_module"
+
+      # http://httpd.apache.org/docs/2.2/mod/module-dict.html#ModuleIdentifier
+
+      defaultto { "#{resource[:name]}_module" }
+    end
+
+    autorequire(:package) { catalog.resource(:package, 'httpd')}
+
+end

deployment/puppet/horizon/manifests/init.pp

@@ -20,8 +20,8 @@
 # $api_result_limit     max number of Swift containers/objects to display on a single page
 #
 class horizon(
-  $bind_address = '127.0.0.1',
   $secret_key,
+  $bind_address          = '127.0.0.1',
   $cache_server_ip       = '127.0.0.1',
   $cache_server_port     = '11211',
   $swift                 = false,
@@ -33,11 +33,20 @@ class horizon(
   $keystone_scheme       = 'http',
   $keystone_default_role = 'Member',
   $django_debug          = 'False',
-  $api_result_limit      = 1000
+  $api_result_limit      = 1000,
+  $http_port             = 80,
+  $https_port            = 443,
+  $use_ssl               = false,
 ) {
 
   include horizon::params
 
+  $root_url      = $::horizon::params::root_url
+  $ssl_cert_file = $::horizon::params::ssl_cert_file
+  $ssl_key_file  = $::horizon::params::ssl_key_file
+  $wsgi_user     = $::horizon::params::apache_user
+  $wsgi_group    = $::horizon::params::apache_group
+
   package { ["$::horizon::params::http_service", "$::horizon::params::http_modwsgi"]:
     ensure => present,
   }
@@ -47,37 +56,74 @@ class horizon(
     require => Package[$::horizon::params::http_service],
   }
 
-  case $::osfamily {
-    'RedHat': {
   File {
     require => Package["$::horizon::params::package_name"],
-        owner   => 'apache',
+    owner   => $wsgi_user,
-        group   => 'apache',
+    group   => $wsgi_group,
-      }
-    }
-    'Debian': {
-      File {
-        require => Package["$::horizon::params::package_name"],
-        owner   => 'www-data',
-        group   => 'www-data',
-      }
-    }
-  }
- $dashboard_urlpart = $::osfamily ? {
-   'Debian' => 'horizon',
-   'RedHat' => 'dashboard'
   }
+
   file { $::horizon::params::local_settings_path:
     content => template('horizon/local_settings.py.erb'),
     mode    => '0644',
   }
 
+  # file { '/etc/apache2/sites-available/openstack-dashboard':
+  #   content => template('horizon/dash-site.erb'),
+  #   mode    => '0644',
+  # }
+
+
+  # stop apache bitching
+  # file { "${dash_path}/.blackhole": 
+  #   ensure => directory,
+  #   owner  => 'root',
+  # }
+
+  if $use_ssl {
+    file { $ssl_cert_file:
+      ensure  => present,
+      mode    => '0644',
+      owner   => 'root',
+      group   => 'root',
+      source  => 'puppet:///modules/horizon/horizon.pem',
+    }
+
+    file { $ssl_key_file:
+      ensure  => present,
+      mode    => '0640',
+      owner   => 'root',
+      group   => $::horizon::params::ssl_key_group,
+      source  => 'puppet:///modules/horizon/horizon.key',
+    }
+
+  }
+
   file { $::horizon::params::logdir:
     ensure  => directory,
     mode    => '0751',
     before  => Service["$::horizon::params::http_service"],
   }
 
+  # file_line { 'horizon_redirect_rule':
+  #   path    => $::horizon::params::config_file,
+  #   line    => "RedirectMatch permanent ^/$ ${root_url}/",
+  #   require => Package["$::horizon::params::package_name"],
+  #   notify  => Service["$::horizon::params::http_service"]
+  # }
+
+  file { $::horizon::params::vhosts_file:
+    content => template('horizon/vhosts.erb'),
+    mode    => '0644',
+    require => Package["$::horizon::params::package_name"],
+    notify  => Service["$::horizon::params::http_service"]
+  }
+
+  file { $::horizon::params::httpd_listen_config_file: 
+    content => template('horizon/ports.conf.erb'), 
+    require => Package[$::horizon::params::package_name],
+    #before  => Package[$::horizon::params::package_name],
+  }
+
   case $::osfamily {
     'RedHat': { 
       file { '/etc/httpd/conf.d/wsgi.conf':
@@ -88,19 +134,36 @@ class horizon(
         require => Package["$::horizon::params::http_service", "$::horizon::params::http_modwsgi"],
         before  => Package["$::horizon::params::package_name"],
       }  # ensure there is a HTTP redirect from / to /dashboard
-  file_line { 'horizon_redirect_rule':
+
-    path => $::horizon::params::config_file,
+      # file_line { 'horizon_redirect_rule':
-    line => 'RedirectMatch permanent ^/$ /dashboard/',
+      #   path => $::horizon::params::config_file,
-    require => Package["$::horizon::params::package_name"],
+      #   line => 'RedirectMatch permanent ^/$ /dashboard/',
-    notify => Service["$::horizon::params::http_service"]
+      #   require => Package["$::horizon::params::package_name"],
+      #   notify => Service["$::horizon::params::http_service"]
+      # }
+
+      # file_line { 'httpd_listen_on_internal_network_only':
+      #   path => $::horizon::params::httpd_listen_config_file,
+      #   match => '^Listen (.*)$',
+      #   line => "Listen ${bind_address}:80",
+      #   before => [Service["$::horizon::params::http_service"]],
+      #   notify => [Service["$::horizon::params::http_service"]],
+      #   require =>[Package["$::horizon::params::package_name"]] 
+      # }
+
+      if $use_ssl {
+        package { 'mod_ssl':
+          ensure => present,
+          before => Service[$::horizon::params::http_service],
         }
-  file_line { 'httpd_listen_on_internal_network_only':
+      }
-    path => $::horizon::params::httpd_listen_config_file,
+
-    match => '^Listen (.*)$',
+      augeas { "remove_listen_directive": 
-    line => "Listen ${bind_address}:80",
+        context => "/files/etc/httpd/conf/httpd.conf",
-    before => [Service["$::horizon::params::http_service"]],
+        changes => [ 
-    notify => [Service["$::horizon::params::http_service"]],
+          "rm directive[. = 'Listen']"
-    require =>[Package["$::horizon::params::package_name"]] 
+        ],
+        before  => Service[$::horizon::params::http_service],
       } 
     }
     'Debian': {
@@ -108,19 +171,41 @@ class horizon(
         ensure => directory,
         require => []
       }
-   file { $::horizon::params::httpd_listen_config_file: 
+
-   content => template('horizon/ports.conf.erb'), 
+      A2mod {
-   require => File['/etc/apache2'],
+        ensure  => present,
-   before => Package[$::horizon::params::package_name],
+        require => Package[$::horizon::params::package_name],
-   }
+        notify  => Service[$::horizon::params::http_service],
-   exec { 'a2enmod wsgi':
-     command => 'a2enmod wsgi',
-     path => ['/usr/bin','/usr/sbin','/bin/','/sbin'],
-     require => Package["$::horizon::params::http_service", "$::horizon::params::http_modwsgi"],
-     before  => Package["$::horizon::params::package_name"],
       }
+
+      a2mod { 'wsgi': }
+
+      if $use_ssl {
+        a2mod { ['rewrite', 'ssl']: }
+      }
+
+      file { '/etc/apache2/sites-enabled/openstack-dashboard':
+        ensure  => link,
+        target  => $::horizon::params::vhosts_file,
+        #require => File['/etc/apache2/sites-available/openstack-dashboard'],
+      }
+
+      file { '/etc/apache2/sites-enabled/000-default':
+        ensure => absent,
+        before => Service[$::horizon::params::http_service],
+      }
+
+   # exec { 'a2enmod wsgi':
+   #   command => 'a2enmod wsgi',
+   #   path => ['/usr/bin','/usr/sbin','/bin/','/sbin'],
+   #   require => Package["$::horizon::params::http_service", "$::horizon::params::http_modwsgi"],
+   #   before  => Package["$::horizon::params::package_name"],
+   # }
+
+
     }
   }
+
   service { '$::horizon::params::http_service':
     name      => $::horizon::params::http_service,
     ensure    => 'running',
@@ -128,6 +213,7 @@ class horizon(
     require   => Package["$::horizon::params::http_service", "$::horizon::params::http_modwsgi"],
     subscribe => File["$::horizon::params::local_settings_path", "$::horizon::params::logdir"]
   }
+
   if $cache_server_ip =~ /^127\.0\.0\.1/ {
     Class['memcached'] -> Class['horizon']
   }

deployment/puppet/horizon/manifests/params.pp

@@ -7,17 +7,28 @@ class horizon::params {
   case $::osfamily {
     'RedHat': {
       $http_service              = 'httpd'
+      $vhosts_file               = '/etc/httpd/conf.d/ssl.conf'
       $http_modwsgi              = 'mod_wsgi'
       $package_name              = 'openstack-dashboard'
-      $httpd_listen_config_file    = '/etc/httpd/conf/httpd.conf'
+      $httpd_listen_config_file  = '/etc/httpd/conf.d/ports.conf'
-      $config_file                 = '/etc/httpd/conf.d/openstack-dashboard.conf'
       $local_settings_path       = '/etc/openstack-dashboard/local_settings'
+      $root_url                  = '/dashboard'
+      $apache_user               = 'apache'
+      $apache_group              = 'apache'
+      $ssl_key_group             = 'root'
+      $ssl_dir                   = '/etc/pki/tls'
     }
     'Debian': {
       $http_service              = 'apache2'
-      $config_file                 = '/etc/apache2/conf.d/openstack-dashboard.conf'
+      $vhosts_file               = '/etc/apache2/sites-available/openstack-dashboard.conf'
+      $local_settings_path       = '/etc/openstack-dashboard/local_settings.py'
       $httpd_listen_config_file  = '/etc/apache2/ports.conf'
       $http_modwsgi              = 'libapache2-mod-wsgi'
+      $root_url                  = '/horizon'
+      $apache_user               = 'www-data'
+      $apache_group              = 'www-data'
+      $ssl_key_group             = 'ssl-cert'
+      $ssl_dir                   = '/etc/ssl'
       case $::operatingsystem {
         'Debian': {
             $package_name        = 'openstack-dashboard-apache'
@@ -26,10 +37,12 @@ class horizon::params {
             $package_name        = 'openstack-dashboard'
         }
       }
-      $local_settings_path         = '/etc/openstack-dashboard/local_settings.py'
     }
     default: {
       fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, module ${module_name} only support osfamily RedHat and Debian")
     }
   }
+
+  $ssl_cert_file = "${ssl_dir}/certs/horizon.pem"
+  $ssl_key_file  = "${ssl_dir}/private/horizon.key"
 }

deployment/puppet/horizon/templates/local_settings.py.erb

@@ -4,11 +4,8 @@ from django.utils.translation import ugettext_lazy as _
 
 DEBUG = <%= django_debug %>
 TEMPLATE_DEBUG = DEBUG
-PROD = False
-USE_SSL = False
 
-# Note: You should change this value
+
-SECRET_KEY = '<%= secret_key %>'
 
 # Specify a regular expression to validate user passwords.
 # HORIZON_CONFIG = {
@@ -20,6 +17,9 @@ SECRET_KEY = '<%= secret_key %>'
 
 LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
 
+# Note: You should change this value
+SECRET_KEY = '<%= secret_key %>'
+
 # We recommend you use memcached for development; otherwise after every reload
 # of the django development server, you will have to login again. To use
 # memcached set CACHE_BACKED to something like 'memcached://127.0.0.1:11211/'
@@ -46,6 +46,9 @@ OPENSTACK_HOST = "<%= keystone_host %>"
 OPENSTACK_KEYSTONE_URL = "<%= keystone_scheme %>://%s:<%= keystone_port %>/v2.0" % OPENSTACK_HOST
 OPENSTACK_KEYSTONE_DEFAULT_ROLE = "<%= keystone_default_role %>"
 
+# Disable SSL certificate checks (useful for self-signed certificates):
+OPENSTACK_SSL_NO_VERIFY = True
+
 # The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
 # capabilities of the auth backend for Keystone.
 # If Keystone has been configured to use LDAP as the auth backend then set
@@ -57,6 +60,10 @@ OPENSTACK_KEYSTONE_BACKEND = {
     'can_edit_user': True
 }
 
+OPENSTACK_HYPERVISOR_FEATURES = {
+    'can_set_mount_point': True
+}
+
 # OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
 # in the Keystone service catalog. Use this setting when Horizon is running
 # external to the OpenStack environment. The default is 'internalURL'.
@@ -65,15 +72,21 @@ OPENSTACK_KEYSTONE_BACKEND = {
 <% if swift -%>
 # Include the SWIFT interface extension in Horizon
 SWIFT_ENABLED = True
+SWIFT_PAGINATE_LIMIT = 100
 <% end -%>
 
 # The number of Swift containers and objects to display on a single page before
 # providing a paging element (a "more" link) to paginate results.
 API_RESULT_LIMIT = <%= api_result_limit %>
+API_RESULT_PAGE_SIZE = 20
 
 <% if quantum -%>
 #  Include the Quantum interface extensions in Horizon
 QUANTUM_ENABLED = True
+QUANTUM_URL = '%s'  % OPENSTACK_HOST
+QUANTUM_PORT = '9696'
+QUANTUM_TENANT = 'services'
+QUANTUM_CLIENT_VERSION='2.0'
 <% end -%>
 
 # If you have external monitoring links, eg:
@@ -136,8 +149,9 @@ LOGGING = {
         }
 }
 
-LOGIN_URL='/<%= dashboard_urlpart %>/auth/login/'
+LOGIN_URL = '<%= root_url %>/auth/login/'
-LOGIN_REDIRECT_URL='/<%= dashboard_urlpart%>'
+LOGOUT_URL = '<%= root_url %>/auth/logout/'
+LOGIN_REDIRECT_URL = '<%= root_url %>/syspanel/'
 
 # The Ubuntu package includes pre-compressed JS and compiled CSS to allow
 # offline compression by default.  To enable online compression, install

deployment/puppet/horizon/templates/ports.conf.erb

@@ -1,12 +1,23 @@
-NameVirtualHost *:80
+# If you just change the port or add more ports here, you will likely also
-Listen <%= bind_address %>:80 
+# have to change the VirtualHost statement
 
+NameVirtualHost *:<%= @http_port %>
+Listen <%= @bind_address %>:<%= @http_port %>
+
+<% if @osfamily == 'RedHat' -%>
+<% if @use_ssl -%>
+NameVirtualHost *:<%= @https_port %>
+Listen <%= @bind_address %>:<%= @https_port %>
+<% end %>
+<% else %>
 <IfModule mod_ssl.c>
-    Listen <%= bind_address %>:443
+    # Server Name Indication for SSL named virtual hosts is currently not
+    # supported by MSIE on Windows XP.
+    NameVirtualHost *:<%= @https_port %>
+    Listen <%= @bind_address %>:<%= @https_port %>
 </IfModule>
 
 <IfModule mod_gnutls.c>
-    Listen <%= bind_address %>:443
+    Listen <%= @bind_address %>:<%= @https_port %>
 </IfModule>
-
+<% end %>
-

deployment/puppet/horizon/templates/vhosts.erb

@@ -0,0 +1,35 @@
+#
+# This file autogenerated by Puppet
+# Do not edit, changes will be overwritten
+#
+
+RedirectMatch permanent ^/$ <%= @root_url %>/
+
+<% if @use_ssl -%>
+# SSL support
+<% if @osfamily == 'RedHat' -%>
+LoadModule ssl_module modules/mod_ssl.so
+<% end -%>
+
+SSLPassPhraseDialog  builtin
+SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
+SSLSessionCacheTimeout  300
+SSLMutex default
+SSLRandomSeed startup file:/dev/urandom  256
+SSLRandomSeed connect builtin
+SSLCryptoDevice builtin
+<% end -%>
+
+<VirtualHost *:<%= @http_port %>>
+<% if @use_ssl -%>
+  RewriteEngine On
+  RewriteCond %{HTTPS} off
+  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
+</VirtualHost>
+
+<VirtualHost *:<%= @https_port %>>
+  SSLEngine on
+  SSLCertificateFile <%= @ssl_cert_file %>
+  SSLCertificateKeyFile <%= @ssl_key_file %>
+<% end -%>
+</VirtualHost>