# == Class: horizon # # Installs Horizon dashboard with Apache # # === Parameters # # [*secret_key*] # (required) Secret key. This is used by Django to provide cryptographic # signing, and should be set to a unique, unpredictable value. # # [*fqdn*] # (optional) DEPRECATED, use allowed_hosts and server_aliases instead. # FQDN(s) used to access Horizon. This is used by Django for # security reasons. Can be set to * in environments where security is # deemed unimportant. Also used for Server Aliases in web configs. # Defaults to ::fqdn # # [*servername*] # (optional) FQDN used for the Server Name directives # Defaults to ::fqdn. # # [*allowed_hosts*] # (optional) List of hosts which will be set as value of ALLOWED_HOSTS # parameter in settings_local.py. This is used by Django for # security reasons. Can be set to * in environments where security is # deemed unimportant. # Defaults to ::fqdn. # # [*server_aliases*] # (optional) List of names which should be defined as ServerAlias directives # in vhost.conf. # Defaults to ::fqdn. # # [*package_ensure*] # (optional) Package ensure state. Defaults to 'present'. # # [*cache_server_ip*] # (optional) Memcached IP address. Can be a string, or an array. # Defaults to '127.0.0.1'. # # [*cache_server_port*] # (optional) Memcached port. Defaults to '11211'. # # [*swift*] # (optional) Enable Swift interface extension. Defaults to false. # # [*horizon_app_links*] # (optional) Array of arrays that can be used to add call-out links # to the dashboard for other apps. There is no specific requirement # for these apps to be for monitoring, that's just the defacto purpose. # Each app is defined in two parts, the display name, and # the URIDefaults to false. Defaults to false. (no app links) # # [*keystone_url*] # (optional) Full url of keystone public endpoint. (Defaults to 'http://127.0.0.1:5000/v2.0') # Use this parameter in favor of keystone_host, keystone_port and keystone_scheme. # # [*keystone_scheme*] # (optional) DEPRECATED: Use keystone_url instead. # Scheme of the Keystone service. (Defaults to 'http') # Setting this parameter overrides keystone_url parameter. # # [*keystone_host*] # (optional) DEPRECATED: Use keystone_url instead. # IP address of the Keystone service. (Defaults to '127.0.0.1') # Setting this parameter overrides keystone_url parameter. # # [*keystone_port*] # (optional) DEPRECATED: Use keystone_url instead. # Port of the Keystone service. (Defaults to 5000) # Setting this parameter overrides keystone_url parameter. # # [*keystone_default_role*] # (optional) Default Keystone role for new users. Defaults to '_member_'. # # [*django_debug*] # (optional) Enable or disable Django debugging. Defaults to 'False'. # # [*openstack_endpoint_type*] # (optional) endpoint type to use for the endpoints in the Keystone # service catalog. Defaults to 'undef'. # # [*secondary_endpoint_type*] # (optional) secondary endpoint type to use for the endpoints in the # Keystone service catalog. Defaults to 'undef'. # # [*available_regions*] # (optional) List of available regions. Value should be a list of tuple: # [ ['urlOne', 'RegionOne'], ['urlTwo', 'RegionTwo'] ] # Defaults to undef. # # [*api_result_limit*] # (optional) Maximum number of Swift containers/objects to display # on a single page. Defaults to 1000. # # [*log_level*] # (optional) Log level. Defaults to 'INFO'. WARNING: Setting this to # DEBUG will let plaintext passwords be logged in the Horizon log file. # # [*local_settings_template*] # (optional) Location of template to use for local_settings.py generation. # Defaults to 'horizon/local_settings.py.erb'. # # [*help_url*] # (optional) Location where the documentation should point. # Defaults to 'http://docs.openstack.org'. # # [*compress_offline*] # (optional) Boolean to enable offline compress of assets. # Defaults to True # # [*hypervisor_options*] # (optional) A hash of parameters to enable features specific to # Hypervisors. These include: # 'can_set_mount_point': Boolean to enable or disable mount point setting # Defaults to 'True'. # 'can_set_password': Boolean to enable or disable VM password setting. # Works only with Xen Hypervisor. # Defaults to 'False'. # # [*neutron_options*] # (optional) A hash of parameters to enable features specific to # Neutron. These include: # 'enable_lb': Boolean to enable or disable Neutron's LBaaS feature. # Defaults to False. # 'enable_firewall': Boolean to enable or disable Neutron's FWaaS feature. # Defaults to False. # 'enable_quotas': Boolean to enable or disable Neutron quotas. # Defaults to True. # 'enable_security_group': Boolean to enable or disable Neutron # security groups. Defaults to True. # 'enable_vpn': Boolean to enable or disable Neutron's VPNaaS feature. # Defaults to False. # 'profile_support': A string indiciating which plugin-specific # profiles to enable. Defaults to 'None', other options include # 'cisco'. # # [*configure_apache*] # (optional) Configure Apache for Horizon. (Defaults to true) # # [*bind_address*] # (optional) Bind address in Apache for Horizon. (Defaults to undef) # # [*listen_ssl*] # (optional) Enable SSL support in Apache. (Defaults to false) # # [*ssl_redirect*] # (optional) Whether to redirect http to https # Defaults to True # # [*horizon_cert*] # (required with listen_ssl) Certificate to use for SSL support. # # [*horizon_key*] # (required with listen_ssl) Private key to use for SSL support. # # [*horizon_ca*] # (required with listen_ssl) CA certificate to use for SSL support. # # [*vhost_extra_params*] # (optionnal) extra parameter to pass to the apache::vhost class # Defaults to undef # # [*file_upload_temp_dir*] # (optional) Location to use for temporary storage of images uploaded # You must ensure that the path leading to the directory is created # already, only the last level directory is created by this manifest. # Specify an absolute pathname. # Defaults to /tmp # # [*secure_cookies*] # (optional) Enables security settings for cookies. Useful when using # https on public sites. See: http://docs.openstack.org/developer/horizon/topics/deployment.html#secure-site-recommendations # Defaults to false # # [*django_session_engine*] # (optional) Selects the session engine for Django to use. # Defaults to undefined - will not add entry to local settings. # # === Deprecation notes # # If any value is provided for keystone_scheme, keystone_host, or # keystone_port parameters; keystone_url will be completely ignored. Also # can_set_mount_point is deprecated. # # === Examples # # class { 'horizon': # secret => 's3cr3t', # keystone_url => 'https://10.0.0.10:5000/v2.0', # available_regions => [ # ['http://region-1.example.com:5000/v2.0', 'Region-1'], # ['http://region-2.example.com:5000/v2.0', 'Region-2'] # ] # } # class horizon( $secret_key, $fqdn = undef, $package_ensure = 'present', $cache_server_ip = '127.0.0.1', $cache_server_port = '11211', $swift = false, $horizon_app_links = false, $keystone_url = 'http://127.0.0.1:5000/v2.0', $keystone_default_role = '_member_', $django_debug = 'False', $openstack_endpoint_type = undef, $secondary_endpoint_type = undef, $available_regions = undef, $api_result_limit = 1000, $log_level = 'INFO', $help_url = 'http://docs.openstack.org', $local_settings_template = 'horizon/local_settings.py.erb', $configure_apache = true, $bind_address = undef, $servername = $::fqdn, $server_aliases = $::fqdn, $allowed_hosts = $::fqdn, $listen_ssl = false, $ssl_redirect = true, $horizon_cert = undef, $horizon_key = undef, $horizon_ca = undef, $compress_offline = true, $hypervisor_options = {}, $neutron_options = {}, $file_upload_temp_dir = '/tmp', $policy_files_path = undef, $policy_files = undef, # DEPRECATED PARAMETERS $can_set_mount_point = undef, $keystone_host = undef, $keystone_port = undef, $keystone_scheme = undef, $vhost_extra_params = undef, $secure_cookies = false, $django_session_engine = undef, ) { include ::horizon::params if $swift { warning('swift parameter is deprecated and has no effect.') } if $keystone_scheme { warning('The keystone_scheme parameter is deprecated, use keystone_url instead.') } if $keystone_host { warning('The keystone_host parameter is deprecated, use keystone_url instead.') } if $keystone_port { warning('The keystone_port parameter is deprecated, use keystone_url instead.') } # Default options for the OPENSTACK_HYPERVISOR_FEATURES section. These will # be merged with user-provided options when the local_settings.py.erb # template is interpolated. Also deprecates can_set_mount_point. if $can_set_mount_point { warning('The can_set_mount_point parameter is deprecated, use hypervisor_options instead.') $hypervisor_defaults = { 'can_set_mount_point' => $can_set_mount_point, 'can_set_password' => false } } else { $hypervisor_defaults = { 'can_set_mount_point' => true, 'can_set_password' => false } } if $fqdn { warning('Parameter fqdn is deprecated. Please use parameter allowed_hosts for setting ALLOWED_HOSTS in settings_local.py and parameter server_aliases for setting ServerAlias directives in vhost.conf.') $final_allowed_hosts = $fqdn $final_server_aliases = $fqdn } else { $final_allowed_hosts = $allowed_hosts $final_server_aliases = $server_aliases } # Default options for the OPENSTACK_NEUTRON_NETWORK section. These will # be merged with user-provided options when the local_settings.py.erb # template is interpolated. $neutron_defaults = { 'enable_lb' => false, 'enable_firewall' => false, 'enable_quotas' => true, 'enable_security_group' => true, 'enable_vpn' => false, 'profile_support' => 'None' } Service <| title == 'memcached' |> -> Class['horizon'] package { 'horizon': ensure => $package_ensure, name => $::horizon::params::package_name, } file { $::horizon::params::config_file: content => template($local_settings_template), mode => '0644', require => Package['horizon'], } package { 'python-lesscpy': ensure => $package_ensure, } exec { 'refresh_horizon_django_cache': command => "${::horizon::params::manage_py} compress", refreshonly => true, require => [Package['python-lesscpy'], Package['horizon']], } if $compress_offline { File[$::horizon::params::config_file] ~> Exec['refresh_horizon_django_cache'] } if $configure_apache { class { 'horizon::wsgi::apache': bind_address => $bind_address, servername => $servername, server_aliases => $final_server_aliases, listen_ssl => $listen_ssl, ssl_redirect => $ssl_redirect, horizon_cert => $horizon_cert, horizon_key => $horizon_key, horizon_ca => $horizon_ca, extra_params => $vhost_extra_params, } } if ! ($file_upload_temp_dir in ['/tmp','/var/tmp']) { file { $file_upload_temp_dir : ensure => directory, owner => $::horizon::params::wsgi_user, group => $::horizon::params::wsgi_group, mode => '0755' } } }