diff --git a/defaults/main.yml b/defaults/main.yml index af9efe59..a48f6179 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -20,7 +20,11 @@ debug: False # for the service setup. The host must already have # clouds.yaml properly configured. horizon_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}" -horizon_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((horizon_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }}" +horizon_service_setup_host_python_interpreter: >- + {{ + openstack_service_setup_host_python_interpreter | default( + (horizon_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) + }} # Set the package install state for distribution packages # Options are 'present' and 'latest' @@ -30,7 +34,8 @@ horizon_package_state: "{{ package_state | default('latest') }}" horizon_install_method: "{{ service_install_method | default('source') }}" horizon_venv_python_executable: "{{ openstack_venv_python_executable | default('python3') }}" -horizon_upper_constraints_url: "{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}" +horizon_upper_constraints_url: >- + {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }} horizon_venv_extra_constraints: [] @@ -154,7 +159,7 @@ horizon_allowed_hosts: ## Installation directories # When horizon_lib_dir is not defined, it will be detected automatically -#horizon_lib_dir: "" +# horizon_lib_dir: "" horizon_lib_wsgi_file: "{{ horizon_lib_dir }}/openstack_dashboard/wsgi.py" horizon_endpoint_type: internalURL @@ -219,7 +224,7 @@ horizon_disallow_iframe_embed: True ## Cap the maximun number of threads / workers when a user value is unspecified. horizon_wsgi_threads_max: 16 -horizon_wsgi_threads: "{{ [[ansible_facts['processor_vcpus']|default(2) // 2, 1] | max, horizon_wsgi_threads_max] | min }}" +horizon_wsgi_threads: "{{ [[ansible_facts['processor_vcpus'] | default(2) // 2, 1] | max, horizon_wsgi_threads_max] | min }}" ## Horizon SSL horizon_ssl_cert: /etc/ssl/certs/horizon.pem @@ -227,7 +232,8 @@ horizon_ssl_key: /etc/ssl/private/horizon.key horizon_ssl_ca_cert: /etc/ssl/certs/horizon-ca.pem horizon_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1') }}" # TLS v1.2 and below -horizon_ssl_cipher_suite_tls12: "{{ horizon_ssl_cipher_suite | default(ssl_cipher_suite | default('ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM')) }}" +horizon_ssl_cipher_suite_tls12: >- + {{ horizon_ssl_cipher_suite | default(ssl_cipher_suite | default('ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM')) }} # TLS v1.3 horizon_ssl_cipher_suite_tls13: "{{ ssl_cipher_suite_tls13 | default('TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256') }}" @@ -505,9 +511,9 @@ horizon_translations_pull: "{{ _horizon_translations_pull }}" horizon_config_overrides: {} # Set overrides for horizon embedded policies -#horizon_policy_overrides: -# cinder: -# "volume:create": "rule:admin_or_owner" +# horizon_policy_overrides: +# cinder: +# "volume:create": "rule:admin_or_owner" horizon_policy_overrides: {} horizon_init_overrides: {} @@ -519,7 +525,7 @@ horizon_keystone_admin_roles: # Set the "credentials" authentication choice to show as default. # The list of authentication mechanisms which include keystone # federation protocols and identity provider/federation protocol -#horizon_websso_keystone_url: "{{ horizon_keystone_endpoint }}" +# horizon_websso_keystone_url: "{{ horizon_keystone_endpoint }}" horizon_websso_initial_choice: "credentials" horizon_websso_default_redirect: False horizon_websso_default_redirect_region: "{{ horizon_websso_keystone_url | default(horizon_keystone_endpoint) }}" @@ -540,7 +546,8 @@ horizon_pki_setup_host: "{{ openstack_pki_setup_host | default('localhost') }}" horizon_pki_keys_path: "{{ horizon_pki_dir ~ '/certs/private/' }}" horizon_pki_certs_path: "{{ horizon_pki_dir ~ '/certs/certs/' }}" horizon_pki_intermediate_cert_name: "{{ openstack_pki_service_intermediate_cert_name | default('ExampleCorpIntermediate') }}" -horizon_pki_intermediate_cert_path: "{{ horizon_pki_dir ~ '/roots/' ~ horizon_pki_intermediate_cert_name ~ '/certs/' ~ horizon_pki_intermediate_cert_name ~ '.crt' }}" +horizon_pki_intermediate_cert_path: >- + {{ horizon_pki_dir ~ '/roots/' ~ horizon_pki_intermediate_cert_name ~ '/certs/' ~ horizon_pki_intermediate_cert_name ~ '.crt' }} horizon_pki_regen_cert: '' horizon_pki_san: "{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}" horizon_pki_certificates: @@ -570,6 +577,6 @@ horizon_pki_install_certificates: condition: "{{ horizon_user_ssl_ca_cert is defined }}" # Define user-provided SSL certificates -#horizon_user_ssl_cert: -#horizon_user_ssl_key: -#horizon_user_ssl_ca_cert: +# horizon_user_ssl_cert: +# horizon_user_ssl_key: +# horizon_user_ssl_ca_cert: diff --git a/handlers/main.yml b/handlers/main.yml index 240d91c7..741815ad 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -17,6 +17,7 @@ command: "{{ horizon_manage }} compilemessages" become: "{{ (horizon_install_method == 'source') }}" become_user: "{{ horizon_system_user_name }}" + changed_when: false args: chdir: "{{ horizon_lib_dir }}/" listen: diff --git a/meta/main.yml b/meta/main.yml index 2e18c89c..31f21bd1 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -18,19 +18,21 @@ galaxy_info: description: Installation and setup of horizon company: Rackspace license: Apache2 - min_ansible_version: 2.2 + role_name: os_horizon + namespace: openstack + min_ansible_version: "2.10" platforms: - name: Debian versions: - - buster + - bullseye - name: Ubuntu versions: - - bionic - focal + - jammy - name: EL versions: - - 8 - categories: + - "9" + galaxy_tags: - cloud - python - horizon diff --git a/tasks/horizon_apache.yml b/tasks/horizon_apache.yml index 198fded1..018f7ff0 100644 --- a/tasks/horizon_apache.yml +++ b/tasks/horizon_apache.yml @@ -31,6 +31,7 @@ dest: "{{ item.dest }}" owner: "{{ item.owner | default(horizon_system_user_name) }}" group: "{{ item.group | default(horizon_system_group_name) }}" + mode: "0644" with_items: "{{ horizon_apache_configs }}" notify: Restart wsgi process diff --git a/tasks/horizon_install.yml b/tasks/horizon_install.yml index 6c166311..2497b401 100644 --- a/tasks/horizon_install.yml +++ b/tasks/horizon_install.yml @@ -19,6 +19,7 @@ section: "horizon" option: "install_method" value: "{{ horizon_install_method }}" + mode: "0644" - name: Refresh local facts to ensure the horizon section is present setup: diff --git a/tasks/horizon_post_install.yml b/tasks/horizon_post_install.yml index 92b1a07e..5739e704 100644 --- a/tasks/horizon_post_install.yml +++ b/tasks/horizon_post_install.yml @@ -49,7 +49,7 @@ template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: "{{ item.owner|default(horizon_system_user_name) }}" + owner: "{{ item.owner | default(horizon_system_user_name) }}" group: "{{ horizon_system_group_name }}" mode: "{{ item.mode }}" with_items: @@ -84,6 +84,7 @@ copy: src: "{{ item.value.src }}" dest: "{{ horizon_lib_dir }}/openstack_dashboard/static/dashboard/{{ item.value.dest }}" + mode: "0644" with_dict: "{{ horizon_custom_uploads | default({}) }}" - name: Create horizon links diff --git a/tasks/horizon_post_install_source.yml b/tasks/horizon_post_install_source.yml index 6c8983bd..feb09874 100644 --- a/tasks/horizon_post_install_source.yml +++ b/tasks/horizon_post_install_source.yml @@ -17,8 +17,9 @@ file: path: "{{ item.path }}" state: "directory" - owner: "{{ item.owner|default(horizon_system_user_name) }}" - group: "{{ item.group|default(horizon_system_group_name) }}" + owner: "{{ item.owner | default(horizon_system_user_name) }}" + group: "{{ item.group | default(horizon_system_group_name) }}" + mode: "{{ item.mode | default('0755') }}" with_items: - { path: "{{ horizon_lib_dir }}/static", mode: "2755" } - { path: "{{ horizon_lib_dir }}/openstack_dashboard", mode: "2755" } @@ -68,7 +69,7 @@ - name: Link policy files file: src: "{{ item.path }}" - dest: "{{ horizon_lib_dir }}/openstack_dashboard/conf/{{ item.path|basename }}" + dest: "{{ horizon_lib_dir }}/openstack_dashboard/conf/{{ item.path | basename }}" state: link with_items: "{{ found_policy.files }}" notify: @@ -77,7 +78,7 @@ - name: Enable project panels file: src: "{{ item.path }}" - path: "{{ horizon_dashboard_panel_dir }}/{{ item.path|basename }}" + path: "{{ horizon_dashboard_panel_dir }}/{{ item.path | basename }}" state: link with_items: "{{ found_panels.files }}" notify: diff --git a/tasks/horizon_pre_install.yml b/tasks/horizon_pre_install.yml index 52435b03..951edf92 100644 --- a/tasks/horizon_pre_install.yml +++ b/tasks/horizon_pre_install.yml @@ -33,9 +33,9 @@ file: path: "{{ item.path }}" state: "directory" - owner: "{{ item.owner|default(horizon_system_user_name) }}" - group: "{{ item.group|default(horizon_system_group_name) }}" - mode: "{{ item.mode|default('0755') }}" + owner: "{{ item.owner | default(horizon_system_user_name) }}" + group: "{{ item.group | default(horizon_system_group_name) }}" + mode: "{{ item.mode | default('0755') }}" when: item.condition | default(True) with_items: - { path: "/openstack/venvs", mode: "0755", owner: "root", group: "root" } diff --git a/tasks/horizon_translations_update.yml b/tasks/horizon_translations_update.yml index a9916b8b..a644cf00 100644 --- a/tasks/horizon_translations_update.yml +++ b/tasks/horizon_translations_update.yml @@ -14,9 +14,13 @@ # limitations under the License. - name: Perform a Zanata Pull Catalog - command: "{{ horizon_manage }} pull_catalog -p {{ translation.project }} -m {{ translation.module }} -b {{ (translation.branch | default('master')) | replace('/', '-') }}" + command: >- + {{ horizon_manage }} pull_catalog -p {{ translation.project }} -m {{ translation.module }} -b {{ + (translation.branch | default('master')) | replace('/', '-') + }} args: chdir: "{{ horizon_lib_dir }}/" + changed_when: false with_items: "{{ horizon_translations_pull }}" loop_control: loop_var: translation diff --git a/tasks/main.yml b/tasks/main.yml index 81e6b334..84fe4f48 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -43,11 +43,13 @@ tags: - always -- import_tasks: horizon_pre_install.yml +- name: Importing horizon_pre_install tasks + import_tasks: horizon_pre_install.yml tags: - horizon-install -- import_tasks: horizon_install.yml +- name: Importing horizon_install tasks + import_tasks: horizon_install.yml tags: - horizon-install @@ -71,11 +73,13 @@ tags: - always -- import_tasks: horizon_post_install.yml +- name: Importing horizon_post_install tasks + import_tasks: horizon_post_install.yml tags: - horizon-config -- import_tasks: horizon_service_setup.yml +- name: Importing horizon_service_setup tasks + import_tasks: horizon_service_setup.yml when: - ('horizon_all' in group_names) - inventory_hostname == groups['horizon_all'][0] @@ -97,11 +101,13 @@ tags: - horizon-config -- import_tasks: "{{ (horizon_use_uwsgi | bool) | ternary('horizon_uwsgi.yml', 'horizon_apache.yml') }}" +- name: Importing uwsgi/apache tasks + import_tasks: "{{ (horizon_use_uwsgi | bool) | ternary('horizon_uwsgi.yml', 'horizon_apache.yml') }}" tags: - horizon-config -- import_tasks: horizon_translations_update.yml +- name: Importing horizon_translations_update tasks + import_tasks: horizon_translations_update.yml when: horizon_translations_update | bool tags: - horizon-config diff --git a/vars/distro_install.yml b/vars/distro_install.yml index 9fffdbda..5dd9457b 100644 --- a/vars/distro_install.yml +++ b/vars/distro_install.yml @@ -13,7 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -horizon_package_list: "{{ +horizon_package_list: >- + {{ horizon_distro_packages | union( ( (horizon_use_uwsgi | bool) | ternary([], horizon_apache_distro_packages) @@ -21,6 +22,6 @@ horizon_package_list: "{{ ) | union( horizon_service_distro_packages ) - }}" + }} _horizon_bin: "/usr/bin" diff --git a/vars/source_install.yml b/vars/source_install.yml index b6f5e049..ee0cdddb 100644 --- a/vars/source_install.yml +++ b/vars/source_install.yml @@ -13,13 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -horizon_package_list: "{{ +horizon_package_list: >- + {{ horizon_distro_packages | union( ( (horizon_use_uwsgi | bool) | ternary([], horizon_apache_distro_packages) ) ) - }}" + }} _horizon_bin: "/openstack/venvs/horizon-{{ horizon_venv_tag }}/bin"