Horizon has switched test runnner from nose to default Django test
runner a while ago[1], and doesn't require logger for nose module
since then.
[1] 1f80d94459856a8c477310cc0fe4b0e165d8c0c1
Change-Id: I51471cfa0db527821296a6198431a6dfe53a0a4a
In order to reduce divergance with ansible-lint rules, we apply
auto-fixing of violations.
In current patch we replace all kind of truthy variables with
`true` or `false` values to align with recommendations along with
alignment of used quotes.
Change-Id: I5e295a9f62f347a9cf6ea8f812c5ebebe2a6c310
During installation of Apache modules on metal hosts, it's restart is
triggered by libapache2-mod-wsgi-py3 installation.
This causes HAProxy to mark repo_host as one without backends, leading
to u-c fetch failure.
In order to workaround this race-condition for now, a retry is being
added to the task, to wait for repo backend to become active again.
Change-Id: I47797b558b754680e5e00e64642f72b47181a441
At the moment Horizon plugins' local_settings are being symlinked
to the enabled folder, which is not entirely correct.
Today Horizon will produce a warning message during compression in
case a settings file will be present in enabled folder, ie:
WARNING:root:Skipping openstack_dashboard.local.enabled._1699_orchestration_settings because it doesn't have DASHBOARD, PANEL, PANEL_GROUP, or FEATURE defined.
To avoid such warning settings files are being search and symlinked
independently now.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/930272
Change-Id: I5b50bad91f00cd4f5b5c36e30753e88425cf9d13
In case of horizon_policy_overrides defenition role will fail due to
multiple reasons. First of all, policies are in YAML format for a while
now, so json is not applicable. On top of that rollout process
is off, since default horizon policies are basically empty files, as all
policies in them are commented out.
So once we read them and supply as content - override is failing, as
it's treating the content as None, since there's nothing to merge with.
With that in mind, it makes sense to simplify the process by removing
original policy fetch and just fully override it by user supplied
content.
We keep the old format of horizon_policy_overrides where services
are split be sections, so each service will be placed in it's own
policy file.
Change-Id: I2dfae4fa31d397938077bfa817261b6a42259482
Unfortunatelly having `horizon_config_overrides` is not sufficient, as
not all options can be defined in HORIZON_CONFIG.
Some are expected to be preset inside local_settings themselves.
We introduce new variable that can be used to extend local_settings file
with arbitrary parameters.
Change-Id: Ic119105189c9158aa3b38c4deb07040110d9d660
RDO is installing Horizon not under site-packages, but under /usr/share
which makes it completely different logic, with default horizon-manage
not working, as it can not import openstack_dashboard now, as
Change-Id: I4c06b4b5a206b087a9fce856f5fec936e058e3f8
<service>-config tags are quite broad and have a long execution
time. Where you only need to modify a service's '.conf' file and
similar it is useful to have a quicker method to do so.
Change-Id: I57d102bf17d20c6abebe12891d9f702c9621f8d0
For isolated deployments which use mirrors it is necessary
to be able to override the github.com URL currently used
in horizon_pip_packages
Change-Id: I767b921dd9114fb6afa6a93d80e3927da481e5ae
At the moment our role does not account for provisionment of default
policy files for extra dashboards.
While they should not be required, it has been reported that absence
of such policy files results in unexpected behaviour. So let's symlink them
alike to how we do with regular policies.
Closes-Bug: #2055415
Change-Id: I683c12938fd4aa67304f564678514bc48bd86a79
We change a default value of `horizon_webroot` to reflect the usecase
where both Horizon and Skyline are deployed. When it is the case,
horizon webroot URL will be changed to `/horizon`.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/859446
Change-Id: Ia38311a6fde88292c090cf6289bf5b6c6279c479
Since plugin name has changed for OVN, we need to count for it when
deciding if panel should be enabled or not.
Change-Id: Id0923a497e751350c9308726ccbb85b6aa6c36c4
Current behavior leads to all files having executable bit which is not
anticipated or required behaviour.
Thus, we should avoid defining mode recursively to the directory
Closes-Bug: #2052011
Change-Id: I30b9b6a70d2cabfb1f1f434cd883ea2503d867bc
django.utils.translation.ugettext_lazy() is deprecated in favor of the
functions that they’re aliases for: django.utils.translationgettext_lazy()
With that MemcachedCache backend was also deprecated in favor of
PyMemcacheCache. MemcachedCache was removed in django 4.1
https: //docs.djangoproject.com/en/4.0/releases/3.0/#id3
Change-Id: I9b77b33fbc4a9560c72504f935bf7f9082fefdd7
In order to compress static files against pyhton 3.11 a fixed version
with fixed regexp in pyScss is needed. While fix is merged, pyScss is
not tagged/released yet.
While this required only for Debian12, it will work nicely also with older
python versions, since there're almost no changes in the package.
instead of building based on SHA.
Change-Id: I76f945310b70c1b081800c5ba0ec922795b60a73
neutron_ml2_drivers_type is a string, not a list, while default
value for it is a list. Local settings also assume that it is a list.
So we ensure that the falue is a string by default now and
treat it as string in the code.
Change-Id: Ida72c712153dcda4cd06e0959f98ade4fee8dfbd
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.
The patch will ensure that constraints are used an we should not face
simmilar issue again.
TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.
Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.
Change-Id: Id609280a58ce263f8860b24762c5670a1a421a3f
Keystone has stopped providing or reffering `_member_` role for a while,
thus role should not be refferenced anymore.
Moreover, with 2023.1 service policies have dropped `_member_`
which resulted in the role to be insufficient for basic operations.
Change-Id: I99bf418c6cb93d5f3cafc818a8cc876a49fb0357
Related-Bug: #2029486
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I40ff3ec0393bf90836d943fc09e74d6a5f207b48
To standarize variable name across roles, this change renames
`horizon_enable_ssl` to `horizon_backend_ssl`.
All other roles use `<service>_backend_ssl` format.
It also better describes what it does. With `horizon_enable_ssl` it's
unclear whether it is about frontend or backend.
Backward compatibility will be kept until 2024.1.
Change-Id: I218d45b7be667732e4204316b8d18fa3e136962b
Current logic does not allow horizon backend to listen on https
(`horizon_enable_ssl`) if external loadblanacer serves TLS
(`horizon_external_ssl`).
It basically forces backend to listen on plain http in this case which
does not make any sense. It should be possible to enable TLS on both
loadbalancer and horizon backend.
Additionally, with this patch, role defines a proper
HTTP_X_FORWARDED_PROTO header value(it's included in
`horizon_secure_proxy_ssl_header` and
`horizon_secure_proxy_ssl_header_django` and can be set to 'http' or
'https') based on whether external load balancer listens on https
(`horizon_external_ssl`)[1].
For example if loadbalancer listens on https and backend on http,
HTTP_X_FORWARDED_PROTO should be set to 'https'. Otherwise horizon will
respond with redirection to http.
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
Change-Id: I7706e52c01b3f0d72ea383a0476045e606078cff
`horizon_enable_ssl` is responsible for enabling TLS on horizon backend.
It defaults to `haproxy_ssl` which is generally used to enable TLS on
haproxy frontends.
It is more reasonable to disable it by default as it's done for other
services.
This patch does not change current behavior in gating as backend TLS
works only with horizon_external_ssl=False(while it's set to True by
default).
It also does not affect behavior of horizon's haproxy frontend
encryption.
Change-Id: I8f207426c9dc5bcefdec42c0bfc0f5f0376509a3
Supported ML2 provided types depends on the ML2 driver
and we should make it configurable in order to reflect dropdown list
that appears for admin panel while creating a network.
Closes-Bug: #2002897
Change-Id: Iceedf6af9559d48c28e0ee782a44f9ceb480119d
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I52bd5d4b4e35317397242168c2f910d3ae4230ff
This patch changes the horizon ironic dashboard to be installed from
git sources like all of the other dashboards in an openstack-ansible
deployment.
Without this change the package installed from pypi is always the
latest released version and not aligned with the release
being deployed with openstack-ansible. This will potentially
cause the horizon service to fail to start if there is a severe
mismatch between horizon and ironic-ui.
Change-Id: I4dd03f3cd13878dafb621c70dd44a4fd0ff99ae3
This change provides the horizon role the ability to deploy its services
using uWSGI instead of apache. This feature produces a minimal horizon
deployment which is perfectly functional in cases where capabilities
like federation and SSL terminated all the way through are not needed.
Change-Id: I457a111511543731746d868ae7f7184743e5703b
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
This line snuck in with I6b68d4d15ae516d23c88b3c4c21a076e8d54604e
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: I72281dbc768e8f5f6b702d91abe63bc96376ac30
This change adds some python config to remove all of the deprecation
warnings horizon is spawning. The warnings are all coming from oslo
components which horizon is just inhereting inheriting and has no
control over. This change makes horizon logs legible.
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
Change-Id: Idae4e42c971f53597ac3cf044ba82d7dd468e4a5
This change adds the ability within horizon to define a list of domains
which are trusted through the CSRF functions of django.
Change-Id: Ib92480e6caa74e050a99b36a54b2032714efb509
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
