openstack/openstack-ansible-os_horizon
Code Issues Proposed changes
openstack-ansible-os_horizon/defaults/main.yml
Jesse Pretorius 4ac6093e36 Execute service setup against a delegated host using Ansible built-in modules 
In order to reduce the packages required to pip install on to the hosts,
we allow the service setup to be delegated to a specific host, defaulting
to the deploy host. We also switch as many tasks as possible to using the
built-in Ansible modules which make use of the shade library.

The 'virtualenv' package is now installed appropriately by the openstack_hosts
role, so there's no need to install it any more. The 'httplib2' package is a
legacy Ansible requirement for the get_url/get_uri module which is no longer
needed. The keystone client library is not required any more now that we're
using the upstream modules. As there are no required packages left, the task
to install them is also removed.

With the dependent patches, the openstack_openrc role is now executed once
on the designated host, so it is no longer required as a meta-dependency for
the role.

Depends-On: https://review.openstack.org/579233
Depends-On: https://review.openstack.org/579959
Depends-On: https://review.openstack.org/580156
Change-Id: Ic3c0bb31c12a83fe8fe475091e97e5d5537fab6f
2018-07-05 19:41:30 +00:00

355 lines
12 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Verbosity Options
debug: False
# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
horizon_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
horizon_package_state: "latest"
horizon_pip_package_state: "latest"
## Toggle developer mode
horizon_developer_mode: false
## The git source/branch for Horizon
horizon_git_repo: https://git.openstack.org/openstack/horizon
horizon_git_install_branch: master
## The git source/branch for the Magnum UI plugin
magnum_dashboard_git_repo: https://git.openstack.org/openstack/magnum-ui
magnum_dashboard_git_install_branch: master
## The git source/branch for the Octavia UI plugin
octavia_dashboard_git_repo: https://git.openstack.org/openstack/octavia-dashboard
octavia_dashboard_git_install_branch: master
## The git source/branch for the Designate UI plugin
designate_dashboard_git_repo: https://git.openstack.org/openstack/designate-dashboard
designate_dashboard_git_install_branch: master
## The git source/branch for the Trove UI plugin
trove_dashboard_git_repo: https://git.openstack.org/openstack/trove-dashboard
trove_dashboard_git_install_branch: master
## The git source/branch for the Heat UI plugin
heat_dashboard_git_repo: https://git.openstack.org/openstack/heat-dashboard
heat_dashboard_git_install_branch: master
## The packages to build from source (used in developer mode)
horizon_developer_constraints:
- "git+{{ horizon_git_repo }}@{{ horizon_git_install_branch }}#egg=horizon"
- "git+{{ magnum_dashboard_git_repo }}@{{ magnum_dashboard_git_install_branch }}#egg=magnum-ui"
- "git+{{ designate_dashboard_git_repo }}@{{ designate_dashboard_git_install_branch }}#egg=designate_dashboard"
- "git+{{ trove_dashboard_git_repo }}@{{ trove_dashboard_git_install_branch }}#egg=trove_dashboard"
- "git+{{ heat_dashboard_git_repo }}@{{ heat_dashboard_git_install_branch }}#egg=heat_dashboard"
# Name of the virtual env to deploy into
horizon_venv_tag: untagged
horizon_bin: "/openstack/venvs/horizon-{{ horizon_venv_tag }}/bin"
# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
horizon_venv_download: "{{ not horizon_developer_mode | bool }}"
horizon_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/horizon.tgz
## System info
horizon_system_user_name: horizon
horizon_system_group_name: horizon
horizon_system_shell: /bin/false
horizon_system_comment: horizon system user
horizon_system_user_home: "/var/lib/{{ horizon_system_user_name }}"
## Service Type and Data
horizon_service_region: RegionOne
horizon_service_name: horizon
## Database info
horizon_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
horizon_galera_address: "{{ galera_address | default('127.0.0.1') }}"
horizon_galera_database: dash
horizon_galera_user: dash
horizon_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
horizon_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
## Session configuration
# Specifies the timespan in seconds inactivity, until a user is considered as
# logged out
horizon_session_timeout: 1800
## Horizon Help URL Path
horizon_help_url: http://docs.openstack.org
## Installation directories
horizon_lib_dir: "{{ horizon_bin | dirname }}/lib/python2.7/dist-packages"
horizon_lib_wsgi_file: "{{ horizon_lib_dir }}/openstack_dashboard/wsgi/django.wsgi"
horizon_endpoint_type: internalURL
horizon_server_name: "{{ ansible_hostname | default('horizon') }}"
horizon_apache_servertokens: "Prod"
horizon_apache_serversignature: "Off"
horizon_log_level: info
horizon_apache_custom_log_format: combined
horizon_dropdown_max_items: 30
horizon_instance_log_length: 35
horizon_overview_days_range: 1
horizon_images_upload_mode: direct
horizon_images_allow_location: False
horizon_time_zone: UTC
horizon_enforce_password_check: False
horizon_disable_password_reveal: False
horizon_enable_password_retrieve: False
horizon_enable_password_autocomplete: False
horizon_enable_heatstack_user_pass: True
# If nova_libvirt_inject_password is set to True, then this can also be enabled:
horizon_can_set_password: False
horizon_enable_cinder_backup: False
# Enables IPv6 support in Horizon, such as managing network subnets
horizon_enable_ipv6: True
# Disable/Enable simplified floating IP address management for deployments with
# multiple floating IP pools or complex network requirements.
horizon_simple_ip_management: True
# To enable ha router support in horizon set to True
horizon_enable_ha_router: False
# DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
# Scripting (XFS) vulnerability, so this option allows extra security hardening
# where iframes are not used in deployment. Default setting is True.
# For more information see:
# http://tinyurl.com/anticlickjack
horizon_disallow_iframe_embed: True
# WSGI tuning parameters
# horizon_wsgi_processes: 4
# horizon_wsgi_threads: 4
## Cap the maximun number of threads / workers when a user value is unspecified.
horizon_wsgi_threads_max: 16
horizon_wsgi_threads: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, horizon_wsgi_threads_max] | min }}"
## Horizon SSL
horizon_ssl_cert: /etc/ssl/certs/horizon.pem
horizon_ssl_key: /etc/ssl/private/horizon.key
horizon_ssl_ca_cert: /etc/ssl/certs/horizon-ca.pem
horizon_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}"
horizon_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
# if using a self-signed certificate, set this to true to regenerate it
horizon_ssl_self_signed_regen: false
horizon_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ horizon_server_name }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
# Set these variables to deploy custom certificates
# horizon_user_ssl_cert: <path to cert on ansible deployment host>
# horizon_user_ssl_key: <path to cert on ansible deployment host>
# horizon_user_ssl_ca_cert: <path to cert on ansible deployment host>
# Set this to True if you do ssl termination on an external device, like the
# load balancer
horizon_external_ssl: false
# Set this to the header that your device sets when doing ssl termination
horizon_secure_proxy_ssl_header: "X-Forwarded-Proto"
horizon_secure_proxy_ssl_header_django: "HTTP_{{ horizon_secure_proxy_ssl_header | replace('-', '_') | upper }}"
# For multiple regions uncomment this configuration, and
# add the extra endpoints below the first list item.
# horizon_available_regions:
# - { url: "{{ keystone_service_internalurl }}", name: "{{ keystone_service_region }}" }
# - { url: "http://cluster1.example.com:5000/v2.0", name: "RegionTwo" }
## Horizon's keystone endpoint settings
horizon_keystone_host: "{{ internal_lb_vip_address }}"
horizon_keystone_endpoint: "{{ keystone_service_internalurl }}"
## Horizon Multi-Domain Support
# these variables should only be changed if horizon_keystone_endpoint is a Keystone v3 API endpoint
horizon_keystone_multidomain_support: False
horizon_keystone_default_domain: Default
### Set the cacert pem for Keystone if you'd like Horizon to verify it.
# horizon_cacert_pem: /path/to/cacert.pem
## alternatively, you can set horizon to turn off ssl verification for Keystone
horizon_ssl_no_verify: "{{ (keystone_service_adminuri_insecure | bool or keystone_service_internaluri_insecure | bool) | default(false) }}"
## The role which Horizon should use as a default for users
horizon_default_role_name: _member_
## Launch instance
horizon_launch_instance_legacy: False
horizon_launch_instance_ng: True
horizon_launch_instance_defaults:
config_drive: False
enable_scheduler_hints: True
disable_image: False
disable_instance_snapshot: False
disable_volume: False
disable_volume_snapshot: False
create_volume: True
## horizon UI Panel
horizon_enable_ironic_ui: False
## Magnum UI Panel
horizon_enable_magnum_ui: False
## Magnum UI Panel
horizon_enable_octavia_ui: False
## Sahara UI Panel
horizon_enable_sahara_ui: False
## Trove UI Panel
horizon_enable_trove_ui: False
## Designate UI Panel
horizon_enable_designate_ui: False
## Heat UI Panel
horizon_enable_heat_ui: False
## Neutron features to enable
horizon_enable_neutron_lbaas: False
horizon_enable_neutron_fwaas: False
## Swift
horizon_swift_file_transfer_chunk_size: 524288
## Panel
horizon_default_panel: overview
# For blacklisting certain Nova extensions uncomment this configuration,
# and add necessary list items.
# horizon_nova_extensions_blacklist:
# - "SimpleTenantUsage"
## Customization module
## See https://docs.openstack.org/horizon/latest/configuration/customizing.html#horizon-customization-module-overrides
# horizon_customization_module: /local/path/to/customization_module.py
## Replace default theme files with your own
# horizon_custom_uploads:
# logo:
# src: "path_on_deployment_host_of_your_custom_logo.svg"
# dest: "img/logo.svg"
# logo_splash:
# src: "path_on_deployment_host_of_your_custom_logo-splash.svg"
# dest: "img/logo-splash.svg"
_horizon_available_themes:
default:
theme_name: "default"
theme_label: "Default"
theme_path: "themes/default"
material:
theme_name: "material"
theme_label: "Material"
theme_path: "themes/material"
# Add custom themes. Deployers need to place the theme directories
# and files on the horizon containers in:
# {{ horizon_lib_dir }}/openstack_dashboard/themes
# See https://docs.openstack.org/horizon/latest/configuration/themes.html
# for more details on custom themes
# Example:
#
# horizon_custom_themes:
# custom_theme:
# theme_name: "custom"
# theme_label: "Custom"
# theme_path: "themes/custom"
#
horizon_custom_themes: {}
# Which of the available themes will be used by default
# value is the theme_name from the vars above
horizon_default_theme: "default"
horizon_webroot: /
horizon_listen_ports:
- "80"
- "443"
horizon_pip_packages:
- cryptography
- django-appconf
- django-openstack-auth
- greenlet
- heat_dashboard
- horizon
- ironic-ui
- magnum-ui
- keystonemiddleware
- MySQL-python
- PyMySQL
- neutron-lbaas-dashboard
- neutron-fwaas-dashboard
- oslo.config
- ply
- python-memcached
- python-keystoneclient
- sahara_dashboard
- trove_dashboard
- designate_dashboard
- octavia_dashboard
# This variable is used to install additional pip packages
# that could be needed for additional dashboards
horizon_optional_pip_packages: []
# This variable is used to update the horizon translations from
# Zanata, this can be set to "True" when testing translations,
# but should otherwise be left as False.
horizon_translations_update: False
# This variable is used to define the version of the project
# (horizon) to pull from Zanata. Default value is master,
# other possibly values are stable/pike, stable/queens...
horizon_translations_project_version: "master"
# This variable is used to be able to fully override or
# partially union/intersect lists in order to change the
# behaviour of the pull of the translations per component.
horizon_translations_pull: "{{ _horizon_translations_pull }}"
# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
horizon_role_project_group: horizon_all
# Set arbitrary horizon configuration options
horizon_config_overrides: {}
horizon_keystone_admin_roles:
- admin
# Set the "credentials" authentication choice to show as default.
# The list of authentication mechanisms which include keystone
# federation protocols and identity provider/federation protocol
horizon_websso_initial_choice: "credentials"
horizon_panels: "{{ _horizon_panels }}"
View Git Blame Copy Permalink