openstack/openstack-ansible-os_horizon
Code Issues Proposed changes
Role os_horizon for OpenStack-Ansible
82 Commits 9 Branches 138 Tags 6.9 MiB
Jinja 74.5%
Python 18.3%
Shell 7.2%
13.0.0
Go to file
Jesse Pretorius 015ff90a44 Ensure that pip lock down happens before other dependencies 
The pip_install role is depended on by a lot of other roles, and
therefore sometimes gets processed prior to the pip_lock_down
role resulting in the pip, setuptools and wheels packages being
installed from a source other than the repo server once the repo
server is available. This is not the intended behaviour - the
repo server should always be a the primary source once it's
available.

This patch ensures that the pip_lock_down role is applied before
all the other dependent roles to ensure that the expected
behaviour is followed.

Change-Id: Ic310ea918c3bfe8e63bd684eb3e8b26342299741
2016-03-31 19:02:01 +00:00
defaults Merge "Use upper-constraints file in developer mode" 2016-03-22 00:06:33 +00:00
doc [DOCS] Cleanup the role docs for consistency and clarity 2016-03-10 08:55:29 -05:00
handlers Convert existing roles into galaxy roles 2015-02-18 10:56:25 +00:00
meta Ensure that pip lock down happens before other dependencies 2016-03-31 19:02:01 +00:00
tasks Merge "Use upper-constraints file in developer mode" 2016-03-22 00:06:33 +00:00
templates Add ability to configure Neutron FWaaS 2016-03-17 17:14:19 +00:00
tests Switch tests to using stable/mitaka 2016-03-31 19:10:33 +01:00
.gitignore Adding Vagrantfile for local developer testing 2016-03-09 22:04:36 -05:00
.gitreview Implement base configuration for independent repository 2016-03-02 09:39:02 -05:00
CONTRIBUTING.rst Convert existing roles into galaxy roles 2015-02-18 10:56:25 +00:00
LICENSE Convert existing roles into galaxy roles 2015-02-18 10:56:25 +00:00
other-requirements.txt Enable functional convergence testing 2016-03-14 12:53:48 +00:00
README.rst Remove dependency on the Keystone admin auth token 2016-03-17 10:48:22 -04:00
run_tests.sh Implement base configuration for independent repository 2016-03-02 09:39:02 -05:00
setup.cfg Implement base configuration for independent repository 2016-03-02 09:39:02 -05:00
setup.py Implement base configuration for independent repository 2016-03-02 09:39:02 -05:00
test-requirements.txt pin version of ansible-lint we use for testing 2016-03-15 11:40:19 -04:00
tox.ini Enable functional convergence testing 2016-03-14 12:53:48 +00:00
Vagrantfile Adding Vagrantfile for local developer testing 2016-03-09 22:04:36 -05:00

README.rst

OpenStack-Ansible Horizon

This Ansible role installs and configures OpenStack Horizon served by the Apache webserver. Horizon is configured to use Galera for session caching and memcached for other caching.

Default Variables

../../defaults/main.yml

Required Variables

This list is not exhaustive at present. See role internals for further details.

horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
horizon_galera_address: 10.100.100.101
horizon_container_mysql_password: "SuperSecrete"
horizon_secret_key: "SuperSecreteHorizonKey"

Example Playbook

- name: Installation and setup of horizon
  hosts: horizon_all
  user: root
  roles:
    - { role: "os_horizon", tags: [ "os-horizon" ] }
  vars:
    galera_client_drop_config_file: false
    external_lb_vip_address: 10.100.100.101
    internal_lb_vip_address: 10.100.100.101
    horizon_galera_address: 10.100.100.101
    horizon_container_mysql_password: "SuperSecrete"
    horizon_secret_key: "SuperSecreteHorizonKey"
    horizon_external_ssl: true
    horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
    horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
    galera_root_password: "secrete"
    rabbitmq_servers: 10.100.100.101
    rabbitmq_use_ssl: false
    rabbitmq_port: 5671
    keystone_admin_user_name: admin
    keystone_auth_admin_password: "SuperSecretePassword"
    keystone_admin_tenant_name: admin
    keystone_service_adminuri_insecure: false
    keystone_service_internaluri_insecure: false
    keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
    keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
    keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
    keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
    openrc_os_password: "{{ keystone_auth_admin_password }}"
    openrc_os_domain_name: "Default"
    memcached_servers: 10.100.100.101
    memcached_encryption_key: "secrete"