diff --git a/doc/source/install-guide/configure-horizon.rst b/doc/source/install-guide/configure-horizon.rst new file mode 100644 index 0000000000..d7c55df65f --- /dev/null +++ b/doc/source/install-guide/configure-horizon.rst @@ -0,0 +1,44 @@ +`Home `__ OpenStack Ansible Installation Guide + +Configuring Horizon (optional) +------------------------------ + +Customizing the Horizon deployment is done within the ``os-horizon`` role in +``playbooks/roles/os-horizon/defaults.main.yml``. + +SSL certificates +---------------- + +There are two options for deploying SSL certificates with Horizon: self-signed +and user-provided certificates. Auto-generated self-signed certificates are +currently the default. + +Self-signed SSL certificates +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +For self-signed certificates, users can configure the subject of the +certificate using the ``horizon_ssl_self_signed_subject`` variable. By +default, the playbook won't regenerate a self-signed SSL certificate if one +already exists in the container. To force the certificate to be regenerated +the next time the playbook runs, set ``horizon_ssl_self_signed_regen`` to +``true``. + +The playbook will then use memcached to distribute the certificates and keys to +each horizon container. + +User-provided SSL certificates +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Users can provide their own trusted certificates by setting three variables: + +* ``horizon_user_ssl_cert`` - path to the SSL certificate in the container +* ``horizon_user_ssl_key`` - path to the key in the container +* ``horizon_user_ssl_ca_cert`` - path to the CA certificate in the container + +If those three variables are provided, self-signed certificate generation and +usage will be disabled. However, it's up to the user to deploy those +certificates and keys within each container. + +-------------- + +.. include:: navigation.txt diff --git a/doc/source/install-guide/configure.rst b/doc/source/install-guide/configure.rst index 0278eb279f..ccd79168df 100644 --- a/doc/source/install-guide/configure.rst +++ b/doc/source/install-guide/configure.rst @@ -14,6 +14,7 @@ Chapter 5. Deployment configuration configure-cinder.rst configure-swift.rst configure-haproxy.rst + configure-horizon.rst configure-ceilometer.rst diff --git a/doc/source/install-guide/navigation.txt b/doc/source/install-guide/navigation.txt index c14f415da2..8fb429e1f3 100644 --- a/doc/source/install-guide/navigation.txt +++ b/doc/source/install-guide/navigation.txt @@ -67,6 +67,7 @@ - `Policies `__ - `Configuring HAProxy (optional) `__ + - `Configuring Horizon (optional) `__ - `6. Installation `__