Update local_settings.py to latest version

* Use local_settings.py.sample from Grizzly
* Make sure latest template includes Puppet settings
* Use @ notation for ERB template variables
  Fix Puppet 3.2 deprecation warnings (see Puppet #19058)
* Add ability to disable memcached by setting
  the 'cache_server_ip' parameter to False. It will fallback
  to using local-memory caching.
* Deprecate swift and quantum parameters. They have no effect.
* Fix deprecated settings:
    * CACHE_BACKEND (replaced by CACHES in Grizzly)
* Remove unused settings:
    * PROD (removed in Folsom)
    * USE_SSL (removed in Folsom)
    * SWIFT_ENABLED (removed in Essex)
    * QUANTUM_ENABLED (removed in Essex)

Change-Id: I825a2fa73c941c4e244bc03f7d0477fff5816ea0

manifests/init.pp

@@ -88,6 +88,14 @@ class horizon(
   include apache::mod::wsgi
   include apache
 
+  if $swift {
+    warning('swift parameter is deprecated and has no effect.')
+  }
+
+  if $quantum {
+    warning('quantum parameter is deprecated and has no effect.')
+  }
+
   # I am totally confused by this, I do not think it should be installed...
   if ($::osfamily == 'Debian') {
     package { 'node-less': }
@@ -121,7 +129,7 @@ class horizon(
 
   file_line { 'horizon_redirect_rule':
     path    => $::horizon::params::httpd_config_file,
-    line    => "RedirectMatch permanent ^/$ $::horizon::params::root_url/",
+    line    => "RedirectMatch permanent ^/$ ${::horizon::params::root_url}/",
     require => Package['horizon'],
     notify  => Service[$::horizon::params::http_service]
   }

spec/classes/horizon_init_spec.rb

@@ -49,7 +49,7 @@ describe 'horizon' do
           'OPENSTACK_HOST = "127.0.0.1"',
           'OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST',
           'OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"',
-          "    'can_set_mount_point': True",
+          "    'can_set_mount_point': True,",
           'API_RESULT_LIMIT = 1000'
         ])
       end
@@ -76,7 +76,7 @@ describe 'horizon' do
           'OPENSTACK_HOST = "keystone.example.com"',
           'OPENSTACK_KEYSTONE_URL = "https://%s:4682/v2.0" % OPENSTACK_HOST',
           'OPENSTACK_KEYSTONE_DEFAULT_ROLE = "SwiftOperator"',
-          "    'can_set_mount_point': False",
+          "    'can_set_mount_point': False,",
           'API_RESULT_LIMIT = 4682'
         ])
       end

templates/local_settings.py.erb

@@ -2,28 +2,88 @@ import os
 
 from django.utils.translation import ugettext_lazy as _
 
-DEBUG = <%= django_debug %>
+from openstack_dashboard import exceptions
-TEMPLATE_DEBUG = DEBUG
-PROD = False
-USE_SSL = False
 
-# Note: You should change this value
+DEBUG = <%= @django_debug %>
-SECRET_KEY = '<%= secret_key %>'
+TEMPLATE_DEBUG = DEBUG
+
+# Set SSL proxy settings:
+# For Django 1.4+ pass this header from the proxy after terminating the SSL,
+# and don't forget to strip it from the client's request.
+# For more information see:
+# https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
+# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
+
+# If Horizon is being served through SSL, then uncomment the following two
+# settings to better secure the cookies from security exploits
+#CSRF_COOKIE_SECURE = True
+#SESSION_COOKIE_SECURE = True
+
+# Default OpenStack Dashboard configuration.
+HORIZON_CONFIG = {
+    'dashboards': ('project', 'admin', 'settings',),
+    'default_dashboard': 'project',
+    'user_home': 'openstack_dashboard.views.get_user_home',
+    'ajax_queue_limit': 10,
+    'auto_fade_alerts': {
+        'delay': 3000,
+        'fade_duration': 1500,
+        'types': ['alert-success', 'alert-info']
+    },
+    'help_url': "http://docs.openstack.org",
+    'exceptions': {'recoverable': exceptions.RECOVERABLE,
+                   'not_found': exceptions.NOT_FOUND,
+                   'unauthorized': exceptions.UNAUTHORIZED},
+}
 
 # Specify a regular expression to validate user passwords.
-# HORIZON_CONFIG = {
+# HORIZON_CONFIG["password_validator"] = {
-#     "password_validator": {
+#     "regex": '.*',
-#         "regex": '.*',
+#     "help_text": _("Your password does not meet the requirements.")
-#         "help_text": _("Your password does not meet the requirements.")
-#     }
 # }
 
+# Disable simplified floating IP address management for deployments with
+# multiple floating IP pools or complex network requirements.
+# HORIZON_CONFIG["simple_ip_management"] = False
+
+# Turn off browser autocompletion for the login form if so desired.
+# HORIZON_CONFIG["password_autocomplete"] = "off"
+
 LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
 
+# Set custom secret key:
+# You can either set it to a specific value or you can let horizion generate a
+# default secret key that is unique on this machine, e.i. regardless of the
+# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, there
+# may be situations where you would want to set this explicitly, e.g. when
+# multiple dashboard instances are distributed on different machines (usually
+# behind a load-balancer). Either you have to make sure that a session gets all
+# requests routed to the same dashboard instance or you set the same SECRET_KEY
+# for all of them.
+# from horizon.utils import secret_key
+# SECRET_KEY = secret_key.generate_or_read_from_file(os.path.join(LOCAL_PATH, '.secret_key_store'))
+SECRET_KEY = '<%= @secret_key %>'
+
 # We recommend you use memcached for development; otherwise after every reload
 # of the django development server, you will have to login again. To use
-# memcached set CACHE_BACKED to something like 'memcached://127.0.0.1:11211/'
+# memcached set CACHES to something like
-CACHE_BACKEND = 'memcached://<%= cache_server_ip %>:<%= cache_server_port %>/'
+# CACHES = {
+#    'default': {
+#        'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache',
+#        'LOCATION' : '127.0.0.1:11211',
+#    }
+#}
+
+CACHES = {
+    'default': {
+        <% if @cache_server_ip %>
+        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
+        'LOCATION': '<%= @cache_server_ip %>:<%= @cache_server_port %>',
+        <% else %>
+        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'
+        <% end %>
+    }
+}
 
 # Send email to the console by default
 EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
@@ -42,9 +102,12 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 #     ('http://cluster2.example.com:5000/v2.0', 'cluster2'),
 # ]
 
-OPENSTACK_HOST = "<%= keystone_host %>"
+OPENSTACK_HOST = "<%= @keystone_host %>"
-OPENSTACK_KEYSTONE_URL = "<%= keystone_scheme %>://%s:<%= keystone_port %>/v2.0" % OPENSTACK_HOST
+OPENSTACK_KEYSTONE_URL = "<%= @keystone_scheme %>://%s:<%= @keystone_port %>/v2.0" % OPENSTACK_HOST
-OPENSTACK_KEYSTONE_DEFAULT_ROLE = "<%= keystone_default_role %>"
+OPENSTACK_KEYSTONE_DEFAULT_ROLE = "<%= @keystone_default_role %>"
+
+# Disable SSL certificate checks (useful for self-signed certificates):
+# OPENSTACK_SSL_NO_VERIFY = True
 
 # The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
 # capabilities of the auth backend for Keystone.
@@ -54,11 +117,23 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "<%= keystone_default_role %>"
 # TODO(tres): Remove these once Keystone has an API to identify auth backend.
 OPENSTACK_KEYSTONE_BACKEND = {
     'name': 'native',
-    'can_edit_user': True
+    'can_edit_user': True,
+    'can_edit_project': True
 }
 
 OPENSTACK_HYPERVISOR_FEATURES = {
-    'can_set_mount_point': <%= can_set_mount_point %>
+    'can_set_mount_point': <%= @can_set_mount_point %>,
+
+    # NOTE: as of Grizzly this is not yet supported in Nova so enabling this
+    # setting will not do anything useful
+    'can_encrypt_volumes': False
+}
+
+# The OPENSTACK_QUANTUM_NETWORK settings can be used to enable optional
+# services provided by quantum.  Currently only the load balancer service
+# is available.
+OPENSTACK_QUANTUM_NETWORK = {
+    'enable_lb': False
 }
 
 # OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
@@ -66,80 +141,84 @@ OPENSTACK_HYPERVISOR_FEATURES = {
 # external to the OpenStack environment. The default is 'internalURL'.
 #OPENSTACK_ENDPOINT_TYPE = "publicURL"
 
-<% if swift -%>
+# The number of objects (Swift containers/objects or images) to display
-# Include the SWIFT interface extension in Horizon
+# on a single page before providing a paging element (a "more" link)
-SWIFT_ENABLED = True
+# to paginate results.
-<% end -%>
+API_RESULT_LIMIT = <%= @api_result_limit %>
+API_RESULT_PAGE_SIZE = 20
 
-# The number of Swift containers and objects to display on a single page before
+# The timezone of the server. This should correspond with the timezone
-# providing a paging element (a "more" link) to paginate results.
+# of your entire OpenStack installation, and hopefully be in UTC.
-API_RESULT_LIMIT = <%= api_result_limit %>
+TIME_ZONE = "UTC"
-
-<% if quantum -%>
-#  Include the Quantum interface extensions in Horizon
-QUANTUM_ENABLED = True
-<% end -%>
 
 # If you have external monitoring links, eg:
-EXTERNAL_MONITORING = <% if horizon_app_links %><%= horizon_app_links %><% else %>[ ]<% end %>
+<% if @horizon_app_links %>
+EXTERNAL_MONITORING = <%= @horizon_app_links %>
+<% end %>
+
 LOGGING = {
-        'version': 1,
+    'version': 1,
-        # When set to True this will disable all logging except
+    # When set to True this will disable all logging except
-        # for loggers specified in this configuration dictionary. Note that
+    # for loggers specified in this configuration dictionary. Note that
-        # if nothing is specified here and disable_existing_loggers is True,
+    # if nothing is specified here and disable_existing_loggers is True,
-        # django.db.backends will still log unless it is disabled explicitly.
+    # django.db.backends will still log unless it is disabled explicitly.
-        'disable_existing_loggers': False,
+    'disable_existing_loggers': False,
-        'handlers': {
+    'handlers': {
-            'null': {
+        'null': {
-                'level': 'DEBUG',
+            'level': 'DEBUG',
-                'class': 'django.utils.log.NullHandler',
+            'class': 'django.utils.log.NullHandler',
-                },
+        },
-            'console': {
+        'console': {
-                # Set the level to "DEBUG" for verbose output logging.
+            # Set the level to "DEBUG" for verbose output logging.
-                'level': 'INFO',
+            'level': 'INFO',
-                'class': 'logging.StreamHandler',
+            'class': 'logging.StreamHandler',
-                },
+        },
-            'file': {
+        'file': {
-                'level': '<%= log_level %>',
+            'level': '<%= @log_level %>',
-                'class': 'logging.FileHandler',
+            'class': 'logging.FileHandler',
-                'filename': '<%= scope.lookupvar("horizon::params::logdir") %>/horizon.log'
+            'filename': '<%= scope.lookupvar("horizon::params::logdir") %>/horizon.log',
-                },
+        },
-            },
+    },
-        'loggers': {
+    'loggers': {
-            # Logging from django.db.backends is VERY verbose, send to null
+        # Logging from django.db.backends is VERY verbose, send to null
-            # by default.
+        # by default.
-            'django.db.backends': {
+        'django.db.backends': {
-                'handlers': ['null'],
+            'handlers': ['null'],
-                'propagate': False,
+            'propagate': False,
-                },
+        },
-            'horizon': {
+        'requests': {
-                'handlers': ['file'],
+            'handlers': ['null'],
-                'propagate': False,
+            'propagate': False,
-            },
+        },
-            'openstack_dashboard': {
+        'horizon': {
-                'handlers': ['file'],
+            'handlers': ['file'],
-                'propagate': False,
+            'propagate': False,
-            },
+        },
-            'novaclient': {
+        'openstack_dashboard': {
-                'handlers': ['file'],
+            'handlers': ['file'],
-                'propagate': False,
+            'propagate': False,
-            },
+        },
-           'glanceclient': {
+        'novaclient': {
-                'handlers': ['file'],
+            'handlers': ['file'],
-                'propagate': False,
+            'propagate': False,
-            },
+        },
-            'keystoneclient': {
+        'keystoneclient': {
-                'handlers': ['file'],
+            'handlers': ['file'],
-                'propagate': False,
+            'propagate': False,
-            },
+        },
-            'nose.plugins.manager': {
+        'glanceclient': {
-                'handlers': ['file'],
+            'handlers': ['file'],
-                'propagate': False,
+            'propagate': False,
-            }
+        },
+        'nose.plugins.manager': {
+            'handlers': ['file'],
+            'propagate': False,
         }
+    }
 }
-LOGIN_URL='<%=  scope.lookupvar("horizon::params::root_url") %>/auth/login/'
+
-LOGIN_REDIRECT_URL='<%=  scope.lookupvar("horizon::params::root_url") %>'
+LOGIN_URL = '<%= scope.lookupvar("horizon::params::root_url") %>/auth/login/'
+LOGIN_REDIRECT_URL = '<%= scope.lookupvar("horizon::params::root_url") %>'
 
 # The Ubuntu package includes pre-compressed JS and compiled CSS to allow
 # offline compression by default.  To enable online compression, install