Commit Graph

167 Commits

Author SHA1 Message Date
Takashi Kajinami
faaaa4a773 Expect python3 package in CentOS8 and Fedora
In CentOS 8.x and Fedora, we expect to have python3 package, while we
expect to have python2 in 7.x .
Fix unit tests to expect the correct version according to os major
version.

Change-Id: I298706690ee73db76678653841514de120c61e27
2020-04-10 00:38:31 +09:00
Marc Methot
fc6226565b Adding the HTTPONLY cookie header to secure_cookies
Change-Id: Ic34170530b260b426fd65ac96aa5f494591c2ff1
Closes-Bug: #1860608
2020-01-22 16:27:15 -05:00
Zuul
68566b6c41 Merge "Prefix memcached_servers IPv6 address with inet6:" 2019-05-28 15:37:09 +00:00
Harald Jensås
cd38dca375 Prefix memcached_servers IPv6 address with inet6:
New dependency: openstack/openstacklib

Depends-On: https://review.opendev.org/661136
Change-Id: I3e1d2108403ece5866a0df0afd367fb80145a0df
2019-05-24 11:06:58 +02:00
Pratik Bandarkar
004142d577 update "DROPDOWN_MAX_ITEMS" horizon parameter as a variable
"DROPDOWN_MAX_ITEMS" horizon parameter was hardcoded in a ruby
template. Hence, it was not possible to manage it using heat.
This fix will allow user to manage "DROPDOWN_MAX_ITEMS" from
heat template.

Change-Id: I121a4ad2070cfef173c572a3d25788abbbf16989
Closes-Bug: #1813786
2019-01-30 11:29:47 +01:00
Tobias Urdin
d1703e6a76 Inherit pyvers from openstacklib::defaults
Change-Id: Ie7e1a23de1017d06456f712c6a5d55a0b07b8fdc
2019-01-17 21:34:11 +01:00
Tobias Urdin
a0468fd8cb Add access_log_format for WSGI
Adds the access_log_format parameter that can be used to set
the log format that is used in the vhosts that puppetlabs-apache
manages.

Adds the same parameter to the init class to make sure that you
can set it when managing apache from there and not including the
wsgi::apache class manually.

The default value of the parameter is the same as enforced in other
modules that has the access_log_format, which is false. That is the
default that the puppetlabs-apache module has.

Change-Id: Ie8ac84c6231ad55c5974a95b50238f0d006b6336
2018-12-10 14:49:00 +01:00
Tobias Urdin
9db6f8cc09 Change default member role to member
A (long) time ago keystone-bootstrap changed the
default member role that is created to member from
the legacy _member_ role.

This changes the default value in horizon to conform
with what is the actual default when bootstrapping
keystone.

Deployments that might still be using _member_ should
set this explicitly.

Change-Id: I8c18b585c71817ec7c5450c425e2ec7bc9a83f18
2018-11-20 20:39:24 +01:00
Zuul
80b22e6331 Merge "Add SITE_BRANDING configuration option" 2018-10-08 17:56:05 +00:00
Zuul
9a56441457 Merge "Remove simple_ip_management" 2018-10-05 01:20:24 +00:00
Zuul
db369d4a20 Merge "Django WSGI entrypoint change" 2018-10-04 04:50:54 +00:00
Tobias Urdin
9cc909297b Add SITE_BRANDING configuration option
Used to control the title of the web pages
that horizon renders. Default value is set
to undef which means this option will not be
added to the configuration file and the horizon
default will be used.

If specified it will add the SITE_BRANDING option
to the local_settings file.

Change-Id: I683341f4f948fb9d639a35ce81a66959fe699962
2018-10-01 22:51:03 +02:00
Tobias Urdin
513dd2d2eb Remove simple_ip_management
The simple_ip_management option was removed in Rocky [1]
so we remove it for Stein.

[1] https://docs.openstack.org/releasenotes/horizon/rocky.html

Change-Id: I8e16c0feef9fe51075d9a6e8a98188c52962a6eb
2018-09-24 11:13:29 +00:00
Tobias Urdin
148f02e7e0 Add manage_memcache_package parameter
Adds a new parameter named manage_memcache_package that
can be used to set if we should install the python memcache
library if memcache caching is enabled.

Change-Id: I924f837afc756817c202637b1b7db83c125df1d8
2018-09-20 10:46:18 +02:00
Tobias Urdin
15bd50c2f1 Django WSGI entrypoint change
The Horizon project has changed the old django.wsgi entrypoint to the
wsgi.py file in the openstack_dashboard module.

The following can be seen in the horizon logs:
WARNING:root:Use of this 'djano.wsgi' file has been deprecated since the
Rocky release in favor of 'wsgi.py' in the 'openstack_dashboard' module.
This file is a legacy naming from before Django 1.4 and an importable
'wsgi.py' is now the default. This file will be removed in the T release
cycle.

Change-Id: Iee2b3e78768dd55d5cd1629d64c9d2ff9d0d4b93
2018-08-20 14:17:13 +02:00
Tobias Urdin
f24699beee Add wsgi_processes and wsgi_threads to horizon init
The wsgi_processes and wsgi_threads needs to be configureable
from the horizon init class and then passed to horizon::wsgi::apache.

Change-Id: Ic428214d7c84d33272becdb3675252318e8fd1bd
2018-08-13 14:31:24 +00:00
Tobias Urdin
bb54858824 apache wsgi: Exchange defaults for workers and threads
Due to Python's GIL [1], we can't use multiple threads for running
 OpenStack services without a performance penalty, since the execution
 ends up serialized, which defeats the purpose.

 Instead, we should use several processes, since this approach doesn't
 have this limitation.

 See the same kind of change here [2]

 [1] https://wiki.python.org/moin/GlobalInterpreterLock
 [2] https://review.openstack.org/#/c/505192/

Change-Id: I9c1ef8991d63b18a0ec106a05576b74ab457a2a0
2018-08-12 21:02:29 +00:00
Zuul
cff8e8329f Merge "Add simple_ip_management configuration option" 2018-07-12 02:06:38 +00:00
Zuul
2597ad041d Merge "Fix redirect to https bug and testing" 2018-07-03 19:35:46 +00:00
Tobias Urdin
8a88f3c995 Add simple_ip_management configuration option
Change-Id: I387479f34c6e059e136a26958d9ecf5a10a666b1
2018-07-03 16:42:51 +02:00
Eigil Obrestad
e14074e4fc Add option for populating a dropdown list instead of the textfield for
selecting domain at the horizon login

Depends-On: https://review.openstack.org/579475
Change-Id: I67c4c8923ef4d6e4c3420e0a2b0d38ee3c6e2819
2018-07-02 09:40:06 +02:00
Tobias Urdin
a56420e5ef Fix redirect to https bug and testing
Fixes a bug where having listen_ssl and ssl_redirect
set to true did not redirect http to https if your
root_url was empty or '/'.

This now forces redirection from http to https no
matter what your root_url is if listen_ssl and ssl_redirect
is set to true.

This also cleans up all apache::wsgi::apache testing and fixes
the structure so it doesn't enforce some context tests only for
the SSL enabled context but for everything.

Change-Id: I53a9107a33e9afffc5d00884c66c073e77c59237
2018-06-24 14:48:54 +02:00
Christoph Manns
7846563132 Add a new parameter named cache_server_url
If you want to use horizon with a different cacheing backend you
may run into problems. E.g. with redis it expects a database after
the port.
So introducing a new parameter which allows any string as LOCATION
solves this problem and maybe a couple of others.

Change-Id: Ida54599049f69573d27f477c395f14ae0ec26c3c
2018-06-18 16:52:58 +02:00
melissaml
61b92ef570 fix a typo in horizon_init_spec.rb
Change-Id: I8a4039ac70da4d6c72570885cb1b8bd674e685eb
2018-05-23 21:18:52 +08:00
Thomas Goirand
efc265a85f Debian is using python3-memcache
Switch from python-memcache to python3-memcache for Debian.
Also uses openstack-dashboard-apache instead of simply
openstack-dashboard (ie: this package contains the Apache
config).

Change-Id: I9c316dd6b3abb758d73760f17b88a393776a873b
2018-05-03 19:18:52 +02:00
Zuul
f627f1e771 Merge "Add a deps file to handle dependencies" 2018-05-02 19:17:38 +00:00
Zuul
bd5eb587fd Merge "Add support to override http/https port" 2018-05-02 19:17:38 +00:00
Zuul
58113f9297 Merge "Fix root_url bug when using a slash" 2018-05-02 19:06:56 +00:00
Tobias Urdin
8857bfe66f Add a deps file to handle dependencies
Adds the deps.pp file to handle all the the
dependency chains and anchors.

Change-Id: I6e2778512787b0b7a3011dc39dd5921dfde065f2
2018-04-27 21:25:49 +02:00
Tobias Urdin
c3eefcb86e Remove deprecated parameters
These parameters has been deprecated for
more than two years.

Let's remove them and add release notes.

Change-Id: I229f49ac4ce02e0b1ddbd0a2f111739ce3059f37
Closes-Bug: 1767114
2018-04-26 17:25:42 +02:00
Tobias Urdin
a4cb8367ac Add support to override http/https port
Adds support to override the http and/or https
ports that is passed down to the horizon::wsgi::apache
class. No default values has been changed.

Change-Id: I57fd5f3a433c6e123aa0f531630941fabf6ea721
Closes-Bug: 1210719
2018-04-26 16:07:14 +02:00
Tobias Urdin
32a784c784 Fix root_url bug when using a slash
When settings the root_url to a slash the
paths in the local_settings.py and apache config
will be wrong. This patch fixes that issue.

Change-Id: Ib64b22bb88b2827ea4be2eb8356aa404984ee0ba
Closes-Bug: 1651720
2018-04-26 15:53:40 +02:00
melissaml
3f7bdf4eca fix a typo in documentation
Change-Id: I62cf08f188958a1ab71d2d40a92858682e0bbd8d
2018-03-23 06:44:43 +08:00
Mathias Fechner
04854bf34b Added Parameter horizon_upload_mode
Adds a new Puppet parameter "horizon_upload_mode" which goes into
the local_settings.py configuration file and allows to change
the parameter "HORIZON_IMAGES_UPLOAD_MODE"
to one of "legacy", "off" or "direct" (default is "legacy").

Change-Id: I2e36227d318dd74267ad23f14595481b379cbbd6
Closes-Bug: 1738814
2017-12-20 15:07:08 +01:00
Benedikt Trefzer
4339c0a8c1 add parameter to overwrite/add wsgi process options
Add parameter to apache_wsgi to allow overwrite
and/or add additional wsgi process options.

Change-Id: I0a8e16971be9c8c76d427b637e8afda79af78845
2017-11-02 07:40:09 +01:00
Mateusz Kowalski
fec29f5586 Set display-name for WSGI
In order to see all the processes named correctly based
on their origins we should set display-name so all the WSGI
processes are named difrerently from the Apache ones.

Change-Id: I123530014c973e7312a18e384a2c0159842bf228
Closes-bug: #1726841
2017-10-24 17:09:37 +02:00
Lokesh Jain
5657428cab Added customization-module option to Horizon config
Horizon has a global override mechanism available to perform
customizations. This change adds customization_module key
to HORIZON_CONFIG dictionary in local_settings.py. The
corresponding template file is also modified to configure the
parameter. Spec tests are added to test the configuration.

Change-Id: Id204b60b2676f49713fb6ce7eede6200221f7163
Closes-Bug: #1722653
2017-10-10 17:39:40 -04:00
Matthew J. Black
f583d96659 Add parameter to configure instance defaults
New parameter accepts a hash value to configure
the LAUNCH_INSTANCE_DEFAULTS options in horizon
configuration.

Closes-Bug: #1721774
Change-Id: I778b3dc076d611d40205edbe0982141a815e1830
2017-10-06 11:01:01 -04:00
Jenkins
d10120cac7 Merge "Allow configuring 'CREATE_IMAGE_DEFAULTS' setting" 2017-09-27 20:14:51 +00:00
Mohammed Naser
c60cb1a392 Allow configuring 'CREATE_IMAGE_DEFAULTS' setting
Horizon now has the option of selecting various defaults for the
create image panel.  This patch allows configuring those options.

Change-Id: I01d9fc44d957394acc4243f3ee34e6e50eec0bdf
2017-09-11 15:53:02 -06:00
Juan Antonio Osorio Robles
639f1cf98d Make horizon_ca optional when SSL is enabled
This allows the vhost to use the globally set CA file (in ssl.conf) if
present. Or one might just not need the CA to be set (no TLS
authentication).

Change-Id: Iba1aea34e72a0138120fa7bcb7267f73e37bf0ce
Closes-Bug: #1711280
2017-08-17 16:45:10 +03:00
Matthew J. Black
588b9f83c7 Horizon SSL handshake errors with apache
Added in "WSGIApplicationGroup %{GLOBAL}" to fix an issue
where horizon will have ssl handshake issues with various
SSL openstack endpoints.

Change-Id: Idd10380f1b6e6ef0ee4a4cb84317aa12131b77c4
Closes-Bug: #1700176
2017-06-23 17:25:00 -04:00
Mariusz Karpiarz
8a280b091c Allows for custom location to static assets
Gives the ability to specify the path to static assets.
Closes-Bug: #1684194

Change-Id: I580380472ad816b12237dc444178c953251d86bc
2017-04-21 05:31:55 +01:00
Mariusz Karpiarz
47aeba3f5b Adds interface for enable_user_pass
Uncomments the `OPENSTACK_HEAT_STACK` dict and allows to
set `enable_user_pass` in the `local_settings.py.erb`
template

Change-Id: I97874af257a7cbb3eea862645952f6000e3fc3ce
Closes-Bug: #1676366
2017-04-12 15:53:22 +01:00
Michael Polenchuk
b5139808e3 Rectify static alias
On Debian platforms static files resides in /var/lib.
Fuel bug: https://bugs.launchpad.net/fuel/+bug/1672990

Change-Id: I9aef5da052ee93c27834167089f11aa215ed8447
2017-03-23 16:38:47 +04:00
Mateusz Kowalski
003d69f69c Avoid empty redirect rule in vhost config
When root_url is empty, an incorrect rewrite rule will be
created at vhosts config file causing httpd failure.
In order not to create any rule when root_url is empty,
the value should be ignored inside redirectmatch parameter

Change-Id: Idd4ac6a271b4c8d8e53ab27c68abd821a3aa0249
Closes-bug: #1665380
2017-02-17 11:22:47 +01:00
Harald Jensas
4ed2edf02a WebSSO config options
Add support for WEBSSO options in local_settings.py.erb

Change-Id: Ie528eb1afeb967d30fc504cd682154913fe6927c
Closes-Bug: #1607912
2017-01-05 12:23:39 +01:00
Luke Hinds
218c35ea7b Manage disallow_iframe_embed with puppet manifest
DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
Scripting (XFS) vulnerability, so this option allows extra security hardening
where iframes are not used in deployment

Change-Id: I5c540e552efe738bdec8598f9257fa22ae651a76
Related-Bug: #1641882
2016-12-10 08:52:46 +00:00
Juan Antonio Osorio Robles
5211ba5fc8 Add flag to enable the SECURE_PROXY_SSL_HEADER option
This is used to tell Django to take into account the X-Forwarded-Proto
header. It is disabled by default as it should only be enabled if one
is running horizon behind a proxy.

Change-Id: Ifed7d4c3409419c01c5b20c707221c1fc76ea09e
2016-12-09 10:37:14 +02:00
Lukas Bezdicka
7cbcc78baa Switch ensure_packages to ensure_resources for python-memcache
The ensure_packages resource forces ensure to present yielding
duplicate definition errors if we override default Package ensure
to latest. We should solve this by using ensure_resources which
does not enforce this.

Change-Id: I1e2ba2b4a8ab31c925bf31ac1838999fc37b268f
Closes-Bug: #1644906
Resolves: rhbz#1392583
2016-11-28 15:31:44 +01:00