openstack/puppet-openstack-integration
Code Issues Proposed changes

Horizon: Enable a few options for SSL

Browse Source 
The SECURE_PROXY_SSL_HEADER option and some options to secure cookies
are usually configured when ssl is enabled.

This ensures these options are configured when SSL is enabled in
Horizon.

Change-Id: I8158f550574283df73729a3d552b4341075b42d9
This commit is contained in:
Takashi Kajinami 2023-09-12 16:59:57 +09:00
parent cb58abc4c9
commit fcef63ea7b
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
manifests/horizon.pp
View File

@ -47,19 +47,21 @@ class openstack_integration::horizon (
} }
class { 'horizon': class { 'horizon':
secret_key => 'big_secret', secret_key => 'big_secret',
cache_backend => 'django.core.cache.backends.memcached.PyMemcacheCache', cache_backend => 'django.core.cache.backends.memcached.PyMemcacheCache',
cache_server_ip => $::openstack_integration::config::host, cache_server_ip => $::openstack_integration::config::host,
allowed_hosts => $::openstack_integration::config::ip_for_url, allowed_hosts => $::openstack_integration::config::ip_for_url,
listen_ssl => $::openstack_integration::config::ssl, listen_ssl => $::openstack_integration::config::ssl,
ssl_redirect => $::openstack_integration::config::ssl, ssl_redirect => $::openstack_integration::config::ssl,
ssl_cert => $::openstack_integration::params::cert_path, ssl_cert => $::openstack_integration::params::cert_path,
ssl_key => "/etc/openstack-dashboard/ssl/private/${facts['networking']['fqdn']}.pem", ssl_key => "/etc/openstack-dashboard/ssl/private/${facts['networking']['fqdn']}.pem",
ssl_ca => $::openstack_integration::params::ca_bundle_cert_path, ssl_ca => $::openstack_integration::params::ca_bundle_cert_path,
ssl_verify_client => 'optional', ssl_verify_client => 'optional',
wsgi_processes => 2, enable_secure_proxy_ssl_header => $::openstack_integration::config::ssl,
keystone_url => $::openstack_integration::config::keystone_auth_uri, secure_cookies => $::openstack_integration::config::ssl,
log_level => 'DEBUG', wsgi_processes => 2,
keystone_url => $::openstack_integration::config::keystone_auth_uri,
log_level => 'DEBUG',
} }
# TODO(tkajinam) Debian/Ubuntu package does not install the policy files # TODO(tkajinam) Debian/Ubuntu package does not install the policy files