openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Change HorizonSecureCookies default to False 

HorizonSecureCookies is incompatible with non-ssl deployments, which
is our default deployment method.  When SSL is in use, it can be
turned on in the enable-tls.yaml file.  This does mean that
existing users won't automatically get this feature turned on as
part of their upgrade because enable-tls.yaml is an environment that
is intended to be copied and edited, but it's simple to add the
parameter to the file for users who want that behavior after they
upgrade to a version where it is available.

Change-Id: If83d3d8709fc4e0c09569e8bf524721d332bf560
Closes-Bug: 1696861
This commit is contained in:
Ben Nemec 2017-06-08 16:28:34 -05:00
parent 52b6ed7e27
commit d8c0c33012
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
environments/enable-tls.yaml
View File

@ -2,6 +2,7 @@
# For these values to take effect, one of the tls-endpoints-*.yaml environments # For these values to take effect, one of the tls-endpoints-*.yaml environments
# must also be used. # must also be used.
parameter_defaults: parameter_defaults:
HorizonSecureCookies: True
SSLCertificate: | SSLCertificate: |
The contents of your certificate go here The contents of your certificate go here
SSLIntermediateCertificate: '' SSLIntermediateCertificate: ''

2
puppet/services/horizon.yaml
View File

@ -55,7 +55,7 @@ parameters:
HorizonSecureCookies: HorizonSecureCookies:
description: Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in Horizon description: Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in Horizon
type: boolean type: boolean
default: true default: false
MemcachedIPv6: MemcachedIPv6:
default: false default: false
description: Enable IPv6 features in Memcached. description: Enable IPv6 features in Memcached.