251 lines
6.9 KiB
Puppet
Executable File
251 lines
6.9 KiB
Puppet
Executable File
class openstack::horizon::params (
|
|
$secret_key,
|
|
$openstack_host,
|
|
|
|
$enable_https = false,
|
|
$lockout_period = 300,
|
|
$lockout_retries = 3,
|
|
|
|
$horizon_ssl = false,
|
|
$horizon_cert = undef,
|
|
$horizon_key = undef,
|
|
$horizon_ca = undef,
|
|
|
|
$neutron_enable_lb = false,
|
|
$neutron_enable_firewall = false,
|
|
$neutron_enable_vpn = false,
|
|
|
|
$tpm_object = undef,
|
|
$tpm_engine = '/usr/lib64/openssl/engines/libtpm2.so',
|
|
|
|
$http_port = 8080,
|
|
$https_port = 8443,
|
|
) { }
|
|
|
|
|
|
class openstack::horizon
|
|
inherits ::openstack::horizon::params {
|
|
|
|
include ::platform::params
|
|
include ::platform::network::mgmt::params
|
|
include ::platform::network::pxeboot::params
|
|
include ::openstack::keystone::params
|
|
|
|
$controller_address = $::platform::network::mgmt::params::controller_address
|
|
$mgmt_subnet_network = $::platform::network::mgmt::params::subnet_network
|
|
$mgmt_subnet_prefixlen = $::platform::network::mgmt::params::subnet_prefixlen
|
|
$pxeboot_subnet_network = $::platform::network::pxeboot::params::subnet_network
|
|
$pxeboot_subnet_prefixlen = $::platform::network::pxeboot::params::subnet_prefixlen
|
|
|
|
$keystone_api_version = $::openstack::keystone::params::api_version
|
|
$keystone_auth_uri = $::openstack::keystone::params::auth_uri
|
|
$keystone_host_url = $::openstack::keystone::params::host_url
|
|
|
|
#The intention here is to set up /www as a chroot'ed
|
|
#environment for lighttpd so that it will remain in a jail under /www.
|
|
|
|
user { 'www':
|
|
ensure => 'present',
|
|
shell => '/sbin/nologin',
|
|
groups => ['wrs_protected'],
|
|
}
|
|
|
|
file { '/www/tmp':
|
|
ensure => directory,
|
|
path => '/www/tmp',
|
|
mode => '1700',
|
|
}
|
|
|
|
file {'/www/var':
|
|
ensure => directory,
|
|
path => '/www/var',
|
|
owner => 'www',
|
|
require => User['www']
|
|
}
|
|
|
|
file {'/www/var/log':
|
|
ensure => directory,
|
|
path => '/www/var/log',
|
|
owner => 'www',
|
|
require => User['www']
|
|
}
|
|
|
|
file {'/etc/lighttpd/lighttpd.conf':
|
|
ensure => present,
|
|
content => template('openstack/lighttpd.conf.erb')
|
|
}
|
|
|
|
file {'/etc/lighttpd/lighttpd-inc.conf':
|
|
ensure => present,
|
|
content => template('openstack/lighttpd-inc.conf.erb')
|
|
}
|
|
|
|
$workers = $::platform::params::eng_workers_by_2
|
|
|
|
include ::openstack::murano::params
|
|
if $::openstack::murano::params::service_enabled {
|
|
$murano_enabled = 'True'
|
|
} else {
|
|
$murano_enabled = 'False'
|
|
}
|
|
|
|
include ::openstack::magnum::params
|
|
if $::openstack::magnum::params::service_enabled {
|
|
$magnum_enabled = 'True'
|
|
} else {
|
|
$magnum_enabled = 'False'
|
|
}
|
|
|
|
if str2bool($::is_initial_config) {
|
|
exec { 'Stop lighttpd':
|
|
command => 'systemctl stop lighttpd; systemctl disable lighttpd',
|
|
require => User['www']
|
|
}
|
|
}
|
|
|
|
if str2bool($::selinux) {
|
|
selboolean{ 'httpd_can_network_connect':
|
|
value => on,
|
|
persistent => true,
|
|
}
|
|
}
|
|
|
|
# Horizon is not used in distributed cloud subclouds
|
|
if $::platform::params::distributed_cloud_role != 'subcloud' {
|
|
|
|
include ::horizon::params
|
|
file { '/etc/openstack-dashboard/horizon-config.ini':
|
|
ensure => present,
|
|
content => template('openstack/horizon-params.erb'),
|
|
mode => '0644',
|
|
owner => 'root',
|
|
group => $::horizon::params::apache_group,
|
|
}
|
|
|
|
|
|
$is_django_debug = 'False'
|
|
$bind_host = $::platform::network::mgmt::params::subnet_version ? {
|
|
6 => '::0',
|
|
default => '0.0.0.0',
|
|
# TO-DO(mmagr): Add IPv6 support when hostnames are used
|
|
}
|
|
|
|
if $::platform::params::region_config {
|
|
$horizon_keystone_url = "${keystone_auth_uri}/${keystone_api_version}"
|
|
$region_2_name = $::platform::params::region_2_name
|
|
$region_openstack_host = $openstack_host
|
|
file { '/etc/openstack-dashboard/region-config.ini':
|
|
ensure => present,
|
|
content => template('openstack/horizon-region-config.erb'),
|
|
mode => '0644',
|
|
}
|
|
} else {
|
|
$horizon_keystone_url = "http://${$keystone_host_url}:5000/${keystone_api_version}"
|
|
|
|
file { '/etc/openstack-dashboard/region-config.ini':
|
|
ensure => absent,
|
|
}
|
|
}
|
|
|
|
class {'::horizon':
|
|
secret_key => $secret_key,
|
|
keystone_url => $horizon_keystone_url,
|
|
keystone_default_role => '_member_',
|
|
server_aliases => [$controller_address, $::fqdn, 'localhost'],
|
|
allowed_hosts => '*',
|
|
hypervisor_options => {'can_set_mount_point' => false, },
|
|
django_debug => $is_django_debug,
|
|
file_upload_temp_dir => '/var/tmp',
|
|
listen_ssl => $horizon_ssl,
|
|
horizon_cert => $horizon_cert,
|
|
horizon_key => $horizon_key,
|
|
horizon_ca => $horizon_ca,
|
|
neutron_options => {
|
|
'enable_lb' => $neutron_enable_lb,
|
|
'enable_firewall' => $neutron_enable_firewall,
|
|
'enable_vpn' => $neutron_enable_vpn
|
|
},
|
|
configure_apache => false,
|
|
compress_offline => false,
|
|
}
|
|
|
|
# hack for memcached, for now we bind to localhost on ipv6
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1210658
|
|
$memcached_bind_host = $::platform::network::mgmt::params::subnet_version ? {
|
|
6 => 'localhost6',
|
|
default => '0.0.0.0',
|
|
# TO-DO(mmagr): Add IPv6 support when hostnames are used
|
|
}
|
|
|
|
|
|
# Run clearsessions daily at the 40 minute mark
|
|
cron { 'clearsessions':
|
|
ensure => 'present',
|
|
command => '/usr/bin/horizon-clearsessions',
|
|
environment => 'PATH=/bin:/usr/bin:/usr/sbin',
|
|
minute => '40',
|
|
hour => '*/24',
|
|
user => 'root',
|
|
}
|
|
|
|
include ::openstack::horizon::firewall
|
|
}
|
|
}
|
|
|
|
|
|
class openstack::horizon::firewall
|
|
inherits ::openstack::horizon::params {
|
|
|
|
# horizon is run behind a proxy server, therefore
|
|
# set the dashboard access based on the configuration
|
|
# of HTTPS for external protocols. The horizon
|
|
# server runs on port 8080 behind the proxy server.
|
|
if $enable_https {
|
|
$firewall_port = $https_port
|
|
} else {
|
|
$firewall_port = $http_port
|
|
}
|
|
|
|
platform::firewall::rule { 'dashboard':
|
|
host => 'ALL',
|
|
service_name => 'horizon',
|
|
ports => $firewall_port,
|
|
}
|
|
}
|
|
|
|
|
|
class openstack::horizon::reload {
|
|
|
|
# Remove all active Horizon user sessions
|
|
# so that we don't use any stale cached data
|
|
# such as endpoints
|
|
exec { 'remove-Horizon-user-sessions':
|
|
path => ['/usr/bin'],
|
|
command => '/usr/bin/rm -f /var/tmp/sessionid*',
|
|
}
|
|
|
|
platform::sm::restart {'horizon': }
|
|
platform::sm::restart {'lighttpd': }
|
|
}
|
|
|
|
|
|
class openstack::horizon::runtime {
|
|
include ::openstack::horizon
|
|
|
|
class {'::openstack::horizon::reload':
|
|
stage => post
|
|
}
|
|
}
|
|
|
|
class openstack::lighttpd::runtime
|
|
inherits ::openstack::horizon::params {
|
|
|
|
Class[$name] -> Class['::platform::helm::runtime']
|
|
|
|
file {'/etc/lighttpd/lighttpd.conf':
|
|
ensure => present,
|
|
content => template('openstack/lighttpd.conf.erb')
|
|
}
|
|
-> platform::sm::restart {'lighttpd': }
|
|
}
|