diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 68c771a..0000000 --- a/LICENSE +++ /dev/null @@ -1,176 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..86e34d6 --- /dev/null +++ b/README.rst @@ -0,0 +1,10 @@ +This project is no longer maintained. + +The contents of this repository are still available in the Git +source code management system. To see the contents of this +repository before it reached its end of life, please check out the +previous commit with "git checkout HEAD^1". + +For any further questions, please email +openstack-discuss@lists.openstack.org or join #openstack-dev on +Freenode. diff --git a/docker/horizon/Dockerfile.j2 b/docker/horizon/Dockerfile.j2 deleted file mode 100644 index 08e909f..0000000 --- a/docker/horizon/Dockerfile.j2 +++ /dev/null @@ -1,52 +0,0 @@ -FROM {{ image_spec("openstack-base") }} -MAINTAINER {{ maintainer }} - -RUN apt-get update \ - && apt-get install --no-install-recommends -q -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" \ - apache2 \ - libapache2-mod-wsgi \ - && echo > /etc/apache2/ports.conf \ - && ln -s ../mods-available/headers.load /etc/apache2/mods-enabled/headers.load - -{{ copy_sources("openstack/horizon", "/horizon") }} -{{ copy_sources("openstack/sahara-dashboard", "/sahara-dashboard") }} -{{ copy_sources("openstack/murano-dashboard", "/murano-dashboard") }} -{{ copy_sources("openstack/searchlight-ui", "/searchlight-ui") }} -{{ copy_sources("openstack/designate-dashboard", "/designate-dashboard") }} - -RUN mkdir -p /etc/openstack-dashboard /home/horizon /var/www/cgi-bin/horizon /var/lib/microservices/venv/lib/python2.7/site-packages/openstack_dashboard/local/local_settings.d \ - /var/lib/microservices/venv/lib/python2.7/site-packages/openstack_dashboard/conf \ - && cp -a /sahara-dashboard/sahara_dashboard/enabled/* /horizon/openstack_dashboard/local/enabled/ \ - && cp -a /designate-dashboard/designatedashboard/enabled/_1710_project_dns_panel_group.py /horizon/openstack_dashboard/local/enabled/ \ - && cp -a /designate-dashboard/designatedashboard/enabled/_1720_project_dns_panel.py /horizon/openstack_dashboard/local/enabled/ \ - && cp -a /searchlight-ui/searchlight_ui/enabled/_1001_project_search_panel.py /horizon/openstack_dashboard/local/enabled/ \ - && (if [ -d /murano-dashboard/muranodashboard/conf ]; then \ - cp -r /murano-dashboard/muranodashboard/conf/* /var/lib/microservices/venv/lib/python2.7/site-packages/openstack_dashboard/conf/; fi) \ - && (if [ -d /murano-dashboard/muranodashboard/local/enabled ]; then \ - cp -a /murano-dashboard/muranodashboard/local/enabled/* /horizon/openstack_dashboard/local/enabled/; else \ - cp /murano-dashboard/muranodashboard/local/_50_murano.py /horizon/openstack_dashboard/local/enabled/; fi) \ - && (if [ -d /murano-dashboard/muranodashboard/local/local_settings.d ]; then \ - cp -a /murano-dashboard/muranodashboard/local/local_settings.d/* /var/lib/microservices/venv/lib/python2.7/site-packages/openstack_dashboard/local/local_settings.d/ \ - && sed -i "s/^SESSION_ENGINE = .*/SESSION_ENGINE = 'django.contrib.sessions.backends.cache'/g" \ - /var/lib/microservices/venv/lib/python2.7/site-packages/openstack_dashboard/local/local_settings.d/_50_murano.py; fi) \ - && (if [ -f /searchlight-ui/searchlight_ui/conf/searchlight_policy.json ]; then \ - cp -a /searchlight-ui/searchlight_ui/conf/searchlight_policy.json /var/lib/microservices/venv/lib/python2.7/site-packages/openstack_dashboard/conf/; fi) \ - && (if [ -f /searchlight-ui/searchlight_ui/local_settings.d/_1001_search_settings.py ]; then \ - cp -a /searchlight-ui/searchlight_ui/local_settings.d/_1001_search_settings.py /var/lib/microservices/venv/lib/python2.7/site-packages/openstack_dashboard/local/local_settings.d/; fi) \ - && /var/lib/microservices/venv/bin/pip install --upgrade /horizon /sahara-dashboard /murano-dashboard /searchlight-ui /designate-dashboard \ - && useradd --user-group horizon \ - && ln -s /etc/openstack-dashboard/local_settings /var/lib/microservices/venv/lib/python2.7/site-packages/openstack_dashboard/local/local_settings.py \ - && cp -r /horizon/openstack_dashboard/conf/* /etc/openstack-dashboard/ \ - && cp /horizon/manage.py /var/lib/microservices/venv/bin/manage.py \ - && /var/lib/microservices/venv/bin/python /var/lib/microservices/venv/bin/manage.py collectstatic --noinput --clear \ - && chown -R horizon: /etc/openstack-dashboard /home/horizon /var/lib/microservices/venv/lib/python2.7/site-packages/static /horizon - -ENV PATH /var/lib/venv/bin:$PATH - -# Workaround for https://bugs.launchpad.net/osprofiler/+bug/1361235 -RUN sed -i "s#'../..'#os.path.realpath('../..')#" /var/lib/microservices/venv/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi - -COPY daemon.sh /usr/local/bin/daemon.sh -COPY horizon_sudoers /etc/sudoers.d/horizon_sudoers -RUN chmod 755 /usr/local/bin/daemon.sh \ - && chmod 440 /etc/sudoers.d/horizon_sudoers diff --git a/docker/horizon/daemon.sh b/docker/horizon/daemon.sh deleted file mode 100644 index b09c3ca..0000000 --- a/docker/horizon/daemon.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -source /etc/apache2/envvars -/usr/sbin/apache2 -DNO_DETACH diff --git a/docker/horizon/horizon_sudoers b/docker/horizon/horizon_sudoers deleted file mode 100644 index 3e42cab..0000000 --- a/docker/horizon/horizon_sudoers +++ /dev/null @@ -1 +0,0 @@ -%microservices ALL=(root) NOPASSWD: /bin/chown horizon\:horizon /var/log/ccp/horizon diff --git a/service/files/ca-cert.pem.j2 b/service/files/ca-cert.pem.j2 deleted file mode 100644 index d52069b..0000000 --- a/service/files/ca-cert.pem.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ security.tls.ca_cert }} diff --git a/service/files/defaults.yaml b/service/files/defaults.yaml deleted file mode 100644 index 899db46..0000000 --- a/service/files/defaults.yaml +++ /dev/null @@ -1,33 +0,0 @@ -configs: - horizon: - tls: - enabled: true - port: - cont: 80 - ingress: horizon - images_upload_mode: legacy - - wsgi: - processes: 6 - threads: 15 - -secret_configs: - horizon: - secret_key: secret - -sources: - openstack/horizon: - git_url: https://git.openstack.org/openstack/horizon.git - git_ref: stable/newton - openstack/sahara-dashboard: - git_url: https://git.openstack.org/openstack/sahara-dashboard.git - git_ref: stable/newton - openstack/murano-dashboard: - git_url: http://git.openstack.org/openstack/murano-dashboard.git - git_ref: stable/newton - openstack/searchlight-ui: - git_url: https://git.openstack.org/openstack/searchlight-ui.git - git_ref: stable/newton - openstack/designate-dashboard: - git_url: https://git.openstack.org/openstack/designate-dashboard.git - git_ref: stable/newton diff --git a/service/files/local_settings.j2 b/service/files/local_settings.j2 deleted file mode 100644 index 5500ffc..0000000 --- a/service/files/local_settings.j2 +++ /dev/null @@ -1,721 +0,0 @@ -# -*- coding: utf-8 -*- - -import os - -from django.utils.translation import ugettext_lazy as _ - -from horizon.utils import secret_key - -from openstack_dashboard import exceptions -from openstack_dashboard.settings import HORIZON_CONFIG - -DEBUG = True - -# WEBROOT is the location relative to Webserver root -# should end with a slash. -WEBROOT = '/' -#LOGIN_URL = WEBROOT + 'auth/login/' -#LOGOUT_URL = WEBROOT + 'auth/logout/' -# -# LOGIN_REDIRECT_URL can be used as an alternative for -# HORIZON_CONFIG.user_home, if user_home is not set. -# Do not set it to '/home/', as this will cause circular redirect loop -#LOGIN_REDIRECT_URL = WEBROOT - -# If horizon is running in production (DEBUG is False), set this -# with the list of host/domain names that the application can serve. -# For more information see: -# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts -ALLOWED_HOSTS = ['*'] - -# Set SSL proxy settings: -# Pass this header from the proxy after terminating the SSL, -# and don't forget to strip it from the client's request. -# For more information see: -# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header -SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') - -# If Horizon is being served through SSL, then uncomment the following two -# settings to better secure the cookies from security exploits -#CSRF_COOKIE_SECURE = True -#SESSION_COOKIE_SECURE = True - -# The absolute path to the directory where message files are collected. -# The message file must have a .json file extension. When the user logins to -# horizon, the message files collected are processed and displayed to the user. -#MESSAGES_PATH=None - -# Overrides for OpenStack API versions. Use this setting to force the -# OpenStack dashboard to use a specific API version for a given service API. -# Versions specified here should be integers or floats, not strings. -# NOTE: The version should be formatted as it appears in the URL for the -# service API. For example, The identity service APIs have inconsistent -# use of the decimal point, so valid options would be 2.0 or 3. -OPENSTACK_API_VERSIONS = { - "data-processing": 1.1, - "identity": 3, - "volume": 2, - "compute": 2, -} - -# Set this to True if running on multi-domain model. When this is enabled, it -# will require user to enter the Domain name in addition to username for login. -#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False - -# Overrides the default domain used when running on single-domain model -# with Keystone V3. All entities will be created in the default domain. -# NOTE: This value must be the ID of the default domain, NOT the name. -# Also, you will most likely have a value in the keystone policy file like this -# "cloud_admin": "rule:admin_required and domain_id:" -# This value must match the domain id specified there. -#OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default' - -# Set this to True to enable panels that provide the ability for users to -# manage Identity Providers (IdPs) and establish a set of rules to map -# federation protocol attributes to Identity API attributes. -# This extension requires v3.0+ of the Identity API. -#OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT = False - -# Set Console type: -# valid options are "AUTO"(default), "VNC", "SPICE", "RDP", "SERIAL" or None -# Set to None explicitly if you want to deactivate the console. -#CONSOLE_TYPE = "AUTO" - -# If provided, a "Report Bug" link will be displayed in the site header -# which links to the value of this setting (ideally a URL containing -# information on how to report issues). -#HORIZON_CONFIG["bug_url"] = "http://bug-report.example.com" - -# Show backdrop element outside the modal, do not close the modal -# after clicking on backdrop. -#HORIZON_CONFIG["modal_backdrop"] = "static" - -# Specify a regular expression to validate user passwords. -#HORIZON_CONFIG["password_validator"] = { -# "regex": '.*', -# "help_text": _("Your password does not meet the requirements."), -#} - -# Disable simplified floating IP address management for deployments with -# multiple floating IP pools or complex network requirements. -#HORIZON_CONFIG["simple_ip_management"] = False - -# Turn off browser autocompletion for forms including the login form and -# the database creation workflow if so desired. -#HORIZON_CONFIG["password_autocomplete"] = "off" - -# Setting this to True will disable the reveal button for password fields, -# including on the login form. -#HORIZON_CONFIG["disable_password_reveal"] = False - -LOCAL_PATH = os.path.dirname(os.path.abspath(__file__)) - -# Set custom secret key: -# You can either set it to a specific value or you can let horizon generate a -# default secret key that is unique on this machine, e.i. regardless of the -# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, -# there may be situations where you would want to set this explicitly, e.g. -# when multiple dashboard instances are distributed on different machines -# (usually behind a load-balancer). Either you have to make sure that a session -# gets all requests routed to the same dashboard instance or you set the same -# SECRET_KEY for all of them. -SECRET_KEY = "{{ horizon.secret_key }}" - -# We recommend you use memcached for development; otherwise after every reload -# of the django development server, you will have to login again. To use -# memcached set CACHES to something like -CACHES = { - 'default': { - 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', - 'LOCATION': '{{ address("memcached", memcached.port) }}', - }, -} - -# Send email to the console by default -EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' -# Or send them to /dev/null -#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend' - -# Configure these for your outgoing email host -#EMAIL_HOST = 'smtp.my-company.com' -#EMAIL_PORT = 25 -#EMAIL_HOST_USER = 'djangomail' -#EMAIL_HOST_PASSWORD = 'top-secret!' - -# For multiple regions uncomment this configuration, and add (endpoint, title). -#AVAILABLE_REGIONS = [ -# ('http://cluster1.example.com:5000/v2.0', 'cluster1'), -# ('http://cluster2.example.com:5000/v2.0', 'cluster2'), -#] - -OPENSTACK_HOST = "{{ address('keystone') }}" -OPENSTACK_KEYSTONE_URL = "{{ address('keystone', keystone.public_port, with_scheme=True) }}/v3" -OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" - -# Enables keystone web single-sign-on if set to True. -#WEBSSO_ENABLED = False - -# Determines which authentication choice to show as default. -#WEBSSO_INITIAL_CHOICE = "credentials" - -# The list of authentication mechanisms which include keystone -# federation protocols and identity provider/federation protocol -# mapping keys (WEBSSO_IDP_MAPPING). Current supported protocol -# IDs are 'saml2' and 'oidc' which represent SAML 2.0, OpenID -# Connect respectively. -# Do not remove the mandatory credentials mechanism. -# Note: The last two tuples are sample mapping keys to a identity provider -# and federation protocol combination (WEBSSO_IDP_MAPPING). -#WEBSSO_CHOICES = ( -# ("credentials", _("Keystone Credentials")), -# ("oidc", _("OpenID Connect")), -# ("saml2", _("Security Assertion Markup Language")), -# ("acme_oidc", "ACME - OpenID Connect"), -# ("acme_saml2", "ACME - SAML2"), -#) - -# A dictionary of specific identity provider and federation protocol -# combinations. From the selected authentication mechanism, the value -# will be looked up as keys in the dictionary. If a match is found, -# it will redirect the user to a identity provider and federation protocol -# specific WebSSO endpoint in keystone, otherwise it will use the value -# as the protocol_id when redirecting to the WebSSO by protocol endpoint. -# NOTE: The value is expected to be a tuple formatted as: (, ). -#WEBSSO_IDP_MAPPING = { -# "acme_oidc": ("acme", "oidc"), -# "acme_saml2": ("acme", "saml2"), -#} - -# Disable SSL certificate checks (useful for self-signed certificates): -#OPENSTACK_SSL_NO_VERIFY = True - -# The CA certificate to use to verify SSL connections -OPENSTACK_SSL_CACERT = '/opt/ccp/etc/tls/ca.pem' - -# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the -# capabilities of the auth backend for Keystone. -# If Keystone has been configured to use LDAP as the auth backend then set -# can_edit_user to False and name to 'ldap'. -# -# TODO(tres): Remove these once Keystone has an API to identify auth backend. -OPENSTACK_KEYSTONE_BACKEND = { - 'name': 'native', - 'can_edit_user': True, - 'can_edit_group': True, - 'can_edit_project': True, - 'can_edit_domain': True, - 'can_edit_role': True, -} - -# Setting this to True, will add a new "Retrieve Password" action on instance, -# allowing Admin session password retrieval/decryption. -#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False - -# The Launch Instance user experience has been significantly enhanced. -# You can choose whether to enable the new launch instance experience, -# the legacy experience, or both. The legacy experience will be removed -# in a future release, but is available as a temporary backup setting to ensure -# compatibility with existing deployments. Further development will not be -# done on the legacy experience. Please report any problems with the new -# experience via the Launchpad tracking system. -# -# Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to -# determine the experience to enable. Set them both to true to enable -# both. -LAUNCH_INSTANCE_LEGACY_ENABLED = False -LAUNCH_INSTANCE_NG_ENABLED = True - -# "off" disables the ability to upload images via Horizon. "legacy" enables -# local file upload by piping the image file through the Horizon?s web-server. -# "direct" sends the image file directly from the web browser to Glance. -HORIZON_IMAGES_UPLOAD_MODE = "{{ horizon.images_upload_mode }}" - -# A dictionary of settings which can be used to provide the default values for -# properties found in the Launch Instance modal. -#LAUNCH_INSTANCE_DEFAULTS = { -# 'config_drive': False, -#} - -# The Xen Hypervisor has the ability to set the mount point for volumes -# attached to instances (other Hypervisors currently do not). Setting -# can_set_mount_point to True will add the option to set the mount point -# from the UI. -OPENSTACK_HYPERVISOR_FEATURES = { - 'can_set_mount_point': False, - 'can_set_password': False, - 'requires_keypair': False, -} - -# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional -# services provided by cinder that is not exposed by its extension API. -OPENSTACK_CINDER_FEATURES = { - 'enable_backup': True, -} - -# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional -# services provided by neutron. Options currently available are load -# balancer service, security groups, quotas, VPN service. -OPENSTACK_NEUTRON_NETWORK = { - 'enable_router': True, - 'enable_quotas': True, - 'enable_ipv6': True, - 'enable_distributed_router': False, - 'enable_ha_router': False, - 'enable_lb': True, - 'enable_firewall': True, - 'enable_vpn': True, - 'enable_fip_topology_check': True, - - # Neutron can be configured with a default Subnet Pool to be used for IPv4 - # subnet-allocation. Specify the label you wish to display in the Address - # pool selector on the create subnet step if you want to use this feature. - 'default_ipv4_subnet_pool_label': None, - - # Neutron can be configured with a default Subnet Pool to be used for IPv6 - # subnet-allocation. Specify the label you wish to display in the Address - # pool selector on the create subnet step if you want to use this feature. - # You must set this to enable IPv6 Prefix Delegation in a PD-capable - # environment. - 'default_ipv6_subnet_pool_label': None, - - # The profile_support option is used to detect if an external router can be - # configured via the dashboard. When using specific plugins the - # profile_support can be turned on if needed. - 'profile_support': None, - #'profile_support': 'cisco', - - # Set which provider network types are supported. Only the network types - # in this list will be available to choose from when creating a network. - # Network types include local, flat, vlan, gre, and vxlan. - 'supported_provider_types': ['*'], - - # Set which VNIC types are supported for port binding. Only the VNIC - # types in this list will be available to choose from when creating a - # port. - # VNIC types include 'normal', 'macvtap' and 'direct'. - # Set to empty list or None to disable VNIC type selection. - 'supported_vnic_types': ['*'], -} - -# The OPENSTACK_HEAT_STACK settings can be used to disable password -# field required while launching the stack. -OPENSTACK_HEAT_STACK = { - 'enable_user_pass': True, -} - -# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features -# in the OpenStack Dashboard related to the Image service, such as the list -# of supported image formats. -#OPENSTACK_IMAGE_BACKEND = { -# 'image_formats': [ -# ('', _('Select format')), -# ('aki', _('AKI - Amazon Kernel Image')), -# ('ami', _('AMI - Amazon Machine Image')), -# ('ari', _('ARI - Amazon Ramdisk Image')), -# ('docker', _('Docker')), -# ('iso', _('ISO - Optical Disk Image')), -# ('ova', _('OVA - Open Virtual Appliance')), -# ('qcow2', _('QCOW2 - QEMU Emulator')), -# ('raw', _('Raw')), -# ('vdi', _('VDI - Virtual Disk Image')), -# ('vhd', _('VHD - Virtual Hard Disk')), -# ('vmdk', _('VMDK - Virtual Machine Disk')), -# ], -#} - -# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for -# image custom property attributes that appear on image detail pages. -IMAGE_CUSTOM_PROPERTY_TITLES = { - "architecture": _("Architecture"), - "kernel_id": _("Kernel ID"), - "ramdisk_id": _("Ramdisk ID"), - "image_state": _("Euca2ools state"), - "project_id": _("Project ID"), - "image_type": _("Image Type"), -} - -# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image -# custom properties should not be displayed in the Image Custom Properties -# table. -IMAGE_RESERVED_CUSTOM_PROPERTIES = [] - -# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints -# in the Keystone service catalog. Use this setting when Horizon is running -# external to the OpenStack environment. The default is 'publicURL'. -OPENSTACK_ENDPOINT_TYPE = "internalURL" - -# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the -# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints -# in the Keystone service catalog. Use this setting when Horizon is running -# external to the OpenStack environment. The default is None. This -# value should differ from OPENSTACK_ENDPOINT_TYPE if used. -#SECONDARY_ENDPOINT_TYPE = "publicURL" - -# The number of objects (Swift containers/objects or images) to display -# on a single page before providing a paging element (a "more" link) -# to paginate results. -API_RESULT_LIMIT = 1000 -API_RESULT_PAGE_SIZE = 20 - -# The size of chunk in bytes for downloading objects from Swift -SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024 - -# Specify a maximum number of items to display in a dropdown. -DROPDOWN_MAX_ITEMS = 30 - -# The timezone of the server. This should correspond with the timezone -# of your entire OpenStack installation, and hopefully be in UTC. -TIME_ZONE = "UTC" - -# When launching an instance, the menu of available flavors is -# sorted by RAM usage, ascending. If you would like a different sort order, -# you can provide another flavor attribute as sorting key. Alternatively, you -# can provide a custom callback method to use for sorting. You can also provide -# a flag for reverse sort. For more info, see -# http://docs.python.org/2/library/functions.html#sorted -#CREATE_INSTANCE_FLAVOR_SORT = { -# 'key': 'name', -# # or -# 'key': my_awesome_callback_method, -# 'reverse': False, -#} - -# Set this to True to display an 'Admin Password' field on the Change Password -# form to verify that it is indeed the admin logged-in who wants to change -# the password. -#ENFORCE_PASSWORD_CHECK = False - -# Modules that provide /auth routes that can be used to handle different types -# of user authentication. Add auth plugins that require extra route handling to -# this list. -#AUTHENTICATION_URLS = [ -# 'openstack_auth.urls', -#] - -# The Horizon Policy Enforcement engine uses these values to load per service -# policy rule files. The content of these files should match the files the -# OpenStack services are using to determine role based access control in the -# target installation. - -# Path to directory containing policy.json files -#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf") - -# Map of local copy of service policy files. -# Please insure that your identity policy file matches the one being used on -# your keystone servers. There is an alternate policy file that may be used -# in the Keystone v3 multi-domain case, policy.v3cloudsample.json. -# This file is not included in the Horizon repository by default but can be -# found at -# http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \ -# policy.v3cloudsample.json -# Having matching policy files on the Horizon and Keystone servers is essential -# for normal operation. This holds true for all services and their policy files. -#POLICY_FILES = { -# 'identity': 'keystone_policy.json', -# 'compute': 'nova_policy.json', -# 'volume': 'cinder_policy.json', -# 'image': 'glance_policy.json', -# 'orchestration': 'heat_policy.json', -# 'network': 'neutron_policy.json', -# 'telemetry': 'ceilometer_policy.json', -#} - -# TODO: (david-lyle) remove when plugins support adding settings. -# Note: Only used when trove-dashboard plugin is configured to be used by -# Horizon. -# Trove user and database extension support. By default support for -# creating users and databases on database instances is turned on. -# To disable these extensions set the permission here to something -# unusable such as ["!"]. -#TROVE_ADD_USER_PERMS = [] -#TROVE_ADD_DATABASE_PERMS = [] - -# Change this patch to the appropriate list of tuples containing -# a key, label and static directory containing two files: -# _variables.scss and _styles.scss -#AVAILABLE_THEMES = [ -# ('default', 'Default', 'themes/default'), -# ('material', 'Material', 'themes/material'), -#] - -LOGGING = { - 'version': 1, - # When set to True this will disable all logging except - # for loggers specified in this configuration dictionary. Note that - # if nothing is specified here and disable_existing_loggers is True, - # django.db.backends will still log unless it is disabled explicitly. - 'disable_existing_loggers': False, - 'handlers': { - 'null': { - 'level': 'DEBUG', - 'class': 'logging.NullHandler', - }, - 'console': { - # Set the level to "DEBUG" for verbose output logging. - 'level': 'INFO', - 'class': 'logging.StreamHandler', - }, - }, - 'loggers': { - # Logging from django.db.backends is VERY verbose, send to null - # by default. - 'django.db.backends': { - 'handlers': ['null'], - 'propagate': False, - }, - 'requests': { - 'handlers': ['null'], - 'propagate': False, - }, - 'horizon': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'openstack_dashboard': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'novaclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'cinderclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'keystoneclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'glanceclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'neutronclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'heatclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'ceilometerclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'swiftclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'openstack_auth': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'nose.plugins.manager': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'django': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'iso8601': { - 'handlers': ['null'], - 'propagate': False, - }, - 'scss': { - 'handlers': ['null'], - 'propagate': False, - }, - }, -} - -# 'direction' should not be specified for all_tcp/udp/icmp. -# It is specified in the form. -SECURITY_GROUP_RULES = { - 'all_tcp': { - 'name': _('All TCP'), - 'ip_protocol': 'tcp', - 'from_port': '1', - 'to_port': '65535', - }, - 'all_udp': { - 'name': _('All UDP'), - 'ip_protocol': 'udp', - 'from_port': '1', - 'to_port': '65535', - }, - 'all_icmp': { - 'name': _('All ICMP'), - 'ip_protocol': 'icmp', - 'from_port': '-1', - 'to_port': '-1', - }, - 'ssh': { - 'name': 'SSH', - 'ip_protocol': 'tcp', - 'from_port': '22', - 'to_port': '22', - }, - 'smtp': { - 'name': 'SMTP', - 'ip_protocol': 'tcp', - 'from_port': '25', - 'to_port': '25', - }, - 'dns': { - 'name': 'DNS', - 'ip_protocol': 'tcp', - 'from_port': '53', - 'to_port': '53', - }, - 'http': { - 'name': 'HTTP', - 'ip_protocol': 'tcp', - 'from_port': '80', - 'to_port': '80', - }, - 'pop3': { - 'name': 'POP3', - 'ip_protocol': 'tcp', - 'from_port': '110', - 'to_port': '110', - }, - 'imap': { - 'name': 'IMAP', - 'ip_protocol': 'tcp', - 'from_port': '143', - 'to_port': '143', - }, - 'ldap': { - 'name': 'LDAP', - 'ip_protocol': 'tcp', - 'from_port': '389', - 'to_port': '389', - }, - 'https': { - 'name': 'HTTPS', - 'ip_protocol': 'tcp', - 'from_port': '443', - 'to_port': '443', - }, - 'smtps': { - 'name': 'SMTPS', - 'ip_protocol': 'tcp', - 'from_port': '465', - 'to_port': '465', - }, - 'imaps': { - 'name': 'IMAPS', - 'ip_protocol': 'tcp', - 'from_port': '993', - 'to_port': '993', - }, - 'pop3s': { - 'name': 'POP3S', - 'ip_protocol': 'tcp', - 'from_port': '995', - 'to_port': '995', - }, - 'ms_sql': { - 'name': 'MS SQL', - 'ip_protocol': 'tcp', - 'from_port': '1433', - 'to_port': '1433', - }, - 'mysql': { - 'name': 'MYSQL', - 'ip_protocol': 'tcp', - 'from_port': '3306', - 'to_port': '3306', - }, - 'rdp': { - 'name': 'RDP', - 'ip_protocol': 'tcp', - 'from_port': '3389', - 'to_port': '3389', - }, -} - -# Deprecation Notice: -# -# The setting FLAVOR_EXTRA_KEYS has been deprecated. -# Please load extra spec metadata into the Glance Metadata Definition Catalog. -# -# The sample quota definitions can be found in: -# /etc/metadefs/compute-quota.json -# -# The metadata definition catalog supports CLI and API: -# $glance --os-image-api-version 2 help md-namespace-import -# $glance-manage db_load_metadefs -# -# See Metadata Definitions on: http://docs.openstack.org/developer/glance/ - -# TODO: (david-lyle) remove when plugins support settings natively -# Note: This is only used when the Sahara plugin is configured and enabled -# for use in Horizon. -# Indicate to the Sahara data processing service whether or not -# automatic floating IP allocation is in effect. If it is not -# in effect, the user will be prompted to choose a floating IP -# pool for use in their cluster. False by default. You would want -# to set this to True if you were running Nova Networking with -# auto_assign_floating_ip = True. -#SAHARA_AUTO_IP_ALLOCATION_ENABLED = False - -# The hash algorithm to use for authentication tokens. This must -# match the hash algorithm that the identity server and the -# auth_token middleware are using. Allowed values are the -# algorithms supported by Python's hashlib library. -#OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5' - -# AngularJS requires some settings to be made available to -# the client side. Some settings are required by in-tree / built-in horizon -# features. These settings must be added to REST_API_REQUIRED_SETTINGS in the -# form of ['SETTING_1','SETTING_2'], etc. -# -# You may remove settings from this list for security purposes, but do so at -# the risk of breaking a built-in horizon feature. These settings are required -# for horizon to function properly. Only remove them if you know what you -# are doing. These settings may in the future be moved to be defined within -# the enabled panel configuration. -# You should not add settings to this list for out of tree extensions. -# See: https://wiki.openstack.org/wiki/Horizon/RESTAPI -REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES', - 'LAUNCH_INSTANCE_DEFAULTS', - 'OPENSTACK_IMAGE_FORMATS'] - -# Additional settings can be made available to the client side for -# extensibility by specifying them in REST_API_ADDITIONAL_SETTINGS -# !! Please use extreme caution as the settings are transferred via HTTP/S -# and are not encrypted on the browser. This is an experimental API and -# may be deprecated in the future without notice. -#REST_API_ADDITIONAL_SETTINGS = [] - -# DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded -# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame -# Scripting (XFS) vulnerability, so this option allows extra security hardening -# where iframes are not used in deployment. Default setting is True. -# For more information see: -# http://tinyurl.com/anticlickjack -#DISALLOW_IFRAME_EMBED = True -COMPRESS_OFFLINE = True - -# Allow a location to be set when creating or updating Glance images. -# If using Glance V2, this value should be False unless the Glance -# configuration and policies allow setting locations. -IMAGES_ALLOW_LOCATION = True - -SESSION_ENGINE = 'django.contrib.sessions.backends.cache' diff --git a/service/files/openstack-dashboard.conf.j2 b/service/files/openstack-dashboard.conf.j2 deleted file mode 100644 index a734a46..0000000 --- a/service/files/openstack-dashboard.conf.j2 +++ /dev/null @@ -1,34 +0,0 @@ -{% set venv_path = '/var/lib/microservices/venv/lib/python2.7/site-packages' %} - -{% if horizon.tls.enabled %} -Listen 127.0.0.1:{{ horizon.port.cont }} - - -{% else %} -Listen {{ horizon.port.cont }} - - -{% endif %} - WSGIScriptAlias / {{ venv_path }}/openstack_dashboard/wsgi/django.wsgi - WSGIScriptAlias /horizon {{ venv_path }}/openstack_dashboard/wsgi/django.wsgi - WSGIDaemonProcess horizon user=horizon group=horizon processes={{ horizon.wsgi.processes }} threads={{ horizon.wsgi.threads }} python-path={{ venv_path }} - WSGIProcessGroup horizon - - Alias /static {{ venv_path }}/static - - - Order allow,deny - Allow from all - Require all granted - - - Order allow,deny - Allow from all - Require all granted - - - ErrorLogFormat "%{cu}t %-m:%-l %P:%T %M" - LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" access - ErrorLog "/var/log/ccp/horizon/horizon-error.log" - CustomLog "/var/log/ccp/horizon/horizon-access.log" access - diff --git a/service/files/server-cert.pem.j2 b/service/files/server-cert.pem.j2 deleted file mode 100644 index 8abc152..0000000 --- a/service/files/server-cert.pem.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ security.tls.server_cert }} diff --git a/service/files/server-key.pem.j2 b/service/files/server-key.pem.j2 deleted file mode 100644 index 70cf751..0000000 --- a/service/files/server-key.pem.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ security.tls.server_key }} diff --git a/service/files/servers.conf.j2 b/service/files/servers.conf.j2 deleted file mode 100644 index a983356..0000000 --- a/service/files/servers.conf.j2 +++ /dev/null @@ -1,9 +0,0 @@ -server { - listen {{ network_topology["private"]["address"] }}:{{ horizon.port.cont }} ssl; - include common/ssl.conf; - - location / { - proxy_pass http://horizon; - include common/proxy-headers.conf; - } -} diff --git a/service/files/upstreams.conf.j2 b/service/files/upstreams.conf.j2 deleted file mode 100644 index 90a6ea2..0000000 --- a/service/files/upstreams.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -upstream horizon { - server 127.0.0.1:{{ horizon.port.cont }}; -} diff --git a/service/horizon.yaml b/service/horizon.yaml deleted file mode 100644 index 3efd992..0000000 --- a/service/horizon.yaml +++ /dev/null @@ -1,77 +0,0 @@ -dsl_version: 0.1.0 -service: - name: horizon - ports: - - {{ horizon.port }} - containers: - - name: horizon - image: horizon - probes: - readiness: - type: "httpGet" - port: {{ horizon.port.cont }} - path: "/" - # {% if horizon.tls.enabled %} - scheme: "https" - # {% endif %} - volumes: - - name: horizon-logs - path: "/var/log/ccp/horizon" - type: host - readOnly: False - pre: - - name: chown-logs-dir - command: "sudo /bin/chown horizon:horizon /var/log/ccp/horizon" - - name: horizon-compress # Just for Mitaka compatibility - command: /var/lib/microservices/venv/bin/python /var/lib/microservices/venv/bin/manage.py compress - daemon: - dependencies: - - keystone - - memcached - files: - - horizon-local-settings - - openstack-dashboard-conf - # {% if horizon.tls.enabled %} - - ca_cert - # {% endif %} - command: daemon.sh - # {% if horizon.tls.enabled %} - - name: nginx-horizon - image: nginx - daemon: - files: - - servers - - upstreams - - server-cert - - server-key - command: nginx - # {% endif %} - -files: - horizon-local-settings: - path: /etc/openstack-dashboard/local_settings - content: local_settings.j2 - openstack-dashboard-conf: - path: /etc/apache2/conf-enabled/openstack-dashboard.conf - content: openstack-dashboard.conf.j2 - # {% if horizon.tls.enabled %} - servers: - path: /etc/nginx/conf.d/servers.conf - content: servers.conf.j2 - perm: "0400" - upstreams: - path: /etc/nginx/conf.d/upstreams.conf - content: upstreams.conf.j2 - perm: "0400" - ca_cert: - path: /opt/ccp/etc/tls/ca.pem - content: ca-cert.pem.j2 - server-cert: - path: /opt/ccp/etc/tls/server-cert.pem - content: server-cert.pem.j2 - perm: "0400" - server-key: - path: /opt/ccp/etc/tls/server-key.pem - content: server-key.pem.j2 - perm: "0400" - # {% endif %} diff --git a/tools/yamllint.sh b/tools/yamllint.sh deleted file mode 100755 index 6e84445..0000000 --- a/tools/yamllint.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -set -ex - -workdir=$(dirname $0) -yamllint -c $workdir/yamllint.yaml $(find . -not -path '*/\.*' -type f -name '*.yaml') diff --git a/tools/yamllint.yaml b/tools/yamllint.yaml deleted file mode 100644 index 6c2e4a7..0000000 --- a/tools/yamllint.yaml +++ /dev/null @@ -1,21 +0,0 @@ -extends: default - -rules: - braces: - max-spaces-inside: 1 - comments: - level: error - comments-indentation: - level: warning - document-end: - present: no - document-start: - level: error - present: no - empty-lines: - max: 1 - max-start: 0 - max-end: 0 - line-length: - level: warning - max: 120 diff --git a/tox.ini b/tox.ini deleted file mode 100644 index 8b6a5b9..0000000 --- a/tox.ini +++ /dev/null @@ -1,17 +0,0 @@ -[tox] -minversion = 1.6 -envlist = linters,bashate -skipsdist = True - -[testenv:linters] -deps = yamllint -commands = - {toxinidir}/tools/yamllint.sh - -[testenv:bashate] -deps = bashate>=0.2 -whitelist_externals = bash -commands = bash -c "find {toxinidir} -type f -name '*.sh' -not -path '*/.tox/*' -print0 | xargs -0 bashate -v" - -[testenv:venv] -commands = {posargs}