Commit Graph

233 Commits

Author SHA1 Message Date
Michal Arbet fde9264e66 Rework horizon image to support local_settings.d
The local_settings.py config is rendered by kolla-ansible
orchestration, which is not a good approach because upstream
local_settings.py can be changed anytime and that can be a problem,
as it was shown recently with the new version of horizon.

Fortunately, horizon supports local_settings overrides in
local_settings.d directory and moreover it's preffered
way how to configure horizon as per doc [1].

This patch just change the structure of files to support it.

[1] https://docs.openstack.org/horizon/latest/configuration/settings.html

Change-Id: Ib0c060adffe5287d786ba9247c6b962732cdb5e0
2024-02-05 12:30:48 +01:00
howardlee 21c82c2be6 Add venus-dashboard into horizon image.
Change-Id: Idbb16f373260735e9650be57042952258a2ee3f9
2023-08-22 07:55:59 +00:00
Marcin Juszkiewicz 19e40f1608 docker: implement macros to alter upper-constraints.txt
upper_constraints_remove() macro allows to remove line
upper_constraints_version_change() allows to change versions

This way we have cleaner way to alter u-c in those images which need it.

Change-Id: I8fc354b8aa4d03fcd3ecfb9cbfe75de67492a0e3
2023-04-21 14:13:24 +02:00
Michal Nasiadka 52a53927f5 Remove monasca, kafka, storm and zookeeper.
Monasca, kafka, storm and zookeeper have been removed in kolla-ansible [1],[2].

[1]: https://review.opendev.org/c/openstack/kolla-ansible/+/861392
[2]: https://review.opendev.org/c/openstack/kolla-ansible/+/865029

Change-Id: I0958a9353bc4585c4f65a1d316328a0e80b0b8b7
2022-12-06 12:58:10 +00:00
Radosław Piliszek 2daf4331a6 Fix writable rootwrap/privsep config
Fixes a hypothetical security issue related to privilege escalation via
rootwrap/privsep. A potential vulnerable service could previously allow
writes to its rootwrap/privsep config and thus allow for more commands
to be run with root privileges via rootwrap/privsep. For a succesful
attack, this would also require the service to allow to run arbitrary
commands via rootwrap/privsep. Thus far, no such vulnerabilities have
been reported and thus this fix is simply strengthening the container
images against such an issue in the future.

Change-Id: I92c81c77e6a16570a108cde8031f7977930fb02a
Closes-Bug: #1874298
2022-10-10 15:06:05 +00:00
Marcin Juszkiewicz 878b00013b Move to CentOS Stream 9
OpenStack 'zed' requires Python 3.8+ so RHEL 8 family has to go.

This changeset moves to CentOS Stream 9 while move to RockyLinux 9 is
planned as final solution.

CI moved to CentOS Stream 9 nodes.

Depends-on: https://review.opendev.org/c/openstack/kolla-ansible/+/839715

Change-Id: I113b9984294cf8663d3fc0c8840320e1d40ea731
2022-09-27 07:40:06 +00:00
Marcin Juszkiewicz e21aeb5ae9 flatten images a bit
As we have one type of images now some RUN calls could be merged so we
will have less layers in resulting images.

Change-Id: I5178c58fbd8c65efe825dc249c0f1368ef0fe8e0
2022-04-21 18:53:14 +00:00
Tim Shearer 1d96a2bbe1 Adjust permissions on _extend_start files.
Explicitly set the permissions on the kolla-toolbox kolla_extend_start
file. Also, since all extend_start files are sourced rather than
executed, the executable bits are now cleared throughout the project.

Change-Id: I5c2deb4a2e33575d57c852089f856a9acc6818d0
2022-04-11 17:22:24 +02:00
Marcin Juszkiewicz 9e21a323e2 horizon: binary images are gone
We no longer need to check for them so one MANAGE_PY is enough.

Change-Id: Iee2f3bb1c0444f414cad2617dea225192ab8dc81
2022-04-11 11:47:54 +02:00
Marcin Juszkiewicz 1749da2fbf docker: drop binary parts
Big patch drops all mentions of binary images support. Suggestions are
welcome how to split it into parts or handle better.

Change-Id: I5d5a46c6ce7734ceb8b844e17b43e359d7cac6e3
2022-04-09 17:44:26 +02:00
Mark Goddard 3479eb7814 horizon: add various dashboard plugins for ubuntu/binary
These were added for Debian/binary, but not Ubuntu/binary.

Change-Id: I74bfa6326d8a72f9bba409e6a725fdb55b48c6b1
Closes-Bug: #1931075
2021-11-23 12:35:33 +01:00
Radosław Piliszek eedcfb5150 [horizon] Copy Masakari policy in YAML format
Since commit 39f03063c0b0b22e608bbc606423e51be632be2a in
masakari-dashboard (also in Depends-On), Masakari dashboard uses
and distributes only the policy in YAML format.

Depends-On: https://review.opendev.org/c/openstack/masakari-dashboard/+/798842
Change-Id: Id1aad2c8894331b9540bfc66177368536667f003
2021-08-07 09:32:36 +00:00
Zuul f95ba3d8a3 Merge "Add missing default policy files for debian-binary-horizon" 2021-07-29 10:47:42 +00:00
Michal Arbet 4c2990a99f Add masakari-dashboard to debian binary horizon image
This patch is adding python3-masakari-dashboard
to debian binary image as we added masakari-dashboard
to debian in wallaby cycle.

Change-Id: Ie3f357eaae5d1378ada32451dbd74f01f5cd2ba2
2021-07-03 11:22:43 +02:00
Michal Arbet 01d02be25e Add missing default policy files for debian-binary-horizon
The debian-binary-horizon image is missing the default policies files
which should be in /etc/openstack-dashboard/default_policies. By copying
everything from /etc/openstack-dashboard/policy
into /etc/openstack-dashboard, we get the default policy files, as well
as commented out policy files (e.g. cinder_policy.yaml) and the
nova_policy.d directory containing api-extensions.yaml.

Change was merged for ubuntu in [1] but unfortunatelly
not for debian, this trivial patch fixes it also
for debian.

[1] https://review.opendev.org/c/openstack/kolla/+/794589

Closes-Bug: #1933759
Change-Id: I822d640a251e6ed9f71c76a922513e23e4218418
2021-07-01 12:18:27 +02:00
Zuul 416a84908e Merge "Horizon: Install required policy files for heat-dashboard" 2021-06-17 08:42:44 +00:00
Zuul b414ae2bce Merge "Horizon: Install policy files for manila-ui" 2021-06-17 07:51:25 +00:00
Scott Shambarger f68dfb88fd horizon: Correct location of monitoring_policy file
Patch to correctly copy monitoring_policy.json into
/etc/openstack-dashboard.  Policy was misplaced, and not being enforced.

Note that by current default policy, admin doesn't not have Monitoring
access.

Closes-Bug: #1928408
Change-Id: I4faabdfa9c273fc61b536e6ce88b8d71ab2fc581
2021-06-11 04:59:42 +00:00
Takashi Kajinami 77fc442a91 Horizon: Install policy files for manila-ui
Since the commit 89a90ff9773b93062760df5e3deefb9750112633 was merged,
manila-ui provides two policy files. This change ensures that these
files are installed when manila-ui is enabled.

Change-Id: Id92145ba74237da2fd8430b9d84413465297d3a7
2021-06-07 18:33:06 +09:00
Takashi Kajinami f9715a66e2 Horizon: Install required policy files for heat-dashboard
Since the commit 8e7914fce24d2c9d94a83795983aaa0fb05f020c was merged,
heat-dashboard no longer use policy.json but it use two yaml files to
manage policy rules. This change updates managed files for
heat-dashboard accordingly.

Change-Id: I0cae18c1d5169cd444a14ba3b56de24dede5919c
2021-06-05 12:22:05 +09:00
Pierre Riteau 740448a658 Add missing default policy files for ubuntu-binary-horizon
The ubuntu-binary-horizon image is missing the default policies files
which should be in /etc/openstack-dashboard/default_policies. By copying
everything from /usr/share/openstack-dashboard/openstack_dashboard/conf
into /etc/openstack-dashboard, we get the default policy files, as well
as commented out policy files (e.g. cinder_policy.yaml) and the
nova_policy.d directory containing api-extensions.yaml.

Change-Id: I3c6fdcb9b7dd7443a7755599f7e4ee59f67e0a91
Closes-Bug: #1930586
2021-06-03 15:37:45 +02:00
Marcin Juszkiewicz 5c0c2d2448 centos: enable PowerTools repo in images which needs it
We moved to CentOS Stream 8. Just no one noticed that binary target was
failing to build.

This change sorts out all failing images.

Change-Id: Ia7768caabfe214a629339d50973d0d9873fc65d5
2021-03-22 14:47:38 +01:00
Christian Berendt 0028073ebb Remove zaqar image and related plugins
Signed-off-by: Christian Berendt <berendt@betacloud-solutions.de>
Change-Id: Id3187b2b95e9b9bd3d9233a498f7c45e66c604c7
2021-01-25 16:10:21 +01:00
Radosław Piliszek 48e6309926 Horizon: gentler `-o nounset` handling
When running with `-o nounset` since [1], the Horizon became quite
fragile to run as it started requiring all ENABLE_* environment
variables to be set upfront. Normally they are - via kolla-ansible.
However, when working with it outside of kolla-ansible or removing
services (like it was the case 3 times during the Wallaby cycle),
it creates needless issues (like having to wait for images to get
published for kolla-ansible gate or users bumping into irrelevant
incompatibilities [2]).

This patch makes sure all ENABLE_* environment variables default
to 'no' and are no longer required to be set when there is no
need to set them to 'yes'.

[1] 032804e5a0
[2] https://bugs.launchpad.net/kolla/+bug/1911141

Change-Id: I644e072a699dccd8f32a24e484ff6dab7b9b449d
2021-01-25 15:08:12 +00:00
Zuul 62da72f5db Merge "horizon: set FORCE_GENERATE to no if not set" 2021-01-16 17:49:40 +00:00
Kendall Nelson d4a68553b2 Remove Retired Karbor Support
As announced on the openstack-discuss ML[1], Karbor is retiring
this cycle (Wallaby).

Needed-By: https://review.opendev.org/c/openstack/karbor/+/767032

[1] http://lists.openstack.org/pipermail/openstack-discuss/2020-November/018643.html

Change-Id: I0b8b1782874282636552f3ffe924a8d512d48959
2020-12-18 20:54:36 +01:00
Ghanshyam Mann 60a9b77a47 Remove retired Searchlight support and images
Searchlight project is retiring in Wallaby cycle[1].
This commit removes the images and support of Searchlight
project before its code is removed.

Needed-By: https://review.opendev.org/c/openstack/searchlight/+/764526

[1] http://lists.openstack.org/pipermail/openstack-discuss/2020-November/018637.html

Change-Id: Ibcae8d0af13fd1d242912b8703c1d1253e2a1326
2020-12-11 20:22:13 +01:00
Ghanshyam Mann d66ff8d3a3 Remove retired Qinling support and images
Qinling project is retiring in Wallaby cycle[1].
This commit removes the usages of Qinling project
before its code is removed.

Needed-By: https://review.opendev.org/c/openstack/qinling/+/764521

[1] http://lists.openstack.org/pipermail/openstack-discuss/2020-November/018638.html

Change-Id: I5bb79f08b76830981be95df19f3a33f5fda6893d
2020-12-11 14:21:10 +00:00
Christian Berendt b2d888368b horizon: set FORCE_GENERATE to no if not set
Signed-off-by: Christian Berendt <berendt@betacloud-solutions.de>
Change-Id: I303ee5367aba0ae114e52b7b559faf06133f2304
2020-11-30 13:48:23 +01:00
Radosław Piliszek 032804e5a0 Be strict about errors in start
Make start.sh run with pipefail and nounset to avoid common errors
in the start scripts and detect them early.

Httpd code had to be patched to allow it to pass on Debuntu.

Also fix the two missed applications of httpd to make sure all
its path are covered.

And also fix Horizon's ENABLE_ZAQAR - K-A does not use Zaqar.
Yet another - Horizon's settings_bundle. :-)

Finally, fix Neutron for Debuntu (KOLLA_LEGACY_IPTABLES).

Change-Id: I39b8d78f6758df1f92b8b0d2c06ea99b038b843b
Depends-On: https://review.opendev.org/711923
2020-10-05 13:03:39 +02:00
Mark Goddard 4f44870376 Fix Masakari dashboard policy file location
The horizon image copies the masakari dashboard's policy file to Python
site packages, but it should go to /etc/openstack-dashboard. This allows
the dashboard to be seen by non-admins, although it fails to load.

We get an error like the following in horizon.log:

No policy rules for service 'instance-ha' in
/etc/openstack-dashboard/masakari_policy.json

This change fixes the issue.

Change-Id: I8ede183c76a830de06ce6524dc3f6f6944b182c1
Closes-Bug: #1894240
2020-09-06 09:05:36 +00:00
Zuul fd60c65710 Merge "Refactor httpd install to base image" 2020-08-10 17:52:00 +00:00
James Kirsch 5bdf514645 Refactor httpd install to base image
Refactor installing and initial setup of httpd and mod wsgi from
individual services to base image.

Change-Id: I651a55a9ebe258ef403d33de010a4dfb368a4021
2020-08-10 09:51:07 +00:00
Michal Arbet cf2322322e Add missing horizon plugins for debian based OS
Change-Id: I220fb14a1c5a2bd1fdbc0fa4e5316da41a70c788
2020-08-05 13:40:58 +02:00
Zuul 12905b5fc1 Merge "Remove deployment of FWaaS" 2020-06-30 08:50:43 +00:00
Zuul c778749bc7 Merge "Fix horizon debian binary docker image" 2020-06-22 09:42:15 +00:00
Michal Arbet 46f8eed88a Fix horizon debian binary docker image
Debian packages are different from ubuntu packages.
Differencies in /etc/openstack-dashboard:
  - Symlinking {{ python_path }}/openstack_dashboard/local/enabled/ -> /etc/openstack-dashboard/enabled
  - Symlinking {{ python_path }}/openstack_dashboard/local_settings.d/ -> /etc/openstack-dashboard/local_settings.d
  - Symlinking {{ python_path }}/openstack_dashboard/conf/ -> /etc/openstack-dashboard/policy

Every dashboard-plugin debian package is copying his policy files, local_settings, enabled to above locations.
Every dashboard-plugin is triggering dpkg and collect-static, compress is done by openstack-dashboard package.
Kolla has to remove all these debian package's configs and provide kolla configs.
Move also /etc/openstack-dashboard/policy to standard location and delete symlink as kolla-ansible is overriding
default policy files path to /etc/openstack-dashboard/.

Change-Id: Ieca15bdb315d52e9547d798df11641ef36485b26
Depends-On: https://review.opendev.org/733612
2020-06-21 01:35:18 +02:00
gugug e332891a8a Remove the congress images since it has been retired
more info: https://review.opendev.org/#/c/721733/

Depends-On: I12d74b53b64268d0358220af35f7fd719d82b397
Depends-On: I21c9ab9820f78cf76adf11c5f0591c60f76372a8
Change-Id: I7bd03b4f70ddfb15c96ed68e659cb6dccb0c36a3
Co-Authored-By: jacky06 <zhang.min@99cloud.net>
2020-06-19 18:13:53 +00:00
Alfredo Moralejo d3742fb9d8 Remove deployment of FWaaS
FWaaS is being retired upstream [1][2] in V cycle.

[1] https://review.opendev.org/#/c/735838/

Change-Id: I45679c8596844780565644e52034bd3de0915ff4
2020-06-18 22:12:05 +00:00
Marcin Juszkiewicz 53443c5c71 Remove support for CentOS 7
With the move to RHEL/CentOS 8 we no longer have Python 2 in our images
so there is no need for checking which Python version (2.x or 3.x) is
used inside of containers.

We also no longer have to support yum as a value for
distro_package_manager.

Partially-Implements: blueprint centos-rhel-8

Change-Id: Ie45cf3465fedddbde7856961527421883ba3d5c9
2020-04-15 09:32:06 +00:00
Christian Berendt 861f55fbfd Add block labels to all Dockerfiles
Change-Id: I9692dda817ef134d647247431565e1b58cf9da41
2020-03-01 17:25:58 +00:00
Zuul 58f7c1f1e4 Merge "Adds monasca-ui to horizon" 2020-01-14 18:38:36 +00:00
Marcin Juszkiewicz 8b7ec43536 horizon: fix build in stable branches
When [1] was committed, horizon stopped building for Train.
Analogous patch is proposed to other stable branches.

This patch removes horizon from upper-constraints.

Kolla master is affected directly because we build Train
for CentOS 7 atm.

[1] 3e54878f9c

Co-authored-by: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Change-Id: I1bd5a40eeef9612d995c81426fe510e89f438725
2020-01-07 16:21:12 +00:00
Hamed Bahadorzadeh 154e86e0fe Adds monasca-ui to horizon
'config_monasca_dashboard' method added and called so if
'ENABLE_MONASCA' is set this merhod will add monasca-ui to horizon.

Change-Id: If46d0d629a678f9878f36f1cfbe31153ab5ebf9b
Implements: blueprint monasca-ui
Signed-off-by: Hamed Bahadorzadeh <h.bahadorzadeh@gmail.com>
2020-01-04 10:25:14 +00:00
Zuul f1eb7a5fd7 Merge "Refactor Apache httpd setup" 2019-12-16 11:42:28 +00:00
Mark Goddard 8484190e77 Refactor Apache httpd setup
All Apache httpd setup has been moved to a new helper script,
kolla_httpd_setup. This includes the existing clean of /run/httpd,
/var/run/httpd, /tmp/httpd etc.

Horizon has an additional bit of Apache config for Debian/binary, which
has been kept in extend_start.sh for horizon.

Change-Id: Ia2af74b69c151db0bd7e452460b0babcee50b282
Related: blueprint centos-rhel-8
2019-12-11 11:38:46 +00:00
Mark Goddard 0ff14f85e4 Revert "Introduce macro to remove Py3 only plugins on CentOS 7"
This reverts the following commits:
df987c9d3f
d866c63a32
6b40b655f1

These are no longer necessary as we are using stable/train branch for
source images until CentOS 8 / python 3 support is available and
working.

Change-Id: I5aedf1141862d51c5bb676a7393fc131c452c914
Related: blueprint centos-rhel-python-3
2019-12-06 15:41:32 +00:00
Marcin Juszkiewicz df987c9d3f Introduce macro to remove Py3 only plugins on CentOS 7
As CentOS 7 is Python 2 we need a way to remove plugins used in
OpenStack components once they switch to be Python 3 only.

'remove_py3_only_plugins_for_py2' macro does exactly that.

This change also disables networking-bgpvpn for python 2.

Change-Id: Ib90aabc485f1c831d3d41cc0f70052f8fffc3fe6
Related: blueprint drop-py2-support
2019-12-05 14:48:05 +01:00
Viktor Michalek 683f9c9178 Horizon: install vitrage dashboard on Debian
Change-Id: I4e60fcd767f15b7da90b0143008b1d6d794c76f2
2019-11-28 18:26:09 +00:00
Marcin Juszkiewicz d866c63a32 horizon: do not build neutron-vpnaas-dashboard for CentOS 7
This plugin moved to Python 3 only:

Change-Id: Ifa664ff2d65a7cbc969c4b1c279eae1ac21225d7
INFO:kolla.common.utils.horizon:[91mERROR: Package 'neutron-vpnaas-dashboard' requires a different Python: 2.7.5 not in '>=3.6'
2019-11-28 09:58:45 +01:00