Commit Graph

213 Commits

Author SHA1 Message Date
Zuul 99499ec289 Merge "Do not change mode of files recursively" 2024-03-22 09:28:38 +00:00
Dmitriy Rabotyagov e62a2cd3ad Deploy default policy files
At the moment our role does not account for provisionment of default
policy files for extra dashboards.

While they should not be required, it has been reported that absence
of such policy files results in unexpected behaviour. So let's symlink them
alike to how we do with regular policies.

Closes-Bug: #2055415
Change-Id: I683c12938fd4aa67304f564678514bc48bd86a79
2024-03-21 17:04:13 +00:00
Dmitriy Rabotyagov 47364bcadd Do not change mode of files recursively
Current behavior leads to all files having executable bit which is not
anticipated or required behaviour.

Thus, we should avoid defining mode recursively to the directory

Closes-Bug: #2052011
Change-Id: I30b9b6a70d2cabfb1f1f434cd883ea2503d867bc
2024-03-08 12:00:17 +00:00
Dmitriy Rabotyagov d4ef66fc02 Override pyScss version with a bugfixed one
In order to compress static files against pyhton 3.11 a fixed version
with fixed regexp in pyScss is needed. While fix is merged, pyScss is
not tagged/released yet.
While this required only for Debian12, it will work nicely also with older
python versions, since there're almost no changes in the package.

instead of building based on SHA.

Change-Id: I76f945310b70c1b081800c5ba0ec922795b60a73
2023-10-17 06:32:59 +00:00
Dmitriy Rabotyagov a4ecbfc6dc Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Change-Id: I40ff3ec0393bf90836d943fc09e74d6a5f207b48
2023-07-17 10:25:45 +02:00
Damian Dabrowski db7110d297 Add PKI support to horizon backends
Replace legacy SSL support with ansible-role-pki.
It is used to generate required TLS certificates if needed.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085

Change-Id: Id2f9d6f911cee6e58c261c1a68c34a37ab9ced4f
2023-04-29 18:37:24 +02:00
Damian Dabrowski 4686326650 Rename horizon_enable_ssl to horizon_backend_ssl
To standarize variable name across roles, this change renames
`horizon_enable_ssl` to `horizon_backend_ssl`.
All other roles use `<service>_backend_ssl` format.
It also better describes what it does. With `horizon_enable_ssl` it's
unclear whether it is about frontend or backend.

Backward compatibility will be kept until 2024.1.

Change-Id: I218d45b7be667732e4204316b8d18fa3e136962b
2023-04-11 19:35:19 +02:00
Damian Dabrowski c92f45e3af Fix horizon_enable_ssl logic
Current logic does not allow horizon backend to listen on https
(`horizon_enable_ssl`) if external loadblanacer serves TLS
(`horizon_external_ssl`).
It basically forces backend to listen on plain http in this case which
does not make any sense. It should be possible to enable TLS on both
loadbalancer and horizon backend.

Additionally, with this patch, role defines a proper
HTTP_X_FORWARDED_PROTO header value(it's included in
`horizon_secure_proxy_ssl_header` and
`horizon_secure_proxy_ssl_header_django` and can be set to 'http' or
'https') based on whether external load balancer listens on https
(`horizon_external_ssl`)[1].
For example if loadbalancer listens on https and backend on http,
HTTP_X_FORWARDED_PROTO should be set to 'https'. Otherwise horizon will
respond with redirection to http.

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto

Change-Id: I7706e52c01b3f0d72ea383a0476045e606078cff
2023-04-11 19:35:00 +02:00
Zuul 43cb7e1243 Merge "Add uwsgi option to horizon" 2022-09-27 21:04:24 +00:00
Kevin Carter 8f8a84f15c Add uwsgi option to horizon
This change provides the horizon role the ability to deploy its services
using uWSGI instead of apache. This feature produces a minimal horizon
deployment which is perfectly functional in cases where capabilities
like federation and SSL terminated all the way through are not needed.

Change-Id: I457a111511543731746d868ae7f7184743e5703b
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
2022-09-21 01:18:34 +00:00
Erik Berg 1cc07a1b0b Remove redundant vars line
This line snuck in with I6b68d4d15ae516d23c88b3c4c21a076e8d54604e
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.

Change-Id: I72281dbc768e8f5f6b702d91abe63bc96376ac30
2022-09-14 13:18:21 +02:00
Dmitriy Rabotyagov 2c9f231d6a Release pyscss constraints
With [1] pyscss version was bumped to 1.4.0. With that horizon also
requires pyscss>=1.4.0 which means there's no need to additionally
constraint it.

We also temporary disable all functional jobs to resolve circular
dependency.

Needed-By: https://review.opendev.org/c/openstack/openstack-ansible/+/847272
[1] 4fa5acc415

Change-Id: I5676d358d1ec38904fc067ab5f14711358f6031c
2022-07-05 07:17:48 +00:00
Zuul aa9468459f Merge "Override pyScss version for python3.10" 2022-05-04 15:15:09 +00:00
Jonathan Rosser 39c6022bf6 Override pyScss version for python3.10
Openstack upper-constraints for the Yoga release does not specify
a version of pyScss which is compatible with python3.10, this only
starts to happen with the Zed release.

To obtain experimental support for Ubuntu Jammy with the Yoga
release we adjust the upper-constraints to describe a python3.10
compatible version of pyScss.

Change-Id: I04b7b8bc2c8e666f155cccf58bd920ee7d699d72
2022-05-03 09:11:02 +01:00
Dmitriy Rabotyagov 3c20e3607e Improve defining horizon_lib_dir
Instead of hardcoding lib directory for distro installs, we can
retrieve it dynamically based on the horizon.__file__ output

Change-Id: I8e87f9a9945b7526c90ca8c4dc09e43a86ab62e0
Closes-Bug: #1950798
2022-02-04 11:40:17 +00:00
Jonathan Rosser c22a552c6f Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.

This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.

Change-Id: I6b68d4d15ae516d23c88b3c4c21a076e8d54604e
2022-01-12 08:32:22 +00:00
Dmitriy Rabotyagov 060bf6c513 Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814



Change-Id: I649c5d02b9c909a3339799711a4a7816381a6626
2021-11-30 15:17:18 +02:00
Dmitriy Rabotyagov 2447deec62 Add option to override horizon policies
In case policies are overriden for services,
horizon maintain and ship it's own set of policies that should be
separatelly overriden.

Depends-On: https://review.opendev.org/754382
Change-Id: I7099a5b11390d3296c7b4bb74d69670c7fe64f58
2021-08-20 11:16:04 +00:00
Zuul 78afb003b9 Merge "Add adjutant dashboard" 2021-04-19 20:52:37 +00:00
Jonathan Herlin 0634bf19b4 Add adjutant dashboard
Depends-On: Ibd11a9c12c924b8e51b42fe4c8879baa25d410f4
Change-Id: I13fc2417e234cd3312fa741ab91c59d8cc970b38
2021-04-01 14:40:05 +02:00
Jonathan Rosser 89089cc288 Fix u-c filter regex
Change-Id: Ic2de45a22de68d4c7f3aa8f88a45a4e5e14fca7b
2021-03-30 10:14:25 +01:00
Jonathan Rosser 5e702329d5 Remove references to unsupported operating systems
All references to Gentoo, SUSE, Debian stretch and Centos-7  are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible

Change-Id: I31c5e6cde00cdb7addcc0cb4b1c7a13529ce1e60
2021-03-10 12:18:02 +00:00
Jonathan Rosser 9c8062fb51 Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: Ia8eca0c54079f96f1160ac88670392794e7f747a
2021-02-26 22:53:36 +00:00
Zuul 2c2289b09f Merge "Fix race condition in compression of static files" 2021-02-15 12:38:20 +00:00
Jonathan Rosser 8e712e93b5 Install barbican-ui when the barbican service is deployed
Change-Id: Id2c7ecdcbd276c9057816c7049dd1a25864b1a32
2021-02-12 17:18:49 +00:00
Andrew Bonney a26eee05f7 Fix race condition in compression of static files
At present, the collection and compression of static file is
carried out asynchronously to speed up execution. If compression
starts before collection has completed it can result in incomplete
results which cause the Horizon front end to produce 500 errors.

This patch switches the collection of static files back to a
synchronous task before triggering the slower compression as an
asynchronous task to maintain most of the speed-up benefit.

Change-Id: If9df63b2ef0031c91303d3fcb56474cbf7d648f9
2021-02-11 13:14:19 +00:00
Zuul 33461af97d Merge "Move horizon pip packages from constraints to requirements" 2021-01-28 17:05:47 +00:00
Jonathan Rosser bd81eb7290 Move horizon pip packages from constraints to requirements
This is necessary to support the new pip resolver.

Depends-On: I9be6bbf4a29a4da2ddf96dc0336bc2a7d8ec9281
Depends-On: I49c75dd11d6c4e8d37fe013b7ffdfd56ff193fcd
Change-Id: Ibab50a351d5e14bfc993884036c27cc3f2eee424
2021-01-26 17:20:11 +00:00
Danny Meloy 8e1b3f522a Add missing 'horizon-config' tag
There is a missing tag in the os-horizon-install.yml
file that leads to an undefined variable error when
running the playbook with '--tags horizon-config'

Change-Id: I77246d51a7880ef373ef4b33e199032d204f8b89
2021-01-18 17:56:39 +00:00
Jonathan Rosser e422dbe63a Do not manage /etc/ssl or /etc/pki directories or symlinks
For a metal deployment the keystone and horizon roles both try to
do this and it should be done in one place. This is moved to the
openstack_hosts role.

Depends-On: https://review.opendev.org/754095
Depends-On: https://review.opendev.org/754382
Change-Id: I8471685bb677ac4f15d808c274a5b1dde6fb2c81
2020-09-25 16:24:10 +00:00
gugug fe00ea83d0 Remove the neutron-fwaas since it retired
Depends-On: I561504160e5548c54d1af31821c3366ab34cf0ec
Change-Id: Ib03f3d25a2b28fc7a856a1838440acfd4d7656e4
2020-06-20 12:13:25 +00:00
Dmitriy Rabotyagov a51da4719e Compile mod-wsgi module for CentOS 7
CentOS 7 do not have Apache mod-wsgi package for py3, so we're building it.

Change-Id: I02f7b3c91468c5d7ed44d950afa2cc6164d2650f
2020-06-10 16:06:23 +03:00
Dmitriy Rabotyagov 9678045a70 Use horizon native wsgi app
The only difference between our and native wsgi app
were adding extra path [1] to sys.path.
However, nowadays this path is already part of syspath

[1] /openstack/venvs/horizon-20.1.1.dev7/lib/python3.6

Change-Id: I90a502fbdeb0040832b66e9df389ab3517b951f4
2020-05-06 10:48:09 +03:00
Zuul cdfdea4cd1 Merge "Fix horizon-config tag" 2020-04-26 13:44:38 +00:00
Dmitriy Rabotyagov 09f613dab7 Fix horizon-config tag
If role has been run with horizon-config tag it was ending up with [1]
So to avoid failure we add this tag to set_fact task.

[1] http://paste.openstack.org/show/792048/

Change-Id: I02026f135162fcbad646dd162344a4f4dd9f3b12
2020-04-13 19:02:14 +03:00
Dmitriy Rabotyagov 5f1c6eb018 Run service_setup only once
Currently we're executing os_keystone_role against all horizon hosts,
while we need to execute it just once. Thist patch fixes this behaviour.

Change-Id: Ie93cb1b805c67ae382ac722378b526bbd1779ed5
2020-04-13 15:16:25 +03:00
Dmitriy Rabotyagov 61caabf325 Add murano-dashboard
This patch adds deployement of murano-dashboard to horizon,
once `horizon_enable_murano_ui` variable is set to True.

Depends-On: https://review.opendev.org/710773
Change-Id: I9a2f1920611ca8ad2b2f2cdb625281132b968ec2
2020-03-25 20:06:28 +00:00
Dmitriy Rabotyagov 9c3c776c7a Switch SESSION_ENGINE to memcached
Previously we were using cached_db session backend by default.
However with django version update, it requires more recent
mysqlclient module which is not part of requirements.
Moreover usage of cached_db makes us to carry and maintain
extra stuff, which can be dropped with memcached backend.

Change-Id: I8df7ee967d8dcbeb09a42fd568f98acc3e88adad
2019-12-18 19:52:38 +02:00
Jean-Philippe Evrard c91d483436 Remove int to string conversion
Without this patch, int will get converted to string, which
is then applied in cron module, and is inconsistent with the other
string input (which the module expects). This can lead to failures.

This fixes it by ensuring everything is a string! boooo.

Change-Id: I3170cc2647947a0365543218f289480bab9ee4ce
2019-12-06 16:10:55 +01:00
Dmitriy Rabotyagov a2280e2e90 Retire neutron-lbaas UI plugin
Because of global retirement process of neutron-lbaas  we stop providing
neutron-lbaas-ui plugin installation for horizon.

Change-Id: Ic39a4d1cc03df72a4080abd6513bf8f4036da456
2019-09-13 13:37:54 +03:00
Zuul 719cdbac4c Merge "Allow venv python interpreter to be overridden" 2019-09-11 12:02:20 +00:00
Jonathan Rosser 20e47c9e4b Add python3 compatibility to horizon role
* Remove horizon_python_lib_dir, this is not used anywhere
* Autodetect the horizon_lib_dir for source installs
* Remove hardcoded python2.7 path from uwsgi template

Change-Id: I0747ad5c50c0c007385b4756f1b386363bafcf93
2019-09-10 06:07:05 +00:00
Jonathan Rosser 98a9def99b Allow venv python interpreter to be overridden
Change-Id: I436e2efd52b8c5c5df9d7346d2c681683e736ebe
2019-09-09 13:44:06 +01:00
OpenStack Proposal Bot c53c2eb574 Updated from OpenStack Ansible Tests
Change-Id: I57d5e0210a9bec974f7b4fe0c971b267bde2ab92
2019-09-04 15:14:27 +00:00
Dmitriy Rabotyagov ef1c53fa88 Use systemd-journald instead of log files
This patch aims to migrate apache from usage of regular syslog files
to journald.

Change-Id: Ifde6b86bec87fdd2fa161f8d28aed7f6ffa52f74
2019-07-24 18:32:47 +03:00
OpenStack Proposal Bot 1632b71803 Updated from OpenStack Ansible Tests
Change-Id: Idae4acc12c4e254ef5a10ccffd1bf96bc4146d48
2019-07-16 14:51:46 +00:00
Guilherme Steinmüller 87effc0479 db_setup: refactor database setup to a common file
This patch refactors the database creation to db_setup.yml which
will eventually be managed by openstack-ansible-tests.

This also re-orders the mq_setup to be done earlier so these system
level dependencies are ready before service activation.

Change-Id: Ia3be70460248d3dcaeea42e2bbc6af4160ea7108
2019-07-15 01:23:06 +00:00
Mohammed Naser b647643db7 Copy over YAML policy files
There are some projects (such as Octavia) that ship YAML policy
files such as Octavia so this patch copies them as well.

Change-Id: Ic78d130bb3899720f619d8a78155c7b36807a07c
2019-03-30 19:27:40 -04:00
Mohammed Naser 1f42417204 Place policy in correct folder
This patch registers the policy paths in a seperate task in order
to be able to place them in the correct folder, alongside the other
policy files so that Horizon can load properly.

Without this, the heat_policy.json file doesn't get linked in the
config location and the dashboard fails to load due to a missing
policy file.

Change-Id: Ic1e7e3ae5bb2f8d56602209c185a1ed025c0fdfa
2019-03-29 21:54:44 -04:00
Zuul 86b8e98bac Merge "Set appropriate branch key in _horizon_translations_pull" 2019-03-27 03:03:59 +00:00