Rename horizon_enable_ssl to horizon_backend_ssl

To standarize variable name across roles, this change renames
`horizon_enable_ssl` to `horizon_backend_ssl`.
All other roles use `<service>_backend_ssl` format.
It also better describes what it does. With `horizon_enable_ssl` it's
unclear whether it is about frontend or backend.

Backward compatibility will be kept until 2024.1.

Change-Id: I218d45b7be667732e4204316b8d18fa3e136962b

defaults/main.yml

@@ -240,7 +240,8 @@ horizon_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ horizo
 # horizon_user_ssl_ca_cert: <path to cert on ansible deployment host>
 
 # Toggle whether horizon should be served via SSL
-horizon_enable_ssl: "{{ openstack_service_backend_ssl | default(False) }}"
+# NOTE(damiandabrowski): Remove backward compatibility with horizon_enable_ssl in 2024.1
+horizon_backend_ssl: "{{ horizon_enable_ssl | default(openstack_service_backend_ssl | default(False)) }}"
 
 # Toggle whether horizon is served via an external device, like a load
 # balancer. This enables the use of the horizon_secure_proxy_ssl_header

releasenotes/notes/horizon_backend_https-105d9050aa3ec125.yaml

@@ -0,0 +1,5 @@
+---
+other:
+  - |
+    ``horizon_enable_ssl`` has been renamed to ``horizon_backend_ssl``
+    for consistency reasons.

tasks/main.yml

@@ -57,21 +57,21 @@
 
 - import_tasks: horizon_ssl_self_signed.yml
   when:
-    - horizon_enable_ssl | bool
+    - horizon_backend_ssl | bool
     - horizon_user_ssl_cert is not defined or horizon_user_ssl_key is not defined
   tags:
     - horizon-config
 
 - import_tasks: horizon_ssl_user_provided.yml
   when:
-    - horizon_enable_ssl | bool
+    - horizon_backend_ssl | bool
   tags:
     - horizon-config
 
 - name: Update the ca certificates
   command: "update-ca-certificates -f"
   when:
-    - horizon_enable_ssl | bool
+    - horizon_backend_ssl | bool
     - ansible_facts['pkg_mgr'] == 'apt'
   tags:
     - horizon-config

templates/horizon_local_settings.py.j2

@@ -59,7 +59,7 @@ SECURE_PROXY_SSL_HEADER = ('{{ horizon_secure_proxy_ssl_header_django }}', 'http
 SECURE_PROXY_ADDR_HEADER = 'HTTP_X_FORWARDED_FOR'
 {% endif %}
 
-{% if horizon_enable_ssl | bool %}
+{% if horizon_backend_ssl | bool %}
 # If Horizon is being served through SSL, then uncomment the following two
 # settings to better secure the cookies from security exploits
 CSRF_COOKIE_SECURE = True

templates/openstack_dashboard.conf.j2

@@ -6,7 +6,7 @@ Listen {{ horizon_bind_address }}:{{ horizon_listen_port }}
 
 # If horizon is being served via SSL from this web server,
 # then we must redirect HTTP requests to HTTPS.
-{% if (horizon_enable_ssl | bool) %}
+{% if (horizon_backend_ssl | bool) %}
 <VirtualHost {{ horizon_bind_address }}:{{ horizon_listen_ports.http }}>
     ServerName {{ horizon_server_name }}
     RewriteEngine On
@@ -18,13 +18,13 @@ Listen {{ horizon_bind_address }}:{{ horizon_listen_port }}
 # If horizon is being served via SSL via a load balancer, we
 # need to listen via HTTP on this web server. If SSL is not
 # enabled, then the same applies.
-<VirtualHost {{ horizon_bind_address }}:{{ (horizon_enable_ssl | bool) | ternary(horizon_listen_ports.https, horizon_listen_ports.http) }}>
+<VirtualHost {{ horizon_bind_address }}:{{ (horizon_backend_ssl | bool) | ternary(horizon_listen_ports.https, horizon_listen_ports.http) }}>
     ServerName {{ horizon_server_name }}
     LogLevel  {{ horizon_log_level }}
     ErrorLog  syslog:daemon
     CustomLog "|/usr/bin/env logger -p daemon.info -t {{ horizon_system_service_name }}" {{ horizon_apache_custom_log_format }}
     Options +FollowSymLinks
-{% if horizon_enable_ssl | bool %}
+{% if horizon_backend_ssl | bool %}
     SSLEngine on
     SSLCertificateFile    {{ horizon_ssl_cert }}
     SSLCertificateKeyFile {{ horizon_ssl_key }}

tests/os_horizon-overrides.yml

@@ -35,5 +35,5 @@ horizon_config_overrides:
 
 # This has to be set here because the common test-vars
 # has haproxy_ssl set to no.
-horizon_enable_ssl: yes
+horizon_backend_ssl: yes