[DOCS] Move horizon docs to roles

This change moves the horizon config information into the
os_horizon role repo. Moving forward, specific project
configurations are maintained in the appropriate role book.

Change-Id: Ic0b1599aee659f47128aa50f367164b64353556a
This commit is contained in:
Nate Graf 2016-08-11 19:55:48 +00:00
parent 387abfacb7
commit f40f7d1308
4 changed files with 116 additions and 72 deletions

View File

@ -1,77 +1,8 @@
=========================
OpenStack-Ansible Horizon
#########################
=========================
This Ansible role installs and configures OpenStack Horizon served by the
Apache webserver. Horizon is configured to use Galera for session caching and
memcached for other caching.
Default Variables
=================
.. literalinclude:: ../../defaults/main.yml
:language: yaml
:start-after: under the License.
Required Variables
==================
This list is not exhaustive at present. See role internals for further
details.
.. code-block:: yaml
horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
horizon_galera_address: 10.100.100.101
horizon_container_mysql_password: "SuperSecrete"
horizon_secret_key: "SuperSecreteHorizonKey"
Example Playbook
================
.. code-block:: yaml
- name: Installation and setup of horizon
hosts: horizon_all
user: root
roles:
- { role: "os_horizon", tags: [ "os-horizon" ] }
vars:
galera_client_drop_config_file: false
external_lb_vip_address: 10.100.100.101
internal_lb_vip_address: 10.100.100.101
horizon_galera_address: 10.100.100.101
horizon_container_mysql_password: "SuperSecrete"
horizon_secret_key: "SuperSecreteHorizonKey"
horizon_external_ssl: true
horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
galera_root_password: "secrete"
rabbitmq_servers: 10.100.100.101
rabbitmq_use_ssl: false
rabbitmq_port: 5671
keystone_admin_user_name: admin
keystone_auth_admin_password: "SuperSecretePassword"
keystone_admin_tenant_name: admin
keystone_service_adminuri_insecure: false
keystone_service_internaluri_insecure: false
keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
openrc_os_password: "{{ keystone_auth_admin_password }}"
openrc_os_domain_name: "Default"
memcached_servers: 10.100.100.101
memcached_encryption_key: "secrete"
Tags
====
This role supports two tags: ``horizon-install`` and ``horizon-config``
The ``horizon-install`` tag can be used to install and upgrade.
The ``horizon-config`` tag can be used to manage configuration.

View File

@ -0,0 +1,31 @@
==============================================
Configuring the Dashboard (horizon) (optional)
==============================================
Customize your horizon deployment in
``/etc/openstack_deploy/user_variables.yml``.
Securing horizon communication with SSL certificates
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The OpenStack-Ansible project provides the ability to secure Dashboard
(horizon) communications with self-signed or user-provided SSL certificates.
Refer to `Securing services with SSL certificates`_ for available configuration
options.
.. _Securing services with SSL certificates: http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-sslcertificates.html
Configuring a horizon customization module
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Openstack-Ansible supports deployment of a horizon `customization module`_.
After building your customization module, configure the
``horizon_customization_module`` variable with a path to your module.
.. code-block:: yaml
horizon_customization_module: /path/to/customization_module.py
.. _customization module: http://docs.openstack.org/developer/horizon/topics/customizing.html#horizon-customization-module-overrides

View File

@ -1 +1,51 @@
.. include:: ../../README.rst
=========================
OpenStack-Ansible Horizon
=========================
.. toctree::
:maxdepth: 2
configure-horizon.rst
This Ansible role installs and configures OpenStack Horizon served by the
Apache webserver. Horizon is configured to use Galera for session caching and
memcached for other caching.
Default variables
~~~~~~~~~~~~~~~~~
.. literalinclude:: ../../defaults/main.yml
:language: yaml
:start-after: under the License.
Required variables
~~~~~~~~~~~~~~~~~~
This list is not exhaustive. See role internals for further
details.
.. code-block:: yaml
horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
horizon_galera_address: 10.100.100.101
horizon_container_mysql_password: "SuperSecrete"
horizon_secret_key: "SuperSecreteHorizonKey"
Example playbook
~~~~~~~~~~~~~~~~
.. literalinclude:: ../../examples/playbook.yml
:language: yaml
Tags
====
This role supports two tags: ``horizon-install`` and ``horizon-config``.
The ``horizon-install`` tag can be used to install and upgrade.
The ``horizon-config`` tag can be used to manage configuration.

32
examples/playbook.yml Normal file
View File

@ -0,0 +1,32 @@
- name: Installation and setup of horizon
hosts: horizon_all
user: root
roles:
- { role: "os_horizon", tags: [ "os-horizon" ] }
vars:
galera_client_drop_config_file: false
external_lb_vip_address: 10.100.100.101
internal_lb_vip_address: 10.100.100.101
horizon_galera_address: 10.100.100.101
horizon_container_mysql_password: "SuperSecrete"
horizon_secret_key: "SuperSecreteHorizonKey"
horizon_external_ssl: true
horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
galera_root_password: "secrete"
rabbitmq_servers: 10.100.100.101
rabbitmq_use_ssl: false
rabbitmq_port: 5671
keystone_admin_user_name: admin
keystone_auth_admin_password: "SuperSecretePassword"
keystone_admin_tenant_name: admin
keystone_service_adminuri_insecure: false
keystone_service_internaluri_insecure: false
keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
openrc_os_password: "{{ keystone_auth_admin_password }}"
openrc_os_domain_name: "Default"
memcached_servers: 10.100.100.101
memcached_encryption_key: "secrete"