Commit Graph

109 Commits

Author SHA1 Message Date
Carlos Bravo ab66a192f4 Added OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED to config options
Starting from Openstack Bobcat (2023.2) Multi Factor Authentication
was added for Horizon. This change introduced a new variable called
OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED, which if set to True will display
a new form requesting for the user's TOTP code for MFA enabled users.

This change provides the missing OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED
config option for the charm, allowing the user to enable from the
charm's configuration. If the value is set to True, the new bobcat
template will render the following values:
OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED = True

AUTHENTICATION_PLUGINS = [
    'openstack_auth.plugin.totp.TotpPlugin',
    'openstack_auth.plugin.password.PasswordPlugin',
    'openstack_auth.plugin.token.TokenPlugin'
]

Closes-Bug: #2058689
Change-Id: Ifedf587356693b58612b1fc4d7404f0f446158ce
2024-03-27 21:57:28 -04:00
Samuel Allan 422611f034
Add config for extra regions
This is so we can register extra region endpoints in horizon,
in situations where the keystone for the extra regions cannot be
integrated via juju (for example, completely separate deployment).

Closes-Bug: #1714926

Change-Id: I52cecec88437fd2bc5a012653f24471039e6b819
2024-03-21 10:50:01 +10:30
Rodrigo Barbieri 6b93e9dd87 Allow configure of OPENSTACK_INSTANCE_RETRIEVE_IP_ADDRESSES
If network calls to retrieve ports and floating IPs take too long,
then the project > instances page cannot be loaded. This config
allows disabling the network calls when loading the page with
minor side-effects, as a workaround to avoid downtime while other
performance optimizations can be done on the side to allow
the page the load so the workaround is no longer needed.

Closes-bug: #2051003
Related-bug: #2045168
Change-Id: Iedad6ef48cbe0b776594f4ad8276d3d713cd360c
2024-01-24 11:19:01 -03:00
zhhuabj 5c34112030 Support disabling apache wsgi socket rotation
Bug LP 1863232 introduced a new Apache configuration option called
WSGISocketRotation which allows users to disable wsgi socket
rotation. This patch makes this configurable with a new
wsgi-socket-rotation config option that defaults to the Apache
default and can optionally be set to False.

Closes-Bug: #2021550
Change-Id: I671f4b7f655f12cc558fc64116e31f16560dd2e7
2023-09-04 18:30:45 +08:00
Corey Bryant b56c411c48 Add 2023.2 Bobcat support
* sync charm-helpers to classic charms
* change openstack-origin/source default to bobcat
* add mantic to metadata series
* align testing with bobcat
* add new bobcat bundles
* add bobcat bundles to tests.yaml
* add bobcat tests to osci.yaml
* update build-on and run-on bases
* drop kinetic
* update charmcraft_channel to 2.x/stable

Change-Id: I59aba33be9d8031f437e860200c6e6a1902630dd
2023-08-02 14:19:50 -04:00
Corey Bryant dd8c4453b2 Add Antelope support
* sync charm-helpers to classic charms
* change openstack-origin/source default to antelope
* align testing with antelope
* add new antelope bundles
* add antelope bundles to tests.yaml
* add antelope tests to osci.yaml and .zuul.yaml
* update build-on and run-on bases

Change-Id: I236864fef58fb9b69a5298643a5c095fbfe2ca8e
2023-03-07 20:31:30 +00:00
Zuul 036a3927aa Merge "Add Kinetic and Zed support" 2022-08-30 03:37:22 +00:00
Corey Bryant 448daa6fdf Add Kinetic and Zed support
* sync charm-helpers to classic charms
* change openstack-origin/source default to zed
* align testing with zed
* add new zed bundles
* add zed bundles to tests.yaml
* add zed tests to osci.yaml and .zuul.yaml
* update build-on and run-on bases
* add bindep.txt for py310
* sync tox.ini and requirements.txt for ruamel
* use charmcraft_channel 2.0/stable
* drop reactive plugin overrides
* move interface/layer env vars to charmcraft.yaml

Change-Id: I2cb698f719106e54b06009f24ea47259419e9cad
2022-08-26 18:40:42 +00:00
Zuul 333501d88f Merge "Introduce source IP based rate limiting" 2022-08-19 13:52:29 +00:00
Mert Kırpıcı c0f8708761 Introduce source IP based rate limiting
Since we are running haproxy in L4, we are tracking the incoming
byte rate from client IPs and rejecting TCP connections in a
sliding window.

This approach limits the incoming HTTP requests however image uploading
through the horizon web app is unaffected.

Change-Id: Ie40d28acb2dc2983fc9edbbeacfd671b380a8f6d
Closes-Bug: #1836514
Signed-off-by: Mert Kırpıcı <mert.kirpici@canonical.com>
2022-08-05 15:29:43 +03:00
Muhammad Ahmad af7a57d539 Add enable_router config option
This patch adds an option of enabling/disabling router panel view
in the horizon. To hide the router/floatin-ip panel, set the config
option 'enable-router-panel=False'. Default value is True.

Closes-Bug: #1966815
Change-Id: If6fb3b57f05a1ab6342077d2142bd47cfce57948
2022-07-28 18:57:15 +00:00
jneo8 b00c977b52 Add CREATE_INSTNACE_FLAVOR_SORT option
Closes-Bug: #1663191
Change-Id: I56a30b4b80ef2cb3ac96359a3932b53c735b5c01
2022-04-28 12:06:32 +00:00
Alex Kavanagh eb913cfb5d Updates to enable jammy and finalise charmcraft builds
- Add 22.04 to charmcraft.yaml
- Update metadata to include jammy
- Remove impish from metadata
- Update osci.yaml to include py3.10 default job
- Modify tox.ini to remove py35,py36,py37 tox target and add py310
  target.
- ensure that the openstack-origin is yoga
- Fix mocking on unit tests for install.real hook

Change-Id: I7bf692965341c0cc1c84c7d3c77cce63a6cb6cbc
2022-04-06 11:04:01 +01:00
Nobuto Murata bd0eed2c84 Allow customization of branding
Make the following values configurable:
- SITE_BRANDING
- SITE_BRANDING_LINK
- HORIZON_CONFIG["help_url"]

Closes-Bug: #1959366
Change-Id: I34716bd68cc50b53dd28f6bb7a19409ece355465
2022-02-01 01:00:09 +09:00
Zuul 9984b7db51 Merge "Add application-dashboard relation" 2022-01-28 15:10:45 +00:00
Bartlomiej Poniecki-Klotz 5bfac0a352 improve unstable unit tests and fix whitespace
The unstable unit tests affected by list order were fixed by comparing the sorted region lists.
Additionally, a whitespace fix was implemented.

Change-Id: I2c67f7405a3f533d25111d7c3920ca31380de35a
2021-11-22 13:15:11 +00:00
Bartlomiej Poniecki-Klotz 18a9ac1171 hide-create-volume config added
The configuration option hide-create-volume was added and is passed into the horizon configuration as hide_create_volume.

Closes-Bug: #1939079
Change-Id: I639810d5908cc58f41907f9a3bd66dc78b9517d6
2021-11-16 09:55:37 +00:00
Linda Guo 986ebeab59 Add application-dashboard relation
Homer[1] is static web server and provides one stop shop UI,
which a single URL and be able to click on a link to get to
the LMA stack and other sites (like MAAS, other support portal).
The application is registered to Homer dashboard via application-dashboard
relation.

By adding registration relation in openstack-dashboard charm,
we can register Horizon in Homer dashboard after creating relation
between openstack-dashboard charm and Homer charm

[1]. https://github.com/bastienwirtz/homer

Closes-Bug: 1945725
Change-Id: Ieeacd8f1dda7e88a1f3f7b332163b2b42f1fee41
2021-10-08 12:01:41 +11:00
James Troup 44ddcbb718 Replace references to 'juju set' with 'juju config'.
Change-Id: I4fe101f6f0bce153637e27ba442cf7cdc872a5fb
2021-08-06 18:14:27 +01:00
Zuul 71916888e5 Merge "Add config use-internal-endpoints option." 2021-04-06 15:45:42 +00:00
Nobuto Murata 3ba16f757a Update worker-multiplier config description
Based on the change in charm-helpers:
https://github.com/juju/charm-helpers/pull/553

Related-Bug: #1843011
Change-Id: Ie165dc3ce10b58274f6220a55d0210cb06936432
2021-03-30 11:13:07 +09:00
Felipe Reyes 530426ae69 Add config use-internal-endpoints option.
This patch adds a configuration option that instructs
openstack-dashboard to configure Horizon using the internal host
exposed by the keystone charm, this behavior is already present in
other charms like nova-cloud-controller.

Change-Id: Ic372a2c65c52a77229c5c2867919aa318e9ac0a1
Closes-Bug: #1812361
Depends-On: https://review.opendev.org/c/openstack/charm-keystone/+/696997
2021-03-08 12:45:44 -03:00
Garrett Thompson 8e4dc4844a Add ENFORCE_PASSWORD_CHECK setting
This setting is a behavior change, requring the admin password
to be provided when changing the password of an admin user. Enabling
this setting by default adheres to the security recommendation
provided in the OpenStack security guide [0].

To enable this setting for Queens (the oldest supported OpenStack
release at the time of this commit), a new local_settings.py file was
copied from the Ocata template to ensure that any future versions will
inherit this setting until a new change is made.

Due to the security-checklist action currently failing [1], these have been
extracted to another class, and refactored in the zaza-openstack-tests
repo [2].

[0] https://docs.openstack.org/security-guide/dashboard/checklist.html

[1] 2ef404be75/zaza/openstack/charm_tests/openstack_dashboard/tests.py (L418)

[2] https://github.com/openstack-charmers/zaza-openstack-tests/pull/501

func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/501
Closes-Bug: #1883196
Change-Id: Idfd8654732289481806aea8b47ffa28cf3f97697
2021-02-12 00:27:27 +00:00
Corey Bryant 3f1f985be8 Switch default-role default to lowercase 'member'
This is needed to align with recent changes in the keystone
charm to use keystone bootstrap.

Change-Id: I35a08c483e970712d4db4ebe049f5b135ffb5637
Closes-Bug: #1879783
2020-05-20 19:24:49 -04:00
Xav Paice 957a6adc03 Add disable-password-reveal option
Adds config item to add HORIZON_CONFIG['disable_password_reveal'] = True
option to Horizon's local_settings.py, from Mitaka onwards.  This
prevents the reveal password button from being displayed.

Change-Id: I299f6a6388c3a2ab68cabaeb16e5104ec319e144
Closes-bug: #1840251
2020-03-12 15:59:06 +13:00
Alex Kavanagh 03cb557fc8 Add disable-instance-snapshot config item
This patchset adds the disable-instance-snapshot config item that
controls the "disable_instance_snapshot" dictionary item in the
LAUNCH_INSTANCE_DEFAULTS setting in local_settings.py

Change-Id: Ic15f60517ed8a7f67704b15f4b42baabe74f83c6
Closes-Bug: #1818221
2020-01-13 12:01:51 +00:00
Zuul 08f5c6b740 Merge "Add config option for exposing HAProxy stats interface." 2019-12-18 18:56:52 +00:00
cjohnston 8b6d16698a Add config option for exposing HAProxy stats interface.
Change-Id: I41799835a4d59dd7d4e0c0becf0908eaab6281ae
Closes-Bug: #1710208
func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/147
2019-12-17 22:28:17 +00:00
Frode Nordahl 709da59643
Add note on OpenStack version fence for Neutron LB
Closes-Bug: #1854152
Change-Id: I92fe10d96c0c7025f4bfbd37bdaf1adfff9867a4
2019-11-28 16:31:58 +01:00
Alex Kavanagh 1b1e7c583c Policyd override implementation
This patchset implements policy overrides for octavia.  It uses the
code in charmhelpers [1] which has been modified to support the richer
and more complex approach to handling policy overrides.

[1]: https://github.com/juju/charm-helpers/pull/393

func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/126

Change-Id: Ib51fd2c7c540c680083c2928eab4ce4df0d43e23
Closed-Bug: #1741723
2019-11-20 14:40:03 +00:00
Corey Bryant 983d7466d4 Disable train cinder consistency group support
Cinder consistency group support was removed from upstream horizon
as of Train, and has been replaced by the generic group feature.

Change-Id: Iebf4d441b36e7c31b200205cd9bbee0d1fb9a47c
Closes-Bug: #1841188
2019-09-10 13:27:02 +00:00
tpsilva ca21ac8116 Add option to hide/show consistency groups tab
Cinder by default does not enable Consistency Groups, but Horizon always
show its tabs and there is not an option to hide them. This patch adds a
config option to change the policy file to hide or show those tabs.

Change-Id: Ia2fb52650201524acbb8d6aafe37e7c0ea26e99e
Closes-bug: #1684113
2019-03-19 09:50:25 -03:00
Jesper Schmitz Mouridsen fd9fe98536 Make DROPDOWN_MAX_ITEMS configurable
This change implements a new option dropdown-max-items, that
sets the DROPDOWN_MAX_ITEMS of horizon.

Change-Id: I2ac03b406cc8b787424747c0bfeeedffd7712c9f
2019-02-21 19:36:05 +01:00
Andre Ruiz 7e2a9b4749 Implement new option: session-timeout
This change implements a new option in config.yaml that enables
a specific session timeout to be defined.

Change-Id: I4a521c672347e33718fd03427393eaa5356e57cb
Closes-Bug: #1599968
2019-02-19 14:21:27 -03:00
Edward Hope-Morley ac7793ffee Make fip topology check configurable
Horizon will by default check that a project has
a router with a port on an external network prior
to allowing floating ips to be attached to
instances. Since it is valid to use a shared
router from a different project we make this
configurable to allow disabling this check.

Closes-Bug: #1815032
Change-Id: I5c3e44e5daa683e14ac39979d6e9a7c2238dd120
2019-02-07 11:54:12 +00:00
James Page c68f46fa67 Remove deprecated configuration options
os-hostname-{internal|admin} where deprecated in January 2018.

Drop configuration option to avoid confusion for users.

Change-Id: I365b740935dab976b3573be1f258af5920cc05ed
Related-Bug: 1748527
2018-12-03 14:14:34 +00:00
Chris MacNaughton 9dff548bd5 Change quotes to valid ASCII
Change-Id: I29be2410d2880ec7f281a9f1f1613c767aa458fb
Closes-bug: #1791260
2018-09-07 11:09:54 +02:00
Zuul 7c33c07858 Merge "Add ability to configure api_result_limit" 2018-07-16 07:11:05 +00:00
Chris Sanders e5d9c95724 Allow custom theme install
Adds a setting custom-theme which operats similar to ubuntu-theme and
default-theme. The provided resource is placed in the themes folder and
apache is setup to serve static content for the theme. This leaves the
default theme untouched allowing the custom theme to override files
based on the built in horizon theme capabilities. For details on theming
capabilities see:
https://docs.openstack.org/horizon/latest/configuration/themes.html

gnuoy: retry logic for unrelated test updated after a number of CI
failures.

Closes-Bug: #1778284

Change-Id: I91ad19e8aad5c0e0773d42fa4f085cbcecb82458
2018-07-12 08:09:05 +00:00
Shane Peters e58a1b2a3d Add ability to configure api_result_limit
In clouds with many containers or objects, listing them via Horizon
can cause a signficant increase of system load.

This patch enables configuration of the API_RESULT_LIMIT setting within
Horizon. This limits the maximum number of objects to display on a
single page before providing a paging element to paginate results.

Change-Id: Ifaf39d6c9bf549428afd7653243c82cd719956f6
Closes-Bug: 1775002
2018-07-09 11:34:20 -04:00
James Page c35faf4cbc Auto-configure WSGI worker processes
Automatically configure WSGI worker processes inline with other
charms using the worker-multiplier configuration option and the
WSGI worker configuration context from charm-helpers.

Change-Id: Ib8af4a5a54fcff13a05ba4f4094bf123d5282c4a
2018-03-15 14:39:41 +00:00
Zuul 520028167e Merge "Add public binding to support DNS-HA." 2018-01-24 15:58:34 +00:00
Jason Hobbs 27e1e3be19 Add public binding to support DNS-HA.
This binding is required so that the DNS-HA code can find the
address to use for the hostname specified by os-public-hostname.

This also deprecates the os-internal-hostname and os-admin-hostname
options, as there is no binding to use them with.

Change-Id: I57609c5ab641e2ae6377c6fbad5c9e7b8cf6495c
Closes-Bug: #1742548
2018-01-11 17:17:24 +00:00
James Page b4019e45bf Remove deploy from source support
Drop support for deployment from Git repositories, as deprecated
in the 17.02 charm release.  This feature is unmaintained and has
no known users.

Change-Id: I19732b50483ab7284723f847f182fd1cfa67e425
2018-01-08 15:09:53 +00:00
Zuul e8febc0eb6 Merge "Add option for image formats config" 2018-01-06 10:03:05 +00:00
David Ames cad0fa0dcd Update HAProxy default timeout values
The default HAProxy timeout values are fairly strict. On a busy cloud
it is common to exceed one or more of these timeouts. The only
indication that HAProxy has exceeded a timeout and dropped the
connection is errors such as "BadStatusLine" or "EOF." These can be
very difficult to diagnose when intermittent.

This charm-helpers sync pulls in the change to update the default
timeout values to more real world settings. These values have been
extensively tested in ServerStack. Configured values will not be
overridden.

Partial Bug: #1736171

Change-Id: Ida7949113594b9b859ab7b4ba8b2bb440bab6e7d
2017-12-11 11:37:30 -08:00
Xav Paice 18030fe75b Add option for image formats config
For Mitaka -> Ocata, add image_formats to local_settings.py.

Change-Id: I582e516eb306a52cdee2a0bd4b31046b45af7a51
Closes-bug: 1724271
2017-12-11 10:03:08 +13:00
Nobuto Murata 55b9667193 Allow to override the default volume creation behavior
Now that Horizon upstream added the ability to configure the default
"create volume" value when launching an instance (See. LP: #1678109),
expose it as a new charm config.

Change-Id: I68a6f199a72c11ad4eff2b587cb4279c91da52ae
Closes-Bug: #1711342
2017-11-15 10:22:08 +09:00
Nobuto Murata a055181658 Allow to enable password autocompletion by browser
Horizon tries to inhibit browsers' password autocompletion by default.
Offer a configurable option in the charm so that admin can allow
password autocompletion if necessary.

Change-Id: I461752d1d1175f777de5bff26953b200efb17137
Closes-Bug: 1714676
2017-10-23 14:13:32 +00:00
Zuul df70dab98a Merge "Allow to configure max-age for HSTS(HTTP Strict Transport Security)" 2017-10-22 11:10:19 +00:00