Since version 10 (Buster) the package openstack-dashboard installs its
files to different directories than it used to. With version 11
(Bullseye) just about to reach stable status, it might be time to update
the defaults - for Debian proper anyway, since judging from the contents
of relevant Ubuntu 21.04 packages that distro has decided to go their
own way here.
Note that this also changes the handling of some of the paths for RHEL
- there used to be two hard-coded paths in the recipes/horizon.rb which
still work under RHEL and Ubuntu but not under modern Debian, requiring
a switch to attribute-defined paths.
PS. The permission change on dash_state_dir is part of this too,
since without o+x Apache complains
access to /static/foo denied (filesystem path '/var/lib/openstack-dashboard/static') because search permissions are missing on a component of the path
whenever any static dashboard content is to be retrieved.
Signed-off-by: Marek Szuba <m.szuba@gsi.de>
Change-Id: I345b4894f1243db77856303d97538914dc6cf9be
RHEL finally includes a proper RPM package for the horizon LBaaS plugin in
Stein. This removes the dependency on poise.
Change-Id: If3d2729c013125bd75441c50fc7de5d5cc9c3221
- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
cookbooks
- Update documentation
- Cleanup line wraps
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Add missing ChefSpec tests
- Switch package installations to send packages as arrays instead of individual
package resources. This generally speeds up chef runs.
- Cleanup array syntax using %w() instead of []
- Remove FWaaS recipe as it's been unmaintained upstream.
Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706101
Depends-On: https://review.opendev.org/706151
Change-Id: Ie3b65b701235bae65a1797d63d6a55dd6fc9958e
This brings us up to date with the latest apache2 cookbook which
included a major refactor in 6.0.0 removing all of the definitions and
recipe with proper resources. Instead of using the apache2_default_site
resource, directly use a template and then enable the config file using
the apache2_site resource. This gives us the most flexibility.
Additional fixes:
- Remove or replace references to node['apache'] attributes
- Install mod_wsgi as a package on RHEL since there is no built-in
resource for it.
- Don't set SELinux to permissive on RHEL (I tested this works properly
with it set to enforcing).
- Remove hack for restarting apache.
- Convert web_app to template and subscribe to restarting apache.
- Remove resources to restore SELinux contexts since this taken care of
by Chef now automatically.
- Include additional cookbooks in Berksfile required for CI
Depends-On: https://review.opendev.org/702772
Depends-On: https://review.opendev.org/701824
Change-Id: Ib82595c27f03a7b456d5d5bfecc466f5ac199a5c
The following is included in django.wsgi:
```
Use of this 'djano.wsgi' file has been deprecated since the Rocky
release in favor of 'wsgi.py' in the 'openstack_dashboard' module. This
file is a legacy naming from before Django 1.4 and an importable
'wsgi.py' is now the default. This file will be removed in the T release
cycle.
```
Change-Id: Ic188e6ec87cb59d9311787fa36defd193116c2b0
Signed-off-by: Lance Albertson <lance@osuosl.org>
Python2.7 is going EOL soon, let us deploy python3 for Rocky from the
start, so we avoid having to switch later.
Add a workaround because the apache2::mod_wsgi recipe hardcodes python2 deployment.
Install neutron-*aas-dashboard plugins as distro packages and not from pypi.
Depends-On: https://review.opendev.org/682918
Change-Id: Ia994665c69b64725e7e5369ceb93ee9608620d2b
- Use role "member" for keystone_default_role instead of "_member_"
- Package "openstack-dashboard-ubuntu-theme" doesn't exist anymore
- Drop attributes that aren't used anymore
Change-Id: I5c6bc5b64d65e89ef599959015865661f92ee6e3
The node['openstack']['api']['auth']['version'] was deprecated and should no
longer be used. Default to version 3 for keystone since that's currently what's
supported.
Change-Id: I655e19e31f026be4fe92cbfbbf9d41f37cc6208d
Signed-off-by: Lance Albertson <lance@osuosl.org>
- python-neutron-lbaas-dashboard version was outdated
updated to latest stable/pike release version
Change-Id: I103e9747439841063f1a926ef9d7883287f63999
- Switched default linter to cookstyle
- Renamed rake tasks to better conform with Chef conventions
- Normalized the template banner
Change-Id: I80d825722a3218b34a5dee38b60017492e3768e0
* added recipe neutron-lbaas-dashboard to install the dashboard plugin
according to the current docs
* removed server.rb recipe and server_type attribute since the only
available option is apache2
* adapted specs and README accordingly
Change-Id: I4f407598acccd2d21d4204b936122963ebd4f7c8
- The keystone_default_domain must be the ID of the domain and not its
name.
- The comment for the CACHES setting was updated upstream.
- The FLAVOR_EXTRA_KEYS setting got deprecated, so we drop it.
Change-Id: I8930e36883b64fa823438289e26602ea243f7fe6
- added needed values to local_settings.py to work with Newton and v3
- added openstackclient to berksfile
Change-Id: I3c31b6431c3e3b6bcfd08d46195a041696ec91f8
There are use cases where having ServerAlias in the vhost is preferred. This
includes that option but excludes by default. It's set using an array so you can
set multiple server aliases.
I also added the virtualhost port configurator test for dashboard-http-bind on
port 80 to ensure it works on both ports.
Change-Id: I621cb2a519e92d04d60fd75e727b59250bd72e30
This provides an attribute which allows users to optionally disable using the
internal certs databag for SSL certificates. The use case is for people who are
using other external methods (such as the certificates cookbook) to manage
certificates.
Change-Id: Ib7c578135db74675bd4c5a0da13f053f6474e0f1
Some organizations use an SSL certificate which requires an intermediate chain
cert. This provides support for that via a new attribute and is optional.
Change-Id: I1b31ca64378ff8c6f5367b75b4b7b210a650d676
RHEL puts the POLICY_FILES_PATH in a different location than Debian so we need
to ensure we set it. For Ubuntu/Debian, we'll explictly set the path they
currently use. Without this set properly, horizon fails to load up on RHEL.
Change-Id: If4f75ef8a3094154b2aecf435746f7a2050d5699
Signed-off-by: Lance Albertson <lance@osuosl.org>
* removed old remote_file and file method to get certs
now uses the "secret" method from common to use data_bags
* removed now unused / obsolete attributes
* now uses new bind_address method from common
* edited specs to work with the new method
Change-Id: I296ae2241f38da51a07e52b913b86932153120e6
Depends-On: I7a4279aa6b3cbcc60a334900cd8442fd76792896
* added enable_lb attribute to local_settings.py
* added specs to check the attribute is rendered probably
Change-Id: Icf11d684af41b297b0fdb4995c7b92576abf4a7b
* removed fedora and suse support
* added os-identity dependency
* added versionbumb for refactored os-identity and common
* moved version up to 13.0.0 for mitaka release
Depends-On: I0547182085eed91d05384fdd7734408a839a9a2c
Depends-On: I3262b2e6f792f37c32a446e6567790b82bdd4613
Change-Id: Ida408a025f1a3e6a632108a9a32877026e286116
Horizon will show the neutron advanced services depending on if
these services are enabled. The former properties enable_lb,
enable_vpn, and enable_firewall will be deprecated since Kilo.
Remove them from cookbook.
Change-Id: I3f2a77956381b8e8cc0a897ad79395063e246855
Closes-Bug: #1459576
Cleaned up all the minor rubocop issues, the ones left relate to
complex logic and what I think is a bug in rubocop for nested
vs compact modules/class definitions.
Change-Id: I17b4f23f6e7cb71e84c74996a98d04f3782be479
Caching html pages could be a security vulnerability, so
by default prevent this from happening.
For now just a simple on/off switch, if more flexibility is needed
here it can be added later.
Change-Id: Iccf65edee23d55b016201b643c0d187d04ff3c13
Closes-Bug: #1446701
Use the new http and https bind endpoints for dashboard that are
defined in the Common cookbook. These will allow more control and
consistency with the other bind endpoints for openstack services.
Change-Id: I15c0c2c40a88e18ff9805d48c4da83890b7f4da7
Partial-Bug: #1430422
For better default security, change the default to off
for password autocomplete. Base openstack horizon is also
making this change soon.
Change-Id: Ie46dd5b5e5d65dd4bfa298a4c2d571cf13b94812
Closes-Bug: #1420863
* added the needed stubs for including the new apache2 cookbooks
* added '.conf' for all sites-path since apache_site method looks for
this now
* pinned apache2 to '~> 3.0'
Change-Id: I54fae7a162a1932c3851d8104c1c8e433016c1d0
In order to be able to use alternative webservers, split the parts
relating to setting up the dashboard itself and setting up the webserver
into two new recipes.
Also introduce a new configuration variable, defaulting to `apache2`,
which will be used in the `server` recipe to select the type of
webserver being installed.
Change-Id: I70dcb820239547b0059ad15d19d5e1689ddff3d3
blueprint: dashboard-split-horizon-apache
For Horizon localsetting, it can configure to use which version of cinder api.
Now the cookbook is switching to adopt cinder v2 api, we need to have horizon
cookbook support cinder v2 as well.
Change-Id: I2ab95c9f55cadd37d26c1d0af0dbd64cd8fc8e2c
This adds the ability to overide the
file_upload_temp_dir setting in django
which is usually '/tmp' by default but
may not be appropriate for all installations
Change-Id: Idebae5e0ec2249868f5ce411a7f798a7584fa40a
Allow the following options to be configured
OPENSTACK_SSL_NO_VERIFY
OPENSTACK_SSL_CACERT
Closes-Bug: #1372723
Change-Id: Ic4a612a899753198d1c09f5b5b78ca94d920d687
Ghanshyam Mann