Since version 10 (Buster) the package openstack-dashboard installs its
files to different directories than it used to. With version 11
(Bullseye) just about to reach stable status, it might be time to update
the defaults - for Debian proper anyway, since judging from the contents
of relevant Ubuntu 21.04 packages that distro has decided to go their
own way here.
Note that this also changes the handling of some of the paths for RHEL
- there used to be two hard-coded paths in the recipes/horizon.rb which
still work under RHEL and Ubuntu but not under modern Debian, requiring
a switch to attribute-defined paths.
PS. The permission change on dash_state_dir is part of this too,
since without o+x Apache complains
access to /static/foo denied (filesystem path '/var/lib/openstack-dashboard/static') because search permissions are missing on a component of the path
whenever any static dashboard content is to be retrieved.
Signed-off-by: Marek Szuba <m.szuba@gsi.de>
Change-Id: I345b4894f1243db77856303d97538914dc6cf9be
RHEL finally includes a proper RPM package for the horizon LBaaS plugin in
Stein. This removes the dependency on poise.
Change-Id: If3d2729c013125bd75441c50fc7de5d5cc9c3221
- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
cookbooks
- Update documentation
- Cleanup line wraps
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Add missing ChefSpec tests
- Switch package installations to send packages as arrays instead of individual
package resources. This generally speeds up chef runs.
- Cleanup array syntax using %w() instead of []
- Remove FWaaS recipe as it's been unmaintained upstream.
Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706101
Depends-On: https://review.opendev.org/706151
Change-Id: Ie3b65b701235bae65a1797d63d6a55dd6fc9958e
This brings us up to date with the latest apache2 cookbook which
included a major refactor in 6.0.0 removing all of the definitions and
recipe with proper resources. Instead of using the apache2_default_site
resource, directly use a template and then enable the config file using
the apache2_site resource. This gives us the most flexibility.
Additional fixes:
- Remove or replace references to node['apache'] attributes
- Install mod_wsgi as a package on RHEL since there is no built-in
resource for it.
- Don't set SELinux to permissive on RHEL (I tested this works properly
with it set to enforcing).
- Remove hack for restarting apache.
- Convert web_app to template and subscribe to restarting apache.
- Remove resources to restore SELinux contexts since this taken care of
by Chef now automatically.
- Include additional cookbooks in Berksfile required for CI
Depends-On: https://review.opendev.org/702772
Depends-On: https://review.opendev.org/701824
Change-Id: Ib82595c27f03a7b456d5d5bfecc466f5ac199a5c
- Replace git.openstack.org with opendev.org
- Update some documentation
- Move README.md to README.rst for better rendering
- Drop obsolete bootstrap.sh script
- Drop obsolete openstack-identity::default recipe
Change-Id: If98eef94a31bd0f082a869dc2278d21abcf47b59
Python2.7 is going EOL soon, let us deploy python3 for Rocky from the
start, so we avoid having to switch later.
Add a workaround because the apache2::mod_wsgi recipe hardcodes python2 deployment.
Install neutron-*aas-dashboard plugins as distro packages and not from pypi.
Depends-On: https://review.opendev.org/682918
Change-Id: Ia994665c69b64725e7e5369ceb93ee9608620d2b
The other apache2 site config files that are created via the ``web_app``
resource from the apache cookbook use a node attribute to determine the
the unix group that the template should belong to. Use the same
attribute in our local template so that all ownerships are consistent.
Change-Id: I4933f9dd5293b30c5b2597055debc2c9c659aca2
- Use role "member" for keystone_default_role instead of "_member_"
- Package "openstack-dashboard-ubuntu-theme" doesn't exist anymore
- Drop attributes that aren't used anymore
Change-Id: I5c6bc5b64d65e89ef599959015865661f92ee6e3
In Chef 13+, resource duplication behaves differently. By centralizing
python_runtime to openstack-common, the resource executes once in a
given Chef run, instead of attempting to reinstall python multiple
times.
Change-Id: I2e17d655c86fac63e02aaadf5321bc95e2c7aa0b
* remove postgres references
* update lbaas url to stable/queens
* update logging handler to reflect the current state of things
Change-Id: Ie298fec4dc1ed35119ffe844f356d1c72cfaa6f8
- poise does things in Strange Ways. it works better for package-based
applications when it's not constrained
Change-Id: I311bccb06f8a3b89dd29a78ca259ab85cfe23d3c
- Switched default linter to cookstyle
- Renamed rake tasks to better conform with Chef conventions
- Normalized the template banner
Change-Id: I80d825722a3218b34a5dee38b60017492e3768e0
- Style and lint fixes to support newer chefdk
- Rewrote metadata.rb for readability
- Removed ancient Gemfile
Change-Id: I63e6680cec8b66e2ece2d2627c0b413f5d401317
- corrects SELinux enablement on RHEL platform families.
- switches lbaasv2 dashboard to use system Python, so that it gets
picked up correctly.
Change-Id: I8b10381b169e8dd56c9cee990f1e3c7d3283d1b0
* added recipe neutron-lbaas-dashboard to install the dashboard plugin
according to the current docs
* removed server.rb recipe and server_type attribute since the only
available option is apache2
* adapted specs and README accordingly
Change-Id: I4f407598acccd2d21d4204b936122963ebd4f7c8
- added needed values to local_settings.py to work with Newton and v3
- added openstackclient to berksfile
Change-Id: I3c31b6431c3e3b6bcfd08d46195a041696ec91f8
This fixes an oversight in a previous patch when disabling the certs databag. It
would improperly not set the cert paths at all in the apache vhost config. This
fixes it and also adds an addition test that should have caught it originally.
Change-Id: I7726c949791658a750b9c382107f01e0a112247c
This provides an attribute which allows users to optionally disable using the
internal certs databag for SSL certificates. The use case is for people who are
using other external methods (such as the certificates cookbook) to manage
certificates.
Change-Id: Ib7c578135db74675bd4c5a0da13f053f6474e0f1
Some organizations use an SSL certificate which requires an intermediate chain
cert. This provides support for that via a new attribute and is optional.
Change-Id: I1b31ca64378ff8c6f5367b75b4b7b210a650d676
* added condition for the case that ssl_cert_file and ssl_key_file are shipped
toghether in one .pem file (the .pem file should only be touched once)
Change-Id: I7d4d593249bda2701b29a4a8585f8267cb815190
The default apache port overlaps with horizon, but
uses a different address syntax, *:80 vs 0.0.0.0:80.
This causes apache2 to sometimes fail on startup with
Address already in use: AH00072: make_sock: could not bind to address [::]:80
Change-Id: I7aa178878a6d283c4e5e0334a8bdcba30c8f242a
* removed old remote_file and file method to get certs
now uses the "secret" method from common to use data_bags
* removed now unused / obsolete attributes
* now uses new bind_address method from common
* edited specs to work with the new method
Change-Id: I296ae2241f38da51a07e52b913b86932153120e6
Depends-On: I7a4279aa6b3cbcc60a334900cd8442fd76792896
* the apache2 cookbook got patched recently and now uses an array of
"ipaddress:port" to define where apache2 should listen
Change-Id: I7304932c19398c2bd245bbb7cbad6df4f487047e
* removed fedora and suse support
* added os-identity dependency
* added versionbumb for refactored os-identity and common
* moved version up to 13.0.0 for mitaka release
Depends-On: I0547182085eed91d05384fdd7734408a839a9a2c
Depends-On: I3262b2e6f792f37c32a446e6567790b82bdd4613
Change-Id: Ida408a025f1a3e6a632108a9a32877026e286116
Our openstack-dashboard sites config is using the Headers directive
to prevent html caching by default for security. Need to make sure
this module is always enabled under apache.
Change-Id: I6f204f194a80b58e608a0a04afc19442d0444598
Related-Bug: #1446701
In order for keystone to get working under apache, we need a
later level of the apache cookbook, 3.1, which contains many
fixes. This does not effect dashboard functionality.
Also, fix up the dashboard cookbook to remove the default apache
listen address (*) and port (80), else these will leak thru.
Change-Id: I619b581f640bb64f3d44374d7c555eaf3f83a3e2
Implements: blueprint keystone-apache
Cleaned up all the minor rubocop issues, the ones left relate to
complex logic and what I think is a bug in rubocop for nested
vs compact modules/class definitions.
Change-Id: I17b4f23f6e7cb71e84c74996a98d04f3782be479
when use_ssl is false, several ssl related items are still
in play, notably including mod_ssl.
Closes-Bug: #1445047
Change-Id: Iafd26f8eddfd74a90b6a8bde579bf53af57b5893
Use the new http and https bind endpoints for dashboard that are
defined in the Common cookbook. These will allow more control and
consistency with the other bind endpoints for openstack services.
Change-Id: I15c0c2c40a88e18ff9805d48c4da83890b7f4da7
Partial-Bug: #1430422
The horizon recipe attempts to restart apache2 before that recipe
has had a chance to define the service resource.
Change-Id: Ied27dc2b2d2355092141ddbd57a64f9c0f975f39
Closes-Bug: #1418714
Now that admin_endpoint, public_endpoint, and internal_endpoint
in the common library are working, these are the changes to use
them in the openstack-dashboard recipes.
Change-Id: I389476158d72107bf7079756518aba12fab7f52b
Partial-Bug: 1412919
In order to be able to use alternative webservers, split the parts
relating to setting up the dashboard itself and setting up the webserver
into two new recipes.
Also introduce a new configuration variable, defaulting to `apache2`,
which will be used in the `server` recipe to select the type of
webserver being installed.
Change-Id: I70dcb820239547b0059ad15d19d5e1689ddff3d3
blueprint: dashboard-split-horizon-apache
local_settings is set as "root:root" and mode "0640". However
horizon service is running with user "apache" and it needs to read
this file. Hence set its group as "apache".
Fix bug 1370888
Change-Id: I003bef81b7d6b3229af7791dbd4e71936559c5e8