- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
cookbooks
- Update documentation
- Cleanup line wraps
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Add missing ChefSpec tests
- Switch package installations to send packages as arrays instead of individual
package resources. This generally speeds up chef runs.
- Cleanup array syntax using %w() instead of []
- Remove FWaaS recipe as it's been unmaintained upstream.
Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706101
Depends-On: https://review.opendev.org/706151
Change-Id: Ie3b65b701235bae65a1797d63d6a55dd6fc9958e
This brings us up to date with the latest apache2 cookbook which
included a major refactor in 6.0.0 removing all of the definitions and
recipe with proper resources. Instead of using the apache2_default_site
resource, directly use a template and then enable the config file using
the apache2_site resource. This gives us the most flexibility.
Additional fixes:
- Remove or replace references to node['apache'] attributes
- Install mod_wsgi as a package on RHEL since there is no built-in
resource for it.
- Don't set SELinux to permissive on RHEL (I tested this works properly
with it set to enforcing).
- Remove hack for restarting apache.
- Convert web_app to template and subscribe to restarting apache.
- Remove resources to restore SELinux contexts since this taken care of
by Chef now automatically.
- Include additional cookbooks in Berksfile required for CI
Depends-On: https://review.opendev.org/702772
Depends-On: https://review.opendev.org/701824
Change-Id: Ib82595c27f03a7b456d5d5bfecc466f5ac199a5c
- Use role "member" for keystone_default_role instead of "_member_"
- Package "openstack-dashboard-ubuntu-theme" doesn't exist anymore
- Drop attributes that aren't used anymore
Change-Id: I5c6bc5b64d65e89ef599959015865661f92ee6e3
The node['openstack']['api']['auth']['version'] was deprecated and should no
longer be used. Default to version 3 for keystone since that's currently what's
supported.
Change-Id: I655e19e31f026be4fe92cbfbbf9d41f37cc6208d
Signed-off-by: Lance Albertson <lance@osuosl.org>
* remove postgres references
* update lbaas url to stable/queens
* update logging handler to reflect the current state of things
Change-Id: Ie298fec4dc1ed35119ffe844f356d1c72cfaa6f8
- there was a bug in the 'misc-section'
when value is a boolean it would've been printed in ticks.
In Python boolean is treated as Reference, this means it is
written uppercase
Change-Id: Idc03f2bd1f7ee519e404e5a30711a81493acf522
- The keystone_default_domain must be the ID of the domain and not its
name.
- The comment for the CACHES setting was updated upstream.
- The FLAVOR_EXTRA_KEYS setting got deprecated, so we drop it.
Change-Id: I8930e36883b64fa823438289e26602ea243f7fe6
- Add wsgi option to vhost definition
- Remove duplicated entries in template
- Do not set Xen option when we deploy KVM
Change-Id: I3e40674cbdfa116afa46e845dbd165f0d5abc7d0
- added needed values to local_settings.py to work with Newton and v3
- added openstackclient to berksfile
Change-Id: I3c31b6431c3e3b6bcfd08d46195a041696ec91f8
There are use cases where having ServerAlias in the vhost is preferred. This
includes that option but excludes by default. It's set using an array so you can
set multiple server aliases.
I also added the virtualhost port configurator test for dashboard-http-bind on
port 80 to ensure it works on both ports.
Change-Id: I621cb2a519e92d04d60fd75e727b59250bd72e30
Some organizations use an SSL certificate which requires an intermediate chain
cert. This provides support for that via a new attribute and is optional.
Change-Id: I1b31ca64378ff8c6f5367b75b4b7b210a650d676
RHEL puts the POLICY_FILES_PATH in a different location than Debian so we need
to ensure we set it. For Ubuntu/Debian, we'll explictly set the path they
currently use. Without this set properly, horizon fails to load up on RHEL.
Change-Id: If4f75ef8a3094154b2aecf435746f7a2050d5699
Signed-off-by: Lance Albertson <lance@osuosl.org>
* added enable_lb attribute to local_settings.py
* added specs to check the attribute is rendered probably
Change-Id: Icf11d684af41b297b0fdb4995c7b92576abf4a7b
Horizon will show the neutron advanced services depending on if
these services are enabled. The former properties enable_lb,
enable_vpn, and enable_firewall will be deprecated since Kilo.
Remove them from cookbook.
Change-Id: I3f2a77956381b8e8cc0a897ad79395063e246855
Closes-Bug: #1459576
Let horizon discover the default
dashboards via the INSTALL_APPS (which is already an attribute).
The patch removes the old hardcoded defaults which are no longer
needed nor recommmended.
Change-Id: I3c73756a6d834a9bae69ae6ead235e01cc747593
Closes-Bug: #1455063
Caching html pages could be a security vulnerability, so
by default prevent this from happening.
For now just a simple on/off switch, if more flexibility is needed
here it can be added later.
Change-Id: Iccf65edee23d55b016201b643c0d187d04ff3c13
Closes-Bug: #1446701
when use_ssl is false, several ssl related items are still
in play, notably including mod_ssl.
Closes-Bug: #1445047
Change-Id: Iafd26f8eddfd74a90b6a8bde579bf53af57b5893
Use the new http and https bind endpoints for dashboard that are
defined in the Common cookbook. These will allow more control and
consistency with the other bind endpoints for openstack services.
Change-Id: I15c0c2c40a88e18ff9805d48c4da83890b7f4da7
Partial-Bug: #1430422
With the 2.4 release the site config for directies was changed as
noted in the bug link. If necessary, in the future we could create
a list attribute to hold the directory options to allow them to be
overrideable, but no one has asked for that yet. This could also
use the apache cookbook web_app provider to create this site config.
Also cleaned up some minor formatting in the specs.
Change-Id: Ie2b323ac055ae03b3c4ebb28b70aca65745df842
Closes-Bug: #1411772
For Horizon localsetting, it can configure to use which version of cinder api.
Now the cookbook is switching to adopt cinder v2 api, we need to have horizon
cookbook support cinder v2 as well.
Change-Id: I2ab95c9f55cadd37d26c1d0af0dbd64cd8fc8e2c
This adds the ability to overide the
file_upload_temp_dir setting in django
which is usually '/tmp' by default but
may not be appropriate for all installations
Change-Id: Idebae5e0ec2249868f5ce411a7f798a7584fa40a
Allow the following options to be configured
OPENSTACK_SSL_NO_VERIFY
OPENSTACK_SSL_CACERT
Closes-Bug: #1372723
Change-Id: Ic4a612a899753198d1c09f5b5b78ca94d920d687
* Update local_settings
- Add in description comments
- Add new sections
* Update specs as needed
* Change metadata for apache2 to < 2.0.0 since it's not
backward compatible with 1.9.x.
Change-Id: I455624f809ad5968a9fbef3054c1bd10bcac5378
Closes-Bug: #1352956
Use the python translation function on security rules which
are not just acryonyms. Also there is no reason for the security
rules to use the word "All" in all caps.
Change-Id: Iaac4b01dfc096d589ac4a1e8c9ac772917b4942c
Closes-Bug: #1334031
Add attrs for login_url, logout_url, login_redirect_url and webroot
Fix the root default for webroot on redhat
No behavior changes for ubuntu or suse, but they now have flexibility.
Change-Id: I5db29c6768444dd742c0625b05285761da85be76
Closes-Bug: #1321390
This will allow the ibm_powerkvm platform to be recognized and will
simplify uses of multiple platforms from the same family.
Change-Id: Iebf2aad9f3b4649fb5c27d2fc93ee60c67e42737
Partially-Implements: blueprint add-ibm-powerkvm-enablement
Implements: blueprint platform-family