Commit Graph

116 Commits

Author SHA1 Message Date
Ghanshyam Mann d169cdecef Retire openstack-chef: remove repo content
OpenStack-chef project is retiring
- https://review.opendev.org/c/openstack/governance/+/905279

this commit remove the content of this project repo

Depends-On: https://review.opendev.org/c/openstack/project-config/+/909134
Change-Id: I8dc9f8845115a0b17d94a5910b9926d49039623a
2024-02-18 05:02:03 +00:00
Lance Albertson 57b9ab6138 Stein fixes
- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
  cookbooks
- Update documentation
- Cleanup line wraps
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Add missing ChefSpec tests
- Switch package installations to send packages as arrays instead of individual
  package resources. This generally speeds up chef runs.
- Cleanup array syntax using %w() instead of []
- Remove FWaaS recipe as it's been unmaintained upstream.

Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706101
Depends-On: https://review.opendev.org/706151
Change-Id: Ie3b65b701235bae65a1797d63d6a55dd6fc9958e
2020-03-23 10:59:37 -07:00
Lance Albertson 4e4bed1eed Update to apache2 ~> 8.0 cookbook
This brings us up to date with the latest apache2 cookbook which
included a major refactor in 6.0.0 removing all of the definitions and
recipe with proper resources. Instead of using the apache2_default_site
resource, directly use a template and then enable the config file using
the apache2_site resource. This gives us the most flexibility.

Additional fixes:
- Remove or replace references to node['apache'] attributes
- Install mod_wsgi as a package on RHEL since there is no built-in
  resource for it.
- Don't set SELinux to permissive on RHEL (I tested this works properly
  with it set to enforcing).
- Remove hack for restarting apache.
- Convert web_app to template and subscribe to restarting apache.
- Remove resources to restore SELinux contexts since this taken care of
  by Chef now automatically.
- Include additional cookbooks in Berksfile required for CI

Depends-On: https://review.opendev.org/702772
Depends-On: https://review.opendev.org/701824
Change-Id: Ib82595c27f03a7b456d5d5bfecc466f5ac199a5c
2020-01-30 09:30:28 -08:00
Jens Harbott 48e6fd88de Updates for Rocky
- Use role "member" for keystone_default_role instead of "_member_"
- Package "openstack-dashboard-ubuntu-theme" doesn't exist anymore
- Drop attributes that aren't used anymore

Change-Id: I5c6bc5b64d65e89ef599959015865661f92ee6e3
2019-08-15 11:52:50 +00:00
Lance Albertson d44b03c2bb Remove reference to deprecated attribute
The node['openstack']['api']['auth']['version'] was deprecated and should no
longer be used. Default to version 3 for keystone since that's currently what's
supported.

Change-Id: I655e19e31f026be4fe92cbfbbf9d41f37cc6208d
Signed-off-by: Lance Albertson <lance@osuosl.org>
2019-06-15 22:17:39 -07:00
MaoyangLiu 99b3a3426d fix the misspelling world
Change-Id: I1ecd63e8573682388f9349b44a5d60654dc75d29
2018-11-24 14:41:21 +08:00
Jan Klare 4838ae06c7
disable the openrc v2 download panel by default
Change-Id: I568d779fb05cb7b0dd22cc1757f86ecda26b281f
2018-11-05 13:31:53 +00:00
Samuel Cassiba 5058033a1a Simplify identity endpoint
Per the Keystone Install Guide[1] the admin endpoint is superseded in
favor of a single public endpoint. As a result, the admin endpoint is no
longer deployed by default.

[1] https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html#install-and-configure-components

Change-Id: Iafb0db54b3589eea0402c0f18687344667d0208a
Implements: blueprint simplify-identity-endpoint
2018-06-14 19:16:41 -07:00
Zuul d828493fad Merge "Update lbaas url for Queens, logging handler" 2018-03-23 09:55:40 +00:00
Christoph Albers babed9fcf5 FWaaS Dashboard fix
- FWaaS Dashboard has been moved to a seperate project since Pike

Change-Id: Ic24b4a611f35ffe47c3847abd0ab164694265a00
2018-03-20 16:32:48 +01:00
Samuel Cassiba 09d7658e42 Update lbaas url for Queens, logging handler
* remove postgres references
* update lbaas url to stable/queens
* update logging handler to reflect the current state of things

Change-Id: Ie298fec4dc1ed35119ffe844f356d1c72cfaa6f8
2018-03-08 10:52:58 -08:00
Samuel Cassiba 1b4d4f8259 dashboard refactor for Pike and Chef 13
- implemented foodcritic and cookstyle corrections
- deprecated node.foo.bar method access for node['foo']['bar'] bracket access
- added workaround for bug #1616265
- deprecated postgresql support
- moved package_overrides to common cookbook

Implements blueprint modern-chef

Change-Id: I1e0be7d59414897adf82ac21d2430df2525a61d9
2017-12-13 07:02:15 -08:00
Christoph Albers d079f432fd local_settings.py fixes
- there was a bug in the 'misc-section'
  when value is a boolean it would've been printed in ticks.
  In Python boolean is treated as Reference, this means it is
  written uppercase

Change-Id: Idc03f2bd1f7ee519e404e5a30711a81493acf522
2017-09-19 15:37:04 +02:00
Jens Rosenboom dd7384da22 Fix enable_vpn option
The patch in [1] was broken, missing a colon.

[1] https://review.openstack.org/463562

Change-Id: I9e7b24ba40c9f8303eae1325ced1f5a787466888
2017-05-24 08:50:47 +00:00
Christoph Albers 7c6a8f2285 Added option to enable_vpn
due to the fact that Neutron kicked out VPNaaS from governance.
We should disable vpn out of the box but give the option to deploy it.

REL.:
http://lists.openstack.org/pipermail/openstack-dev/2016-November/107384.html

Change-Id: Ieff504cdcd86bc31e8c3553b428968665259255f
2017-05-09 15:05:43 +02:00
Jens Rosenboom e49a768f62 Fix settings for Newton release
- The keystone_default_domain must be the ID of the domain and not its
  name.
- The comment for the CACHES setting was updated upstream.
- The FLAVOR_EXTRA_KEYS setting got deprecated, so we drop it.

Change-Id: I8930e36883b64fa823438289e26602ea243f7fe6
2017-02-09 14:24:25 +01:00
Jens Rosenboom bc49cefc80 Fix dashboard settings
- Add wsgi option to vhost definition
- Remove duplicated entries in template
- Do not set Xen option when we deploy KVM

Change-Id: I3e40674cbdfa116afa46e845dbd165f0d5abc7d0
2017-01-06 13:16:25 +01:00
Christoph Albers a8e6c9857d Fixes for Newton / Identity v3
- added needed values to local_settings.py to work with Newton and v3
- added openstackclient to berksfile

Change-Id: I3c31b6431c3e3b6bcfd08d46195a041696ec91f8
2016-12-09 14:42:10 +00:00
Lance Albertson 5fad88d1c0 Include ServerAlias in dashboard vhost if set
There are use cases where having ServerAlias in the vhost is preferred. This
includes that option but excludes by default. It's set using an array so you can
set multiple server aliases.

I also added the virtualhost port configurator test for dashboard-http-bind on
port 80 to ensure it works on both ports.

Change-Id: I621cb2a519e92d04d60fd75e727b59250bd72e30
2016-08-13 11:51:54 -07:00
Lance Albertson 648da86777 Add ability to use option SSL chain certificate
Some organizations use an SSL certificate which requires an intermediate chain
cert. This provides support for that via a new attribute and is optional.

Change-Id: I1b31ca64378ff8c6f5367b75b4b7b210a650d676
2016-07-21 08:31:52 -07:00
Lance Albertson 8717d2f073 Properly set POLICY_FILES_PATH on RHEL
RHEL puts the POLICY_FILES_PATH in a different location than Debian so we need
to ensure we set it. For Ubuntu/Debian, we'll explictly set the path they
currently use. Without this set properly, horizon fails to load up on RHEL.

Change-Id: If4f75ef8a3094154b2aecf435746f7a2050d5699
Signed-off-by: Lance Albertson <lance@osuosl.org>
2016-06-16 08:46:07 -07:00
Christoph Albers 885775f8c8 Added Attribute for enabling lbaas
* added enable_lb attribute to local_settings.py
* added specs to check the attribute is rendered probably

Change-Id: Icf11d684af41b297b0fdb4995c7b92576abf4a7b
2016-03-04 09:13:20 +00:00
JJ Asghar 0c8ae1d0b9 Initial Liberty Changes
Metadata changes
- Updated maintainer email
- Updated the version

rubocop updates
remove db2 refs

Change-Id: I5ff8ca0939f13e583f8d4ff75ff91a4805e78381
2015-08-28 23:17:25 -05:00
Hong Hui Xiao a472b6713e Remove the deprecated properties in horizon.
Horizon will show the neutron advanced services depending on if
these services are enabled. The former properties enable_lb,
enable_vpn, and enable_firewall will be deprecated since Kilo.
Remove them from cookbook.

Change-Id: I3f2a77956381b8e8cc0a897ad79395063e246855
Closes-Bug: #1459576
2015-06-29 11:54:33 -05:00
Mark Vanderwiel 1758014486 Use the recommended default for horizon default dashboards
Let horizon discover the default
dashboards via the INSTALL_APPS (which is already an attribute).
The patch removes the old hardcoded defaults which are no longer
needed nor recommmended.

Change-Id: I3c73756a6d834a9bae69ae6ead235e01cc747593
Closes-Bug: #1455063
2015-05-14 09:43:08 -05:00
Mark Vanderwiel 7ccbfe76a6 Allow ssl ciphers to be optionally configured for horizon
Add the SSLCipherSuite to the dash-site template.

Change-Id: I7b87761dd1ab0618e6ae6de428ec0b736e4aa483
Closes-Bug: #1447668
2015-04-23 10:44:01 -05:00
Mark Vanderwiel 9a68087e76 Prevent html page caching by default
Caching html pages could be a security vulnerability, so
by default prevent this from happening.
For now just a simple on/off switch, if more flexibility is needed
here it can be added later.

Change-Id: Iccf65edee23d55b016201b643c0d187d04ff3c13
Closes-Bug: #1446701
2015-04-23 01:45:16 +00:00
Mark Vanderwiel 3bbc28747e Allow non default db port for horizon
Change-Id: I11bfc9a8f45e5c700b9c1d2b718623f096c3e403
Closes-Bug: #1445511
2015-04-22 17:40:24 +00:00
Mark Vanderwiel 3d4d7bc49d Allow non-ssl to work correctly
when use_ssl is false, several ssl related items are still
in play, notably including mod_ssl.

Closes-Bug: #1445047

Change-Id: Iafd26f8eddfd74a90b6a8bde579bf53af57b5893
2015-04-21 09:08:26 -05:00
Jenkins 4294dd9b57 Merge "Need WEBROOT in local_settings.py file" 2015-04-16 14:58:01 +00:00
Mark Vanderwiel 40b59919d6 Use new bind endpoints for dashboard
Use the new http and https bind endpoints for dashboard that are
defined in the Common cookbook.  These will allow more control and
consistency with the other bind endpoints for openstack services.

Change-Id: I15c0c2c40a88e18ff9805d48c4da83890b7f4da7
Partial-Bug: #1430422
2015-04-03 10:18:46 -05:00
Mark Vanderwiel 964aef7a16 Need WEBROOT in local_settings.py file
Horizon relies on the WEBROOT setting in order to handle
static resources.

Change-Id: Ia6b8d3453fec70d5865d52843e2ae3c48c2a0865
Closes-Bug: #1438922
2015-03-31 16:42:34 -05:00
Mark Vanderwiel 7886c81a74 Fix site directory defaults for apache 2.4
With the 2.4 release the site config for directies was changed as
noted in the bug link.  If necessary, in the future we could create
a list attribute to hold the directory options to allow them to be
overrideable, but no one has asked for that yet.  This could also
use the apache cookbook web_app provider to create this site config.
Also cleaned up some minor formatting in the specs.

Change-Id: Ie2b323ac055ae03b3c4ebb28b70aca65745df842
Closes-Bug: #1411772
2015-01-16 14:51:52 -06:00
ZHU ZHU a142662fbd Add volume_api_version for dashboard configurations
For Horizon localsetting, it can configure to use which version of cinder api.
Now the cookbook is switching to adopt cinder v2 api, we need to have horizon
cookbook support cinder v2 as well.

Change-Id: I2ab95c9f55cadd37d26c1d0af0dbd64cd8fc8e2c
2014-11-15 03:42:47 -06:00
Mark Vanderwiel e3b14df8a2 Allow TraceEnable to be configurable
Change-Id: I4e6c486b9af8f72080c5d47310615f7f9fef744b
Closes-Bug: #1319319
2014-10-23 14:51:58 -05:00
Mark Vanderwiel f2f6bf0a36 OSSN-0039 Prevent POODLE attacks
Allow SSL protocol attribute, default to only TLS.

Change-Id: I58758e99ea1256aeefff27d441b0a527169829b5
Closes-Bug: #1384438
2014-10-22 15:24:03 -05:00
Alan Meadows 2859570b81 Allow file_upload_temp_dir override
This adds the ability to overide the
file_upload_temp_dir setting in django
which is usually '/tmp' by default but
may not be appropriate for all installations

Change-Id: Idebae5e0ec2249868f5ce411a7f798a7584fa40a
2014-10-13 14:25:37 -05:00
YangLei 514081ef0b Config OPENSTACK_TOKEN_HASH_ALGORITHM
Allow OPENSTACK_TOKEN_HASH_ALGORITHM to be configurable

Closes-Bug: #1372717
Change-Id: Ifd26bfeff7dab70c30ad4cbb1007ec697e79017d
2014-09-27 11:22:26 +08:00
YangLei 614103b253 Config the some certificate options
Allow the following options to be configured
OPENSTACK_SSL_NO_VERIFY
OPENSTACK_SSL_CACERT

Closes-Bug: #1372723

Change-Id: Ic4a612a899753198d1c09f5b5b78ca94d920d687
2014-09-23 15:36:34 +08:00
Mark Vanderwiel 53e38b80b9 Allow added sections to local_settings template
Similar design to the multi backend support in block-storage.

Change-Id: I6d715975429346190eb054a713c317be132656e6
Closes-Bug: #1358817
2014-08-25 15:42:16 -05:00
Mark Vanderwiel 459ced27b5 Update horizon local settings conf files for Juno
* Update local_settings
  - Add in description comments
  - Add new sections
* Update specs as needed
* Change metadata for apache2 to < 2.0.0 since it's not
backward compatible with 1.9.x.

Change-Id: I455624f809ad5968a9fbef3054c1bd10bcac5378
Closes-Bug: #1352956
2014-08-21 10:56:10 -05:00
Mark Vanderwiel a5b857f389 Need to be able to enable firewall and vpn in dashboard
Change-Id: I83e70e4b509689199d31dae6e55a750a6984ced6
Implements: blueprint neutron-vpnaas-enablement
2014-08-19 12:37:01 -05:00
Doug Fish 23d746e9e1 Make security rules with All translatable
Use the python translation function on security rules which
are not just acryonyms.  Also there is no reason for the security
rules to use the word "All" in all caps.

Change-Id: Iaac4b01dfc096d589ac4a1e8c9ac772917b4942c
Closes-Bug: #1334031
2014-07-02 10:23:53 -05:00
Mark Vanderwiel 3e96aa4f17 Fix to allow login urls to be configurable
Add attrs for login_url, logout_url, login_redirect_url and webroot
Fix the root default for webroot on redhat
No behavior changes for ubuntu or suse, but they now have flexibility.

Change-Id: I5db29c6768444dd742c0625b05285761da85be76
Closes-Bug: #1321390
2014-05-21 16:51:37 -05:00
Kieren Hynd ea8bb0c971 Config attributes for OPENSTACK_KEYSTONE_BACKEND
Bumped version to 9.0.2 and added some more options to README.md

Closes-Bug: 1320274
Change-Id: I985ed5fc662cef82372bccb3cc7485e150cb9eb0
2014-05-16 17:38:36 +01:00
Jenkins 66cae10614 Merge "add missing attribute for sqlite" 2014-04-12 16:56:07 +00:00
Luis A. Garcia 1f0bf8c899 Use platform_family instead of platform
This will allow the ibm_powerkvm platform to be recognized and will
simplify uses of multiple platforms from the same family.

Change-Id: Iebf2aad9f3b4649fb5c27d2fc93ee60c67e42737
Partially-Implements: blueprint add-ibm-powerkvm-enablement
Implements: blueprint platform-family
2014-04-08 13:57:16 -07:00
KE ZHU 92590f9d85 add missing attribute for sqlite
Closes-Bug: 1293814
Change-Id: I3f314f120ee25ed6ba1f89c6b50144780284bdb9
2014-04-07 23:53:18 -04:00
Jenkins b5866dc969 Merge "Add attribute for setting WSGISocketPrefix" 2014-03-10 09:52:29 +00:00
Luis A. Garcia ce357cfef6 Add attribute for setting WSGISocketPrefix
Change-Id: Ied5ef88393e353a35531ab2629aab0b272c92105
2014-03-07 17:53:51 +00:00