For isolated deployments which use mirrors it is necessary
to be able to override the github.com URL currently used
in horizon_pip_packages
Change-Id: I767b921dd9114fb6afa6a93d80e3927da481e5ae
Since plugin name has changed for OVN, we need to count for it when
deciding if panel should be enabled or not.
Change-Id: Id0923a497e751350c9308726ccbb85b6aa6c36c4
django.utils.translation.ugettext_lazy() is deprecated in favor of the
functions that they’re aliases for: django.utils.translationgettext_lazy()
With that MemcachedCache backend was also deprecated in favor of
PyMemcacheCache. MemcachedCache was removed in django 4.1
https: //docs.djangoproject.com/en/4.0/releases/3.0/#id3
Change-Id: I9b77b33fbc4a9560c72504f935bf7f9082fefdd7
In order to compress static files against pyhton 3.11 a fixed version
with fixed regexp in pyScss is needed. While fix is merged, pyScss is
not tagged/released yet.
While this required only for Debian12, it will work nicely also with older
python versions, since there're almost no changes in the package.
instead of building based on SHA.
Change-Id: I76f945310b70c1b081800c5ba0ec922795b60a73
neutron_ml2_drivers_type is a string, not a list, while default
value for it is a list. Local settings also assume that it is a list.
So we ensure that the falue is a string by default now and
treat it as string in the code.
Change-Id: Ida72c712153dcda4cd06e0959f98ade4fee8dfbd
Keystone has stopped providing or reffering `_member_` role for a while,
thus role should not be refferenced anymore.
Moreover, with 2023.1 service policies have dropped `_member_`
which resulted in the role to be insufficient for basic operations.
Change-Id: I99bf418c6cb93d5f3cafc818a8cc876a49fb0357
Related-Bug: #2029486
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I40ff3ec0393bf90836d943fc09e74d6a5f207b48
To standarize variable name across roles, this change renames
`horizon_enable_ssl` to `horizon_backend_ssl`.
All other roles use `<service>_backend_ssl` format.
It also better describes what it does. With `horizon_enable_ssl` it's
unclear whether it is about frontend or backend.
Backward compatibility will be kept until 2024.1.
Change-Id: I218d45b7be667732e4204316b8d18fa3e136962b
`horizon_enable_ssl` is responsible for enabling TLS on horizon backend.
It defaults to `haproxy_ssl` which is generally used to enable TLS on
haproxy frontends.
It is more reasonable to disable it by default as it's done for other
services.
This patch does not change current behavior in gating as backend TLS
works only with horizon_external_ssl=False(while it's set to True by
default).
It also does not affect behavior of horizon's haproxy frontend
encryption.
Change-Id: I8f207426c9dc5bcefdec42c0bfc0f5f0376509a3
Supported ML2 provided types depends on the ML2 driver
and we should make it configurable in order to reflect dropdown list
that appears for admin panel while creating a network.
Closes-Bug: #2002897
Change-Id: Iceedf6af9559d48c28e0ee782a44f9ceb480119d
This patch changes the horizon ironic dashboard to be installed from
git sources like all of the other dashboards in an openstack-ansible
deployment.
Without this change the package installed from pypi is always the
latest released version and not aligned with the release
being deployed with openstack-ansible. This will potentially
cause the horizon service to fail to start if there is a severe
mismatch between horizon and ironic-ui.
Change-Id: I4dd03f3cd13878dafb621c70dd44a4fd0ff99ae3
This change provides the horizon role the ability to deploy its services
using uWSGI instead of apache. This feature produces a minimal horizon
deployment which is perfectly functional in cases where capabilities
like federation and SSL terminated all the way through are not needed.
Change-Id: I457a111511543731746d868ae7f7184743e5703b
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
This change adds the ability within horizon to define a list of domains
which are trusted through the CSRF functions of django.
Change-Id: Ib92480e6caa74e050a99b36a54b2032714efb509
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
This variable was added in the Yoga release to permit changes
to how Horizon contacts Keystone in an IDP setup.
Change-Id: I959f0f84b264ffc25481e9becb3059f28a233010
With [1] pyscss version was bumped to 1.4.0. With that horizon also
requires pyscss>=1.4.0 which means there's no need to additionally
constraint it.
We also temporary disable all functional jobs to resolve circular
dependency.
Needed-By: https://review.opendev.org/c/openstack/openstack-ansible/+/847272
[1] 4fa5acc415
Change-Id: I5676d358d1ec38904fc067ab5f14711358f6031c
Openstack upper-constraints for the Yoga release does not specify
a version of pyScss which is compatible with python3.10, this only
starts to happen with the Zed release.
To obtain experimental support for Ubuntu Jammy with the Yoga
release we adjust the upper-constraints to describe a python3.10
compatible version of pyScss.
Change-Id: I04b7b8bc2c8e666f155cccf58bd920ee7d699d72
barbican-ui has not yet reached a 1.0.0 release and does not provide
a functioning UI for the key manager service at this time.
Once barbican-ui has basic functionality we can consider enabling this again.
Change-Id: I9fc9147263881cc96f8e51b739d2ccf6f1f9fbf9
Instead of hardcoding lib directory for distro installs, we can
retrieve it dynamically based on the horizon.__file__ output
Change-Id: I8e87f9a9945b7526c90ca8c4dc09e43a86ab62e0
Closes-Bug: #1950798
We're missing comma at the end of set, which leads to error.
We additionally define condition when choices will be added to config.
Change-Id: I6b1c24fae22e9adb9e16fade4229d5761ac0b520
Closes-Bug: #1958645
This adds a new variable to manage TLS v1.3 cipher suites.
The old variable for TLS v1.2 and below ciphers is renamed for
consistency, but is still supported as a default where overridden
by deployments.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/823943
Change-Id: Ib43d465c8fa24ec7d14174ecc17bce0b3e8bd7a4
In case policies are overriden for services,
horizon maintain and ship it's own set of policies that should be
separatelly overriden.
Depends-On: https://review.opendev.org/754382
Change-Id: I7099a5b11390d3296c7b4bb74d69670c7fe64f58
If you were ever looking for a way to hide this button, the
feature was added in Stein, via https://review.opendev.org/c/openstack/horizon/+/605813
The default is False, and astute users will see this setting and
override it in their user_variables.yml if needed.
Change-Id: I293c3a8e806f7af3b540afa3d2040ec73e925008
This is necessary to support the new pip resolver.
Depends-On: I9be6bbf4a29a4da2ddf96dc0336bc2a7d8ec9281
Depends-On: I49c75dd11d6c4e8d37fe013b7ffdfd56ff193fcd
Change-Id: Ibab50a351d5e14bfc993884036c27cc3f2eee424
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.
Change-Id: Ib652b5cf4f8fb7066ca3e29222ed7b4949d073f8
As we do octavia dashboard bumps, we should provide it's specific version
as a constraint while creating venv
Change-Id: Ie02ef3dd6180128645e4932d50b489f399ea440d
Closes-bug: 1881874
The only difference between our and native wsgi app
were adding extra path [1] to sys.path.
However, nowadays this path is already part of syspath
[1] /openstack/venvs/horizon-20.1.1.dev7/lib/python3.6
Change-Id: I90a502fbdeb0040832b66e9df389ab3517b951f4
An openstack-ansible deployment does not have options to set the local_settings.py params
for Horizon to support Keystone V3 multiple domains dropdown menu and its variants to choose.
These options in local_settings.py are:
OPENSTACK_KEYSTONE_DOMAIN_CHOICES - default value to "(('Default', 'Default'))"
Change-Id: I9f1b8e4c6f5b4fe2601e5ee1dacf90bded60f93d
Closes-Bug: 1795788
This patch adds deployement of murano-dashboard to horizon,
once `horizon_enable_murano_ui` variable is set to True.
Depends-On: https://review.opendev.org/710773
Change-Id: I9a2f1920611ca8ad2b2f2cdb625281132b968ec2
This patch aims to add a prefix for memcached_server
on each role to give the ability for deployers to
override the location of memcached cluster. I.e users
wants to create a single memcached cluster with k8s
for each service.
We also add pymemcache based on [1]
[1] https://review.opendev.org/711429
Change-Id: I59fd6bd2e9557e8806e74bae8980ce322dcc748c
Zuul