We change a default value of `horizon_webroot` to reflect the usecase
where both Horizon and Skyline are deployed. When it is the case,
horizon webroot URL will be changed to `/horizon`.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/859446
Change-Id: Ia38311a6fde88292c090cf6289bf5b6c6279c479
To standarize variable name across roles, this change renames
`horizon_enable_ssl` to `horizon_backend_ssl`.
All other roles use `<service>_backend_ssl` format.
It also better describes what it does. With `horizon_enable_ssl` it's
unclear whether it is about frontend or backend.
Backward compatibility will be kept until 2024.1.
Change-Id: I218d45b7be667732e4204316b8d18fa3e136962b
`horizon_enable_ssl` is responsible for enabling TLS on horizon backend.
It defaults to `haproxy_ssl` which is generally used to enable TLS on
haproxy frontends.
It is more reasonable to disable it by default as it's done for other
services.
This patch does not change current behavior in gating as backend TLS
works only with horizon_external_ssl=False(while it's set to True by
default).
It also does not affect behavior of horizon's haproxy frontend
encryption.
Change-Id: I8f207426c9dc5bcefdec42c0bfc0f5f0376509a3
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I52bd5d4b4e35317397242168c2f910d3ae4230ff
This change provides the horizon role the ability to deploy its services
using uWSGI instead of apache. This feature produces a minimal horizon
deployment which is perfectly functional in cases where capabilities
like federation and SSL terminated all the way through are not needed.
Change-Id: I457a111511543731746d868ae7f7184743e5703b
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
This change adds the ability within horizon to define a list of domains
which are trusted through the CSRF functions of django.
Change-Id: Ib92480e6caa74e050a99b36a54b2032714efb509
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
This adds a new variable to manage TLS v1.3 cipher suites.
The old variable for TLS v1.2 and below ciphers is renamed for
consistency, but is still supported as a default where overridden
by deployments.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/823943
Change-Id: Ib43d465c8fa24ec7d14174ecc17bce0b3e8bd7a4
In case policies are overriden for services,
horizon maintain and ship it's own set of policies that should be
separatelly overriden.
Depends-On: https://review.opendev.org/754382
Change-Id: I7099a5b11390d3296c7b4bb74d69670c7fe64f58
The sync from https://review.opendev.org/733244 updated to
openstackdocstheme 2.2.1 and reno 3.1.0 versions.
Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: Ic87ff263a9d3db82db1eda6e87beddb1ce64e38a
Add file to the reno documentation build to show release notes for
stable/ussuri.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.
Change-Id: I64637066af26f453978c4b2f4087e1d118bde8fb
Sem-Ver: feature
New version of openstackdocstheme (Victoria+) respects pygments_style.
Since this repo is using now Victoria (master) requirements but has
not branched for Ussuri yet, it uses the new version.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
Change-Id: I36d8c2f46c02ff343ec3a304b7ca347428ad01cf
This patch adds deployement of murano-dashboard to horizon,
once `horizon_enable_murano_ui` variable is set to True.
Depends-On: https://review.opendev.org/710773
Change-Id: I9a2f1920611ca8ad2b2f2cdb625281132b968ec2
Previously we were using cached_db session backend by default.
However with django version update, it requires more recent
mysqlclient module which is not part of requirements.
Moreover usage of cached_db makes us to carry and maintain
extra stuff, which can be dropped with memcached backend.
Change-Id: I8df7ee967d8dcbeb09a42fd568f98acc3e88adad
Add file to the reno documentation build to show release notes for
stable/train.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/train.
Change-Id: I640c918b071887574e885534d29e4218d5c60774
Sem-Ver: feature
Added variable horizon_bind_address which allows to define address
on which horizon will be listening.
horizon_listen_ports variable was converted to dict()
and used in apache vhost template.
As an addition metal jobs were added for horizon CI.
Depends-On: https://review.opendev.org/681722
Change-Id: I11c3edec6d58e39da8de5e214fab9731eb5df9e2
Because of global retirement process of neutron-lbaas we stop providing
neutron-lbaas-ui plugin installation for horizon.
Change-Id: Ic39a4d1cc03df72a4080abd6513bf8f4036da456
Add file to the reno documentation build to show release notes for
stable/stein.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/stein.
Change-Id: Ia4fbc015dea3a7b4c9292baf97669b576933a35c
Sem-Ver: feature
Added masakari dashboard to horizon installation.
As for now it's installation is available only from source.
Change-Id: I07937e2d97080ec5f4aece61a6bf032cd8790f5f
Implements: blueprint masakari-ansible-plugin
Horizon has, since OSA's inception, been deployed with HTTPS
access enabled, and has had no way to turn it off. Some use-cases
may want to access via HTTP instead, so this patch enables
the following:
1. Listen via HTTPS on a load balancer, but via HTTP on the
horizon host and have the load balancer forward the correct
headers. It will do this by default in the integrated build
due to the presence of the load balancer, so the current
behaviour is retained.
2. Enable HTTPS on the horizon host without a load balancer.
This is the role's default behaviour which matches what it
always has been.
3. Disable HTTPS entirely by setting ``haproxy_ssl: no`` (which
will also disable https on haproxy. This setting is inherited
by the new ``horizon_enable_ssl`` variable by default. This
is a new option.
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Change-Id: I823f2f949258157e306dbf80570abe53373da0c3
Closes-Bug: 1794337
Adds key ``theme_src_archive`` to ``horizon_custom_themes``,
which should point to archive with packed theme inside.
Archive should be placed on the deployment host and it
may be easily created by git-archive, or ansible git module.
Structure inside archive should be as a standard theme,
without any leading folders.
Unarchive is used instead of synchronize with flat files,
as synchronize establishes independent SSH connection
and doesn't use nspawn or any other methods from
custom ssh plugin and may case connection errors.
Recursive copy has limitations on number of files inside of the
directory. This limit is pretty high, but still it's a limit.
This method differs from uploading custom files, as themes may
have complex structure and include a lot of files.
As a result, if ``horizon_custom_themes`` contains
``theme_src_archive`` key, theme will be distributed by role.
Change-Id: Icbfff0793a703de94091cfdcdecf5a2c91bae4be
Related-Bug: 1778098
Distributions provide packages for the OpenStack services so we add
support for using these instead of the pip ones.
Implements: blueprint openstack-distribution-packages
Change-Id: Ie6eeff541a319967715e619dcdc26177aec5be72
In order to reduce the packages required to pip install on to the hosts,
we allow the service setup to be delegated to a specific host, defaulting
to the deploy host. We also switch as many tasks as possible to using the
built-in Ansible modules which make use of the shade library.
The 'virtualenv' package is now installed appropriately by the openstack_hosts
role, so there's no need to install it any more. The 'httplib2' package is a
legacy Ansible requirement for the get_url/get_uri module which is no longer
needed. The keystone client library is not required any more now that we're
using the upstream modules. As there are no required packages left, the task
to install them is also removed.
With the dependent patches, the openstack_openrc role is now executed once
on the designated host, so it is no longer required as a meta-dependency for
the role.
Depends-On: https://review.openstack.org/579233
Depends-On: https://review.openstack.org/579959
Depends-On: https://review.openstack.org/580156
Change-Id: Ic3c0bb31c12a83fe8fe475091e97e5d5537fab6f
Release notes are version independent, so remove version/release
values. We've found that projects now require the service package
to be installed in order to build release notes, and this is entirely
due to the current convention of pulling in the version information.
Release notes should not need installation in order to build, so this
unnecessary version setting needs to be removed.
Also, use openstackdocstheme for releasenotes - like all other projects
do.
This is needed for new release notes publishing, see
I56909152975f731a9d2c21b2825b972195e48ee8 and the discussion starting
at
http://lists.openstack.org/pipermail/openstack-dev/2017-November/124480.html
.
Change-Id: I35cd51cf81ae6e1bafa7ab3370dc89787961f4bc
This patch implements an initial set of jobs intended to match
the current job execution method. It does not intend to improve
how the jobs are executed - only to replicate what is currently
in openstack-infra/openstack-zuul-jobs and provide the platform
to iterate on.
Change-Id: Ia99b5dd4197b6e8cf0d3bc13d5f121250142d452
This variable allows customizing the default values for properties found
in the Launch Instance modal, using the LAUNCH_INSTANCE_DEFAULTS config
option.
Change-Id: I1a795b788b3fbc78e814c93f56fd996090c7463b
To facilitiate a translations check site this patch enables the ability
to perform a pull_catalog and compilemessages, which will update the
translations site. By default this won't run at all.
Change-Id: Ib9b527d60226d3133206675b394d83f1185631b2
Users can configure the number of worker threads however when it's
not specified the calculated number of workers can get too large on
hosts with a large number of CPUs.
Change-Id: I09433117941dcd543775d5c347cb03912c21475c
Dmitriy Rabotyagov
OpenStack Release Bot