At the moment our role does not account for provisionment of default
policy files for extra dashboards.
While they should not be required, it has been reported that absence
of such policy files results in unexpected behaviour. So let's symlink them
alike to how we do with regular policies.
Closes-Bug: #2055415
Change-Id: I683c12938fd4aa67304f564678514bc48bd86a79
Current behavior leads to all files having executable bit which is not
anticipated or required behaviour.
Thus, we should avoid defining mode recursively to the directory
Closes-Bug: #2052011
Change-Id: I30b9b6a70d2cabfb1f1f434cd883ea2503d867bc
In order to compress static files against pyhton 3.11 a fixed version
with fixed regexp in pyScss is needed. While fix is merged, pyScss is
not tagged/released yet.
While this required only for Debian12, it will work nicely also with older
python versions, since there're almost no changes in the package.
instead of building based on SHA.
Change-Id: I76f945310b70c1b081800c5ba0ec922795b60a73
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I40ff3ec0393bf90836d943fc09e74d6a5f207b48
To standarize variable name across roles, this change renames
`horizon_enable_ssl` to `horizon_backend_ssl`.
All other roles use `<service>_backend_ssl` format.
It also better describes what it does. With `horizon_enable_ssl` it's
unclear whether it is about frontend or backend.
Backward compatibility will be kept until 2024.1.
Change-Id: I218d45b7be667732e4204316b8d18fa3e136962b
Current logic does not allow horizon backend to listen on https
(`horizon_enable_ssl`) if external loadblanacer serves TLS
(`horizon_external_ssl`).
It basically forces backend to listen on plain http in this case which
does not make any sense. It should be possible to enable TLS on both
loadbalancer and horizon backend.
Additionally, with this patch, role defines a proper
HTTP_X_FORWARDED_PROTO header value(it's included in
`horizon_secure_proxy_ssl_header` and
`horizon_secure_proxy_ssl_header_django` and can be set to 'http' or
'https') based on whether external load balancer listens on https
(`horizon_external_ssl`)[1].
For example if loadbalancer listens on https and backend on http,
HTTP_X_FORWARDED_PROTO should be set to 'https'. Otherwise horizon will
respond with redirection to http.
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
Change-Id: I7706e52c01b3f0d72ea383a0476045e606078cff
This change provides the horizon role the ability to deploy its services
using uWSGI instead of apache. This feature produces a minimal horizon
deployment which is perfectly functional in cases where capabilities
like federation and SSL terminated all the way through are not needed.
Change-Id: I457a111511543731746d868ae7f7184743e5703b
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
This line snuck in with I6b68d4d15ae516d23c88b3c4c21a076e8d54604e
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: I72281dbc768e8f5f6b702d91abe63bc96376ac30
With [1] pyscss version was bumped to 1.4.0. With that horizon also
requires pyscss>=1.4.0 which means there's no need to additionally
constraint it.
We also temporary disable all functional jobs to resolve circular
dependency.
Needed-By: https://review.opendev.org/c/openstack/openstack-ansible/+/847272
[1] 4fa5acc415
Change-Id: I5676d358d1ec38904fc067ab5f14711358f6031c
Openstack upper-constraints for the Yoga release does not specify
a version of pyScss which is compatible with python3.10, this only
starts to happen with the Zed release.
To obtain experimental support for Ubuntu Jammy with the Yoga
release we adjust the upper-constraints to describe a python3.10
compatible version of pyScss.
Change-Id: I04b7b8bc2c8e666f155cccf58bd920ee7d699d72
Instead of hardcoding lib directory for distro installs, we can
retrieve it dynamically based on the horizon.__file__ output
Change-Id: I8e87f9a9945b7526c90ca8c4dc09e43a86ab62e0
Closes-Bug: #1950798
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I6b68d4d15ae516d23c88b3c4c21a076e8d54604e
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: I649c5d02b9c909a3339799711a4a7816381a6626
In case policies are overriden for services,
horizon maintain and ship it's own set of policies that should be
separatelly overriden.
Depends-On: https://review.opendev.org/754382
Change-Id: I7099a5b11390d3296c7b4bb74d69670c7fe64f58
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I31c5e6cde00cdb7addcc0cb4b1c7a13529ce1e60
At present, the collection and compression of static file is
carried out asynchronously to speed up execution. If compression
starts before collection has completed it can result in incomplete
results which cause the Horizon front end to produce 500 errors.
This patch switches the collection of static files back to a
synchronous task before triggering the slower compression as an
asynchronous task to maintain most of the speed-up benefit.
Change-Id: If9df63b2ef0031c91303d3fcb56474cbf7d648f9
This is necessary to support the new pip resolver.
Depends-On: I9be6bbf4a29a4da2ddf96dc0336bc2a7d8ec9281
Depends-On: I49c75dd11d6c4e8d37fe013b7ffdfd56ff193fcd
Change-Id: Ibab50a351d5e14bfc993884036c27cc3f2eee424
There is a missing tag in the os-horizon-install.yml
file that leads to an undefined variable error when
running the playbook with '--tags horizon-config'
Change-Id: I77246d51a7880ef373ef4b33e199032d204f8b89
For a metal deployment the keystone and horizon roles both try to
do this and it should be done in one place. This is moved to the
openstack_hosts role.
Depends-On: https://review.opendev.org/754095
Depends-On: https://review.opendev.org/754382
Change-Id: I8471685bb677ac4f15d808c274a5b1dde6fb2c81
The only difference between our and native wsgi app
were adding extra path [1] to sys.path.
However, nowadays this path is already part of syspath
[1] /openstack/venvs/horizon-20.1.1.dev7/lib/python3.6
Change-Id: I90a502fbdeb0040832b66e9df389ab3517b951f4
If role has been run with horizon-config tag it was ending up with [1]
So to avoid failure we add this tag to set_fact task.
[1] http://paste.openstack.org/show/792048/
Change-Id: I02026f135162fcbad646dd162344a4f4dd9f3b12
Currently we're executing os_keystone_role against all horizon hosts,
while we need to execute it just once. Thist patch fixes this behaviour.
Change-Id: Ie93cb1b805c67ae382ac722378b526bbd1779ed5
This patch adds deployement of murano-dashboard to horizon,
once `horizon_enable_murano_ui` variable is set to True.
Depends-On: https://review.opendev.org/710773
Change-Id: I9a2f1920611ca8ad2b2f2cdb625281132b968ec2
Previously we were using cached_db session backend by default.
However with django version update, it requires more recent
mysqlclient module which is not part of requirements.
Moreover usage of cached_db makes us to carry and maintain
extra stuff, which can be dropped with memcached backend.
Change-Id: I8df7ee967d8dcbeb09a42fd568f98acc3e88adad
Without this patch, int will get converted to string, which
is then applied in cron module, and is inconsistent with the other
string input (which the module expects). This can lead to failures.
This fixes it by ensuring everything is a string! boooo.
Change-Id: I3170cc2647947a0365543218f289480bab9ee4ce
Because of global retirement process of neutron-lbaas we stop providing
neutron-lbaas-ui plugin installation for horizon.
Change-Id: Ic39a4d1cc03df72a4080abd6513bf8f4036da456
* Remove horizon_python_lib_dir, this is not used anywhere
* Autodetect the horizon_lib_dir for source installs
* Remove hardcoded python2.7 path from uwsgi template
Change-Id: I0747ad5c50c0c007385b4756f1b386363bafcf93
This patch refactors the database creation to db_setup.yml which
will eventually be managed by openstack-ansible-tests.
This also re-orders the mq_setup to be done earlier so these system
level dependencies are ready before service activation.
Change-Id: Ia3be70460248d3dcaeea42e2bbc6af4160ea7108
There are some projects (such as Octavia) that ship YAML policy
files such as Octavia so this patch copies them as well.
Change-Id: Ic78d130bb3899720f619d8a78155c7b36807a07c
This patch registers the policy paths in a seperate task in order
to be able to place them in the correct folder, alongside the other
policy files so that Horizon can load properly.
Without this, the heat_policy.json file doesn't get linked in the
config location and the dashboard fails to load due to a missing
policy file.
Change-Id: Ic1e7e3ae5bb2f8d56602209c185a1ed025c0fdfa