openstack
/
cookbook-openstack-dashboard
Code Issues Proposed changes

Retire openstack-chef: remove repo content 

OpenStack-chef project is retiring
- https://review.opendev.org/c/openstack/governance/+/905279

this commit remove the content of this project repo

Depends-On: https://review.opendev.org/c/openstack/project-config/+/909134
Change-Id: I8dc9f8845115a0b17d94a5910b9926d49039623a
This commit is contained in:
Ghanshyam Mann 2024-02-15 14:15:48 -08:00 committed by Ghanshyam
parent de8fb53dc0
commit d169cdecef
29 changed files with 8 additions and 9667 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.delivery/project.toml
View File

@ -1,9 +0,0 @@
[local_phases]
unit = 'rspec spec/'
lint = 'cookstyle --display-cop-names --extra-details'
syntax = "berks install -e integration"
provision = "echo skipping"
deploy = "echo skipping"
smoke = "echo skipping"
functional = "echo skipping"
cleanup = "echo skipping"

9
.gitignore vendored
View File

@ -1,9 +0,0 @@
.bundle/
berks-cookbooks/
.kitchen
.vagrant
.coverage/
*.swp
Berksfile.lock
Vagrantfile
Gemfile.lock

4
.rubocop.yml
View File

@ -1,4 +0,0 @@
Chef/Modernize/FoodcriticComments:
Enabled: true
Chef/Style/CopyrightCommentFormat:
Enabled: true

3
.zuul.yaml
View File

@ -1,3 +0,0 @@
- project:
templates:
- openstack-chef-jobs

23
Berksfile
View File

@ -1,23 +0,0 @@
source 'https://supermarket.chef.io'
solver :ruby, :required
[
%w(client dep),
%w(-common dep),
%w(-dns integration),
%w(-identity dep),
%w(-image integration),
%w(-integration-test integration),
%w(-network integration),
%w(-ops-database integration),
%w(-ops-messaging integration),
].each do |cookbook, group|
if Dir.exist?("../cookbook-openstack#{cookbook}")
cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}", group: group
else
cookbook "openstack#{cookbook}", git: "https://opendev.org/openstack/cookbook-openstack#{cookbook}", group: group
end
end
metadata

35
CONTRIBUTING.md
View File

@ -1,35 +0,0 @@
Contributing
============
How To Get Started
------------------
If you would like to contribute to the development of OpenStack Chef Cookbooks,
you must follow the steps in this page:
https://docs.openstack.org/infra/manual/developers.html
Gerrit Workflow
---------------
Once those steps have been completed, changes to OpenStack
should be submitted for review via the Gerrit tool, following
the workflow documented at:
https://docs.openstack.org/infra/manual/developers.html#development-workflow
Pull requests submitted through GitHub will be ignored.
Bugs
----
Bugs should be filed on Launchpad, not GitHub:
https://bugs.launchpad.net/openstack-chef
Contacts
--------
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
IRC: #openstack-chef is our channel on irc.oftc.net
Wiki: https://wiki.openstack.org/wiki/Chef/GettingStarted

176
LICENSE
View File

@ -1,176 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.

151
README.rst
View File

@ -1,145 +1,10 @@
OpenStack Chef Cookbook - dashboard
===================================
This project is no longer maintained.
.. image:: https://governance.openstack.org/badges/cookbook-openstack-dashboard.svg
:target: https://governance.openstack.org/reference/tags/index.html
The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
Description
===========
Installs the OpenStack Dashboard service **Horizon** as part of the
OpenStack reference deployment Chef for OpenStack. The `OpenStack
chef-repo`_ contains documentation for using this cookbook in the
context of a full OpenStack deployment. Horizon is currently installed
from packages.
.. _OpenStack chef-repo: https://opendev.org/openstack/openstack-chef
https://docs.openstack.org/horizon/latest/
Requirements
============
- Chef 16 or higher
- Chef Workstation 21.10.640 for testing (also includes Berkshelf for
cookbook dependency resolution)
Platform
========
- ubuntu
- redhat
- centos
Cookbooks
=========
The following cookbooks are dependencies:
- 'apache2', '~> 8.6'
- 'openstack-common', '>= 20.0.0'
- 'openstack-identity', '>= 20.0.0'
Attributes
==========
Please see the extensive inline documentation in ``attributes/*.rb`` for
descriptions of all the settable attributes for this cookbook.
Note that all attributes are in the ``default['openstack']`` "namespace"
Recipes
=======
openstack-dashboard::horizon
----------------------------
- Sets up the packages needed to run the Horizon dashboard and its
dependencies. Includes openstack-dashboard::apache2-server recipe.
openstack-dashboard::apache2-server
-----------------------------------
- Installs the Apache webserver and sets up an ``mod_wsgi`` container to
run the Horizon dashboard.
openstack-dashboard::neutron-lbaas-dashboard
--------------------------------------------
- Installs the python neutron-lbaas-dashboard package. Includes
openstack-dashboard::horizon recipe at the beginning.
License and Author
==================
+-----------------+---------------------------------------------------+
| **Author** | Justin Shepherd (justin.shepherd@rackspace.com) |
+-----------------+---------------------------------------------------+
| **Author** | Jason Cannavale (jason.cannavale@rackspace.com) |
+-----------------+---------------------------------------------------+
| **Author** | Ron Pedde (ron.pedde@rackspace.com) |
+-----------------+---------------------------------------------------+
| **Author** | Joseph Breu (joseph.breu@rackspace.com) |
+-----------------+---------------------------------------------------+
| **Author** | William Kelly (william.kelly@rackspace.com) |
+-----------------+---------------------------------------------------+
| **Author** | Darren Birkett (darren.birkett@rackspace.co.uk) |
+-----------------+---------------------------------------------------+
| **Author** | Evan Callicoat (evan.callicoat@rackspace.com) |
+-----------------+---------------------------------------------------+
| **Author** | Jay Pipes (jaypipes@att.com) |
+-----------------+---------------------------------------------------+
| **Author** | John Dewey (jdewey@att.com) |
+-----------------+---------------------------------------------------+
| **Author** | Matt Ray (matt@opscode.com) |
+-----------------+---------------------------------------------------+
| **Author** | Sean Gallagher (sean.gallagher@att.com) |
+-----------------+---------------------------------------------------+
| **Author** | Chen Zhiwei (zhiwchen@cn.ibm.com) |
+-----------------+---------------------------------------------------+
| **Author** | Jian Hua Geng (gengjh@cn.ibm.com) |
+-----------------+---------------------------------------------------+
| **Author** | Ionut Artarisi (iartarisi@suse.cz) |
+-----------------+---------------------------------------------------+
| **Author** | Eric Zhou (iartarisi@suse.cz) |
+-----------------+---------------------------------------------------+
| **Author** | Jens Rosenboom (j.rosenboom@x-ion.de) |
+-----------------+---------------------------------------------------+
| **Author** | Mark Vanderwiel (vanderwl@us.ibm.com) |
+-----------------+---------------------------------------------------+
| **Author** | Jan Klare (j.klare@cloudbau.de) |
+-----------------+---------------------------------------------------+
| **Author** | Christoph Albers (c.albers@x-ion.de) |
+-----------------+---------------------------------------------------+
| **Author** | Lance Albertson (lance@osuosl.org) |
+-----------------+---------------------------------------------------+
+-----------------+---------------------------------------------------+
| **Copyright** | Copyright (c) 2012, Rackspace US, Inc. |
+-----------------+---------------------------------------------------+
| **Copyright** | Copyright (c) 2012-2013, AT&T Services, Inc. |
+-----------------+---------------------------------------------------+
| **Copyright** | Copyright (c) 2013, Opscode, Inc. |
+-----------------+---------------------------------------------------+
| **Copyright** | Copyright (c) 2013-2015, IBM, Corp. |
+-----------------+---------------------------------------------------+
| **Copyright** | Copyright (c) 2013-2014, SUSE Linux GmbH. |
+-----------------+---------------------------------------------------+
| **Copyright** | Copyright (c) 2014, x-ion GmbH. |
+-----------------+---------------------------------------------------+
| **Copyright** | Copyright (c) 2016-2021, Oregon State University |
+-----------------+---------------------------------------------------+
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
::
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
For any further questions, please email
openstack-discuss@lists.openstack.org or join #openstack-dev on
OFTC.

39
Rakefile
View File

@ -1,39 +0,0 @@
task default: ['test']
task test: [:syntax, :lint, :unit]
desc 'Vendor the cookbooks in the Berksfile'
task :berks_prep do
sh %(chef exec berks vendor)
end
desc 'Run FoodCritic (syntax) tests'
task :syntax do
sh %(chef exec foodcritic --exclude spec -f any .)
end
desc 'Run RuboCop (lint) tests'
task :lint do
sh %(chef exec cookstyle)
end
desc 'Run RSpec (unit) tests'
task unit: :berks_prep do
sh %(chef exec rspec --format documentation)
end
desc 'Remove the berks-cookbooks directory and the Berksfile.lock'
task :clean do
rm_rf [
'berks-cookbooks',
'Berksfile.lock',
]
end
desc 'All-in-One Neutron build Infra using Common task'
task :integration do
# Use the common integration task
sh %(wget -nv -t 3 -O Rakefile-Common https://opendev.org/openstack/cookbook-openstack-common/raw/branch/master/Rakefile)
load './Rakefile-Common'
Rake::Task['common_integration'].invoke
end

30
TESTING.md
View File

@ -1,30 +0,0 @@
# Testing the Cookbook #
This cookbook uses [chefdk](https://downloads.chef.io/chef-dk/) and [berkshelf](http://berkshelf.com/) to isolate dependencies. Make sure you have chefdk and the header files for `gecode` installed before continuing. Make sure that you're using gecode version 3. More info [here](https://github.com/opscode/dep-selector-libgecode/tree/0bad63fea305ede624c58506423ced697dd2545e#using-a-system-gecode-instead). For more detailed information on what needs to be installed, you can have a quick look into the bootstrap.sh file in this repository, which does install all the needed things to get going on ubuntu trusty. The tests defined in the Rakefile include lint, style and unit. For integration testing please refere to the [openstack-chef-repo](https://github.com/stackforge/openstack-chef-repo).
We have three test suites which you can run either, individually (there are three rake tasks):
$ chef exec rake lint
$ chef exec rake style
$ chef exec rake unit
or altogether:
$ chef exec rake
The `rake` tasks will take care of installing the needed cookbooks with `berkshelf`.
## Rubocop ##
[Rubocop](https://github.com/bbatsov/rubocop) is a static Ruby code analyzer, based on the community [Ruby style guide](https://github.com/bbatsov/ruby-style-guide). We are attempting to adhere to this where applicable, slowly cleaning up the cookbooks until we can turn on Rubocop for gating the commits.
## Foodcritic ##
[Foodcritic](http://acrmp.github.io/foodcritic/) is a lint tool for Chef cookbooks. We ignore the following rules:
* [FC003](http://acrmp.github.io/foodcritic/#FC003) These cookbooks are not intended for Chef Solo.
* [FC023](http://acrmp.github.io/foodcritic/#FC023) Prefer conditional attributes.
## Chefspec
[ChefSpec](https://github.com/sethvargo/chefspec) is a unit testing framework for testing Chef cookbooks. ChefSpec makes it easy to write examples and get fast feedback on cookbook changes without the need for virtual machines or cloud servers.

234
attributes/default.rb
View File

@ -1,234 +0,0 @@
#
# Cookbook:: openstack-dashboard
# Attributes:: default
#
# Copyright:: 2012-2021, AT&T, Inc.
# Copyright:: 2013-2021, IBM, Corp.
# Copyright:: 2016-2021, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Set to some text value if you want templated config files
# to contain a custom banner at the top of the written file
default['openstack']['dashboard']['custom_template_banner'] = '
# This file is automatically generated by Chef
# Any changes will be overwritten
'
# ****************** OpenStack Dashboard Endpoints ******************************
# The OpenStack Dashboard non-SSL endpoint
default['openstack']['bind_service']['dashboard_http']['host'] = '0.0.0.0'
default['openstack']['bind_service']['dashboard_http']['port'] = '80'
# The OpenStack Dashboard SSL endpoint
default['openstack']['bind_service']['dashboard_https']['host'] = '0.0.0.0'
default['openstack']['bind_service']['dashboard_https']['port'] = '443'
# ********************************************************************************
default['openstack']['dashboard']['debug'] = false
# Don't cache html pages.
# NOTE: This setting requires apache 2.4 or greater is used
default['openstack']['dashboard']['cache_html'] = false
# The Keystone role used by default for users logging into the dashboard
default['openstack']['dashboard']['keystone_default_role'] = 'member'
default['openstack']['dashboard']['server_hostname'] = nil
default['openstack']['dashboard']['server_aliases'] = []
default['openstack']['dashboard']['server_admin'] = 'root@localhost'
default['openstack']['dashboard']['use_ssl'] = true
# When using a remote certificate and key, the names of the actual installed certificate
# and key in the file system are determined by the following two attributes.
# If you want the name of the installed files to match the name of the files from the URL,
# they need to be manually set below, if not the conventional horizon.* names will be used.
default['openstack']['dashboard']['ssl']['cert'] = 'horizon.pem'
default['openstack']['dashboard']['ssl']['key'] = 'horizon.key'
# Optional Chain cert
default['openstack']['dashboard']['ssl']['chain'] = nil
# Which versions of the SSL/TLS protocol will be accepted in new connections.
default['openstack']['dashboard']['ssl']['protocol'] = 'All -SSLv2 -SSLv3'
# Which ciphers to use with the SSL/TLS protocol.
# Example: 'RSA:HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK!RC4:!RC4-MD5:!RC4-SHA'
default['openstack']['dashboard']['ssl']['ciphers'] = nil
# Use the 'certs' databag for managing certs to disable it to use something
# external
default['openstack']['dashboard']['ssl']['use_data_bag'] = true
# List of hosts/domains the dashboard can serve. This should be changed, a '*'
# allows everything
default['openstack']['dashboard']['allowed_hosts'] = ['*']
# Allow TRACE method
#
# Set to "extended" to also reflect the request body (only for testing and
# diagnostic purposes).
#
# Set to one of: On | Off | extended
default['openstack']['dashboard']['traceenable'] = 'Off'
default['openstack']['dashboard']['secret_key_content'] = nil
default['openstack']['dashboard']['ssl_no_verify'] = 'True'
default['openstack']['dashboard']['ssl_cacert'] = nil
default['openstack']['dashboard']['webroot'] = '/'
# Dashboard specific database packages
# Put common ones here and platform specific ones below.
default['openstack']['dashboard']['db_python_packages'] = {
mysql: [],
sqlite: [],
}
case node['platform_family']
when 'rhel'
default['openstack']['dashboard']['key_group'] = 'root'
default['openstack']['dashboard']['horizon_user'] = 'apache'
default['openstack']['dashboard']['horizon_group'] = 'apache'
default['openstack']['dashboard']['django_path'] = '/usr/share/openstack-dashboard'
default['openstack']['dashboard']['dash_path'] = "#{node['openstack']['dashboard']['django_path']}/openstack_dashboard"
default['openstack']['dashboard']['dash_state_path'] = "#{node['openstack']['dashboard']['dash_path']}/local"
default['openstack']['dashboard']['secret_key_path'] = "#{node['openstack']['dashboard']['dash_state_path']}/.secret_key_store"
default['openstack']['dashboard']['ssl']['cert_dir'] = '/etc/pki/tls/certs/'
default['openstack']['dashboard']['ssl']['key_dir'] = '/etc/pki/tls/private/'
default['openstack']['dashboard']['local_settings_path'] = '/etc/openstack-dashboard/local_settings'
default['openstack']['dashboard']['static_path'] = '/usr/share/openstack-dashboard/static'
default['openstack']['dashboard']['policy_files_path'] = '/etc/openstack-dashboard'
default['openstack']['dashboard']['login_url'] = "#{node['openstack']['dashboard']['webroot']}auth/login/"
default['openstack']['dashboard']['logout_url'] = "#{node['openstack']['dashboard']['webroot']}auth/logout/"
default['openstack']['dashboard']['login_redirect_url'] = node['openstack']['dashboard']['webroot']
default['openstack']['dashboard']['platform'] = {
'horizon_packages' => %w(openstack-dashboard),
'memcache_python_packages' => node['platform_version'].to_i >= 8 ? %w(python3-memcached) : %w(python-memcached),
'package_overrides' => '',
}
when 'debian'
default['openstack']['dashboard']['key_group'] = 'ssl-cert'
default['openstack']['dashboard']['horizon_user'] = 'horizon'
default['openstack']['dashboard']['horizon_group'] = 'horizon'
default['openstack']['dashboard']['django_path'] = '/usr/share/openstack-dashboard'
default['openstack']['dashboard']['ssl']['cert_dir'] = '/etc/ssl/certs/'
default['openstack']['dashboard']['ssl']['key_dir'] = '/etc/ssl/private/'
default['openstack']['dashboard']['local_settings_path'] = '/etc/openstack-dashboard/local_settings.py'
default['openstack']['dashboard']['login_url'] = nil
default['openstack']['dashboard']['logout_url'] = nil
default['openstack']['dashboard']['login_redirect_url'] = nil
default['openstack']['dashboard']['platform'] = {
'memcache_python_packages' => %w(python3-memcache),
'package_overrides' => '',
}
default['openstack']['dashboard']['platform']['horizon_packages'] =
%w(
node-less
python3-django-horizon
openstack-dashboard
)
if platform?('ubuntu')
default['openstack']['dashboard']['dash_path'] = "#{node['openstack']['dashboard']['django_path']}/openstack_dashboard"
default['openstack']['dashboard']['dash_state_path'] = "#{node['openstack']['dashboard']['dash_path']}/local"
default['openstack']['dashboard']['secret_key_path'] = '/var/lib/openstack-dashboard/secret_key'
default['openstack']['dashboard']['static_path'] = '/var/lib/openstack-dashboard/static'
default['openstack']['dashboard']['policy_files_path'] = '/usr/share/openstack-dashboard/openstack_dashboard/conf'
else
default['openstack']['dashboard']['dash_path'] = node['openstack']['dashboard']['django_path']
default['openstack']['dashboard']['dash_state_path'] = '/var/lib/openstack-dashboard'
default['openstack']['dashboard']['secret_key_path'] = "#{node['openstack']['dashboard']['dash_state_path']}/secret_key"
default['openstack']['dashboard']['static_path'] = "#{node['openstack']['dashboard']['dash_state_path']}/static"
default['openstack']['dashboard']['policy_files_path'] = '/etc/openstack-dashboard/policy'
end
else
default['openstack']['dashboard']['key_group'] = 'root'
end
default['openstack']['dashboard']['wsgi_path'] = node['openstack']['dashboard']['dash_path'] + '/wsgi.py'
default['openstack']['dashboard']['wsgi_socket_prefix'] = nil
default['openstack']['dashboard']['session_backend'] = 'memcached'
default['openstack']['dashboard']['ssl_offload'] = true
default['openstack']['dashboard']['plugins'] = nil
default['openstack']['dashboard']['file_upload_temp_dir'] = nil
# disable the v2 openrc download panel by default since v2 has been deprecated for a while
# TODO: remove this option completely for Train
default['openstack']['dashboard']['show_keystone_v2_rc'] = 'False'
default['openstack']['dashboard']['error_log'] = 'openstack-dashboard-error.log'
default['openstack']['dashboard']['access_log'] = 'openstack-dashboard-access.log'
default['openstack']['dashboard']['help_url'] = 'https://docs.openstack.org'
default['openstack']['dashboard']['csrf_cookie_secure'] = true
default['openstack']['dashboard']['session_cookie_secure'] = true
default['openstack']['dashboard']['keystone_multidomain_support'] = false
default['openstack']['dashboard']['keystone_default_domain'] = 'default'
default['openstack']['dashboard']['identity_api_version'] = 3
default['openstack']['dashboard']['volume_api_version'] = 2
default['openstack']['dashboard']['console_type'] = 'AUTO'
default['openstack']['dashboard']['keystone_backend']['name'] = 'native'
default['openstack']['dashboard']['keystone_backend']['can_edit_user'] = true
default['openstack']['dashboard']['keystone_backend']['can_edit_group'] = true
default['openstack']['dashboard']['keystone_backend']['can_edit_project'] = true
default['openstack']['dashboard']['keystone_backend']['can_edit_domain'] = true
default['openstack']['dashboard']['keystone_backend']['can_edit_role'] = true
default['openstack']['dashboard']['log_level']['horizon'] = 'INFO'
default['openstack']['dashboard']['log_level']['horizon_log'] = 'INFO'
default['openstack']['dashboard']['log_level']['openstack_dashboard'] = 'INFO'
default['openstack']['dashboard']['log_level']['novaclient'] = 'INFO'
default['openstack']['dashboard']['log_level']['cinderclient'] = 'INFO'
default['openstack']['dashboard']['log_level']['keystoneclient'] = 'INFO'
default['openstack']['dashboard']['log_level']['glanceclient'] = 'INFO'
default['openstack']['dashboard']['log_level']['neutronclient'] = 'INFO'
default['openstack']['dashboard']['log_level']['heatclient'] = 'INFO'
default['openstack']['dashboard']['log_level']['ceilometerclient'] = 'INFO'
default['openstack']['dashboard']['log_level']['troveclient'] = 'INFO'
default['openstack']['dashboard']['log_level']['swiftclient'] = 'INFO'
default['openstack']['dashboard']['log_level']['openstack_auth'] = 'INFO'
default['openstack']['dashboard']['log_level']['nose.plugins.manager'] = 'INFO'
default['openstack']['dashboard']['log_level']['django'] = 'INFO'
default['openstack']['dashboard']['heat_stack']['enable_user_pass'] = true
default['openstack']['dashboard']['password_autocomplete'] = 'off'
default['openstack']['dashboard']['simple_ip_management'] = false
default['openstack']['dashboard']['neutron']['enable_quotas'] = true
default['openstack']['dashboard']['neutron']['enable_lb'] = false
default['openstack']['dashboard']['neutron']['enable_vpn'] = false
# Allow for misc sections to be added to the local_settings template
# For example: {
# 'CUSTOM_CONFIG_A' => {
# 'variable1': 'value1',
# 'variable2': 'value2'
# }
# 'CUSTOM_CONFIG_B' => {
# 'variable1': 'value1',
# 'variable2': 'value2'
# }
# }
# will generate:
# CUSTOM_CONFIG_A = {
# 'varable1': 'value1',
# 'varable2': 'value2',
# }
# CUSTOM_CONFIG_A = {
# 'varable1': 'value1',
# 'varable2': 'value2',
# }
default['openstack']['dashboard']['misc_local_settings'] = nil

6363
files/default/css/folsom.css
View File

File diff suppressed because it is too large Load Diff

27
files/default/horizon.key
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAw9dXolAH4h0XFzlhcjU0+UHIdwMw85u+CPDyhoeUPJTd/Qjz
2OYSe1Q/ctvz2ufod2jI/XbSmUhIK8blBDAvKIoDz+Q3wXc9a042RJB+0GDIQfMb
C++9WeHkSr+DxTm69lMi1LngWPsKP9jN9AtUcDhT9PCellYsr8Jct1M4SB8yEETa
8p+qgUIoddzPVAHaAJw26Qm3B1RRLFsR95t4IdXhnemCrMXLyI/0CESllKpt+509
wGVDTdi/A2uk7o1jfoU5Y7huWo0IK0Fmym4x3QwIyLU2TSXScFoiCZ17WmaVtmo+
pARb2CVCTPm1bjWKmUmu4IRzjxGLm77UWag2kQIDAQABAoIBAEKrwerBAh4JNz4x
y6nc0T72FS/nBzg30hcrJ/WCnIWPTI+DB7jUgoA36y3IEZl5j9tu8dXQKNwEDoXQ
vVCSsstDSQ7yK8USOfeY9cKbyoBYInTJNXD32eeKjnSgBFUVVT/ch6QR7317YT7h
KSQm40Uc+AAQFn0psybWrUe/7g4m78ViJgh1SdFmjxjo1tvCb4zq1TJ6Kcbfd4Ou
1dus5+NFdMDIJKghMuFuceWEWITo5HIKR+GUZKghqU2SIx89NiWXWPN4eFRWywKM
1TEiaUFea3Twp6vpyU5VGAFnmGKwxVfMnaB9owSwsTyFQtMI9xv7MyjEKWPlNt5T
K1J+SJECgYEA8HiHEt1EoyUh7sCDQbOWaoD53PPPfiK1nmpds/cE+grFYBmXeg8/
yxUldu4YKix8R3OP/zkHcUWCtqoQyXLjmwR76awCNfKVR49jk3BPxDZaFq65KGVa
sad6nL3wktczMyXYduLq6mBW2s0raSOzDPXNUKA68SMvEuktZDxlIU0CgYEA0Hz+
+RUlNjZiDvY2xxgF38rJGSvXHfOIlUdoQRfQdBsE5M/AtVgeLzW5amlJCnPPcz+b
ZgZBjo74YCKbTL18lPuhn+mhi9NRkW9Eq+SMNWhHhl3RjAjMo+AmTQg2QaEIIIY+
QUah9PsngIKuHtmYTS8QwBpoQidsQYMZXWpQyFUCgYACTPTl3k4QzYMkmJzo3QH8
ZN1/GqoKh+R67oOU/DEE/2NiBvynA0xV8g7Ys3Bxvtk1icp/45jJoaOdgcUFWF8L
FaDl3Gps/7Qj6iBGwdVRiD+WZfeJhma2umZ2525MyVhJDfyjLoqW0XMjRsE6kUfe
QN/E/LNzqSWDJc30XouNJQKBgGyesrhSq/BypOPmouNXQLg3jk3u6URRfPdJHKfN
IG1dJk+PbXcNUayG8PLfp44qiAojOXMOD1mWYxCy9vYkQqPb9Xi6389ZaUW8Eqr7
h5DLo3f9qQ6sBvHZ9hpsDNhkbTeEuSqJAhgAQbRSYSTxeMe9nZx4JZlRsLTw+GYS
3cOBAoGAI1wTP0/OhYUbpxkqvP4gqvEiveaSwSAcackoIRTAwDPDXEDjwToAkGKZ
F+/izeSPdMvYPcm3JKjsgfArjsvLJ+4jIoSLQNMzr0VLHstxsyJ7pCddesem8o3R
CgE0Yfkw93N6enWr3U+IVff9COwEce+WwEzJdNBVP/r6c+DaJWY=
-----END RSA PRIVATE KEY-----

17
files/default/horizon.pem
View File

@ -1,17 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICvjCCAaYCCQCnQkgewKj1UTANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDDBZj
b250cm9sbGVyLmV4YW1wbGUuY29tMB4XDTE1MDUwNjAyMDUzN1oXDTI1MDUwMzAy
MDUzN1owITEfMB0GA1UEAwwWY29udHJvbGxlci5leGFtcGxlLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPXV6JQB+IdFxc5YXI1NPlByHcDMPOb
vgjw8oaHlDyU3f0I89jmEntUP3Lb89rn6HdoyP120plISCvG5QQwLyiKA8/kN8F3
PWtONkSQftBgyEHzGwvvvVnh5Eq/g8U5uvZTItS54Fj7Cj/YzfQLVHA4U/TwnpZW
LK/CXLdTOEgfMhBE2vKfqoFCKHXcz1QB2gCcNukJtwdUUSxbEfebeCHV4Z3pgqzF
y8iP9AhEpZSqbfudPcBlQ03YvwNrpO6NY36FOWO4blqNCCtBZspuMd0MCMi1Nk0l
0nBaIgmde1pmlbZqPqQEW9glQkz5tW41iplJruCEc48Ri5u+1FmoNpECAwEAATAN
BgkqhkiG9w0BAQsFAAOCAQEAs38vH/ZxpdrvOFB5A3+/hXK6u7PHMKNgZRbE5jZv
j4HdTPLR+rQmI+Mrwu22N3ng0Nmhkl8GHvp5bQi+9KXAssCaSLjJaKMaDc6l1pRR
uQxvXA/dj9DsPmSsxzG2bL2uYO1cgUK4NmpwXkn3aaW1l/VTPntQOjs+4n6MWiJs
dX7CRY8rncH/PxDtmSUz/HiWLTIoOv26tGg56hEEWod0A2UiWqV11AJY/XvZaTs0
DcyyIS2L5eFjOvLdx8pN8XcNRfgXX4Zor5f1uMUwFHzGecDnuQF+LxN7r5j/CFNu
bvQlWJpu3FeJPccQpyBRK5VCuKUeLVun3Mym33D7B5VFRg==
-----END CERTIFICATE-----

18
metadata.rb
View File

@ -1,18 +0,0 @@
name 'openstack-dashboard'
maintainer 'openstack-chef'
maintainer_email 'openstack-discuss@lists.openstack.org'
license 'Apache-2.0'
description 'Installs/Configures the OpenStack Dashboard (Horizon)'
version '20.0.0'
%w(ubuntu redhat centos).each do |os|
supports os
end
depends 'apache2', '~> 8.6'
depends 'openstack-common', '>= 20.0.0'
depends 'openstack-identity', '>= 20.0.0'
issues_url 'https://launchpad.net/openstack-chef'
source_url 'https://opendev.org/openstack/cookbook-openstack-dashboard'
chef_version '>= 16.0'

184
recipes/apache2-server.rb
View File

@ -1,184 +0,0 @@
#
# Cookbook:: openstack-dashboard
# Recipe:: apache2-server
#
# Copyright:: 2012-2021, Rackspace US, Inc.
# Copyright:: 2012-2021, AT&T Services, Inc.
# Copyright:: 2013-2021, IBM, Corp.
# Copyright:: 2014-2021, SUSE Linux, GmbH.
# Copyright:: 2014-2021, x-ion GmbH.
# Copyright:: 2016-2021, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class ::Chef::Recipe
include ::Openstack
include Apache2::Cookbook::Helpers
end
http_bind = node['openstack']['bind_service']['dashboard_http']
http_bind_address = bind_address http_bind
https_bind = node['openstack']['bind_service']['dashboard_https']
https_bind_address = bind_address https_bind
# service['apache2'] is defined in the apache2_default_install resource
# but other resources are currently unable to reference it. To work
# around this issue, define the following helper in your cookbook:
service 'apache2' do
extend Apache2::Cookbook::Helpers
service_name lazy { apache_platform_service_name }
supports restart: true, status: true, reload: true
action :nothing
end
# Finds and appends the listen port to the apache2_install[openstack]
# resource which is defined in openstack-identity::server-apache.
apache_resource = find_resource(:apache2_install, 'openstack')
apache_port =
if node['openstack']['dashboard']['use_ssl']
["#{http_bind_address}:#{http_bind['port']}", "#{https_bind_address}:#{https_bind['port']}"]
else
"#{http_bind_address}:#{http_bind['port']}"
end
if apache_resource
apache_resource.listen = [apache_resource.listen, apache_port].flatten
else
apache2_install 'openstack' do
listen apache_port
end
end
apache2_mod_wsgi 'dashboard'
apache2_module 'rewrite'
apache2_module 'headers'
apache2_module 'ssl' if node['openstack']['dashboard']['use_ssl']
# delete the openstack-dashboard.conf before reload apache2 service on redhat and centos
# since this file is not valid on those platforms for the apache2 service.
file "#{apache_dir}/conf.d/openstack-dashboard.conf" do
action :delete
backup false
only_if { platform_family?('rhel') } # :pragma-foodcritic: ~FC024 - won't fix this
end
if node['openstack']['dashboard']['ssl']['use_data_bag']
ssl_cert = secret('certs', node['openstack']['dashboard']['ssl']['cert'])
ssl_key = secret('certs', node['openstack']['dashboard']['ssl']['key'])
if node['openstack']['dashboard']['ssl']['chain']
ssl_chain = secret('certs', node['openstack']['dashboard']['ssl']['chain'])
end
end
ssl_cert_file =
File.join(node['openstack']['dashboard']['ssl']['cert_dir'], node['openstack']['dashboard']['ssl']['cert'])
ssl_key_file =
File.join(node['openstack']['dashboard']['ssl']['key_dir'], node['openstack']['dashboard']['ssl']['key'])
ssl_chain_file =
if node['openstack']['dashboard']['ssl']['chain']
File.join(node['openstack']['dashboard']['ssl']['cert_dir'], node['openstack']['dashboard']['ssl']['chain'])
end
if node['openstack']['dashboard']['use_ssl'] &&
node['openstack']['dashboard']['ssl']['use_data_bag']
unless ssl_cert_file == ssl_key_file
cert_mode = '644'
cert_owner = 'root'
cert_group = 'root'
file ssl_cert_file do
content ssl_cert
mode cert_mode
owner cert_owner
group cert_group
end
end
if ssl_chain_file
cert_mode = '644'
cert_owner = 'root'
cert_group = 'root'
file ssl_chain_file do
content ssl_chain
mode cert_mode
owner cert_owner
group cert_group
end
end
key_mode = '640'
key_owner = 'root'
key_group = node['openstack']['dashboard']['key_group']
file ssl_key_file do
content ssl_key
mode key_mode
owner key_owner
group key_group
end
end
# make sure this file has correct permission
file node['openstack']['dashboard']['secret_key_path'] do
owner node['openstack']['dashboard']['horizon_user']
group node['openstack']['dashboard']['horizon_group']
mode '600'
# the only time the file should be created is if we have secret_key_content
# set, otherwise let apache create it when someone first accesses the
# dashboard
if node['openstack']['dashboard']['secret_key_content'].nil?
only_if { ::File.exist?(node['openstack']['dashboard']['secret_key_path']) }
else
content node['openstack']['dashboard']['secret_key_content']
notifies :restart, 'service[apache2]'
end
end
# stop apache bitching
directory "#{node['openstack']['dashboard']['dash_path']}/.blackhole" do
owner 'root'
end
template "#{apache_dir}/sites-available/openstack-dashboard.conf" do
extend Apache2::Cookbook::Helpers
source 'dash-site.erb'
variables(
apache_admin: node['openstack']['dashboard']['server_admin'],
log_dir: default_log_dir,
ssl_cert_file: ssl_cert_file.to_s,
ssl_key_file: ssl_key_file.to_s,
ssl_chain_file: ssl_chain_file.to_s,
http_bind_address: http_bind_address,
http_bind_port: http_bind['port'].to_i,
https_bind_address: https_bind_address,
https_bind_port: https_bind['port'].to_i
)
notifies :reload, 'service[apache2]', :immediately
end
case node['platform_family']
when 'debian'
apache2_site '000-default' do
action :disable
end
when 'rhel'
apache2_site 'default' do
action :disable
end
end
apache2_site 'openstack-dashboard' do
notifies :reload, 'service[apache2]', :immediately
end

122
recipes/horizon.rb
View File

@ -1,122 +0,0 @@
#
# Cookbook:: openstack-dashboard
# Recipe:: horizon
#
# Copyright:: 2012-2021, Rackspace US, Inc.
# Copyright:: 2012-2021, AT&T Services, Inc.
# Copyright:: 2013-2021, IBM, Corp.
# Copyright:: 2014-2021, SUSE Linux, GmbH.
# Copyright:: 2014-2021, x-ion, GmbH.
# Copyright:: 2019-2021, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class ::Chef::Recipe
include ::Openstack
end
platform_options = node['openstack']['dashboard']['platform']
identity_endpoint = internal_endpoint 'identity'
auth_url = identity_endpoint.to_s
http_bind = node['openstack']['bind_service']['dashboard_http']
http_bind_address = bind_address http_bind
https_bind = node['openstack']['bind_service']['dashboard_https']
https_bind_address = bind_address https_bind
horizon_host =
if node['openstack']['dashboard']['use_ssl']
https_bind_address
else
http_bind_address
end
db_pass = get_password 'db', 'horizon'
db_info = db 'dashboard'
python_packages = node['openstack']['db']['python_packages'][db_info['service_type']]
# Add dashboard specific database packages
python_packages += Array(node['openstack']['dashboard']['db_python_packages'][db_info['service_type']])
package platform_options['horizon_packages'] + python_packages do
action :upgrade
options platform_options['package_overrides']
end
if node['openstack']['dashboard']['session_backend'] == 'memcached'
platform_options['memcache_python_packages'].each do |pkg|
package pkg
end
end
django_path = node['openstack']['dashboard']['django_path']
memcached = memcached_servers
template node['openstack']['dashboard']['local_settings_path'] do
source 'local_settings.py.erb'
owner 'root'
group node['openstack']['dashboard']['horizon_group']
mode '640'
sensitive true
variables(
db_pass: db_pass,
db_info: db_info,
auth_url: auth_url,
memcached_servers: memcached,
host: horizon_host
)
notifies :restart, 'service[apache2]', :delayed
end
execute 'openstack-dashboard syncdb' do
cwd django_path
environment 'PYTHONPATH' => "/etc/openstack-dashboard:#{django_path}:$PYTHONPATH"
command 'python manage.py syncdb --noinput'
action :run
only_if do
(node['openstack']['dashboard']['session_backend'] == 'sql' &&
node['openstack']['db']['dashboard']['migrate'] ||
db_info['service_type'] == 'sqlite')
end
end
directory node['openstack']['dashboard']['dash_state_path'] do
owner 'root'
group node['openstack']['dashboard']['horizon_group']
mode '2771'
end
# resource can be triggered from other recipes (e.g. in
# recipes/neutron-lbaas-dashboard.rb)
execute 'openstack-dashboard collectstatic' do
cwd django_path
environment 'PYTHONPATH' => "/etc/openstack-dashboard:#{django_path}:$PYTHONPATH"
command 'python manage.py collectstatic --noinput'
action :nothing
end
# workaround for
# https://bugs.launchpad.net/openstack-chef/+bug/1496158
secret_file = node['openstack']['dashboard']['secret_key_path']
file secret_file do
owner node['openstack']['dashboard']['horizon_user']
group node['openstack']['dashboard']['horizon_user']
mode '600'
subscribes :create, 'service[apache2]', :immediately
only_if { ::File.exist?(secret_file) }
end
include_recipe 'openstack-dashboard::apache2-server'

26
recipes/neutron-lbaas-dashboard.rb
View File

@ -1,26 +0,0 @@
#
# Cookbook:: openstack-dashboard
# Recipe:: neutron-lbaas-dashboard
#
# Copyright:: 2020-2021, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
include_recipe 'openstack-dashboard::horizon'
case node['platform_family']
when 'debian'
package 'python3-neutron-lbaas-dashboard'
when 'rhel'
package 'openstack-neutron-lbaas-ui'
end

69
spec/apache2-server-redhat_spec.rb
View File

@ -1,69 +0,0 @@
require_relative 'spec_helper'
describe 'openstack-dashboard::apache2-server' do
ALL_RHEL.each do |p|
context "redhat #{p[:version]}" do
let(:runner) { ChefSpec::SoloRunner.new(p) }
let(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe)
end
include_context 'dashboard_stubs'
include_context 'redhat_stubs'
describe 'certs' do
describe 'get secret' do
let(:pem) { chef_run.file('/etc/pki/tls/certs/horizon.pem') }
let(:key) { chef_run.file('/etc/pki/tls/private/horizon.key') }
it 'create files and restarts apache' do
expect(chef_run).to create_file('/etc/pki/tls/certs/horizon.pem').with(
user: 'root',
group: 'root',
mode: '644'
)
expect(chef_run).to create_file('/etc/pki/tls/private/horizon.key').with(
user: 'root',
group: 'root',
mode: '640'
)
end
context 'does not mess with certs if ssl not enabled' do
cached(:chef_run) do
node.override['openstack']['dashboard']['use_ssl'] = false
runner.converge(described_recipe)
end
it do
expect(chef_run).not_to create_file('/etc/ssl/certs/horizon.pem')
expect(chef_run).not_to create_file('/etc/pki/tls/private/horizon.key')
end
end
end
end
it 'deletes openstack-dashboard.conf' do
file = '/etc/httpd/conf.d/openstack-dashboard.conf'
expect(chef_run).to delete_file(file)
end
it do
expect(chef_run).to_not disable_apache2_site('000-default')
end
it do
expect(chef_run).to disable_apache2_site('default')
end
it 'sets the WSGI daemon user to attribute default' do
file = chef_run.template('/etc/httpd/sites-available/openstack-dashboard.conf')
expect(chef_run).to render_file(file.name).with_content('WSGIDaemonProcess dashboard user=apache')
end
it 'has correct ownership on file with attribute defaults' do
file = chef_run.file('/usr/share/openstack-dashboard/openstack_dashboard/local/.secret_key_store')
expect(file.owner).to eq('apache')
expect(file.group).to eq('apache')
end
end
end
end

612
spec/apache2-server_spec.rb
View File

@ -1,612 +0,0 @@
require_relative 'spec_helper'
shared_examples 'virtualhost port configurator' do |port_attribute_name, port_attribute_value|
let(:virtualhost_directive) { "<VirtualHost 0.0.0.0:#{port_attribute_value}>" }
cached(:chef_run) do
node.override['openstack']['endpoints'][port_attribute_name]['port'] = port_attribute_value
node.override['openstack']['dashboard']['server_aliases'] = %w(server_aliases_value)
node.override['openstack']['dashboard']['server_hostname'] = 'server_hostname_value'
runner.converge(described_recipe)
end
it 'does not set NameVirtualHost directives when apache 2.4' do
expect(chef_run).not_to render_file(file.name).with_content(/^NameVirtualHost/)
end
it 'sets the VirtualHost directive' do
expect(chef_run).to render_file(file.name).with_content(/^#{virtualhost_directive}$/)
end
describe 'server_hostname' do
it 'sets the value if the server_hostname is present' do
expect(chef_run).to render_file(file.name)
.with_content(/^#{virtualhost_directive}\s*ServerName server_hostname_value$/)
end
it 'does not set the value if the server_hostname is not present' do
expect(chef_run).not_to render_file(file.name).with_content(/^#{virtualhost_directive}\s*ServerName$/)
end
end
describe 'server_aliases' do
it 'sets the value if the server_aliases is present' do
expect(chef_run).to render_file(file.name)
.with_content(/^#{virtualhost_directive}\s*ServerName.*\s*ServerAlias server_aliases_value$/)
end
context 'sets the value if multiple server_aliases is present' do
cached(:chef_run) do
node.override['openstack']['dashboard']['server_aliases'] = %w(server_aliases_value1 server_aliases_value2)
runner.converge(described_recipe)
end
it do
expect(chef_run).to render_file(file.name)
.with_content(/^#{virtualhost_directive}\s*ServerAlias server_aliases_value1 server_aliases_value2$/)
end
end
it 'does not set the value if the server_aliases is not present' do
expect(chef_run).not_to render_file(file.name).with_content(/^#{virtualhost_directive}\s*ServerAlias$/)
end
end
end
describe 'openstack-dashboard::apache2-server' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
node.override['openstack']['dashboard']['custom_template_banner'] = 'custom_template_banner_value'
node.override['openstack']['dashboard']['traceenable'] = 'value'
node.override['openstack']['dashboard']['error_log'] = 'error_log_value'
node.override['openstack']['dashboard']['access_log'] = 'access_log_value'
runner.converge(described_recipe)
end
cached(:chef_run_no_ssl) do
node.override['openstack']['dashboard']['use_ssl'] = false
node.override['openstack']['dashboard']['ssl']['chain'] = 'horizon-chain.pem'
runner.converge(described_recipe)
end
cached(:chef_run_chain) do
node.override['openstack']['dashboard']['ssl']['chain'] = 'horizon-chain.pem'
runner.converge(described_recipe)
end
include_context 'non_redhat_stubs'
include_context 'dashboard_stubs'
it do
expect(chef_run).to install_apache2_install('openstack').with(listen: %w(0.0.0.0:80 0.0.0.0:443))
end
it 'enables apache modules' do
expect(chef_run).to create_apache2_mod_wsgi 'dashboard'
expect(chef_run).to enable_apache2_module('rewrite')
expect(chef_run).to enable_apache2_module('headers')
end
it 'does not include the apache mod_ssl package when ssl disabled' do
expect(chef_run_no_ssl).not_to enable_apache2_module('ssl')
end
describe 'certs' do
describe 'get secret' do
let(:pem) { chef_run.file('/etc/ssl/certs/horizon.pem') }
let(:key) { chef_run.file('/etc/ssl/private/horizon.key') }
it 'create files and restarts apache' do
expect(chef_run).to create_file('/etc/ssl/certs/horizon.pem').with(
content: 'horizon_pem_value',
user: 'root',
group: 'root',
mode: '644'
)
expect(chef_run).to create_file('/etc/ssl/private/horizon.key').with(
content: 'horizon_key_value',
user: 'root',
group: 'ssl-cert',
mode: '640'
)
end
end
describe 'set ssl chain' do
let(:chain) { chef_run_chain.file('/etc/ssl/certs/horizon-chain.pem') }
it 'create files and restarts apache' do
expect(chef_run_chain).to create_file('/etc/ssl/certs/horizon-chain.pem').with(
content: 'horizon_chain_pem_value',
user: 'root',
group: 'root',
mode: '644'
)
end
end
describe 'get secret with only one pem' do
let(:key) { chef_run.file('/etc/ssl/private/horizon.pem') }
cached(:chef_run) do
node.override['openstack']['dashboard']['ssl'].tap do |ssl|
ssl['cert_dir'] = ssl['key_dir'] = '/etc/ssl/private'
ssl['cert'] = ssl['key'] = 'horizon.pem'
end
runner.converge(described_recipe)
end
it do
expect(chef_run).not_to create_file('/etc/ssl/private/horizon.pem')
.with(
content: 'horizon_pem_value',
user: 'root',
group: 'root',
mode: '644'
)
end
it do
expect(chef_run).to create_file('/etc/ssl/private/horizon.pem').with(
content: 'horizon_pem_value',
user: 'root',
group: 'ssl-cert',
mode: '640'
)
end
it 'does not mess with certs if ssl not enabled' do
expect(chef_run_no_ssl).not_to create_file('/etc/ssl/certs/horizon.pem')
expect(chef_run_no_ssl).not_to create_file('/etc/ssl/certs/horizon.key')
expect(chef_run_no_ssl).not_to create_file('/etc/ssl/certs/horizon-chain.pem')
end
end
context 'get different secret' do
let(:pem) { chef_run.file('/etc/anypath/any.pem') }
let(:key) { chef_run.file('/etc/anypath/any.key') }
cached(:chef_run) do
node.override['openstack']['dashboard']['ssl']['cert_dir'] = '/etc/anypath'
node.override['openstack']['dashboard']['ssl']['key_dir'] = '/etc/anypath'
node.override['openstack']['dashboard']['ssl']['cert'] = 'any.pem'
node.override['openstack']['dashboard']['ssl']['key'] = 'any.key'
node.override['openstack']['dashboard']['ssl']['chain'] = 'any-chain.pem'
runner.converge(described_recipe)
end
before do
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('certs', 'any.pem')
.and_return('any_pem_value')
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('certs', 'any.key')
.and_return('any_key_value')
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('certs', 'any-chain.pem')
.and_return('any_chain_pem_value')
node.override['openstack']['dashboard']
end
it 'create files and restarts apache' do
expect(chef_run).to create_file('/etc/anypath/any.pem').with(
content: 'any_pem_value',
user: 'root',
group: 'root',
mode: '644'
)
expect(chef_run).to create_file('/etc/anypath/any.key').with(
content: 'any_key_value',
user: 'root',
group: 'ssl-cert',
mode: '640'
)
end
describe 'set ssl chain' do
let(:chain) { chef_run.file('/etc/anypath/any-chain.pem') }
it 'create files and restarts apache' do
expect(chef_run).to create_file('/etc/anypath/any-chain.pem').with(
content: 'any_chain_pem_value',
user: 'root',
group: 'root',
mode: '644'
)
end
end
it 'does not mess with certs if ssl not enabled' do
expect(chef_run_no_ssl).not_to create_file('/etc/anypath/any.key')
expect(chef_run_no_ssl).not_to create_file('/etc/anypath/any.pem')
expect(chef_run_no_ssl).not_to create_file('/etc/anypath/any-chain.pem')
end
context 'does not create certs if certs data bag is disabled' do
cached(:chef_run) do
node.override['openstack']['dashboard']['ssl']['use_data_bag'] = false
node.override['openstack']['dashboard']['ssl']['chain'] = 'horizon-chain.pem'
runner.converge(described_recipe)
end
it do
expect(chef_run).not_to create_file('/etc/ssl/certs/horizon.pem')
expect(chef_run).not_to create_file('/etc/ssl/certs/horizon.key')
expect(chef_run).not_to create_file('/etc/ssl/certs/horizon-chain.pem')
end
end
end
end
it 'creates .blackhole dir with proper owner' do
dir = '/usr/share/openstack-dashboard/openstack_dashboard/.blackhole'
expect(chef_run.directory(dir).owner).to eq('root')
end
describe 'openstack-dashboard virtual host' do
let(:file) { chef_run.template('/etc/apache2/sites-available/openstack-dashboard.conf') }
it 'creates openstack-dashboard.conf' do
expect(chef_run).to create_template('/etc/apache2/sites-available/openstack-dashboard.conf').with(
source: 'dash-site.erb',
variables: {
apache_admin: 'root@localhost',
http_bind_address: '0.0.0.0',
http_bind_port: 80,
https_bind_address: '0.0.0.0',
https_bind_port: 443,
log_dir: '/var/log/apache2',
ssl_cert_file: '/etc/ssl/certs/horizon.pem',
ssl_chain_file: '',
ssl_key_file: '/etc/ssl/private/horizon.key',
}
)
end
it do
expect(chef_run.template('/etc/apache2/sites-available/openstack-dashboard.conf')).to \
notify('service[apache2]').to(:reload).immediately
end
describe 'template content' do
let(:rewrite_ssl_directive) { /^\s*RewriteEngine On\s*RewriteCond \%\{HTTPS\} off$/ }
let(:default_rewrite_rule) { %r(^\s*RewriteRule \^\(\.\*\)\$ https\://%\{HTTP_HOST\}%\{REQUEST_URI\} \[L,R\]$) }
it 'has the default banner' do
expect(chef_run).to render_file(file.name).with_content(/^custom_template_banner_value$/)
end
describe 'cache_html' do
it 'prevents html page caching' do
expect(chef_run).to render_file(file.name)
.with_content(%r{^\s*SetEnvIfExpr "req\('accept'\) =~/html/" NO_CACHE$})
expect(chef_run).to render_file(file.name)
.with_content(/^\s*Header merge Cache-Control no-cache env=NO_CACHE$/)
expect(chef_run).to render_file(file.name)
.with_content(/^\s*Header merge Cache-Control no-store env=NO_CACHE$/)
end
context 'allows html page caching' do
cached(:chef_run) do
node.override['openstack']['dashboard']['cache_html'] = true
runner.converge(described_recipe)
end
it do
expect(chef_run).not_to render_file(file.name)
.with_content(%r{^\s*SetEnvIfExpr "req\('accept'\) =~/html/" NO_CACHE$})
expect(chef_run).not_to render_file(file.name)
.with_content(/^\s*Header merge Cache-Control no-cache env=NO_CACHE$/)
expect(chef_run).not_to render_file(file.name)
.with_content(/^\s*Header merge Cache-Control no-store env=NO_CACHE$/)
end
end
end
it_should_behave_like 'virtualhost port configurator', 'dashboard-http-bind', 80
describe 'with use_ssl enabled' do
it_should_behave_like 'virtualhost port configurator', 'dashboard-https-bind', 443
it 'shows rewrite ssl directive' do
expect(chef_run).to render_file(file.name).with_content(rewrite_ssl_directive)
end
describe 'rewrite rule' do
it 'shows the default SSL rewrite rule when http_port is 80 and https_port is 443' do
expect(chef_run).to render_file(file.name).with_content(default_rewrite_rule)
end
context 'shows the parameterized SSL rewrite rule when http_port is different from 80' do
https_port_value = 443
cached(:chef_run) do
node.override['openstack']['dashboard']['use_ssl'] = true
node.override['openstack']['bind_service']['dashboard_http']['port'] = 81
node.override['openstack']['bind_service']['dashboard_https']['port'] = https_port_value
runner.converge(described_recipe)
end
it do
expect(chef_run).to render_file(file.name)
.with_content(%r{^\s*RewriteRule \^\(\.\*\)\$ https://%\{SERVER_NAME\}:#{https_port_value}%\{REQUEST_URI\} \[L,R\]$})
end
end
context 'shows the parameterized SSL rewrite rule when https_port is different from 443' do
https_port_value = 444
cached(:chef_run) do
node.override['openstack']['dashboard']['use_ssl'] = true
node.override['openstack']['bind_service']['dashboard_http']['port'] = 80
node.override['openstack']['bind_service']['dashboard_https']['port'] = https_port_value
runner.converge(described_recipe)
end
it do
expect(chef_run).to render_file(file.name)
.with_content(%r{^\s*RewriteRule \^\(\.\*\)\$ https://%\{SERVER_NAME\}:#{https_port_value}%\{REQUEST_URI\} \[L,R\]$})
end
end
end
it 'shows ssl certificate related directives defaults' do
[
/^\s*SSLEngine on$/,
%r{^\s*SSLCertificateFile /etc/ssl/certs/horizon.pem$},
%r{^\s*SSLCertificateKeyFile /etc/ssl/private/horizon.key$},
/^\s*SSLProtocol All -SSLv2 -SSLv3$/,
].each do |ssl_certificate_directive|
expect(chef_run).to render_file(file.name).with_content(ssl_certificate_directive)
end
expect(chef_run).to_not render_file(file.name).with_content(/SSLCertificateChainFile/)
end
describe 'set ssl chain' do
it 'shows chain directive' do
expect(chef_run_chain).to render_file(file.name)
.with_content(%r{^\s*SSLCertificateChainFile /etc/ssl/certs/horizon-chain.pem$})
end
end
context 'set use_data_bag to false' do
cached(:chef_run) do
node.override['openstack']['dashboard']['ssl']['use_data_bag'] = false
runner.converge(described_recipe)
end
it 'shows ssl certificate related directives defaults' do
[
/^\s*SSLEngine on$/,
%r{^\s*SSLCertificateFile /etc/ssl/certs/horizon.pem$},
%r{^\s*SSLCertificateKeyFile /etc/ssl/private/horizon.key$},
/^\s*SSLProtocol All -SSLv2 -SSLv3$/,
].each do |ssl_certificate_directive|
expect(chef_run).to render_file(file.name).with_content(ssl_certificate_directive)
end
expect(chef_run).to_not render_file(file.name).with_content(/SSLCertificateChainFile/)
end
context 'set ssl chain' do
cached(:chef_run) do
node.override['openstack']['dashboard']['ssl']['use_data_bag'] = false
node.override['openstack']['dashboard']['ssl']['chain'] = 'horizon-chain.pem'
runner.converge(described_recipe)
end
it 'shows chain directive' do
expect(chef_run).to render_file(file.name)
.with_content(%r{^\s*SSLCertificateChainFile /etc/ssl/certs/horizon-chain.pem$})
end
end
end
it 'has no ssl ciphers configured by default' do
expect(chef_run).not_to render_file(file.name).with_content(/^\s*SSLCipherSuite.*$/)
end
# noinspection CookbookSourceRoot
context 'override attributes' do
cached(:chef_run) do
node.override['openstack']['dashboard']['ssl']['cert'] = 'ssl.cert'
node.override['openstack']['dashboard']['ssl']['key'] = 'ssl.key'
node.override['openstack']['dashboard']['ssl']['cert_dir'] = 'ssl_dir_value/certs'
node.override['openstack']['dashboard']['ssl']['key_dir'] = 'ssl_dir_value/private'
node.override['openstack']['dashboard']['ssl']['protocol'] = 'ssl_protocol_value'
node.override['openstack']['dashboard']['ssl']['ciphers'] = 'ssl_ciphers_value'
runner.converge(described_recipe)
end
before do
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('certs', 'ssl.cert')
.and_return('ssl_cert_value')
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('certs', 'ssl.key')
.and_return('ssl_key_value')
end
it 'shows ssl related directives overrides' do
[
/^\s*SSLEngine on$/,
%r{^\s*SSLCertificateFile ssl_dir_value/certs/ssl.cert$},
%r{^\s*SSLCertificateKeyFile ssl_dir_value/private/ssl.key$},
/^\s*SSLProtocol ssl_protocol_value$/,
/^\s*SSLCipherSuite ssl_ciphers_value$/,
].each do |ssl_directive|
expect(chef_run).to render_file(file.name).with_content(ssl_directive)
end
expect(chef_run).to_not render_file(file.name).with_content(/SSLCertificateChainFile/)
end
end
end
context 'with use_ssl disabled' do
cached(:chef_run) do
node.override['openstack']['dashboard']['use_ssl'] = false
runner.converge(described_recipe)
end
it 'does not show rewrite ssl directive' do
expect(chef_run).not_to render_file(file.name).with_content(rewrite_ssl_directive)
end
context 'does not show the default rewrite rule' do
cached(:chef_run) do
node.override['openstack']['dashboard']['use_ssl'] = false
node.override['openstack']['endpoints']['dashboard-http-bind']['port'] = 80
node.override['openstack']['endpoints']['dashboard-https-bind']['port'] = 443
runner.converge(described_recipe)
end
it do
expect(chef_run).not_to render_file(file.name).with_content(default_rewrite_rule)
end
end
it 'does not show ssl certificate related directives' do
[
/^\s*SSLEngine on$/,
/^\s*SSLCertificateFile/,
/^\s*SSLCertificateKeyFile/,
].each do |ssl_certificate_directive|
expect(chef_run).not_to render_file(file.name).with_content(ssl_certificate_directive)
end
expect(chef_run).to_not render_file(file.name).with_content(/SSLCertificateChainFile/)
end
end
it 'shows the ServerAdmin' do
expect(chef_run).to render_file(file.name).with_content(/\s*ServerAdmin root@localhost$/)
end
it 'sets the WSGI script alias defaults' do
expect(chef_run).to render_file(file.name)
.with_content(%r{^\s*WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py$})
end
context 'sets the WSGI script alias' do
cached(:chef_run) do
node.override['openstack']['dashboard']['wsgi_path'] = 'wsgi_path_value'
node.override['openstack']['dashboard']['webroot'] = 'root'
runner.converge(described_recipe)
end
it do
expect(chef_run).to render_file(file.name).with_content(/^\s*WSGIScriptAlias root wsgi_path_value$/)
end
end
context 'sets the WSGI daemon process' do
cached(:chef_run) do
node.override['openstack']['dashboard']['horizon_user'] = 'horizon_user_value'
node.override['openstack']['dashboard']['horizon_group'] = 'horizon_group_value'
node.override['openstack']['dashboard']['dash_path'] = 'dash_path_value'
runner.converge(described_recipe)
end
it do
expect(chef_run).to render_file(file.name).with_content(
/^\s*WSGIDaemonProcess dashboard user=horizon_user_value group=horizon_group_value processes=3 threads=10 python-path=dash_path_value$/
)
end
end
context 'has the default DocRoot' do
cached(:chef_run) do
node.override['openstack']['dashboard']['dash_path'] = 'dash_path_value'
runner.converge(described_recipe)
end
it do
expect(chef_run).to render_file(file.name).with_content(%r{\s*DocumentRoot dash_path_value/.blackhole/$})
end
end
it 'has TraceEnable set' do
expect(chef_run).to render_file(file.name).with_content(/^ TraceEnable value$/)
end
context 'sets the right Alias path for /static' do
cached(:chef_run) do
node.override['openstack']['dashboard']['static_path'] = 'static_path_value'
runner.converge(described_recipe)
end
it do
expect(chef_run).to render_file(file.name).with_content(%r{^\s+Alias /static static_path_value$})
end
end
context 'sets the directory directive' do
cached(:chef_run) do
%w(dash_path static_path).each do |dir_attribute|
node.override['openstack']['dashboard'][dir_attribute] = "#{dir_attribute}_value"
end
runner.converge(described_recipe)
end
%w(dash_path static_path).each do |dir_attribute|
it do
expect(chef_run).to render_file(file.name).with_content(/^\s*<Directory #{dir_attribute}_value>$/)
end
end
end
describe 'directory options' do
it 'sets default options for apache 2.4' do
expect(chef_run).to render_file(file.name).with_content(/^\s*Require all granted$/)
end
end
context 'sets wsgi socket prefix if wsgi_socket_prefix attribute is preset' do
cached(:chef_run) do
node.override['openstack']['dashboard']['wsgi_socket_prefix'] = '/var/run/wsgi'
runner.converge(described_recipe)
end
it do
expect(chef_run).to render_file(file.name).with_content(%r{^WSGISocketPrefix /var/run/wsgi$})
end
end
it 'omits wsgi socket prefix if wsgi_socket_prefix attribute is not preset' do
expect(chef_run).not_to render_file(file.name).with_content(/^WSGISocketPrefix $/)
end
end
end
describe 'secret_key_path file' do
secret_key_path = '/var/lib/openstack-dashboard/secret_key'
let(:file) { chef_run.file(secret_key_path) }
it 'has correct ownership' do
expect(file.owner).to eq('horizon')
expect(file.group).to eq('horizon')
end
it 'has correct mode' do
expect(file.mode).to eq('600')
end
it 'does not notify apache2 restart' do
expect(file).not_to notify('service[apache2]').to(:restart)
end
context 'has configurable path and ownership settings' do
cached(:chef_run) do
node.override['openstack']['dashboard']['secret_key_path'] = 'somerandompath'
node.override['openstack']['dashboard']['horizon_user'] = 'somerandomuser'
node.override['openstack']['dashboard']['horizon_group'] = 'somerandomgroup'
node.override['openstack']['dashboard']['secret_key_content'] = 'somerandomcontent'
runner.converge(described_recipe)
end
it do
file = chef_run.file('somerandompath')
expect(file.owner).to eq('somerandomuser')
expect(file.group).to eq('somerandomgroup')
end
describe 'secret_key_content set' do
it 'has configurable secret_key_content setting' do
expect(chef_run).to render_file('somerandompath').with_content('somerandomcontent')
end
it 'notifies apache2 restart when secret_key_content set' do
expect(chef_run.file('somerandompath')).to notify('service[apache2]').to(:restart)
end
end
end
end
it 'does not delete openstack-dashboard.conf' do
file = '/etc/httpd/conf.d/openstack-dashboard.conf'
expect(chef_run).not_to delete_file(file)
end
it do
expect(chef_run).to disable_apache2_site('000-default')
end
it do
expect(chef_run).to_not disable_apache2_site('default')
end
it do
expect(chef_run).to enable_apache2_site('openstack-dashboard')
end
it do
expect(chef_run.apache2_site('openstack-dashboard')).to notify('service[apache2]').to(:reload).immediately
end
end
end

54
spec/horizon-redhat_spec.rb
View File

@ -1,54 +0,0 @@
require_relative 'spec_helper'
describe 'openstack-dashboard::horizon' do
ALL_RHEL.each do |p|
context "redhat #{p[:version]}" do
let(:runner) { ChefSpec::SoloRunner.new(p) }
let(:node) { runner.node }
cached(:chef_run) do
runner.converge('openstack-identity::server-apache', described_recipe)
end
include_context 'dashboard_stubs'
include_context 'redhat_stubs'
case p
when REDHAT_7
it 'installs packages' do
expect(chef_run).to upgrade_package %w(openstack-dashboard MySQL-python)
end
when REDHAT_8
it 'installs packages' do
expect(chef_run).to upgrade_package %w(openstack-dashboard python3-PyMySQL)
end
end
describe 'local_settings' do
let(:file) { chef_run.template('/etc/openstack-dashboard/local_settings') }
it 'creates local_settings' do
expect(chef_run).to create_template(file.name).with(
user: 'root',
group: 'apache',
mode: '640'
)
end
it 'has urls set' do
[
%r{^LOGIN_URL = '/auth/login/'$},
%r{^LOGOUT_URL = '/auth/logout/'$},
%r{^LOGIN_REDIRECT_URL = '/'$},
].each do |line|
expect(chef_run).to render_file(file.name).with_content(line)
end
end
it 'has policy file path set' do
expect(chef_run).to render_file(file.name)
.with_content(%r{^POLICY_FILES_PATH = '/etc/openstack-dashboard'$})
end
end
end
end
end

555
spec/horizon_spec.rb
View File

@ -1,555 +0,0 @@
require_relative 'spec_helper'
describe 'openstack-dashboard::horizon' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
node.override['openstack']['dashboard']['custom_template_banner'] = 'custom_template_banner_value'
node.override['openstack']['dashboard']['allowed_hosts'] = ['dashboard.example.net']
node.override['openstack']['dashboard']['ssl_cacert'] = '/path_to_cacert.pem'
node.override['openstack']['dashboard']['identity_api_version'] = 'identity_api_version_value'
node.override['openstack']['dashboard']['volume_api_version'] = 'volume_api_version_value'
node.override['openstack']['dashboard']['keystone_default_domain'] = 'keystone_default_domain_value'
node.override['openstack']['dashboard']['console_type'] = 'console_type_value'
node.override['openstack']['dashboard']['help_url'] = 'help_url_value'
node.override['openstack']['dashboard']['password_autocomplete'] = 'password_autocomplete_value'
node.override['openstack']['dashboard']['secret_key_path'] = 'secret_key_path_value'
node.override['openstack']['dashboard']['use_ssl'] = true
node.override['openstack']['dashboard']['keystone_backend']['name'] = 'native'
node.override['openstack']['dashboard']['misc_local_settings'] = {
'CUSTOM_CONFIG_A' => {
'variable1' => 'value1',
'variable2' => 'value2',
},
'CUSTOM_CONFIG_B' => {
'variable1' => 'value1',
'variable2' => 'value2',
},
}
runner.converge('openstack-identity::server-apache', described_recipe)
end
cached(:chef_run2) do
node.override['openstack']['dashboard']['debug'] = true
node.override['openstack']['dashboard']['ssl_no_verify'] = 'False'
node.override['openstack']['dashboard']['use_ssl'] = false
node.override['openstack']['dashboard']['ssl_offload'] = false
node.override['openstack']['dashboard']['file_upload_temp_dir'] = '/foobar'
node.override['openstack']['dashboard']['keystone_multidomain_support'] = true
node.override['openstack']['dashboard']['simple_ip_management'] = true
node.override['openstack']['dashboard']['session_backend'] = 'file'
node.override['openstack']['dashboard']['keystone_default_role'] = 'keystone_default_role_value'
node.override['openstack']['dashboard']['keystone_backend']['name'] = 'ldap'
node.override['openstack']['dashboard']['neutron']['enable_quotas'] = false
node.override['openstack']['dashboard']['neutron']['enable_lb'] = true
node.override['openstack']['dashboard']['plugins'] = %w(testPlugin1 testPlugin2)
node.override['openstack']['db']['dashboard']['migrate'] = false
runner.converge('openstack-identity::server-apache', described_recipe)
end
cached(:chef_run_sql) do
node.override['openstack']['dashboard']['session_backend'] = 'sql'
runner.converge('openstack-identity::server-apache', described_recipe)
end
include_context 'non_redhat_stubs'
include_context 'dashboard_stubs'
it 'installs packages' do
expect(chef_run).to upgrade_package %w(node-less python3-django-horizon openstack-dashboard python3-mysqldb)
end
describe 'local_settings.py' do
let(:file) { chef_run.template('/etc/openstack-dashboard/local_settings.py') }
it 'creates local_settings' do
expect(chef_run).to create_template(file.name).with(
sensitive: true,
user: 'root',
group: 'horizon',
mode: '640'
)
end
it 'notifies web service to restart delayed' do
expect(file).to notify('service[apache2]').to(:restart).delayed
end
describe 'template contents' do
it 'has the customer banner' do
expect(chef_run).to render_file(file.name).with_content(/^custom_template_banner_value$/)
end
it 'sets misc settings properly' do
[
['CUSTOM_CONFIG_A = {',
' \'variable1\': \'value1\',',
' \'variable2\': \'value2\',',
'}',
],
['CUSTOM_CONFIG_B = {',
' \'variable1\': \'value1\',',
' \'variable2\': \'value2\',',
'}',
],
].each do |content|
expect(chef_run).to render_file(file.name).with_content(build_section(content))
end
end
describe 'debug setting' do
describe 'set to true' do
it 'has a true value for the DEBUG attribute' do
expect(chef_run2).to render_file(file.name).with_content(/^DEBUG = True$/)
end
it 'sets the console logging level to DEBUG' do
expect(chef_run2).to render_file(file.name).with_content(/^\s*'level': 'DEBUG',$/)
end
end
describe 'set to false' do
it 'has a false value for the DEBUG attribute' do
expect(chef_run).to render_file(file.name).with_content(/^DEBUG = False$/)
end
it 'sets the console logging level to INFO' do
expect(chef_run).to render_file(file.name).with_content(/^\s*'level': 'INFO',$/)
end
end
end
describe 'config ssl_no_verify' do
describe 'set to the default value' do
it 'has a True value for the OPENSTACK_SSL_NO_VERIFY attribute' do
expect(chef_run).to render_file(file.name).with_content(/^OPENSTACK_SSL_NO_VERIFY = True$/)
end
end
context 'set to False' do
cached(:chef_run) do
node.override['openstack']['dashboard']['use_ssl'] = true
node.override['openstack']['dashboard']['ssl_no_verify'] = 'False'
runner.converge('openstack-identity::server-apache', described_recipe)
end
it 'has a False value for the OPENSTACK_SSL_NO_VERIFY attribute' do
expect(chef_run).to render_file(file.name).with_content(/^OPENSTACK_SSL_NO_VERIFY = False$/)
end
end
describe 'not set when ssl disabled' do
it 'has a True value for the OPENSTACK_SSL_NO_VERIFY attribute' do
expect(chef_run2).not_to render_file(file.name).with_content(/^OPENSTACK_SSL_NO_VERIFY = True$/)
end
end
end
it 'config ssl_cacert' do
expect(chef_run).to render_file(file.name).with_content(%r{^OPENSTACK_SSL_CACERT = '/path_to_cacert.pem'$})
end
it 'does not config ssl_cacert when ssl disabled' do
expect(chef_run2).not_to render_file(file.name)
.with_content(%r{^OPENSTACK_SSL_CACERT = '/path_to_cacert.pem'$})
end
it 'has some allowed hosts set' do
expect(chef_run).to render_file(file.name).with_content(/^ALLOWED_HOSTS = \["dashboard.example.net"\]$/)
end
describe 'ssl offload' do
let(:secure_proxy_string) { 'SECURE_PROXY_SSL_HEADER = \(\'HTTP_X_FORWARDED_PROTOCOL\', \'https\'\)' }
it 'configures ssl proxy when ssl_offload is set to true' do
expect(chef_run).to render_file(file.name).with_content(/^#{secure_proxy_string}$/)
end
it 'does not configure ssl proxy when ssl_offload is false' do
expect(chef_run2).not_to render_file(file.name).with_content(/^#{secure_proxy_string}$/)
end
end
describe 'temp dir override' do
describe 'temp dir is nil' do
it 'does not override temp dir when it is nil' do
expect(chef_run).not_to render_file(file.name).with_content(/^FILE_UPLOAD_TEMP_DIR =/)
end
it 'does override temp dir when it is not nil' do
expect(chef_run2).to render_file(file.name).with_content(%r{^FILE_UPLOAD_TEMP_DIR = "/foobar"$})
end
end
end
describe 'ssl settings' do
describe 'use_ssl enabled' do
it 'sets secure csrf cookie to true when the attribute is enabled' do
expect(chef_run).to render_file(file.name).with_content(/^CSRF_COOKIE_SECURE = True$/)
end
it 'set secure csrf cookie to true when the attribute is enabled' do
expect(chef_run).to render_file(file.name).with_content(/^SESSION_COOKIE_SECURE = True$/)
end
context 'sets secure csrf & session cookie to false when the attribute is disabled' do
cached(:chef_run) do
node.override['openstack']['dashboard']['csrf_cookie_secure'] = false
node.override['openstack']['dashboard']['session_cookie_secure'] = false
runner.converge('openstack-identity::server-apache', described_recipe)
end
it do
expect(chef_run).to render_file(file.name).with_content(/^CSRF_COOKIE_SECURE = False$/)
end
it do
expect(chef_run).to render_file(file.name).with_content(/^SESSION_COOKIE_SECURE = False$/)
end
end
end
it 'does not set secure csrf nor secure session cookie settings when use_ssl is disabled' do
[
/^CSRF_COOKIE_SECURE$/,
/^SESSION_COOKIE_SECURE$/,
].each do |setting|
expect(chef_run2).not_to render_file(file.name).with_content(setting)
end
end
end
it 'does have webroot set' do
expect(chef_run).to render_file(file.name).with_content(%r{^WEBROOT = '/'$})
end
it 'does not have urls set' do
[
/^LOGIN_URL =$/,
/^LOGOUT_URL =$/,
/^LOGIN_REDIRECT_URL =$/,
].each do |line|
expect(chef_run).to_not render_file(file.name).with_content(line)
end
end
it 'has policy file path set' do
expect(chef_run).to render_file(file.name)
.with_content(%r{^POLICY_FILES_PATH = '/usr/share/openstack-dashboard/openstack_dashboard/conf'$})
end
describe 'identity and volume api version setting' do
it 'is configurable directly' do
[
/^\s*"identity": identity_api_version_value,$/,
/^\s*"volume": volume_api_version_value$/,
].each do |line|
expect(chef_run).to render_file(file.name).with_content(line)
end
end
end
describe 'keystone multidomain support' do
it 'sets to true when the attribute is enabled' do
expect(chef_run2).to render_file(file.name).with_content(/^OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True$/)
end
it 'sets to false when the attribute is disabled' do
expect(chef_run).to render_file(file.name)
.with_content(/^OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False$/)
end
end
it 'has a keystone default domain setting' do
expect(chef_run).to render_file(file.name)
.with_content(/^OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "keystone_default_domain_value"$/)
end
it 'has a console_type setting' do
expect(chef_run).to render_file(file.name).with_content(/^CONSOLE_TYPE = "console_type_value"$/)
end
it 'has a help_url setting' do
expect(chef_run).to render_file(file.name).with_content(/\s*'help_url': "help_url_value",$/)
end
it 'allows HORIZON_CONFIG to use INSTALLED_APPS to determine default dashboards' do
expect(chef_run).not_to render_file(file.name).with_content(/\s*'dashboards':/)
expect(chef_run).not_to render_file(file.name).with_content(/\s*'default_dashboard':/)
end
describe 'simple ip management' do
it 'disables the setting when the attribute is not set' do
expect(chef_run).to render_file(file.name).with_content('HORIZON_CONFIG["simple_ip_management"] = False')
end
it 'enables the setting when the attribute is set' do
expect(chef_run2).to render_file(file.name).with_content('HORIZON_CONFIG["simple_ip_management"] = True')
end
end
it 'has default password_autocomplete setting' do
expect(chef_run).to render_file(file.name)
.with_content(/^HORIZON_CONFIG\["password_autocomplete"\] = "password_autocomplete_value"$/)
end
it 'has configurable secret_key_path setting' do
expect(chef_run).to render_file(file.name)
.with_content(
/^SECRET_KEY = secret_key.generate_or_read_from_file\(os.path.realpath\('secret_key_path_value'\)\)$/
)
end
describe 'session backend' do
describe 'file as session backend' do
it 'sets the session engine to file when it is the session backend' do
expect(chef_run2).to render_file(file.name)
.with_content(/^SESSION_ENGINE = 'django.contrib.sessions.backends.file'$/)
end
end
describe 'memcached as session backend' do
let(:memcached_session_engine_setting) { /^SESSION_ENGINE = 'django.contrib.sessions.backends.cache'$/ }
describe 'with memcache servers' do
it 'sets the session engine attribute' do
expect(chef_run).to render_file(file.name).with_content(memcached_session_engine_setting)
end
it 'sets the location of the caches to the memcached servers addresses' do
expect(chef_run).to render_file(file.name)
.with_content(/^\s*'LOCATION': \[\s*'hostA:port',\s*'hostB:port',\s*\]$/)
end
end
context 'without memcache servers' do
cached(:chef_run) do
allow_any_instance_of(Chef::Recipe).to receive(:memcached_servers).and_return([])
runner.converge('openstack-identity::server-apache', described_recipe)
end
it 'does not configure caching when backend == memcache and memcached_servers == []' do
expect(chef_run).to_not render_file(file.name)
.with_content(/^\s*'LOCATION': \[\s*'hostA:port',\s*'hostB:port',\s*\]$/)
end
end
end
it 'sets the session engine to db when sql is the session backend' do
expect(chef_run_sql).to render_file(file.name)
.with_content(/^SESSION_ENGINE = 'django.contrib.sessions.backends.db'$/)
end
end
it 'has a keystone url' do
expect(chef_run).to render_file(file.name)
.with_content(%r{OPENSTACK_KEYSTONE_URL = "http://127.0.0.1:5000/v3"})
end
it 'has a keystone default role' do
expect(chef_run2).to render_file(file.name)
.with_content(/^OPENSTACK_KEYSTONE_DEFAULT_ROLE = "keystone_default_role_value"$/)
end
it 'sets the backend name to native' do
expect(chef_run).to render_file(file.name).with_content(/^\s*'name': 'native',$/)
end
it 'sets the backend name to ldap' do
expect(chef_run2).to render_file(file.name).with_content(/^\s*'name': 'ldap',$/)
end
keystone_settings = %w(can_edit_user can_edit_group can_edit_project can_edit_domain can_edit_role)
context 'enables the keystone backend settings when the attribute is True' do
cached(:chef_run) do
keystone_settings.each do |keystone_setting|
node.override['openstack']['dashboard']['keystone_backend'][keystone_setting] = true
end
runner.converge('openstack-identity::server-apache', described_recipe)
end
keystone_settings.each do |keystone_setting|
it do
expect(chef_run).to render_file(file.name).with_content(/^\s*\'#{keystone_setting}\': True,$/)
end
end
end
context 'disables the keystone backend settings when the attribute is False' do
cached(:chef_run) do
keystone_settings.each do |keystone_setting|
node.override['openstack']['dashboard']['keystone_backend'][keystone_setting] = false
end
runner.converge('openstack-identity::server-apache', described_recipe)
end
keystone_settings.each do |keystone_setting|
it do
expect(chef_run).to render_file(file.name).with_content(/^\s*\'#{keystone_setting}\': False,$/)
end
end
end
describe 'neutron settings' do
it 'enables the enable_quotas setting when the attributes is True' do
expect(chef_run).to render_file(file.name).with_content(/^\s*'enable_quotas': True,$/)
end
it 'disables the enable_quotas setting when the attributes is False' do
expect(chef_run2).to render_file(file.name).with_content(/^\s*'enable_quotas': False,$/)
end
describe 'lbaas setting' do
it 'enables the enable_lb setting when the attribute is true' do
expect(chef_run2).to render_file(file.name).with_content(/^\s*'enable_lb': True,$/)
end
it 'disables the enable_lb setting when the attribute is false' do
expect(chef_run).to render_file(file.name).with_content(/^\s*'enable_lb': False,$/)
end
end
end
context 'sets the logger level for components' do
components = %w(
ceilometerclient
cinderclient
django
glanceclient
heatclient
horizon
keystoneclient
neutronclient
nose.plugins.manager
novaclient
openstack_auth
openstack_dashboard
swiftclient
troveclient
)
cached(:chef_run) do
components.each do |component|
node.override['openstack']['dashboard']['log_level'][component] = "#{component}_log_level_value"
end
runner.converge('openstack-identity::server-apache', described_recipe)
end
components.each do |component|
it do
expect(chef_run).to render_file(file.name).with_content(
/^\s*'#{component}': {\s*'handlers': \['console'\],\s*'level': '#{component}_log_level_value',$/
)
end
end
end
{
'mysql' => 'django.db.backends.mysql',
'sqlite' => 'django.db.backends.sqlite3',
}.each do |service_type, backend|
context "#{service_type} database settings" do
cached(:chef_run) do
node.override['openstack']['db']['dashboard']['username'] = "#{service_type}_user"
node.override['openstack']['db']['python_packages'][service_type] = %w(pkg1 pkg2)
runner.converge('openstack-identity::server-apache', described_recipe)
end
before do
allow_any_instance_of(Chef::Recipe).to receive(:db)
.with('dashboard')
.and_return(
'service_type' => service_type,
'db_name' => "#{service_type}_db",
'host' => "#{service_type}_host",
'port' => "#{service_type}_port"
)
end
[
/^\s*'ENGINE': '#{backend}',$/,
/^\s*'NAME': '#{service_type}_db',$/,
].each do |cfg|
it "configures the #{service_type} backend with #{cfg}" do
expect(chef_run).to render_file(file.name).with_content(cfg)
end
end
[
/^\s*'USER': '#{service_type}_user',$/,
/^\s*'PASSWORD': 'test-passes',$/,
/^\s*'HOST': '#{service_type}_host',$/,
/^\s*'PORT': '#{service_type}_port',$/,
].each do |cfg|
next if service_type == 'sqlite'
it "configures the #{service_type} backend with #{cfg}" do
expect(chef_run).to render_file(file.name).with_content(cfg)
end
end
end
end
describe 'plugins' do
let(:mod_regex) { /^mod = sys.modules\['openstack_dashboard.settings'\]$/ }
describe 'plugins enabled' do
it 'shows the mod setting' do
expect(chef_run2).to render_file(file.name).with_content(mod_regex)
end
it 'shows enabled plugins as installed apps' do
%w(testPlugin1 testPlugin2).each do |plugin|
expect(chef_run2).to render_file(file.name)
.with_content(/^mod\.INSTALLED_APPS \+= \('#{plugin}', \)$/)
end
end
end
it 'does not show the mod setting if there are no plugins' do
expect(chef_run).not_to render_file(file.name).with_content(mod_regex)
end
end
end
end
describe 'openstack-dashboard syncdb' do
sync_db_cmd = 'python manage.py syncdb --noinput'
sync_db_environment = {
'PYTHONPATH' => '/etc/openstack-dashboard:' \
'/usr/share/openstack-dashboard:' \
'$PYTHONPATH',
}
it 'does not execute when session_backend is not sql' do
expect(chef_run).not_to run_execute(sync_db_cmd).with(
cwd: '/usr/share/openstack-dashboard',
environment: sync_db_environment
)
end
describe 'with sql session' do
it 'executes when session_backend is sql' do
expect(chef_run_sql).to run_execute(sync_db_cmd).with(
cwd: '/usr/share/openstack-dashboard',
environment: sync_db_environment
)
end
it 'does not execute when the migrate attribute is set to false' do
expect(chef_run2).not_to run_execute(sync_db_cmd).with(
cwd: '/usr/share/openstack-dashboard',
environment: sync_db_environment
)
end
end
context 'executes when database backend is sqlite' do
cached(:chef_run) do
node.override['openstack']['db']['dashboard']['service_type'] = 'sqlite'
runner.converge('openstack-identity::server-apache', described_recipe)
end
it do
expect(chef_run).to run_execute(sync_db_cmd).with(
cwd: '/usr/share/openstack-dashboard',
environment: sync_db_environment
)
end
end
end
it 'has group write mode on path' do
expect(chef_run).to create_directory('/usr/share/openstack-dashboard/openstack_dashboard/local')
.with(
owner: 'root',
group: 'horizon',
mode: '2771'
)
end
end
end

24
spec/neutron-lbaas-dashboard-redhat_spec.rb
View File

@ -1,24 +0,0 @@
require_relative 'spec_helper'
describe 'openstack-dashboard::neutron-lbaas-dashboard' do
ALL_RHEL.each do |p|
context "redhat #{p[:version]}" do
cached(:runner) { ChefSpec::SoloRunner.new(p) }
cached(:node) { runner.node }
cached(:chef_run) do
runner.converge('openstack-identity::server-apache', described_recipe)
end
include_context 'redhat_stubs'
include_context 'dashboard_stubs'
it do
expect(chef_run).to include_recipe('openstack-dashboard::horizon')
end
it do
expect(chef_run).to install_package('openstack-neutron-lbaas-ui')
end
end
end
end

22
spec/neutron-lbaas-dashboard_spec.rb
View File

@ -1,22 +0,0 @@
require_relative 'spec_helper'
describe 'openstack-dashboard::neutron-lbaas-dashboard' do
describe 'ubuntu' do
cached(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
cached(:node) { runner.node }
cached(:chef_run) do
runner.converge('openstack-identity::server-apache', described_recipe)
end
include_context 'non_redhat_stubs'
include_context 'dashboard_stubs'
it do
expect(chef_run).to include_recipe('openstack-dashboard::horizon')
end
it do
expect(chef_run).to install_package('python3-neutron-lbaas-dashboard')
end
end
end

122
spec/spec_helper.rb
View File

@ -1,122 +0,0 @@
require 'chefspec'
require 'chefspec/berkshelf'
RSpec.configure do |config|
config.color = true
config.formatter = :documentation
config.log_level = :warn
end
REDHAT_7 = {
platform: 'redhat',
version: '7',
}.freeze
REDHAT_8 = {
platform: 'redhat',
version: '8',
}.freeze
ALL_RHEL = [
REDHAT_7,
REDHAT_8,
].freeze
UBUNTU_OPTS = {
platform: 'ubuntu',
version: '18.04',
}.freeze
# Build a regex for a section of lines
def build_section(lines)
lines.map! { |line| Regexp.quote(line) }
/^#{lines.join('\n')}/
end
shared_context 'dashboard_stubs' do
before do
allow_any_instance_of(Chef::Recipe).to receive(:memcached_servers)
.and_return ['hostA:port', 'hostB:port']
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('db', 'horizon')
.and_return('test-passes')
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('certs', 'horizon.pem')
.and_return('horizon_pem_value')
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('certs', 'horizon-chain.pem')
.and_return('horizon_chain_pem_value')
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('certs', 'horizon.key')
.and_return('horizon_key_value')
# identity stubs
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('secrets', 'credential_key0')
.and_return('thisiscredentialkey0')
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('secrets', 'credential_key1')
.and_return('thisiscredentialkey1')
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('secrets', 'fernet_key0')
.and_return('thisisfernetkey0')
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('secrets', 'fernet_key1')
.and_return('thisisfernetkey1')
allow_any_instance_of(Chef::Recipe).to receive(:search_for)
.with('os-identity').and_return(
[{
'openstack' => {
'identity' => {
'admin_tenant_name' => 'admin',
'admin_user' => 'admin',
},
},
}]
)
allow_any_instance_of(Chef::Recipe).to receive(:rabbit_transport_url)
.with('identity')
.and_return('rabbit://openstack:mypass@127.0.0.1:5672')
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('user', anything)
.and_return('')
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('db', anything)
.and_return('test-passes')
allow_any_instance_of(Chef::Recipe).to receive(:db_uri)
.with(anything, anything, anything)
.and_return('')
end
end
shared_context 'redhat_stubs' do
before do
stub_command("[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]").and_return(true)
stub_command("[ -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*permissive') -eq 1 ] && [ $(/sbin/sestatus | grep -c '^Mode from config file:.*enforcing') -eq 1 ]").and_return(true)
stub_command('/usr/sbin/httpd -t').and_return(true)
end
end
shared_context 'non_redhat_stubs' do
before do
stub_command("[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]").and_return(false)
stub_command("[ -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*permissive') -eq 1 ] && [ $(/sbin/sestatus | grep -c '^Mode from config file:.*enforcing') -eq 1 ]").and_return(false)
stub_command('/usr/sbin/httpd2 -t').and_return(true)
stub_command('/usr/sbin/apache2 -t').and_return(true)
end
end
shared_context 'postgresql_backend' do
before do
allow_any_instance_of(Chef::Recipe).to receive(:db)
.with('dashboard')
.and_return('service_type' => 'postgresql', 'db_name' => 'flying_elephant')
end
end
shared_context 'mysql_backend' do
before do
allow_any_instance_of(Chef::Recipe).to receive(:db)
.with('dashboard')
.and_return('service_type' => 'mysql', 'db_name' => 'flying_dolphin')
end
end

88
templates/default/dash-site.erb
View File

@ -1,88 +0,0 @@
<%= node["openstack"]["dashboard"]["custom_template_banner"] %>
<VirtualHost <%= @http_bind_address %>:<%= @http_bind_port %>>
<% if node["openstack"]["dashboard"]["server_hostname"] -%>
ServerName <%= node["openstack"]["dashboard"]["server_hostname"] %>
<% end -%>
<% unless node["openstack"]["dashboard"]["server_aliases"].empty? -%>
ServerAlias <%= node["openstack"]["dashboard"]["server_aliases"].join(" ") %>
<% end -%>
<% if node["openstack"]["dashboard"]["use_ssl"] %>
RewriteEngine On
RewriteCond %{HTTPS} off
<% if @http_bind_port != 80 or @https_bind_port != 443 %>
RewriteRule ^(.*)$ https://%{SERVER_NAME}:<%= @https_bind_port %>%{REQUEST_URI} [L,R]
<% else -%>
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
<% end -%>
TraceEnable <%= node['openstack']['dashboard']['traceenable'] %>
</VirtualHost>
<VirtualHost <%= @https_bind_address %>:<%= @https_bind_port %>>
<% if node["openstack"]["dashboard"]["server_hostname"] -%>
ServerName <%= node["openstack"]["dashboard"]["server_hostname"] %>
<% end -%>
<% unless node["openstack"]["dashboard"]["server_aliases"].empty? -%>
ServerAlias <%= node["openstack"]["dashboard"]["server_aliases"].join(" ") %>
<% end -%>
<% end %>
ServerAdmin <%= @apache_admin %>
# Note(jr): This is needed when SSL is used for the services, see
# https://bugs.launchpad.net/openstack-ansible/+bug/1624791/comments/17
WSGIApplicationGroup %{GLOBAL}
WSGIScriptAlias <%= node["openstack"]["dashboard"]["webroot"] %> <%= node["openstack"]["dashboard"]["wsgi_path"] %>
WSGIDaemonProcess dashboard user=<%= node['openstack']['dashboard']['horizon_user'] %> group=<%= node['openstack']['dashboard']['horizon_group'] %> processes=3 threads=10 python-path=<%= node["openstack"]["dashboard"]["dash_path"] %>
WSGIProcessGroup dashboard
DocumentRoot <%= node["openstack"]["dashboard"]["dash_path"] %>/.blackhole/
Alias /static <%= node["openstack"]["dashboard"]["static_path"] %>
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory <%= node["openstack"]["dashboard"]["dash_path"] %>>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
<Directory <%= node["openstack"]["dashboard"]["static_path"] %>>
Options FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
<% if node["openstack"]["dashboard"]["use_ssl"] -%>
SSLEngine on
SSLCertificateFile <%= @ssl_cert_file %>
SSLCertificateKeyFile <%= @ssl_key_file %>
<% if node['openstack']['dashboard']['ssl']['chain'] -%>
SSLCertificateChainFile <%= @ssl_chain_file %>
<% end -%>
SSLProtocol <%= node["openstack"]["dashboard"]["ssl"]["protocol"] %>
<% if node["openstack"]["dashboard"]["ssl"]["ciphers"] -%>
SSLCipherSuite <%= node["openstack"]["dashboard"]["ssl"]["ciphers"] %>
<% end -%>
<% end -%>
# Allow custom files to overlay the site (such as logo.png)
RewriteEngine On
RewriteCond /opt/dash/site_overlay%{REQUEST_FILENAME} -s
RewriteRule ^/(.+) /opt/dash/site_overlay/$1 [L]
ErrorLog <%= @log_dir %>/<%= node["openstack"]["dashboard"]["error_log"] %>
LogLevel warn
CustomLog <%= @log_dir %>/<%= node["openstack"]["dashboard"]["access_log"] %> combined
TraceEnable <%= node['openstack']['dashboard']['traceenable'] %>
<% unless node["openstack"]["dashboard"]["cache_html"] %>
SetEnvIfExpr "req('accept') =~/html/" NO_CACHE
Header merge Cache-Control no-cache env=NO_CACHE
Header merge Cache-Control no-store env=NO_CACHE
<% end -%>
</VirtualHost>
<% unless node["openstack"]["dashboard"]["wsgi_socket_prefix"].nil? %>
WSGISocketPrefix <%= node["openstack"]["dashboard"]["wsgi_socket_prefix"] %>
<% end %>

7
templates/default/default_stylesheets.html.erb
View File

@ -1,7 +0,0 @@
{% load compress %}
{% compress css %}
<link href='{{ STATIC_URL }}dashboard/less/horizon.less' type='text/less' media='screen' rel='stylesheet' />
{% endcompress %}
<link rel="shortcut icon" href="{{ STATIC_URL }}dashboard/img/favicon.ico"/>

645
templates/default/local_settings.py.erb
View File

@ -1,645 +0,0 @@
<%= node["openstack"]["dashboard"]["custom_template_banner"] %>
import os
from django.utils.translation import ugettext_lazy as _
from horizon.utils import secret_key
from openstack_dashboard import exceptions
from openstack_dashboard.settings import HORIZON_CONFIG
DEBUG = <%= node["openstack"]["dashboard"]["debug"] ? "True" : "False" %>
TEMPLATE_DEBUG = DEBUG
WEBROOT = '<%= node['openstack']['dashboard']['webroot'] %>'
<% if node["openstack"]["dashboard"]["login_url"] %>
LOGIN_URL = '<%= node['openstack']['dashboard']['login_url'] %>'
<% end %>
<% if node["openstack"]["dashboard"]["logout_url"] %>
LOGOUT_URL = '<%= node['openstack']['dashboard']['logout_url'] %>'
<% end %>
<% if node["openstack"]["dashboard"]["login_redirect_url"] %>
LOGIN_REDIRECT_URL = '<%= node['openstack']['dashboard']['login_redirect_url'] %>'
<% end %>
# Required for Django 1.5.
# If horizon is running in production (DEBUG is False), set this
# with the list of host/domain names that the application can serve.
# For more information see:
# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
ALLOWED_HOSTS = <%= node['openstack']['dashboard']['allowed_hosts'] %>
<% if node["openstack"]["dashboard"]["ssl_offload"] %>
# Set SSL proxy settings:
# For Django 1.4+ pass this header from the proxy after terminating the SSL,
# and don't forget to strip it from the client's request.
# For more information see:
# https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
<% end %>
# If Horizon is being served through SSL, then uncomment the following two
# settings to better secure the cookies from security exploits
<% if node["openstack"]["dashboard"]["use_ssl"] %>
CSRF_COOKIE_SECURE = <%= node["openstack"]["dashboard"]["csrf_cookie_secure"] ? "True" : "False" %>
SESSION_COOKIE_SECURE = <%= node["openstack"]["dashboard"]["session_cookie_secure"] ? "True" : "False" %>
<% end %>
# Overrides for OpenStack API versions. Use this setting to force the
# OpenStack dashboard to use a specific API version for a given service API.
# NOTE: The version should be formatted as it appears in the URL for the
# service API. For example, The identity service APIs have inconsistent
# use of the decimal point, so valid options would be "2.0" or "3".
OPENSTACK_API_VERSIONS = {
"identity": <%= node["openstack"]["dashboard"]["identity_api_version"] %>,
"volume": <%= node["openstack"]["dashboard"]["volume_api_version"] %>
}
# Set this to True if running on multi-domain model. When this is enabled, it
# will require user to enter the Domain name in addition to username for login.
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = <%= node["openstack"]["dashboard"]["keystone_multidomain_support"] ? "True" : "False" %>
# Overrides the default domain used when running on single-domain model
# with Keystone V3. All entities will be created in the default domain.
# NOTE: This value must be the ID of the default domain, NOT the name.
# Also, you will most likely have a value in the keystone policy file like this
# "cloud_admin": "rule:admin_required and domain_id:<your domain id>"
# This value must match the domain id specified there.
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "<%= node["openstack"]["dashboard"]["keystone_default_domain"] %>"
# Set Console type:
# valid options would be "AUTO", "VNC", "SPICE" or "RDP"
CONSOLE_TYPE = "<%= node["openstack"]["dashboard"]["console_type"] %>"
# Default OpenStack Dashboard configuration.
HORIZON_CONFIG = {
'user_home': 'openstack_dashboard.views.get_user_home',
'ajax_queue_limit': 10,
'auto_fade_alerts': {
'delay': 3000,
'fade_duration': 1500,
'types': ['alert-success', 'alert-info']
},
'help_url': "<%= node["openstack"]["dashboard"]["help_url"] %>",
'exceptions': {'recoverable': exceptions.RECOVERABLE,
'not_found': exceptions.NOT_FOUND,
'unauthorized': exceptions.UNAUTHORIZED},
'angular_modules': [],
'js_files': [],
}
# Specify a regular expression to validate user passwords.
# HORIZON_CONFIG["password_validator"] = {
# "regex": '.*',
# "help_text": _("Your password does not meet the requirements.")
# }
# Disable simplified floating IP address management for deployments with
# multiple floating IP pools or complex network requirements.
HORIZON_CONFIG["simple_ip_management"] = <%= node['openstack']['dashboard']['simple_ip_management'] ? 'True' : 'False' %>
# Turn off browser autocompletion for forms including the login form and
# the database creation workflow if so desired.
HORIZON_CONFIG["password_autocomplete"] = "<%= node['openstack']['dashboard']['password_autocomplete'] %>"
LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
# Set custom secret key:
# You can either set it to a specific value or you can let horizion generate a
# default secret key that is unique on this machine, e.i. regardless of the
# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, there
# may be situations where you would want to set this explicitly, e.g. when
# multiple dashboard instances are distributed on different machines (usually
# behind a load-balancer). Either you have to make sure that a session gets all
# requests routed to the same dashboard instance or you set the same SECRET_KEY
# for all of them.
from horizon.utils import secret_key
SECRET_KEY = secret_key.generate_or_read_from_file(os.path.realpath('<%= node['openstack']['dashboard']['secret_key_path'] %>'))
# We recommend you use memcached for development; otherwise after every reload
# of the django development server, you will have to login again. To use
# memcached set CACHES to something like
#CACHES = {
# 'default': {
# 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
# 'LOCATION': '127.0.0.1:11211',
# },
#}
<% case node["openstack"]["dashboard"]["session_backend"]
when "file" %>
SESSION_ENGINE = 'django.contrib.sessions.backends.file'
<% when "memcached"
if @memcached_servers && !@memcached_servers.empty?
%>
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': [
<% @memcached_servers.each do |address| %>
'<%= address %>',
<% end %>
]
}
}
<% end
when "sql"
%>
SESSION_ENGINE = 'django.contrib.sessions.backends.db'
<% end %>
# Send email to the console by default
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
# Or send them to /dev/null
#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
# Configure these for your outgoing email host
# EMAIL_HOST = 'smtp.my-company.com'
# EMAIL_PORT = 25
# EMAIL_HOST_USER = 'djangomail'
# EMAIL_HOST_PASSWORD = 'top-secret!'
# For multiple regions uncomment this configuration, and add (endpoint, title).
# AVAILABLE_REGIONS = [
# ('http://cluster1.example.com:5000/v2.0', 'cluster1'),
# ('http://cluster2.example.com:5000/v2.0', 'cluster2'),
# ]
OPENSTACK_HOST = "<%= @host %>"
OPENSTACK_KEYSTONE_URL = "<%= @auth_url %>"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "<%= node["openstack"]["dashboard"]["keystone_default_role"] %>"
OPENSTACK_KEYSTONE_ADMIN_ROLES = ["admin"]
<% if node["openstack"]["dashboard"]["use_ssl"] %>
# Disable SSL certificate checks (useful for self-signed certificates):
# OPENSTACK_SSL_NO_VERIFY = True
OPENSTACK_SSL_NO_VERIFY = <%= node['openstack']['dashboard']['ssl_no_verify'] %>
# The CA certificate to use to verify SSL connections
# OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
<% if node['openstack']['dashboard']['ssl_cacert'] %>
OPENSTACK_SSL_CACERT = '<%= node['openstack']['dashboard']['ssl_cacert'] %>'
<% end %>
<% end %>
# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
# capabilities of the auth backend for Keystone.
# If Keystone has been configured to use LDAP as the auth backend then set
# can_edit_user to False and name to 'ldap'.
#
# TODO(tres): Remove these once Keystone has an API to identify auth backend.
OPENSTACK_KEYSTONE_BACKEND = {
'name': '<%= node["openstack"]["dashboard"]["keystone_backend"]["name"] %>',
'can_edit_user': <%= node["openstack"]["dashboard"]["keystone_backend"]["can_edit_user"] ? "True" : "False" %>,
'can_edit_group': <%= node["openstack"]["dashboard"]["keystone_backend"]["can_edit_group"] ? "True" : "False" %>,
'can_edit_project': <%= node["openstack"]["dashboard"]["keystone_backend"]["can_edit_project"] ? "True" : "False" %>,
'can_edit_domain': <%= node["openstack"]["dashboard"]["keystone_backend"]["can_edit_domain"] ? "True" : "False" %>,
'can_edit_role': <%= node["openstack"]["dashboard"]["keystone_backend"]["can_edit_role"] ? "True" : "False" %>,
}
#Setting this to True, will add a new "Retrieve Password" action on instance,
#allowing Admin session password retrieval/decryption.
#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
# The Xen Hypervisor has the ability to set the mount point for volumes
# attached to instances (other Hypervisors currently do not). Setting
# can_set_mount_point to True will add the option to set the mount point
# from the UI.
OPENSTACK_HYPERVISOR_FEATURES = {
'can_set_mount_point': False,
'can_set_password': False,
}
# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional
# services provided by cinder that is not exposed by its extension API.
OPENSTACK_CINDER_FEATURES = {
'enable_backup': False,
}
# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
# services provided by neutron. Options currently available are load
# balancer service, security groups, quotas, VPN service.
OPENSTACK_NEUTRON_NETWORK = {
'enable_lb': <%= node['openstack']['dashboard']['neutron']['enable_lb'].to_s.capitalize %>,
'enable_vpn': <%= node['openstack']['dashboard']['neutron']['enable_vpn'].to_s.capitalize %>,
'enable_quotas': <%= node['openstack']['dashboard']['neutron']['enable_quotas'] ? 'True' : 'False' %>,
# The profile_support option is used to detect if an external router can be
# configured via the dashboard. When using specific plugins the
# profile_support can be turned on if needed.
'profile_support': None,
#'profile_support': 'cisco',
# Set which provider network types are supported. Only the network types
# in this list will be available to choose from when creating a network.
# Network types include local, flat, vlan, gre, and vxlan.
'supported_provider_types': ['*'],
}
# The OPENSTACK_HEAT_STACK settings can be used to disable password
# field required while launching the stack.
OPENSTACK_HEAT_STACK = {
'enable_user_pass': <%= node['openstack']['dashboard']['heat_stack']['enable_user_pass'] ? 'True' : 'False' %>,
}
# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features
# in the OpenStack Dashboard related to the Image service, such as the list
# of supported image formats.
# OPENSTACK_IMAGE_BACKEND = {
# 'image_formats': [
# ('', _('Select format')),
# ('aki', _('AKI - Amazon Kernel Image')),
# ('ami', _('AMI - Amazon Machine Image')),
# ('ari', _('ARI - Amazon Ramdisk Image')),
# ('iso', _('ISO - Optical Disk Image')),
# ('qcow2', _('QCOW2 - QEMU Emulator')),
# ('raw', _('Raw')),
# ('vdi', _('VDI')),
# ('vhd', _('VHD')),
# ('vmdk', _('VMDK'))
# ]
# }
# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
# image custom property attributes that appear on image detail pages.
IMAGE_CUSTOM_PROPERTY_TITLES = {
"architecture": _("Architecture"),
"kernel_id": _("Kernel ID"),
"ramdisk_id": _("Ramdisk ID"),
"image_state": _("Euca2ools state"),
"project_id": _("Project ID"),
"image_type": _("Image Type")
}
# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image
# custom properties should not be displayed in the Image Custom Properties
# table.
IMAGE_RESERVED_CUSTOM_PROPERTIES = []
# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
# in the Keystone service catalog. Use this setting when Horizon is running
# external to the OpenStack environment. The default is 'publicURL'.
#OPENSTACK_ENDPOINT_TYPE = "publicURL"
# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
# in the Keystone service catalog. Use this setting when Horizon is running
# external to the OpenStack environment. The default is None. This
# value should differ from OPENSTACK_ENDPOINT_TYPE if used.
#SECONDARY_ENDPOINT_TYPE = "publicURL"
# The number of objects (Swift containers/objects or images) to display
# on a single page before providing a paging element (a "more" link)
# to paginate results.
API_RESULT_LIMIT = 1000
API_RESULT_PAGE_SIZE = 20
# The timezone of the server. This should correspond with the timezone
# of your entire OpenStack installation, and hopefully be in UTC.
TIME_ZONE = "UTC"
# When launching an instance, the menu of available flavors is
# sorted by RAM usage, ascending. If you would like a different sort order,
# you can provide another flavor attribute as sorting key. Alternatively, you
# can provide a custom callback method to use for sorting. You can also provide
# a flag for reverse sort. For more info, see
# http://docs.python.org/2/library/functions.html#sorted
# CREATE_INSTANCE_FLAVOR_SORT = {
# 'key': 'name',
# # or
# 'key': my_awesome_callback_method,
# 'reverse': False,
# }
# The Horizon Policy Enforcement engine uses these values to load per service
# policy rule files. The content of these files should match the files the
# OpenStack services are using to determine role based access control in the
# target installation.
# Path to directory containing policy.json files
POLICY_FILES_PATH = '<%= node['openstack']['dashboard']['policy_files_path'] %>'
# Map of local copy of service policy files
#POLICY_FILES = {
# 'identity': 'keystone_policy.json',
# 'compute': 'nova_policy.json',
# 'volume': 'cinder_policy.json',
# 'image': 'glance_policy.json',
# 'orchestration': 'heat_policy.json',
# 'network': 'neutron_policy.json',
#}
# Trove user and database extension support. By default support for
# creating users and databases on database instances is turned on.
# To disable these extensions set the permission here to something
# unusable such as ["!"].
# TROVE_ADD_USER_PERMS = []
# TROVE_ADD_DATABASE_PERMS = []
LOGGING = {
'version': 1,
# When set to True this will disable all logging except
# for loggers specified in this configuration dictionary. Note that
# if nothing is specified here and disable_existing_loggers is True,
# django.db.backends will still log unless it is disabled explicitly.
'disable_existing_loggers': False,
'formatters': {
'operation': {
# The format of "%(message)s" is defined by
# OPERATION_LOG_OPTIONS['format']
'format': '%(asctime)s %(message)s'
},
},
'handlers': {
'null': {
'level': 'DEBUG',
'class': 'logging.NullHandler',
},
'console': {
# Set the level to "DEBUG" for verbose output logging.
'level': '<%= node["openstack"]["dashboard"]["debug"] ? "DEBUG" : "INFO" %>',
'class': 'logging.StreamHandler',
},
'operation': {
'level': '<%= node["openstack"]["dashboard"]["debug"] ? "DEBUG" : "INFO" %>',
'class': 'logging.StreamHandler',
'formatter': 'operation',
},
},
'loggers': {
# Logging from django.db.backends is VERY verbose, send to null
# by default.
'django.db.backends': {
'handlers': ['null'],
'propagate': False,
},
'requests': {
'handlers': ['null'],
'propagate': False,
},
'horizon': {
'handlers': ['console'],
'level': '<%= node["openstack"]["dashboard"]["log_level"]["horizon"] %>',
'propagate': False,
},
'horizon.operation_log': {
'handlers': ['operation'],
'level': '<%= node["openstack"]["dashboard"]["log_level"]["horizon_log"] %>',
'propagate': False,
},
'openstack_dashboard': {
'handlers': ['console'],
'level': '<%= node["openstack"]["dashboard"]["log_level"]["openstack_dashboard"] %>',
'propagate': False,
},
'novaclient': {
'handlers': ['console'],
'level': '<%= node["openstack"]["dashboard"]["log_level"]["novaclient"] %>',
'propagate': False,
},
'cinderclient': {
'handlers': ['console'],
'level': '<%= node["openstack"]["dashboard"]["log_level"]["cinderclient"] %>',
'propagate': False,
},
'keystoneclient': {
'handlers': ['console'],
'level': '<%= node["openstack"]["dashboard"]["log_level"]["keystoneclient"] %>',
'propagate': False,
},
'glanceclient': {
'handlers': ['console'],
'level': '<%= node["openstack"]["dashboard"]["log_level"]["glanceclient"] %>',
'propagate': False,
},
'neutronclient': {
'handlers': ['console'],
'level': '<%= node["openstack"]["dashboard"]["log_level"]["neutronclient"] %>',
'propagate': False,
},
'heatclient': {
'handlers': ['console'],
'level': '<%= node["openstack"]["dashboard"]["log_level"]["heatclient"] %>',
'propagate': False,
},
'ceilometerclient': {
'handlers': ['console'],
'level': '<%= node["openstack"]["dashboard"]["log_level"]["ceilometerclient"] %>',
'propagate': False,
},
'troveclient': {
'handlers': ['console'],
'level': '<%= node["openstack"]["dashboard"]["log_level"]["troveclient"] %>',
'propagate': False,
},
'swiftclient': {
'handlers': ['console'],
'level': '<%= node["openstack"]["dashboard"]["log_level"]["swiftclient"] %>',
'propagate': False,
},
'openstack_auth': {
'handlers': ['console'],
'level': '<%= node["openstack"]["dashboard"]["log_level"]["openstack_auth"] %>',
'propagate': False,
},
'nose.plugins.manager': {
'handlers': ['console'],
'level': '<%= node["openstack"]["dashboard"]["log_level"]["nose.plugins.manager"] %>',
'propagate': False,
},
'django': {
'handlers': ['console'],
'level': '<%= node["openstack"]["dashboard"]["log_level"]["django"] %>',
'propagate': False,
},
'iso8601': {
'handlers': ['null'],
'propagate': False,
},
'scss': {
'handlers': ['null'],
'propagate': False,
},
}
}
# 'direction' should not be specified for all_tcp/udp/icmp.
# It is specified in the form.
SECURITY_GROUP_RULES = {
'all_tcp': {
'name': _('All TCP'),
'ip_protocol': 'tcp',
'from_port': '1',
'to_port': '65535',
},
'all_udp': {
'name': _('All UDP'),
'ip_protocol': 'udp',
'from_port': '1',
'to_port': '65535',
},
'all_icmp': {
'name': _('All ICMP'),
'ip_protocol': 'icmp',
'from_port': '-1',
'to_port': '-1',
},
'ssh': {
'name': 'SSH',
'ip_protocol': 'tcp',
'from_port': '22',
'to_port': '22',
},
'smtp': {
'name': 'SMTP',
'ip_protocol': 'tcp',
'from_port': '25',
'to_port': '25',
},
'dns': {
'name': 'DNS',
'ip_protocol': 'tcp',
'from_port': '53',
'to_port': '53',
},
'http': {
'name': 'HTTP',
'ip_protocol': 'tcp',
'from_port': '80',
'to_port': '80',
},
'pop3': {
'name': 'POP3',
'ip_protocol': 'tcp',
'from_port': '110',
'to_port': '110',
},
'imap': {
'name': 'IMAP',
'ip_protocol': 'tcp',
'from_port': '143',
'to_port': '143',
},
'ldap': {
'name': 'LDAP',
'ip_protocol': 'tcp',
'from_port': '389',
'to_port': '389',
},
'https': {
'name': 'HTTPS',
'ip_protocol': 'tcp',
'from_port': '443',
'to_port': '443',
},
'smtps': {
'name': 'SMTPS',
'ip_protocol': 'tcp',
'from_port': '465',
'to_port': '465',
},
'imaps': {
'name': 'IMAPS',
'ip_protocol': 'tcp',
'from_port': '993',
'to_port': '993',
},
'pop3s': {
'name': 'POP3S',
'ip_protocol': 'tcp',
'from_port': '995',
'to_port': '995',
},
'ms_sql': {
'name': 'MS SQL',
'ip_protocol': 'tcp',
'from_port': '1433',
'to_port': '1433',
},
'mysql': {
'name': 'MYSQL',
'ip_protocol': 'tcp',
'from_port': '3306',
'to_port': '3306',
},
'rdp': {
'name': 'RDP',
'ip_protocol': 'tcp',
'from_port': '3389',
'to_port': '3389',
},
}
# You may remove settings from this list for security purposes, but do so at
# the risk of breaking a built-in horizon feature. These settings are required
# for horizon to function properly. Only remove them if you know what you
# are doing. These settings may in the future be moved to be defined within
# the enabled panel configuration.
# You should not add settings to this list for out of tree extensions.
# See: https://wiki.openstack.org/wiki/Horizon/RESTAPI
REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
'LAUNCH_INSTANCE_DEFAULTS',
'OPENSTACK_IMAGE_FORMATS']
# Indicate to the Sahara data processing service whether or not
# automatic floating IP allocation is in effect. If it is not
# in effect, the user will be prompted to choose a floating IP
# pool for use in their cluster. False by default. You would want
# to set this to True if you were running Nova Networking with
# auto_assign_floating_ip = True.
# SAHARA_AUTO_IP_ALLOCATION_ENABLED = False
<% django_backends = {'mysql' => 'django.db.backends.mysql',
'sqlite' => 'django.db.backends.sqlite3',
'postgresql' => 'django.db.backends.postgresql_psycopg2'}
engine = django_backends[@db_info['service_type']] %>
# A dictionary containing the settings for all databases to be used with
# Django. It is a nested dictionary whose contents maps database aliases
# to a dictionary containing the options for an individual database.
DATABASES = {
'default': {
'ENGINE': '<%= engine %>',
'NAME': '<%= @db_info["db_name"] %>',
<% unless @db_info['service_type'] == 'sqlite' %>
'USER': '<%= node["openstack"]["db"]["dashboard"]["username"] %>',
'PASSWORD': '<%= @db_pass %>',
'HOST': '<%= @db_info["host"] %>',
'PORT': '<%= @db_info["port"] %>',
<% end %>
'default-character-set': 'utf8'
},
}
# Boolean that decides if compression should also be done outside of the
# request/response loop - independent from user requests. This allows to
# pre-compress CSS and JavaScript files and works just like the automatic
# compression with the {% compress %} tag.
COMPRESS_OFFLINE = False
# Add additional plugins.
<% if node["openstack"]["dashboard"]["plugins"] %>
import sys
mod = sys.modules['openstack_dashboard.settings']
<% node["openstack"]["dashboard"]["plugins"].each do |p| %>
mod.INSTALLED_APPS += ('<%= p %>', )
<% end %>
<% end %>
# Allow for misc sections to be added
<% if node["openstack"]["dashboard"]["misc_local_settings"] %>
<% node["openstack"]["dashboard"]["misc_local_settings"].each do |sec, opts| %>
<%= sec %> = {
<% opts.each do |key, value| %>
'<%= key %>': <%= !!value == value ? ( value ? "True" : "False" ) : "'#{value}'" %>,
<% end %>
}
<% end %>
<% end %>
# define a custom tmp upload directory (override /tmp)
<% if node["openstack"]["dashboard"]["file_upload_temp_dir"] %>
FILE_UPLOAD_TEMP_DIR = "<%= node["openstack"]["dashboard"]["file_upload_temp_dir"] %>"
<% end %>
# Controls whether the keystone v2 openrc file is accessible from the user menu and the api access panel.
SHOW_KEYSTONE_V2_RC = <%= node['openstack']['dashboard']['show_keystone_v2_rc'] %>

7
templates/default/rs_stylesheets.html.erb
View File

@ -1,7 +0,0 @@
{% load compress %}
{% compress css %}
<link href='{{ STATIC_URL }}dashboard/css/folsom.css' type='text/css' rel='stylesheet' />
{% endcompress %}
<link rel="shortcut icon" href="{{ STATIC_URL }}dashboard/img/favicon.ico"/>