Config attributes for OPENSTACK_KEYSTONE_BACKEND
Bumped version to 9.0.2 and added some more options to README.md Closes-Bug: 1320274 Change-Id: I985ed5fc662cef82372bccb3cc7485e150cb9eb0
This commit is contained in:
parent
0e566c316c
commit
ea8bb0c971
|
@ -2,6 +2,9 @@ openstack-dashboard Cookbook CHANGELOG
|
|||
==============================
|
||||
This file is used to list changes made in each version of the openstack-dashboard cookbook.
|
||||
|
||||
## 9.0.2
|
||||
* Add support for configuring OPENSTACK_KEYSTONE_BACKEND
|
||||
|
||||
## 9.0.1
|
||||
### Bug
|
||||
* Fix openstack_keystone_default_role default
|
||||
|
|
49
README.md
49
README.md
|
@ -35,27 +35,42 @@ Sets up the Horizon dashboard within an Apache `mod_wsgi` container.
|
|||
Attributes
|
||||
==========
|
||||
|
||||
* `openstack["dashboard"]["db"]["username"]` - username for horizon database access
|
||||
* `openstack["dashboard"]["server_hostname"]` - sets the ServerName in the Apache config.
|
||||
* `openstack["dashboard"]["use_ssl"]` - toggle for using ssl with dashboard (default true)
|
||||
* `openstack["dashboard"]["ssl"]["dir"]` - directory where ssl certs are stored on this system
|
||||
* `openstack["dashboard"]["dash_path"]` - base path for dashboard files (document root)
|
||||
* `openstack["dashboard"]["wsgi_path"]` - path for wsgi dir
|
||||
* `openstack["dashboard"]["wsgi_socket_prefix"]` - Location that will override the standard Apache runtime directory
|
||||
* `openstack["dashboard"]["ssl_offload"]` - Set SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') flag for offloading SSL
|
||||
* `openstack["dashboard"]["plugins"]` - Array of plugins to include via INSTALED\_APPS
|
||||
* `openstack["dashboard"]["simple_ip_management"]` - Boolean to enable or disable simplified floating IP address management
|
||||
* `openstack['dashboard']['db']['username']` - Username for horizon database access
|
||||
* `openstack['dashboard']['server_hostname']` - Sets the ServerName in the Apache config
|
||||
* `openstack['dashboard']['allowed_hosts']` - List of host/domain names we can service (default: '\[\*\]')
|
||||
* `openstack['dashboard']['dash_path']` - Base path for dashboard files (document root)
|
||||
* `openstack['dashboard']['wsgi_path']` - Path for wsgi dir
|
||||
* `openstack['dashboard']['wsgi_socket_prefix']` - Location that will override the standard Apache runtime directory
|
||||
* `openstack['dashboard']['ssl_offload']` - Set SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') flag for offloading SSL
|
||||
* `openstack['dashboard']['plugins']` - Array of plugins to include via INSTALED\_APPS
|
||||
* `openstack['dashboard']['simple_ip_management']` - Boolean to enable or disable simplified floating IP address management
|
||||
TODO: Add DB2 support on other platforms
|
||||
* `openstack["dashboard"]["platform"]["db2_python_packages"]` - Array of DB2 python packages, only available on redhat platform
|
||||
* `openstack['openstack']['dashboard']['http_port']` - Port that httpd should listen on. Default is 80.
|
||||
* `openstack['openstack']['dashboard']['https_port']` - Port that httpd should listen on for using ssl. Default is 443.
|
||||
* `openstack['dashboard']['platform']['db2_python_packages']` - Array of DB2 python packages, only available on redhat platform
|
||||
* `openstack['dashboard']['http_port']` - Port that httpd should listen on (default: 80)
|
||||
* `openstack['dashboard']['https_port']` - Port that httpd should listen on for using ssl (default: 443)
|
||||
* `openstack['dashboard']['password_autocomplete']` - Toggle browser autocompletion for login form ('on' or 'off', default: 'on')
|
||||
|
||||
Identity
|
||||
--------
|
||||
* `openstack['dashboard']['identity_api_version']` - Force a specific Identity API version ('2.0' or '3', default: '2.0')
|
||||
* `openstack['dashboard']['keystone_multidomain_support']` - Boolean to enable multi-Domain support
|
||||
* `openstack['dashboard']['keystone_default_domain']` - Default Domain if using API v3 and on a single-domain model (default: 'Default')
|
||||
* `openstack['dashboard']['keystone_default_role']` - Default Keystone role assigned to project members (default: '_member_')
|
||||
* `openstack['dashboard']['keystone_backend']['name']` - Keystone backend in use ('native' or 'ldap', default: 'native')
|
||||
* `openstack['dashboard']['keystone_backend']['can_edit_user']` - Boolean to allow some user-related identity operations (default: true)
|
||||
* `openstack['dashboard']['keystone_backend']['can_edit_group']` - Boolean to allow some group-related identity operations (default: true)
|
||||
* `openstack['dashboard']['keystone_backend']['can_edit_project']` - Boolean to allow some project-related identity operations (default: true)
|
||||
* `openstack['dashboard']['keystone_backend']['can_edit_domain']` - Boolean to allow some domain-related identity operations (default: true)
|
||||
* `openstack['dashboard']['keystone_backend']['can_edit_role']` - Boolean to allow some role-related identity operations (default: true)
|
||||
|
||||
Certificate
|
||||
-----------
|
||||
* `openstack["dashboard"]["ssl"]["cert"]` - name to use when creating the ssl certificate
|
||||
* `openstack["dashboard"]["ssl"]["cert_url"]` - if using an existing certificate, this is the URL to its location
|
||||
* `openstack["dashboard"]["ssl"]["key"]` - name to use when creating the ssl key
|
||||
* `openstack["dashboard"]["ssl"]["key_url"]` - if using an existing certificate key, this is the URL to its location
|
||||
* `openstack['dashboard']['use_ssl']` - Toggle for using ssl with dashboard (default: true)
|
||||
* `openstack['dashboard']['ssl']['dir']` - Directory where ssl certs are stored on this system (default: platform dependent)
|
||||
* `openstack['dashboard']['ssl']['cert']` - Name to use when creating the ssl certificate
|
||||
* `openstack['dashboard']['ssl']['cert_url']` - If using an existing certificate, this is the URL to its location
|
||||
* `openstack['dashboard']['ssl']['key']` - Name to use when creating the ssl key
|
||||
* `openstack['dashboard']['ssl']['key_url']` - If using an existing certificate key, this is the URL to its location
|
||||
|
||||
By default the openstack-dashboard cookbook ships with a self-signed certificate from a fake organization.
|
||||
It is possible to use a real production certificate from your organization by putting that certificate
|
||||
|
|
|
@ -145,6 +145,13 @@ default['openstack']['dashboard']['identity_api_version'] = 2.0
|
|||
default['openstack']['dashboard']['keystone_default_domain'] = 'Default'
|
||||
default['openstack']['dashboard']['console_type'] = 'AUTO'
|
||||
|
||||
default['openstack']['dashboard']['keystone_backend']['name'] = 'native'
|
||||
default['openstack']['dashboard']['keystone_backend']['can_edit_user'] = true
|
||||
default['openstack']['dashboard']['keystone_backend']['can_edit_group'] = true
|
||||
default['openstack']['dashboard']['keystone_backend']['can_edit_project'] = true
|
||||
default['openstack']['dashboard']['keystone_backend']['can_edit_domain'] = true
|
||||
default['openstack']['dashboard']['keystone_backend']['can_edit_role'] = true
|
||||
|
||||
default['openstack']['dashboard']['log_level']['horizon'] = 'INFO'
|
||||
default['openstack']['dashboard']['log_level']['openstack_dashboard'] = 'INFO'
|
||||
default['openstack']['dashboard']['log_level']['novaclient'] = 'INFO'
|
||||
|
|
|
@ -4,7 +4,7 @@ maintainer_email 'cookbooks@lists.tfoundry.com'
|
|||
license 'Apache 2.0'
|
||||
description 'Installs/Configures the OpenStack Dasboard (Horizon)'
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
version '9.0.1'
|
||||
version '9.0.2'
|
||||
|
||||
recipe 'openstack-dashboard::server', 'Sets up the Horizon dashboard within an Apache `mod_wsgi` container.'
|
||||
|
||||
|
|
|
@ -290,6 +290,27 @@ describe 'openstack-dashboard::server' do
|
|||
expect(chef_run).to render_file(file.name).with_content(/^OPENSTACK_KEYSTONE_DEFAULT_ROLE = "keystone_default_role_value"$/)
|
||||
end
|
||||
|
||||
context 'keystone_backend settings' do
|
||||
%w(native ldap).each do |keystone_backend_name|
|
||||
it "sets the backend name to #{keystone_backend_name}" do
|
||||
node.set['openstack']['dashboard']['keystone_backend']['name'] = keystone_backend_name
|
||||
expect(chef_run).to render_file(file.name).with_content(/^\s*'name': '#{keystone_backend_name}',$/)
|
||||
end
|
||||
end
|
||||
|
||||
%w(can_edit_user can_edit_group can_edit_project can_edit_domain can_edit_role).each do |keystone_setting|
|
||||
it "enables the #{keystone_setting} keystone backend setting when the attribute is True" do
|
||||
node.set['openstack']['dashboard']['keystone_backend'][keystone_setting] = true
|
||||
expect(chef_run).to render_file(file.name).with_content(/^\s*\'#{keystone_setting}\': True,$/)
|
||||
end
|
||||
|
||||
it "disables the #{keystone_setting} keystone backend setting when the attribute is False" do
|
||||
node.set['openstack']['dashboard']['keystone_backend'][keystone_setting] = false
|
||||
expect(chef_run).to render_file(file.name).with_content(/^\s*\'#{keystone_setting}\': False,$/)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'neutron settings' do
|
||||
%w(enable_lb enable_quotas).each do |neutron_setting|
|
||||
it "enables the #{neutron_setting} setting when the attributes is True" do
|
||||
|
|
|
@ -163,12 +163,12 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "<%= node["openstack"]["dashboard"]["keystone_
|
|||
#
|
||||
# TODO(tres): Remove these once Keystone has an API to identify auth backend.
|
||||
OPENSTACK_KEYSTONE_BACKEND = {
|
||||
'name': 'native',
|
||||
'can_edit_user': True,
|
||||
'can_edit_group': True,
|
||||
'can_edit_project': True,
|
||||
'can_edit_domain': True,
|
||||
'can_edit_role': True
|
||||
'name': '<%= node["openstack"]["dashboard"]["keystone_backend"]["name"] %>',
|
||||
'can_edit_user': <%= node["openstack"]["dashboard"]["keystone_backend"]["can_edit_user"] ? "True" : "False" %>,
|
||||
'can_edit_group': <%= node["openstack"]["dashboard"]["keystone_backend"]["can_edit_group"] ? "True" : "False" %>,
|
||||
'can_edit_project': <%= node["openstack"]["dashboard"]["keystone_backend"]["can_edit_project"] ? "True" : "False" %>,
|
||||
'can_edit_domain': <%= node["openstack"]["dashboard"]["keystone_backend"]["can_edit_domain"] ? "True" : "False" %>,
|
||||
'can_edit_role': <%= node["openstack"]["dashboard"]["keystone_backend"]["can_edit_role"] ? "True" : "False" %>,
|
||||
}
|
||||
|
||||
OPENSTACK_HYPERVISOR_FEATURES = {
|
||||
|
|
Loading…
Reference in New Issue