448 lines
17 KiB
YAML
448 lines
17 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
## Verbosity Options
|
|
debug: False
|
|
|
|
# Set the host which will execute the shade modules
|
|
# for the service setup. The host must already have
|
|
# clouds.yaml properly configured.
|
|
horizon_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
|
|
horizon_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((horizon_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}"
|
|
|
|
# Set the package install state for distribution and pip packages
|
|
# Options are 'present' and 'latest'
|
|
horizon_package_state: "latest"
|
|
horizon_pip_package_state: "latest"
|
|
|
|
# Set installation method.
|
|
horizon_install_method: "source"
|
|
|
|
## Toggle developer mode
|
|
horizon_developer_mode: false
|
|
|
|
## The git source/branch for Horizon
|
|
horizon_git_repo: https://git.openstack.org/openstack/horizon
|
|
horizon_git_install_branch: master
|
|
|
|
## The git source/branch for the Blazar UI plugin
|
|
blazar_dashboard_git_repo: https://git.openstack.org/openstack/blazar-dashboard
|
|
blazar_dashboard_git_install_branch: master
|
|
|
|
## The git source/branch for Cloudkitty UI plugin
|
|
cloudkitty_dashboard_git_repo: https://git.openstack.org/openstack/cloudkitty-dashboard
|
|
cloudkitty_dashboard_git_install_branch: master
|
|
|
|
## The git source/branch for the Magnum UI plugin
|
|
magnum_dashboard_git_repo: https://git.openstack.org/openstack/magnum-ui
|
|
magnum_dashboard_git_install_branch: master
|
|
|
|
## The git source/branch for the Octavia UI plugin
|
|
octavia_dashboard_git_repo: https://git.openstack.org/openstack/octavia-dashboard
|
|
octavia_dashboard_git_install_branch: master
|
|
|
|
## The git source/branch for the Designate UI plugin
|
|
designate_dashboard_git_repo: https://git.openstack.org/openstack/designate-dashboard
|
|
designate_dashboard_git_install_branch: master
|
|
|
|
## The git source/branch for the Tacker UI plugin
|
|
tacker_dashboard_git_repo: https://git.openstack.org/openstack/tacker-horizon
|
|
tacker_dashboard_git_install_branch: master
|
|
|
|
## The git source/branch for the Trove UI plugin
|
|
trove_dashboard_git_repo: https://git.openstack.org/openstack/trove-dashboard
|
|
trove_dashboard_git_install_branch: master
|
|
|
|
## The git source/branch for the Heat UI plugin
|
|
heat_dashboard_git_repo: https://git.openstack.org/openstack/heat-dashboard
|
|
heat_dashboard_git_install_branch: master
|
|
|
|
## The git source/branch for the Zun UI plugin
|
|
zun_dashboard_git_repo: https://git.openstack.org/openstack/zun-ui
|
|
zun_dashboard_git_install_branch: master
|
|
|
|
# The git source/branch for the Neutron VPNaaS UI plugin
|
|
neutron_vpnaas_dashboard_git_repo: https://git.openstack.org/cgit/openstack/neutron-vpnaas-dashboard
|
|
neutron_vpnaas_dashboard_git_install_branch: master
|
|
|
|
## The packages to build from source (used in developer mode)
|
|
horizon_developer_constraints:
|
|
- "git+{{ horizon_git_repo }}@{{ horizon_git_install_branch }}#egg=horizon"
|
|
- "git+{{ blazar_dashboard_git_repo }}@{{ blazar_dashboard_git_install_branch }}#egg=blazar-dashboard"
|
|
- "git+{{ cloudkitty_dashboard_git_repo }}@{{ cloudkitty_dashboard_git_install_branch }}#egg=cloudkitty_dashboard"
|
|
- "git+{{ magnum_dashboard_git_repo }}@{{ magnum_dashboard_git_install_branch }}#egg=magnum-ui"
|
|
- "git+{{ designate_dashboard_git_repo }}@{{ designate_dashboard_git_install_branch }}#egg=designate_dashboard"
|
|
- "git+{{ tacker_dashboard_git_repo }}@{{ tacker_dashboard_git_install_branch }}#egg=tacker_horizon"
|
|
- "git+{{ trove_dashboard_git_repo }}@{{ trove_dashboard_git_install_branch }}#egg=trove_dashboard"
|
|
- "git+{{ heat_dashboard_git_repo }}@{{ heat_dashboard_git_install_branch }}#egg=heat_dashboard"
|
|
- "git+{{ zun_dashboard_git_repo }}@{{ zun_dashboard_git_install_branch }}#egg=zun_ui"
|
|
- "git+{{ neutron_vpnaas_dashboard_git_repo }}@{{ neutron_vpnaas_dashboard_git_install_branch }}#egg=neutron_vpnaas_dashboard"
|
|
|
|
# TODO(odyssey4me):
|
|
# This can be simplified once all the roles are using
|
|
# python_venv_build. We can then switch to using a
|
|
# set of constraints in pip.conf inside the venv,
|
|
# perhaps prepared by giving a giving a list of
|
|
# constraints to the role.
|
|
horizon_pip_install_args: >-
|
|
{{ horizon_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
|
|
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''), '') }}
|
|
{{ pip_install_options | default('') }}
|
|
|
|
# Name of the virtual env to deploy into
|
|
horizon_venv_tag: "{{ venv_tag | default('untagged') }}"
|
|
horizon_bin: "{{ _horizon_bin }}"
|
|
|
|
# venv_download, even when true, will use the fallback method of building the
|
|
# venv from scratch if the venv download fails.
|
|
horizon_venv_download: "{{ not horizon_developer_mode | bool }}"
|
|
horizon_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/horizon.tgz
|
|
|
|
## System info
|
|
horizon_system_user_name: horizon
|
|
horizon_system_group_name: horizon
|
|
|
|
horizon_system_shell: /bin/false
|
|
horizon_system_comment: horizon system user
|
|
horizon_system_user_home: "/var/lib/{{ horizon_system_user_name }}"
|
|
|
|
## Service Type and Data
|
|
horizon_service_region: RegionOne
|
|
horizon_service_name: horizon
|
|
|
|
## Database info
|
|
horizon_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
|
|
horizon_galera_address: "{{ galera_address | default('127.0.0.1') }}"
|
|
horizon_galera_database: dash
|
|
horizon_galera_user: dash
|
|
horizon_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
|
|
horizon_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
|
|
|
|
## Session configuration
|
|
# Specifies the timespan in seconds inactivity, until a user is considered as
|
|
# logged out
|
|
horizon_session_timeout: 1800
|
|
|
|
## Horizon Help URL Path
|
|
horizon_help_url: http://docs.openstack.org
|
|
|
|
## Installation directories
|
|
horizon_lib_dir: "{{ _horizon_lib_dir }}"
|
|
horizon_lib_wsgi_file: "{{ horizon_lib_dir }}/openstack_dashboard/wsgi/django.wsgi"
|
|
|
|
horizon_endpoint_type: internalURL
|
|
|
|
horizon_server_name: "{{ ansible_fqdn | default('horizon') }}"
|
|
horizon_apache_servertokens: "Prod"
|
|
horizon_apache_serversignature: "Off"
|
|
horizon_log_level: info
|
|
horizon_apache_custom_log_format: combined
|
|
horizon_dropdown_max_items: 30
|
|
horizon_instance_log_length: 35
|
|
horizon_overview_days_range: 1
|
|
horizon_images_upload_mode: direct
|
|
horizon_images_allow_location: False
|
|
horizon_time_zone: UTC
|
|
horizon_enforce_password_check: False
|
|
horizon_disable_password_reveal: False
|
|
horizon_enable_password_retrieve: False
|
|
horizon_enable_password_autocomplete: False
|
|
horizon_enable_heatstack_user_pass: True
|
|
# If nova_libvirt_inject_password is set to True, then this can also be enabled:
|
|
horizon_can_set_password: False
|
|
horizon_enable_cinder_backup: False
|
|
# Enables IPv6 support in Horizon, such as managing network subnets
|
|
horizon_enable_ipv6: True
|
|
# Enables router support in Horizon, disable if you don't have Neutron L3 agent
|
|
horizon_enable_router: True
|
|
|
|
# Disable/Enable simplified floating IP address management for deployments with
|
|
# multiple floating IP pools or complex network requirements.
|
|
horizon_simple_ip_management: True
|
|
|
|
# To enable ha router support in horizon set to True
|
|
horizon_enable_ha_router: False
|
|
|
|
# Provide default DNS servers to use when a subnet is created.
|
|
horizon_default_dns_nameservers: []
|
|
|
|
# DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
|
|
# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
|
|
# Scripting (XFS) vulnerability, so this option allows extra security hardening
|
|
# where iframes are not used in deployment. Default setting is True.
|
|
# For more information see:
|
|
# http://tinyurl.com/anticlickjack
|
|
horizon_disallow_iframe_embed: True
|
|
|
|
# WSGI tuning parameters
|
|
# horizon_wsgi_processes: 4
|
|
# horizon_wsgi_threads: 4
|
|
|
|
## Cap the maximun number of threads / workers when a user value is unspecified.
|
|
horizon_wsgi_threads_max: 16
|
|
horizon_wsgi_threads: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, horizon_wsgi_threads_max] | min }}"
|
|
|
|
## Horizon SSL
|
|
horizon_ssl_cert: /etc/ssl/certs/horizon.pem
|
|
horizon_ssl_key: /etc/ssl/private/horizon.key
|
|
horizon_ssl_ca_cert: /etc/ssl/certs/horizon-ca.pem
|
|
horizon_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}"
|
|
horizon_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
|
|
# if using a self-signed certificate, set this to true to regenerate it
|
|
horizon_ssl_self_signed_regen: false
|
|
horizon_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ horizon_server_name }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
|
|
|
|
# Set these variables to deploy custom certificates
|
|
# horizon_user_ssl_cert: <path to cert on ansible deployment host>
|
|
# horizon_user_ssl_key: <path to cert on ansible deployment host>
|
|
# horizon_user_ssl_ca_cert: <path to cert on ansible deployment host>
|
|
|
|
# Toggle whether horizon should be served via SSL
|
|
horizon_enable_ssl: "{{ (haproxy_ssl | default(True)) | bool }}"
|
|
|
|
# Toggle whether horizon is served via an external device, like a load
|
|
# balancer. This enables the use of the horizon_secure_proxy_ssl_header
|
|
# in the web server configuration.
|
|
# Note (odyssey4me):
|
|
# This variable is actually badly named, as it applies
|
|
# settings which have nothing to do with SSL.
|
|
horizon_external_ssl: "{{ (openstack_external_ssl | default(False)) | bool }}"
|
|
|
|
# Set this to the header that your device sets when doing ssl termination
|
|
# Note (odyssey4me):
|
|
# This variable is actually badly named, as it applies
|
|
# settings which have nothing to do with SSL.
|
|
horizon_secure_proxy_ssl_header: "X-Forwarded-Proto"
|
|
horizon_secure_proxy_ssl_header_django: "HTTP_{{ horizon_secure_proxy_ssl_header | replace('-', '_') | upper }}"
|
|
|
|
# For multiple regions uncomment this configuration, and
|
|
# add the extra endpoints below the first list item.
|
|
# horizon_available_regions:
|
|
# - { url: "{{ keystone_service_internalurl }}", name: "{{ keystone_service_region }}" }
|
|
# - { url: "http://cluster1.example.com:5000/v2.0", name: "RegionTwo" }
|
|
|
|
## Horizon's keystone endpoint settings
|
|
horizon_keystone_host: "{{ internal_lb_vip_address }}"
|
|
horizon_keystone_endpoint: "{{ keystone_service_internalurl }}"
|
|
|
|
## Horizon Multi-Domain Support
|
|
# these variables should only be changed if horizon_keystone_endpoint is a Keystone v3 API endpoint
|
|
horizon_keystone_multidomain_support: False
|
|
horizon_keystone_default_domain: Default
|
|
|
|
### Set the cacert pem for Keystone if you'd like Horizon to verify it.
|
|
# horizon_cacert_pem: /path/to/cacert.pem
|
|
|
|
## alternatively, you can set horizon to turn off ssl verification for Keystone
|
|
horizon_ssl_no_verify: "{{ (keystone_service_adminuri_insecure | bool or keystone_service_internaluri_insecure | bool) | default(false) }}"
|
|
|
|
## The role which Horizon should use as a default for users
|
|
horizon_default_role_name: _member_
|
|
|
|
## Launch instance
|
|
horizon_launch_instance_legacy: False
|
|
horizon_launch_instance_ng: True
|
|
horizon_launch_instance_defaults:
|
|
config_drive: False
|
|
enable_scheduler_hints: True
|
|
disable_image: False
|
|
disable_instance_snapshot: False
|
|
disable_volume: False
|
|
disable_volume_snapshot: False
|
|
create_volume: True
|
|
|
|
## Blazar UI Panel
|
|
horizon_enable_blazar_ui: False
|
|
|
|
## Cloudkitty UI Panel
|
|
horizon_enable_cloudkitty_ui: False
|
|
|
|
## Ironic UI Panel
|
|
horizon_enable_ironic_ui: False
|
|
|
|
## Magnum UI Panel
|
|
horizon_enable_magnum_ui: False
|
|
|
|
## Octavia UI Panel
|
|
horizon_enable_octavia_ui: False
|
|
|
|
## Sahara UI Panel
|
|
horizon_enable_sahara_ui: False
|
|
|
|
## Tacker UI Panel
|
|
horizon_enable_tacker_ui: False
|
|
|
|
## Trove UI Panel
|
|
horizon_enable_trove_ui: False
|
|
|
|
## Designate UI Panel
|
|
horizon_enable_designate_ui: False
|
|
|
|
## Heat UI Panel
|
|
horizon_enable_heat_ui: False
|
|
|
|
## Neutron features to enable
|
|
horizon_enable_neutron_lbaas: False
|
|
horizon_enable_neutron_fwaas: False
|
|
horizon_enable_neutron_vpnaas: False
|
|
|
|
## Zun UI Panel
|
|
horizon_enable_zun_ui: False
|
|
|
|
## Swift
|
|
horizon_swift_file_transfer_chunk_size: 524288
|
|
|
|
## Panel
|
|
horizon_default_panel: overview
|
|
|
|
# For blacklisting certain Nova extensions uncomment this configuration,
|
|
# and add necessary list items.
|
|
# horizon_nova_extensions_blacklist:
|
|
# - "SimpleTenantUsage"
|
|
|
|
## Customization module
|
|
## See https://docs.openstack.org/horizon/latest/configuration/customizing.html#horizon-customization-module-overrides
|
|
# horizon_customization_module: /local/path/to/customization_module.py
|
|
|
|
## Replace default theme files with your own
|
|
# horizon_custom_uploads:
|
|
# logo:
|
|
# src: "path_on_deployment_host_of_your_custom_logo.svg"
|
|
# dest: "img/logo.svg"
|
|
# logo_splash:
|
|
# src: "path_on_deployment_host_of_your_custom_logo-splash.svg"
|
|
# dest: "img/logo-splash.svg"
|
|
|
|
_horizon_available_themes:
|
|
default:
|
|
theme_name: "default"
|
|
theme_label: "Default"
|
|
theme_path: "themes/default"
|
|
material:
|
|
theme_name: "material"
|
|
theme_label: "Material"
|
|
theme_path: "themes/material"
|
|
|
|
# Add custom themes. Deployers need to place the archive, with the theme inside,
|
|
# into the directory, which is specified by theme_src_archive key.
|
|
# It should be an absolute path to the archive on the deployment host.
|
|
# Leading folders are not expected in the archive.
|
|
# Following archive formats are supported:
|
|
# .tar.gz, .tgz, .zip, .tar.bz, .tar.bz2, .tbz, .tbz2
|
|
# See https://docs.openstack.org/horizon/latest/configuration/themes.html
|
|
# for more details on custom themes
|
|
# Example:
|
|
#
|
|
# horizon_custom_themes:
|
|
# custom_theme:
|
|
# theme_name: "custom"
|
|
# theme_label: "Custom"
|
|
# theme_path: "themes/custom"
|
|
# theme_src_archive: "/etc/openstack_deploy/horizon/themes/custom.tar.gz"
|
|
#
|
|
horizon_custom_themes: {}
|
|
|
|
# Which of the available themes will be used by default
|
|
# value is the theme_name from the vars above
|
|
horizon_default_theme: "default"
|
|
|
|
horizon_webroot: /
|
|
|
|
horizon_listen_ports:
|
|
- "80"
|
|
- "443"
|
|
|
|
horizon_pip_packages:
|
|
- cryptography
|
|
- django-appconf
|
|
- django-openstack-auth
|
|
- greenlet
|
|
- horizon
|
|
- keystonemiddleware
|
|
- PyMySQL
|
|
- oslo.config
|
|
- ply
|
|
- python-memcached
|
|
- python-keystoneclient
|
|
|
|
# Optional pip packages for additional dashboards
|
|
# TODO(odyssey4me):
|
|
# Simplify this when we are no longer using the py_pkgs plugin
|
|
horizon_blazar_optional_pip_packages:
|
|
- blazar_dashboard
|
|
horizon_cloudkitty_optional_pip_packages:
|
|
- cloudkitty_dashboard
|
|
horizon_designate_optional_pip_packages:
|
|
- designate_dashboard
|
|
horizon_heat_optional_pip_packages:
|
|
- heat_dashboard
|
|
horizon_ironic_optional_pip_packages:
|
|
- ironic-ui
|
|
horizon_magnum_optional_pip_packages:
|
|
- magnum-ui
|
|
horizon_neutron_fwaas_optional_pip_packages:
|
|
- neutron-fwaas-dashboard
|
|
horizon_neutron_lbaas_optional_pip_packages:
|
|
- neutron-lbaas-dashboard
|
|
horizon_neutron_vpnaas_optional_pip_packages:
|
|
- neutron-vpnaas-dashboard
|
|
horizon_octavia_optional_pip_packages:
|
|
- octavia_dashboard
|
|
horizon_sahara_optional_pip_packages:
|
|
- sahara_dashboard
|
|
horizon_tacker_optional_pip_packages:
|
|
- tacker_horizon
|
|
horizon_trove_optional_pip_packages:
|
|
- trove_dashboard
|
|
horizon_zun_optional_pip_packages:
|
|
- zun_ui
|
|
|
|
# This variable is used to install additional pip packages
|
|
# that could be needed for additional dashboards required
|
|
# which are not part of the standard set above.
|
|
horizon_optional_pip_packages: []
|
|
|
|
# This variable is used to update the horizon translations from
|
|
# Zanata, this can be set to "True" when testing translations,
|
|
# but should otherwise be left as False.
|
|
horizon_translations_update: False
|
|
|
|
# This variable is used to define the version of the project
|
|
# (horizon) to pull from Zanata. Default value is master,
|
|
# other possibly values are stable/pike, stable/queens...
|
|
horizon_translations_project_version: "master"
|
|
|
|
# This variable is used to be able to fully override or
|
|
# partially union/intersect lists in order to change the
|
|
# behaviour of the pull of the translations per component.
|
|
horizon_translations_pull: "{{ _horizon_translations_pull }}"
|
|
|
|
# This variable is used by the repo_build process to determine
|
|
# which host group to check for members of before building the
|
|
# pip packages required by this role. The value is picked up
|
|
# by the py_pkgs lookup.
|
|
horizon_role_project_group: horizon_all
|
|
|
|
# Set arbitrary horizon configuration options
|
|
horizon_config_overrides: {}
|
|
|
|
horizon_keystone_admin_roles:
|
|
- admin
|
|
|
|
# Set the "credentials" authentication choice to show as default.
|
|
# The list of authentication mechanisms which include keystone
|
|
# federation protocols and identity provider/federation protocol
|
|
horizon_websso_initial_choice: "credentials"
|