194 lines
6.7 KiB
YAML
194 lines
6.7 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
## Verbosity Options
|
|
debug: False
|
|
|
|
horizon_git_repo: https://git.openstack.org/openstack/horizon
|
|
horizon_git_install_branch: master
|
|
horizon_developer_mode: false
|
|
horizon_requirements_git_repo: https://git.openstack.org/openstack/requirements
|
|
horizon_requirements_git_install_branch: master
|
|
horizon_developer_constraints:
|
|
- "git+{{ horizon_git_repo }}@{{ horizon_git_install_branch }}#egg=horizon"
|
|
|
|
# Name of the virtual env to deploy into
|
|
horizon_venv_tag: untagged
|
|
horizon_venv_bin: "/openstack/venvs/horizon-{{ horizon_venv_tag }}/bin"
|
|
|
|
# Set this to enable or disable installing in a venv
|
|
horizon_venv_enabled: true
|
|
|
|
# The bin path defaults to the venv path however if installation in a
|
|
# venv is disabled the bin path will be dynamically set based on the
|
|
# system path used when the installing.
|
|
horizon_bin: "{{ horizon_venv_bin }}"
|
|
|
|
horizon_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/horizon.tgz
|
|
|
|
## System info
|
|
horizon_system_user_name: horizon
|
|
horizon_system_group_name: www-data
|
|
horizon_system_shell: /bin/false
|
|
horizon_system_comment: horizon system user
|
|
horizon_system_user_home: "/var/lib/{{ horizon_system_user_name }}"
|
|
|
|
## Service Type and Data
|
|
horizon_service_region: RegionOne
|
|
horizon_service_name: horizon
|
|
|
|
## DB info
|
|
horizon_galera_database: dash
|
|
horizon_galera_user: dash
|
|
|
|
## Session configuration
|
|
# Specifies the timespan in seconds inactivity, until a user is considered as
|
|
# logged out
|
|
horizon_session_timeout: 1800
|
|
|
|
## Horizon Help URL Path
|
|
horizon_help_url: http://docs.openstack.org
|
|
|
|
## Installation directories
|
|
horizon_venv_lib_dir: "{{ horizon_bin | dirname }}/lib/python2.7/dist-packages"
|
|
horizon_non_venv_lib_dir: "/usr/local/lib/python2.7/dist-packages"
|
|
horizon_lib_dir: "{{ (horizon_venv_enabled | bool) | ternary(horizon_venv_lib_dir, horizon_non_venv_lib_dir) }}"
|
|
horizon_lib_wsgi_file: "{{ horizon_lib_dir }}/openstack_dashboard/wsgi/django.wsgi"
|
|
|
|
horizon_endpoint_type: internalURL
|
|
|
|
horizon_server_name: "{{ ansible_hostname | default('horizon') }}"
|
|
horizon_apache_servertokens: "Prod"
|
|
horizon_apache_serversignature: "Off"
|
|
horizon_log_level: info
|
|
horizon_apache_custom_log_format: combined
|
|
horizon_dropdown_max_items: 30
|
|
horizon_time_zone: UTC
|
|
horizon_enforce_password_check: False
|
|
horizon_disable_password_reveal: False
|
|
horizon_enable_password_retrieve: False
|
|
horizon_enable_password_autocomplete: False
|
|
# If nova_libvirt_inject_password is set to True, then this can also be enabled:
|
|
horizon_can_set_password: False
|
|
horizon_enable_cinder_backup: False
|
|
# Enables IPv6 support in Horizon, such as managing network subnets
|
|
horizon_enable_ipv6: True
|
|
|
|
# To enable ha router support in horizon set to True
|
|
horizon_enable_ha_router: False
|
|
|
|
# WSGI tuning parameters
|
|
# horizon_wsgi_processes: 4
|
|
# horizon_wsgi_threads: 4
|
|
|
|
## Horizon SSL
|
|
horizon_ssl_cert: /etc/ssl/certs/horizon.pem
|
|
horizon_ssl_key: /etc/ssl/private/horizon.key
|
|
horizon_ssl_ca_cert: /etc/ssl/certs/horizon-ca.pem
|
|
horizon_ssl_protocol: "{{ ssl_protocol }}"
|
|
horizon_ssl_cipher_suite: "{{ ssl_cipher_suite }}"
|
|
# if using a self-signed certificate, set this to true to regenerate it
|
|
horizon_ssl_self_signed_regen: false
|
|
horizon_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ horizon_server_name }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
|
|
|
|
# Set these variables to deploy custom certificates
|
|
# horizon_user_ssl_cert: <path to cert on ansible deployment host>
|
|
# horizon_user_ssl_key: <path to cert on ansible deployment host>
|
|
# horizon_user_ssl_ca_cert: <path to cert on ansible deployment host>
|
|
|
|
# Set this to True if you do ssl termination on an external device, like the
|
|
# load balancer
|
|
horizon_external_ssl: false
|
|
|
|
# Set this to the header that your device sets when doing ssl termination
|
|
horizon_secure_proxy_ssl_header: "X-Forwarded-Proto"
|
|
horizon_secure_proxy_ssl_header_django: "HTTP_{{ horizon_secure_proxy_ssl_header | replace('-', '_') | upper }}"
|
|
|
|
# For multiple regions uncomment this configuration, and
|
|
# add the extra endpoints below the first list item.
|
|
# horizon_available_regions:
|
|
# - { url: "{{ keystone_service_internalurl }}", name: "{{ keystone_service_region }}" }
|
|
# - { url: "http://cluster1.example.com:5000/v2.0", name: "RegionTwo" }
|
|
|
|
## Horizon's keystone endpoint settings
|
|
horizon_keystone_host: "{{ internal_lb_vip_address }}"
|
|
horizon_keystone_endpoint: "{{ keystone_service_internalurl }}"
|
|
|
|
## Horizon Multi-Domain Support
|
|
# these variables should only be changed if horizon_keystone_endpoint is a Keystone v3 API endpoint
|
|
horizon_keystone_multidomain_support: False
|
|
horizon_keystone_default_domain: Default
|
|
|
|
### Set the cacert pem for Keystone if you'd like Horizon to verify it.
|
|
# horizon_cacert_pem: /path/to/cacert.pem
|
|
|
|
## alternatively, you can set horizon to turn off ssl verification for Keystone
|
|
horizon_ssl_no_verify: "{{ (keystone_service_adminuri_insecure | bool or keystone_service_internaluri_insecure | bool) | default(false) }}"
|
|
|
|
## The role which Horizon should use as a default for users
|
|
horizon_default_role_name: _member_
|
|
|
|
## Launch instance
|
|
horizon_launch_instance_legacy: False
|
|
horizon_launch_instance_ng: True
|
|
|
|
## Neutron features to enable
|
|
horizon_enable_neutron_lbaas: False
|
|
horizon_enable_neutron_fwaas: False
|
|
horizon_enable_neutron_vpnaas: False
|
|
|
|
## Swift
|
|
horizon_swift_file_transfer_chunk_size: 524288
|
|
|
|
## Panel
|
|
horizon_default_panel: overview
|
|
|
|
# For blacklisting certain Nova extensions uncomment this configuration,
|
|
# and add necessary list items.
|
|
# horizon_nova_extensions_blacklist:
|
|
# - "SimpleTenantUsage"
|
|
|
|
## Customization module
|
|
## See http://docs.openstack.org/developer/horizon/topics/customizing.html#horizon-customization-module-overrides
|
|
# horizon_customization_module: /local/path/to/customization_module.py
|
|
|
|
horizon_webroot: /
|
|
|
|
horizon_listen_ports:
|
|
- "80"
|
|
- "443"
|
|
|
|
# horizon packages that must be installed before anything else
|
|
horizon_requires_pip_packages:
|
|
- virtualenv
|
|
- virtualenv-tools
|
|
- python-keystoneclient # Keystoneclient needed to OSA keystone lib
|
|
- httplib2
|
|
|
|
horizon_pip_packages:
|
|
- django-appconf
|
|
- django-openstack-auth
|
|
- greenlet
|
|
- horizon
|
|
- keystonemiddleware
|
|
- MySQL-python
|
|
- PyMySQL
|
|
- neutron-lbaas-dashboard
|
|
- oslo.config
|
|
- ply
|
|
- pycrypto
|
|
- python-memcached
|
|
- python-keystoneclient
|