52626d87d0
In order to expose the variable in documentation, it is defined in defaults and the value is always templated. The default value is set to the same as the upstream default. Change-Id: I3a8785de414a82931b1089f7396b0fbe3b68ae7d
300 lines
10 KiB
YAML
300 lines
10 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
## Verbosity Options
|
|
debug: False
|
|
|
|
# Set the package install state for distribution and pip packages
|
|
# Options are 'present' and 'latest'
|
|
horizon_package_state: "latest"
|
|
horizon_pip_package_state: "latest"
|
|
|
|
## Toggle developer mode
|
|
horizon_developer_mode: false
|
|
|
|
## The git source/branch for Horizon
|
|
horizon_git_repo: https://git.openstack.org/openstack/horizon
|
|
horizon_git_install_branch: master
|
|
|
|
## The git source/branch for the Magnum UI plugin
|
|
magnum_dashboard_git_repo: https://git.openstack.org/openstack/magnum-ui
|
|
magnum_dashboard_git_install_branch: master
|
|
|
|
## The git source/branch for the Designate UI plugin
|
|
designate_dashboard_git_repo: https://git.openstack.org/openstack/designate-dashboard
|
|
designate_dashboard_git_install_branch: master
|
|
|
|
## The git source/branch for the Trove UI plugin
|
|
trove_dashboard_git_repo: https://git.openstack.org/openstack/trove-dashboard
|
|
trove_dashboard_git_install_branch: master
|
|
|
|
## The packages to build from source (used in developer mode)
|
|
horizon_developer_constraints:
|
|
- "git+{{ horizon_git_repo }}@{{ horizon_git_install_branch }}#egg=horizon"
|
|
- "git+{{ magnum_dashboard_git_repo }}@{{ magnum_dashboard_git_install_branch }}#egg=magnum-ui"
|
|
- "git+{{ designate_dashboard_git_repo }}@{{ designate_dashboard_git_install_branch }}#egg=designate_dashboard"
|
|
- "git+{{ trove_dashboard_git_repo }}@{{ trove_dashboard_git_install_branch }}#egg=trove_dashboard"
|
|
|
|
# Name of the virtual env to deploy into
|
|
horizon_venv_tag: untagged
|
|
horizon_bin: "/openstack/venvs/horizon-{{ horizon_venv_tag }}/bin"
|
|
|
|
# venv_download, even when true, will use the fallback method of building the
|
|
# venv from scratch if the venv download fails.
|
|
horizon_venv_download: "{{ not horizon_developer_mode | bool }}"
|
|
horizon_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/horizon.tgz
|
|
|
|
## System info
|
|
horizon_system_user_name: horizon
|
|
horizon_system_group_name: horizon
|
|
|
|
horizon_system_shell: /bin/false
|
|
horizon_system_comment: horizon system user
|
|
horizon_system_user_home: "/var/lib/{{ horizon_system_user_name }}"
|
|
|
|
## Service Type and Data
|
|
horizon_service_region: RegionOne
|
|
horizon_service_name: horizon
|
|
|
|
## DB info
|
|
horizon_galera_database: dash
|
|
horizon_galera_user: dash
|
|
|
|
## Session configuration
|
|
# Specifies the timespan in seconds inactivity, until a user is considered as
|
|
# logged out
|
|
horizon_session_timeout: 1800
|
|
|
|
## Horizon Help URL Path
|
|
horizon_help_url: http://docs.openstack.org
|
|
|
|
## Installation directories
|
|
horizon_lib_dir: "{{ horizon_bin | dirname }}/lib/python2.7/dist-packages"
|
|
horizon_lib_wsgi_file: "{{ horizon_lib_dir }}/openstack_dashboard/wsgi/django.wsgi"
|
|
|
|
horizon_endpoint_type: internalURL
|
|
|
|
horizon_server_name: "{{ ansible_hostname | default('horizon') }}"
|
|
horizon_apache_servertokens: "Prod"
|
|
horizon_apache_serversignature: "Off"
|
|
horizon_log_level: info
|
|
horizon_apache_custom_log_format: combined
|
|
horizon_dropdown_max_items: 30
|
|
horizon_instance_log_length: 35
|
|
horizon_overview_days_range: 1
|
|
horizon_images_upload_mode: direct
|
|
horizon_time_zone: UTC
|
|
horizon_enforce_password_check: False
|
|
horizon_disable_password_reveal: False
|
|
horizon_enable_password_retrieve: False
|
|
horizon_enable_password_autocomplete: False
|
|
# If nova_libvirt_inject_password is set to True, then this can also be enabled:
|
|
horizon_can_set_password: False
|
|
horizon_enable_cinder_backup: False
|
|
# Enables IPv6 support in Horizon, such as managing network subnets
|
|
horizon_enable_ipv6: True
|
|
|
|
# Disable/Enable simplified floating IP address management for deployments with
|
|
# multiple floating IP pools or complex network requirements.
|
|
horizon_simple_ip_management: True
|
|
|
|
# To enable ha router support in horizon set to True
|
|
horizon_enable_ha_router: False
|
|
|
|
# DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
|
|
# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
|
|
# Scripting (XFS) vulnerability, so this option allows extra security hardening
|
|
# where iframes are not used in deployment. Default setting is True.
|
|
# For more information see:
|
|
# http://tinyurl.com/anticlickjack
|
|
horizon_disallow_iframe_embed: True
|
|
|
|
# WSGI tuning parameters
|
|
# horizon_wsgi_processes: 4
|
|
# horizon_wsgi_threads: 4
|
|
|
|
## Horizon SSL
|
|
horizon_ssl_cert: /etc/ssl/certs/horizon.pem
|
|
horizon_ssl_key: /etc/ssl/private/horizon.key
|
|
horizon_ssl_ca_cert: /etc/ssl/certs/horizon-ca.pem
|
|
horizon_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}"
|
|
horizon_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
|
|
# if using a self-signed certificate, set this to true to regenerate it
|
|
horizon_ssl_self_signed_regen: false
|
|
horizon_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ horizon_server_name }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
|
|
|
|
# Set these variables to deploy custom certificates
|
|
# horizon_user_ssl_cert: <path to cert on ansible deployment host>
|
|
# horizon_user_ssl_key: <path to cert on ansible deployment host>
|
|
# horizon_user_ssl_ca_cert: <path to cert on ansible deployment host>
|
|
|
|
# Set this to True if you do ssl termination on an external device, like the
|
|
# load balancer
|
|
horizon_external_ssl: false
|
|
|
|
# Set this to the header that your device sets when doing ssl termination
|
|
horizon_secure_proxy_ssl_header: "X-Forwarded-Proto"
|
|
horizon_secure_proxy_ssl_header_django: "HTTP_{{ horizon_secure_proxy_ssl_header | replace('-', '_') | upper }}"
|
|
|
|
# For multiple regions uncomment this configuration, and
|
|
# add the extra endpoints below the first list item.
|
|
# horizon_available_regions:
|
|
# - { url: "{{ keystone_service_internalurl }}", name: "{{ keystone_service_region }}" }
|
|
# - { url: "http://cluster1.example.com:5000/v2.0", name: "RegionTwo" }
|
|
|
|
## Horizon's keystone endpoint settings
|
|
horizon_keystone_host: "{{ internal_lb_vip_address }}"
|
|
horizon_keystone_endpoint: "{{ keystone_service_internalurl }}"
|
|
|
|
## Horizon Multi-Domain Support
|
|
# these variables should only be changed if horizon_keystone_endpoint is a Keystone v3 API endpoint
|
|
horizon_keystone_multidomain_support: False
|
|
horizon_keystone_default_domain: Default
|
|
|
|
### Set the cacert pem for Keystone if you'd like Horizon to verify it.
|
|
# horizon_cacert_pem: /path/to/cacert.pem
|
|
|
|
## alternatively, you can set horizon to turn off ssl verification for Keystone
|
|
horizon_ssl_no_verify: "{{ (keystone_service_adminuri_insecure | bool or keystone_service_internaluri_insecure | bool) | default(false) }}"
|
|
|
|
## The role which Horizon should use as a default for users
|
|
horizon_default_role_name: _member_
|
|
|
|
## Launch instance
|
|
horizon_launch_instance_legacy: False
|
|
horizon_launch_instance_ng: True
|
|
|
|
## Ironic UI Panel
|
|
horizon_enable_ironic_ui: False
|
|
|
|
## Magnum UI Panel
|
|
horizon_enable_magnum_ui: False
|
|
|
|
## Sahara UI Panel
|
|
horizon_enable_sahara_ui: False
|
|
|
|
## Trove UI Panel
|
|
horizon_enable_trove_ui: False
|
|
|
|
## Designate UI Panel
|
|
horizon_enable_designate_ui: False
|
|
|
|
## Neutron features to enable
|
|
horizon_enable_neutron_lbaas: False
|
|
horizon_enable_neutron_fwaas: False
|
|
horizon_enable_neutron_vpnaas: False
|
|
|
|
## Swift
|
|
horizon_swift_file_transfer_chunk_size: 524288
|
|
|
|
## Panel
|
|
horizon_default_panel: overview
|
|
|
|
# For blacklisting certain Nova extensions uncomment this configuration,
|
|
# and add necessary list items.
|
|
# horizon_nova_extensions_blacklist:
|
|
# - "SimpleTenantUsage"
|
|
|
|
## Customization module
|
|
## See http://docs.openstack.org/developer/horizon/topics/customizing.html#horizon-customization-module-overrides
|
|
# horizon_customization_module: /local/path/to/customization_module.py
|
|
|
|
## Replace default theme files with your own
|
|
# horizon_custom_uploads:
|
|
# logo:
|
|
# src: "path_on_deployment_host_of_your_custom_logo.png"
|
|
# dest: "img/logo.png"
|
|
# logo_splash:
|
|
# src: "path_on_deployment_host_of_your_custom_logo-splash.png"
|
|
# dest: "img/logo-splash.png"
|
|
|
|
_horizon_available_themes:
|
|
default:
|
|
theme_name: "default"
|
|
theme_label: "Default"
|
|
theme_path: "themes/default"
|
|
material:
|
|
theme_name: "material"
|
|
theme_label: "Material"
|
|
theme_path: "themes/material"
|
|
|
|
# Add custom themes. Deployers need to place the theme directories
|
|
# and files on the horizon containers in:
|
|
# {{ horizon_lib_dir }}/openstack_dashboard/themes
|
|
# See http://docs.openstack.org/developer/horizon/topics/customizing.html#themes
|
|
# for more details on custom themes
|
|
# Example:
|
|
#
|
|
# horizon_custom_themes:
|
|
# custom_theme:
|
|
# theme_name: "custom"
|
|
# theme_label: "Custom"
|
|
# theme_path: "themes/custom"
|
|
#
|
|
horizon_custom_themes: {}
|
|
|
|
# Which of the available themes will be used by default
|
|
# value is the theme_name from the vars above
|
|
horizon_default_theme: "default"
|
|
|
|
horizon_webroot: /
|
|
|
|
horizon_listen_ports:
|
|
- "80"
|
|
- "443"
|
|
|
|
# horizon packages that must be installed before anything else
|
|
horizon_requires_pip_packages:
|
|
- virtualenv
|
|
- virtualenv-tools
|
|
- python-keystoneclient # Keystoneclient needed to OSA keystone lib
|
|
- httplib2
|
|
|
|
horizon_pip_packages:
|
|
- django-appconf
|
|
- django-openstack-auth
|
|
- greenlet
|
|
- horizon
|
|
- ironic-ui
|
|
- magnum-ui
|
|
- keystonemiddleware
|
|
- MySQL-python
|
|
- PyMySQL
|
|
- neutron-lbaas-dashboard
|
|
- oslo.config
|
|
- ply
|
|
- pycrypto
|
|
- python-memcached
|
|
- python-keystoneclient
|
|
- sahara_dashboard
|
|
- trove_dashboard
|
|
- designate_dashboard
|
|
|
|
# This variable is used to install additional pip packages
|
|
# that could be needed for additional dashboards
|
|
horizon_optional_pip_packages: []
|
|
|
|
# This variable is used by the repo_build process to determine
|
|
# which host group to check for members of before building the
|
|
# pip packages required by this role. The value is picked up
|
|
# by the py_pkgs lookup.
|
|
horizon_role_project_group: horizon_all
|
|
|
|
# Set arbitrary horizon configuration options
|
|
horizon_config_overrides: {}
|
|
|
|
horizon_keystone_admin_roles:
|
|
- admin
|