openstack/openstack-ansible-os_horizon
Code Issues Proposed changes
Role os_horizon for OpenStack-Ansible
85 Commits 10 Branches 17 Tags 6.9 MiB
Jinja 74.5%
Python 18.3%
Shell 7.2%
5838bfdb6b
Go to file
Javeria Khan 5838bfdb6b Update SSL key / cert distribution for Horizon 
Following on the changes introduced by I98bcd17dac9a47cc19e0d9ec90176945a6d7e355

This patch updates the SSL key and cert distribution for Horizon to
use slurp & references the primary node in horizon_ssl_key_distribute.yml
when referencing the key and cert facts.

Change-Id: Ifc01d8a75b5f0ce26ca1fa754dcccffa2a7e425c
Signed-off-by: Javeria Khan <javeriak@plumgrid.com>
2016-04-11 06:08:43 -07:00
defaults Merge "Use upper-constraints file in developer mode" 2016-03-22 00:06:33 +00:00
doc [DOCS] Cleanup the role docs for consistency and clarity 2016-03-10 08:55:29 -05:00
handlers Convert existing roles into galaxy roles 2015-02-18 10:56:25 +00:00
meta Ensure that pip lock down happens before other dependencies 2016-03-31 19:02:01 +00:00
releasenotes Add reno scaffolding for release notes management 2016-04-09 19:20:32 +01:00
tasks Update SSL key / cert distribution for Horizon 2016-04-11 06:08:43 -07:00
templates Add ability to configure Neutron FWaaS 2016-03-17 17:14:19 +00:00
tests Switch defaults/tests to use master branch 2016-04-03 12:59:17 +01:00
.gitignore Add reno scaffolding for release notes management 2016-04-09 19:20:32 +01:00
.gitreview Implement base configuration for independent repository 2016-03-02 09:39:02 -05:00
CONTRIBUTING.rst Convert existing roles into galaxy roles 2015-02-18 10:56:25 +00:00
LICENSE Convert existing roles into galaxy roles 2015-02-18 10:56:25 +00:00
other-requirements.txt Enable functional convergence testing 2016-03-14 12:53:48 +00:00
README.rst Remove dependency on the Keystone admin auth token 2016-03-17 10:48:22 -04:00
run_tests.sh Implement base configuration for independent repository 2016-03-02 09:39:02 -05:00
setup.cfg Implement base configuration for independent repository 2016-03-02 09:39:02 -05:00
setup.py Implement base configuration for independent repository 2016-03-02 09:39:02 -05:00
test-requirements.txt Add reno scaffolding for release notes management 2016-04-09 19:20:32 +01:00
tox.ini Add reno scaffolding for release notes management 2016-04-09 19:20:32 +01:00
Vagrantfile Adding Vagrantfile for local developer testing 2016-03-09 22:04:36 -05:00

README.rst

OpenStack-Ansible Horizon

This Ansible role installs and configures OpenStack Horizon served by the Apache webserver. Horizon is configured to use Galera for session caching and memcached for other caching.

Default Variables

../../defaults/main.yml

Required Variables

This list is not exhaustive at present. See role internals for further details.

horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
horizon_galera_address: 10.100.100.101
horizon_container_mysql_password: "SuperSecrete"
horizon_secret_key: "SuperSecreteHorizonKey"

Example Playbook

- name: Installation and setup of horizon
  hosts: horizon_all
  user: root
  roles:
    - { role: "os_horizon", tags: [ "os-horizon" ] }
  vars:
    galera_client_drop_config_file: false
    external_lb_vip_address: 10.100.100.101
    internal_lb_vip_address: 10.100.100.101
    horizon_galera_address: 10.100.100.101
    horizon_container_mysql_password: "SuperSecrete"
    horizon_secret_key: "SuperSecreteHorizonKey"
    horizon_external_ssl: true
    horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
    horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
    galera_root_password: "secrete"
    rabbitmq_servers: 10.100.100.101
    rabbitmq_use_ssl: false
    rabbitmq_port: 5671
    keystone_admin_user_name: admin
    keystone_auth_admin_password: "SuperSecretePassword"
    keystone_admin_tenant_name: admin
    keystone_service_adminuri_insecure: false
    keystone_service_internaluri_insecure: false
    keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
    keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
    keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
    keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
    openrc_os_password: "{{ keystone_auth_admin_password }}"
    openrc_os_domain_name: "Default"
    memcached_servers: 10.100.100.101
    memcached_encryption_key: "secrete"