Role os_horizon for OpenStack-Ansible

Go to file

Travis Truman 788fbfd98d Remove dependency on the Keystone admin auth token Now that auth token usage is deprecated, prefer the admin user and password for all horizon setup tasks run against keystone. Change-Id: I37187eaf11d3bd60c577acf7c97c7c2993d65566		2016-03-17 10:48:22 -04:00
defaults	Add support for Horizon customization module	2016-03-16 06:57:44 +00:00
doc	[DOCS] Cleanup the role docs for consistency and clarity	2016-03-10 08:55:29 -05:00
handlers	Convert existing roles into galaxy roles	2015-02-18 10:56:25 +00:00
meta	added role to pin packages	2015-05-08 13:22:42 -05:00
tasks	Remove dependency on the Keystone admin auth token	2016-03-17 10:48:22 -04:00
templates	Add support for Horizon customization module	2016-03-16 06:57:44 +00:00
tests	Implement base configuration for independent repository	2016-03-02 09:39:02 -05:00
.gitignore	Implement base configuration for independent repository	2016-03-02 09:39:02 -05:00
.gitreview	Implement base configuration for independent repository	2016-03-02 09:39:02 -05:00
CONTRIBUTING.rst	Convert existing roles into galaxy roles	2015-02-18 10:56:25 +00:00
LICENSE	Convert existing roles into galaxy roles	2015-02-18 10:56:25 +00:00
other-requirements.txt	Add curl to bindep requirements	2016-03-04 19:23:25 +00:00
README.rst	Remove dependency on the Keystone admin auth token	2016-03-17 10:48:22 -04:00
run_tests.sh	Implement base configuration for independent repository	2016-03-02 09:39:02 -05:00
setup.cfg	Implement base configuration for independent repository	2016-03-02 09:39:02 -05:00
setup.py	Implement base configuration for independent repository	2016-03-02 09:39:02 -05:00
test-requirements.txt	pin version of ansible-lint we use for testing	2016-03-15 11:40:19 -04:00
tox.ini	Implement base configuration for independent repository	2016-03-02 09:39:02 -05:00

README.rst

OpenStack-Ansible Horizon

This Ansible role installs and configures OpenStack Horizon served by the Apache webserver. Horizon is configured to use Galera for session caching and memcached for other caching.

Default Variables

../../defaults/main.yml

Required Variables

This list is not exhaustive at present. See role internals for further details.

horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
horizon_galera_address: 10.100.100.101
horizon_container_mysql_password: "SuperSecrete"
horizon_secret_key: "SuperSecreteHorizonKey"

Example Playbook

- name: Installation and setup of horizon
  hosts: horizon_all
  user: root
  roles:
    - { role: "os_horizon", tags: [ "os-horizon" ] }
  vars:
    galera_client_drop_config_file: false
    external_lb_vip_address: 10.100.100.101
    internal_lb_vip_address: 10.100.100.101
    horizon_galera_address: 10.100.100.101
    horizon_container_mysql_password: "SuperSecrete"
    horizon_secret_key: "SuperSecreteHorizonKey"
    horizon_external_ssl: true
    horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
    horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
    galera_root_password: "secrete"
    rabbitmq_servers: 10.100.100.101
    rabbitmq_use_ssl: false
    rabbitmq_port: 5671
    keystone_admin_user_name: admin
    keystone_auth_admin_password: "SuperSecretePassword"
    keystone_admin_tenant_name: admin
    keystone_service_adminuri_insecure: false
    keystone_service_internaluri_insecure: false
    keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
    keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
    keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
    keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
    openrc_os_password: "{{ keystone_auth_admin_password }}"
    openrc_os_domain_name: "Default"
    memcached_servers: 10.100.100.101
    memcached_encryption_key: "secrete"