4283200534
Horizon has, since OSA's inception, been deployed with HTTPS access enabled, and has had no way to turn it off. Some use-cases may want to access via HTTP instead, so this patch enables the following: 1. Listen via HTTPS on a load balancer, but via HTTP on the horizon host and have the load balancer forward the correct headers. It will do this by default in the integrated build due to the presence of the load balancer, so the current behaviour is retained. 2. Enable HTTPS on the horizon host without a load balancer. This is the role's default behaviour which matches what it always has been. 3. Disable HTTPS entirely by setting ``haproxy_ssl: no`` (which will also disable https on haproxy. This setting is inherited by the new ``horizon_enable_ssl`` variable by default. This is a new option. Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk> Change-Id: I823f2f949258157e306dbf80570abe53373da0c3 Closes-Bug: 1794337
130 lines
3.9 KiB
YAML
130 lines
3.9 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Gather variables for each operating system
|
|
include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
|
|
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
|
|
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
|
|
- "{{ ansible_distribution | lower }}.yml"
|
|
- "{{ ansible_os_family | lower }}.yml"
|
|
tags:
|
|
- always
|
|
|
|
- name: Fail if service was deployed using a different installation method
|
|
fail:
|
|
msg: "Switching installation methods for OpenStack services is not supported"
|
|
when:
|
|
- ansible_local is defined
|
|
- ansible_local.openstack_ansible is defined
|
|
- ansible_local.openstack_ansible.horizon is defined
|
|
- ansible_local.openstack_ansible.horizon.install_method is defined
|
|
- ansible_local.openstack_ansible.horizon.install_method != horizon_install_method
|
|
|
|
- name: Gather variables for installation method
|
|
include_vars: "{{ horizon_install_method }}_install.yml"
|
|
tags:
|
|
- always
|
|
|
|
- include_tasks: horizon_pre_install.yml
|
|
tags:
|
|
- horizon-install
|
|
|
|
- include_tasks: horizon_install.yml
|
|
tags:
|
|
- horizon-install
|
|
|
|
- include_tasks: horizon_post_install.yml
|
|
tags:
|
|
- horizon-config
|
|
|
|
- include_tasks: horizon_db_setup.yml
|
|
when: inventory_hostname == ansible_play_hosts[0]
|
|
tags:
|
|
- horizon-config
|
|
|
|
- include_tasks: horizon_ssl_self_signed.yml
|
|
when:
|
|
- horizon_enable_ssl | bool
|
|
- not (horizon_external_ssl | bool)
|
|
- horizon_user_ssl_cert is not defined or horizon_user_ssl_key is not defined
|
|
tags:
|
|
- horizon-config
|
|
|
|
- include_tasks: horizon_ssl_user_provided.yml
|
|
when:
|
|
- horizon_enable_ssl | bool
|
|
- not (horizon_external_ssl | bool)
|
|
tags:
|
|
- horizon-config
|
|
|
|
- name: Update the ca certificates
|
|
command: "update-ca-certificates -f"
|
|
when:
|
|
- horizon_enable_ssl | bool
|
|
- not (horizon_external_ssl | bool)
|
|
- ansible_pkg_mgr == 'apt'
|
|
tags:
|
|
- horizon-config
|
|
- horizon-ssl
|
|
|
|
- include_tasks: horizon_service_setup.yml
|
|
tags:
|
|
- horizon-config
|
|
|
|
- name: Ensure messages are compiled for translation
|
|
async_status:
|
|
jid: "{{ item.ansible_job_id }}"
|
|
become: yes
|
|
become_user: "{{ horizon_system_user_name }}"
|
|
register: async_compile_messages_check
|
|
until: async_compile_messages_check.finished
|
|
retries: 300
|
|
with_items:
|
|
- "{{ async_compile_messages.results }}"
|
|
tags:
|
|
- horizon-config
|
|
|
|
# NOTE(mhayden): The async_status check here must be done as the horizon user
|
|
# since the original task ran as that user. This task will fail if it is run
|
|
# as root because the async status file is within the horizon user's home
|
|
# directory, not root's home directory.
|
|
- name: Ensure static files are collected and compressed
|
|
async_status:
|
|
jid: "{{ item.ansible_job_id }}"
|
|
become: yes
|
|
become_user: "{{ horizon_system_user_name }}"
|
|
register: async_compress_static_files_check
|
|
until: async_compress_static_files_check.finished
|
|
retries: 300
|
|
with_items:
|
|
- "{{ async_compress_static_files.results }}"
|
|
tags:
|
|
- horizon-config
|
|
|
|
- include_tasks: horizon_apache.yml
|
|
tags:
|
|
- horizon-config
|
|
|
|
- include_tasks: horizon_translations_update.yml
|
|
when: horizon_translations_update | bool
|
|
tags:
|
|
- horizon-config
|
|
- horizon-translations
|
|
|
|
- name: Flush handlers
|
|
meta: flush_handlers
|