Horizon: add policy override and make chart image agnostic
This PS makes horizon image agnostic and also use PyMySQL for the database backend, in addition to making the policy fully configurable. Change-Id: I95f269139539a9397c3cc05327f02dd28ee4917c
This commit is contained in:
parent
38cc836bab
commit
3469b22d1c
@ -18,4 +18,8 @@ limitations under the License.
|
|||||||
|
|
||||||
set -ex
|
set -ex
|
||||||
|
|
||||||
exec /var/lib/kolla/venv/bin/manage.py migrate
|
SITE_PACKAGES_ROOT=$(python -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")
|
||||||
|
rm -f ${SITE_PACKAGES_ROOT}/openstack_dashboard/local/local_settings.py
|
||||||
|
ln -s /etc/openstack-dashboard/local_settings ${SITE_PACKAGES_ROOT}/openstack_dashboard/local/local_settings.py
|
||||||
|
|
||||||
|
exec /tmp/manage.py migrate --noinput
|
||||||
|
38
horizon/templates/bin/_django.wsgi.tpl
Normal file
38
horizon/templates/bin/_django.wsgi.tpl
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
{{/*
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
NOTE (Portdirect): This file is required to support Horizon regardless of the
|
||||||
|
image used, and to provide PyMySQL support.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
import logging
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
|
||||||
|
import pymysql
|
||||||
|
|
||||||
|
pymysql.install_as_MySQLdb()
|
||||||
|
|
||||||
|
from django.core.wsgi import get_wsgi_application
|
||||||
|
from django.conf import settings
|
||||||
|
|
||||||
|
# Add this file path to sys.path in order to import settings
|
||||||
|
sys.path.insert(0, os.path.join(os.path.dirname(os.path.realpath(__file__)), '../..'))
|
||||||
|
os.environ['DJANGO_SETTINGS_MODULE'] = 'openstack_dashboard.settings'
|
||||||
|
sys.stdout = sys.stderr
|
||||||
|
|
||||||
|
DEBUG = False
|
||||||
|
|
||||||
|
application = get_wsgi_application()
|
@ -20,6 +20,13 @@ set -ex
|
|||||||
COMMAND="${@:-start}"
|
COMMAND="${@:-start}"
|
||||||
|
|
||||||
function start () {
|
function start () {
|
||||||
|
SITE_PACKAGES_ROOT=$(python -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")
|
||||||
|
rm -f ${SITE_PACKAGES_ROOT}/openstack_dashboard/local/local_settings.py
|
||||||
|
ln -s /etc/openstack-dashboard/local_settings ${SITE_PACKAGES_ROOT}/openstack_dashboard/local/local_settings.py
|
||||||
|
|
||||||
|
# wsgi/horizon-http needs open files here, including secret_key_store
|
||||||
|
chown -R horizon ${SITE_PACKAGES_ROOT}/openstack_dashboard/local/
|
||||||
|
|
||||||
if [ -f /etc/apache2/envvars ]; then
|
if [ -f /etc/apache2/envvars ]; then
|
||||||
# Loading Apache2 ENV variables
|
# Loading Apache2 ENV variables
|
||||||
source /etc/apache2/envvars
|
source /etc/apache2/envvars
|
||||||
@ -28,13 +35,10 @@ function start () {
|
|||||||
APACHE_DIR="apache2"
|
APACHE_DIR="apache2"
|
||||||
|
|
||||||
# Compress Horizon's assets.
|
# Compress Horizon's assets.
|
||||||
/var/lib/kolla/venv/bin/manage.py collectstatic --noinput
|
/tmp/manage.py collectstatic --noinput
|
||||||
/var/lib/kolla/venv/bin/manage.py compress --force
|
/tmp/manage.py compress --force
|
||||||
rm -rf /tmp/_tmp_.secret_key_store.lock /tmp/.secret_key_store
|
rm -rf /tmp/_tmp_.secret_key_store.lock /tmp/.secret_key_store
|
||||||
|
|
||||||
# wsgi/horizon-http needs open files here, including secret_key_store
|
|
||||||
chown -R horizon /var/lib/kolla/venv/lib/python2.7/site-packages/openstack_dashboard/local/
|
|
||||||
|
|
||||||
exec apache2 -DFOREGROUND
|
exec apache2 -DFOREGROUND
|
||||||
}
|
}
|
||||||
|
|
||||||
|
34
horizon/templates/bin/_manage.py.tpl
Normal file
34
horizon/templates/bin/_manage.py.tpl
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
NOTE (Portdirect): This file is required to support Horizon regardless of the
|
||||||
|
image used, and to provide PyMySQL support.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
|
||||||
|
import pymysql
|
||||||
|
|
||||||
|
pymysql.install_as_MySQLdb()
|
||||||
|
|
||||||
|
from django.core.management import execute_from_command_line
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
os.environ.setdefault("DJANGO_SETTINGS_MODULE",
|
||||||
|
"openstack_dashboard.settings")
|
||||||
|
execute_from_command_line(sys.argv)
|
@ -28,4 +28,8 @@ data:
|
|||||||
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
horizon.sh: |
|
horizon.sh: |
|
||||||
{{ tuple "bin/_horizon.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
{{ tuple "bin/_horizon.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
manage.py: |
|
||||||
|
{{ tuple "bin/_manage.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
django.wsgi: |
|
||||||
|
{{ tuple "bin/_django.wsgi.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -26,4 +26,18 @@ data:
|
|||||||
{{ tuple "etc/_horizon.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
{{ tuple "etc/_horizon.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
local_settings: |
|
local_settings: |
|
||||||
{{ tuple "etc/_local_settings.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
{{ tuple "etc/_local_settings.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
ceilometer_policy.json: |+
|
||||||
|
{{ toJson .Values.conf.ceilometer_policy | indent 4 }}
|
||||||
|
cinder_policy.json: |+
|
||||||
|
{{ toJson .Values.conf.cinder_policy | indent 4 }}
|
||||||
|
glance_policy.json: |+
|
||||||
|
{{ toJson .Values.conf.glance_policy | indent 4 }}
|
||||||
|
heat_policy.json: |+
|
||||||
|
{{ toJson .Values.conf.heat_policy | indent 4 }}
|
||||||
|
keystone_policy.json: |+
|
||||||
|
{{ toJson .Values.conf.keystone_policy | indent 4 }}
|
||||||
|
neutron_policy.json: |+
|
||||||
|
{{ toJson .Values.conf.neutron_policy | indent 4 }}
|
||||||
|
nova_policy.json: |+
|
||||||
|
{{ toJson .Values.conf.nova_policy | indent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -47,6 +47,8 @@ spec:
|
|||||||
image: {{ .Values.images.horizon }}
|
image: {{ .Values.images.horizon }}
|
||||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 0
|
||||||
command:
|
command:
|
||||||
- /tmp/horizon.sh
|
- /tmp/horizon.sh
|
||||||
- start
|
- start
|
||||||
@ -62,23 +64,63 @@ spec:
|
|||||||
tcpSocket:
|
tcpSocket:
|
||||||
port: {{ .Values.network.port }}
|
port: {{ .Values.network.port }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: startsh
|
- name: static-horizon
|
||||||
|
mountPath: /var/www/html/
|
||||||
|
- name: horizon-bin
|
||||||
mountPath: /tmp/horizon.sh
|
mountPath: /tmp/horizon.sh
|
||||||
subPath: horizon.sh
|
subPath: horizon.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: horizon-bin
|
||||||
|
mountPath: /tmp/manage.py
|
||||||
|
subPath: manage.py
|
||||||
|
readOnly: true
|
||||||
- name: horizon-etc
|
- name: horizon-etc
|
||||||
mountPath: /etc/apache2/sites-enabled/000-default.conf
|
mountPath: /etc/apache2/sites-enabled/000-default.conf
|
||||||
subPath: horizon.conf
|
subPath: horizon.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: horizon-bin
|
||||||
|
mountPath: /var/www/cgi-bin/horizon/django.wsgi
|
||||||
|
subPath: django.wsgi
|
||||||
|
readOnly: true
|
||||||
- name: horizon-etc
|
- name: horizon-etc
|
||||||
mountPath: /etc/openstack-dashboard/local_settings
|
mountPath: /etc/openstack-dashboard/local_settings
|
||||||
subPath: local_settings
|
subPath: local_settings
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: horizon-etc
|
||||||
|
mountPath: /etc/openstack-dashboard/ceilometer_policy.json
|
||||||
|
subPath: ceilometer_policy.json
|
||||||
|
readOnly: true
|
||||||
|
- name: horizon-etc
|
||||||
|
mountPath: /etc/openstack-dashboard/cinder_policy.json
|
||||||
|
subPath: cinder_policy.json
|
||||||
|
readOnly: true
|
||||||
|
- name: horizon-etc
|
||||||
|
mountPath: /etc/openstack-dashboard/glance_policy.json
|
||||||
|
subPath: glance_policy.json
|
||||||
|
readOnly: true
|
||||||
|
- name: horizon-etc
|
||||||
|
mountPath: /etc/openstack-dashboard/heat_policy.json
|
||||||
|
subPath: heat_policy.json
|
||||||
|
readOnly: true
|
||||||
|
- name: horizon-etc
|
||||||
|
mountPath: /etc/openstack-dashboard/keystone_policy.json
|
||||||
|
subPath: keystone_policy.json
|
||||||
|
readOnly: true
|
||||||
|
- name: horizon-etc
|
||||||
|
mountPath: /etc/openstack-dashboard/neutron_policy.json
|
||||||
|
subPath: neutron_policy.json
|
||||||
|
readOnly: true
|
||||||
|
- name: horizon-etc
|
||||||
|
mountPath: /etc/openstack-dashboard/nova_policy.json
|
||||||
|
subPath: nova_policy.json
|
||||||
|
readOnly: true
|
||||||
{{ if $mounts_horizon.volumeMounts }}{{ toYaml $mounts_horizon.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_horizon.volumeMounts }}{{ toYaml $mounts_horizon.volumeMounts | indent 12 }}{{ end }}
|
||||||
securityContext:
|
|
||||||
runAsUser: 0
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: startsh
|
- name: wsgi-horizon
|
||||||
|
emptyDir: {}
|
||||||
|
- name: static-horizon
|
||||||
|
emptyDir: {}
|
||||||
|
- name: horizon-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: horizon-bin
|
name: horizon-bin
|
||||||
defaultMode: 0555
|
defaultMode: 0555
|
||||||
|
@ -27,14 +27,14 @@ CustomLog /dev/stdout proxy env=forwarded
|
|||||||
WSGIScriptReloading On
|
WSGIScriptReloading On
|
||||||
WSGIDaemonProcess horizon-http processes=5 threads=1 user=horizon group=horizon display-name=%{GROUP} python-path=/var/lib/kolla/venv/lib/python2.7/site-packages
|
WSGIDaemonProcess horizon-http processes=5 threads=1 user=horizon group=horizon display-name=%{GROUP} python-path=/var/lib/kolla/venv/lib/python2.7/site-packages
|
||||||
WSGIProcessGroup horizon-http
|
WSGIProcessGroup horizon-http
|
||||||
WSGIScriptAlias / /var/lib/kolla/venv/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi
|
WSGIScriptAlias / /var/www/cgi-bin/horizon/django.wsgi
|
||||||
WSGIPassAuthorization On
|
WSGIPassAuthorization On
|
||||||
|
|
||||||
<Location "/">
|
<Location "/">
|
||||||
Require all granted
|
Require all granted
|
||||||
</Location>
|
</Location>
|
||||||
|
|
||||||
Alias /static /var/lib/kolla/venv/lib/python2.7/site-packages/static
|
Alias /static /var/www/html/horizon
|
||||||
<Location "/static">
|
<Location "/static">
|
||||||
SetHandler None
|
SetHandler None
|
||||||
</Location>
|
</Location>
|
||||||
|
@ -672,3 +672,5 @@ REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
|
|||||||
# For more information see:
|
# For more information see:
|
||||||
# http://tinyurl.com/anticlickjack
|
# http://tinyurl.com/anticlickjack
|
||||||
# DISALLOW_IFRAME_EMBED = True
|
# DISALLOW_IFRAME_EMBED = True
|
||||||
|
|
||||||
|
STATIC_ROOT = '/var/www/html/horizon'
|
||||||
|
@ -51,6 +51,10 @@ spec:
|
|||||||
mountPath: /tmp/db-sync.sh
|
mountPath: /tmp/db-sync.sh
|
||||||
subPath: db-sync.sh
|
subPath: db-sync.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: horizon-bin
|
||||||
|
mountPath: /tmp/manage.py
|
||||||
|
subPath: manage.py
|
||||||
|
readOnly: true
|
||||||
{{ if $mounts_horizon_db_sync.volumeMounts }}{{ toYaml $mounts_horizon_db_sync.volumeMounts | indent 10 }}{{ end }}
|
{{ if $mounts_horizon_db_sync.volumeMounts }}{{ toYaml $mounts_horizon_db_sync.volumeMounts | indent 10 }}{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: horizon-etc
|
- name: horizon-etc
|
||||||
|
1061
horizon/values.yaml
1061
horizon/values.yaml
File diff suppressed because it is too large
Load Diff
Loading…
x
Reference in New Issue
Block a user