├── tests ├── inventory ├── centos-7-test.yml ├── test.yml ├── ansible.cfg └── Dockerfile.centos-7 ├── vars ├── main.yml └── RedHat.yml ├── tasks ├── horizon_install_RedHat.yml ├── horizon_configure.yml └── main.yml ├── handlers └── main.yml ├── meta └── main.yml ├── defaults └── main.yml ├── README.md ├── .travis.yml └── templates └── horizon_local_settings.j2 /tests/inventory: -------------------------------------------------------------------------------- 1 | localhost -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for ansible-role-openstack-horizon 3 | -------------------------------------------------------------------------------- /tests/centos-7-test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # test file 3 | 4 | - hosts: localhost 5 | roles: 6 | - role_under_test 7 | -------------------------------------------------------------------------------- /tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # test file 3 | 4 | - hosts: all 5 | remote_user: root 6 | roles: 7 | - ansible-role-openstack-horizon 8 | -------------------------------------------------------------------------------- /tests/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | roles_path = ../../ 3 | host_key_checking = False 4 | ansible_managed = Ansible managed: modified on %Y-%m-%d %H:%M:%S by {uid} on {host} 5 | -------------------------------------------------------------------------------- /vars/RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for Redhat 3 | 4 | horizon_packages: 5 | - openstack-dashboard 6 | 7 | horizon_system_service_name: httpd 8 | 9 | horizon_local_settings_location: /etc/openstack-dashboard/local_settings 10 | -------------------------------------------------------------------------------- /tasks/horizon_install_RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for horizon install on RedHat 3 | 4 | - name: Install OpenStack horizon packages. 5 | yum: 6 | name: "{{ item }}" 7 | state: installed 8 | with_items: "{{ horizon_packages }}" 9 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for ansible-role-openstack-horizon 3 | 4 | - name: restart horizon 5 | service: 6 | name: "{{ horizon_system_service_name }}" 7 | state: restarted 8 | 9 | - name: restart memcached 10 | service: 11 | name: memcached 12 | state: restarted 13 | -------------------------------------------------------------------------------- /tasks/horizon_configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for horizon configure 3 | 4 | - name: Copy the configuration files for horizon. 5 | template: 6 | src: horizon_local_settings.j2 7 | dest: "{{ horizon_local_settings_location }}" 8 | notify: 9 | - restart horizon 10 | - restart memcached -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: z 3 | description: Installs and configures openstack horizon. 4 | company: 5 | license: license (BSD, MIT) 6 | min_ansible_version: 1.9 7 | platforms: 8 | - name: EL 9 | versions: 10 | - 7 11 | galaxy_tags: 12 | - cloud 13 | - horizon 14 | - openstack 15 | dependencies: [] 16 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for ansible-role-openstack-horizon 3 | 4 | # Variable setup. 5 | - name: Include OS-specific variables. 6 | include_vars: "{{ ansible_os_family }}.yml" 7 | 8 | # Setup/Install tasks. 9 | - include: horizon_install_RedHat.yml 10 | when: ansible_os_family == 'RedHat' 11 | 12 | # Configure tasks. 13 | - include: horizon_configure.yml 14 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for ansible-role-openstack-horizon 3 | 4 | ## openstack public config 5 | # openstack_controller_host: "" 6 | # openstack_memcached_servers: "" 7 | 8 | horizon_memcached_servers: "{{ openstack_memcached_servers }}" 9 | horizon_keystone_default_role: "user" 10 | horizon_keystone_multidomain_support: "False" 11 | horizon_secret_key: 3c23c5824d88d1bdb154 12 | 13 | # Enable optional services provided by neutron 14 | horizon_enable_router: False 15 | horizon_enable_quotas: False 16 | horizon_enable_ipv6: False 17 | horizon_enable_ha_router: False 18 | horizon_enable_lb: False 19 | horizon_enable_firewall: False 20 | horizon_enable_vpn: False 21 | 22 | # 23 | 24 | horizon_time_zone: "Asia/Shanghai" -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: openstack-horizon 2 | 3 | [![Build Status](https://travis-ci.org/devops/ansible-role-openstack-horizon.svg?branch=master)](https://travis-ci.org/devops/ansible-role-openstack-horizon) 4 | 5 | Ansible role that installs and configures openstack horizon. 6 | 7 | ## Requirements 8 | 9 | None. 10 | 11 | ## Role Variables 12 | 13 | ### `defaults/main.yml` 14 | 15 | 16 | ### `vars/RedHat.yml` 17 | 18 | 19 | ## Dependencies 20 | 21 | None. 22 | 23 | ## Example Playbook 24 | 25 | 1) Install openstack-horizon and use the default settings. 26 | 27 | - hosts: all 28 | roles: 29 | - ansible-role-openstack-horizon 30 | 31 | 32 | ## License 33 | 34 | MIT / BSD 35 | 36 | ## Author Information 37 | 38 | z. 39 | -------------------------------------------------------------------------------- /tests/Dockerfile.centos-7: -------------------------------------------------------------------------------- 1 | FROM centos:7 2 | 3 | # Install systemd -- See https://hub.docker.com/_/centos/ 4 | RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs 5 | RUN yum -y update; yum clean all; \ 6 | (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ 7 | rm -f /lib/systemd/system/multi-user.target.wants/*; \ 8 | rm -f /etc/systemd/system/*.wants/*; \ 9 | rm -f /lib/systemd/system/local-fs.target.wants/*; \ 10 | rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ 11 | rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ 12 | rm -f /lib/systemd/system/basic.target.wants/*; \ 13 | rm -f /lib/systemd/system/anaconda.target.wants/*; 14 | 15 | # Install Ansible 16 | RUN yum -y install epel-release 17 | RUN yum -y install git ansible sudo iproute 18 | RUN yum clean all 19 | 20 | # Install Ansible inventory file 21 | RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts 22 | 23 | VOLUME ["/sys/fs/cgroup"] 24 | CMD ["/usr/sbin/init"] 25 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | env: 3 | - distribution: centos 4 | version: 7 5 | init: /usr/lib/systemd/systemd 6 | run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" 7 | playbook: centos-7-test.yml 8 | 9 | services: 10 | - docker 11 | 12 | before_install: 13 | # Pull container 14 | - 'sudo docker pull ${distribution}:${version}' 15 | 16 | # Customize container 17 | - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' 18 | 19 | script: 20 | - container_id=$(mktemp) 21 | 22 | # Run container in detached state 23 | - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' 24 | 25 | # Ansible syntax check. 26 | - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook} --syntax-check' 27 | 28 | # Test role. 29 | - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook}' 30 | 31 | # Test role idempotence. 32 | - > 33 | sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook} 34 | | grep -q 'changed=0.*failed=0' 35 | && (echo 'Idempotence test: pass' && exit 0) 36 | || (echo 'Idempotence test: fail' && exit 1) 37 | 38 | # Some debugging (show all the logs). 39 | - sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ss -ntlup || true 40 | 41 | # Clean up 42 | - sudo docker stop "$(cat ${container_id})" 43 | 44 | notifications: 45 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 46 | -------------------------------------------------------------------------------- /templates/horizon_local_settings.j2: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | import os 4 | 5 | from django.utils.translation import ugettext_lazy as _ 6 | 7 | 8 | from openstack_dashboard import exceptions 9 | from openstack_dashboard.settings import HORIZON_CONFIG 10 | 11 | DEBUG = False 12 | TEMPLATE_DEBUG = DEBUG 13 | 14 | 15 | # WEBROOT is the location relative to Webserver root 16 | # should end with a slash. 17 | WEBROOT = '/dashboard/' 18 | #LOGIN_URL = WEBROOT + 'auth/login/' 19 | #LOGOUT_URL = WEBROOT + 'auth/logout/' 20 | # 21 | # LOGIN_REDIRECT_URL can be used as an alternative for 22 | # HORIZON_CONFIG.user_home, if user_home is not set. 23 | # Do not set it to '/home/', as this will cause circular redirect loop 24 | #LOGIN_REDIRECT_URL = WEBROOT 25 | 26 | # If horizon is running in production (DEBUG is False), set this 27 | # with the list of host/domain names that the application can serve. 28 | # For more information see: 29 | # https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts 30 | # ALLOWED_HOSTS = ['horizon.example.com', 'localhost'] 31 | ALLOWED_HOSTS = ['*', ] 32 | 33 | # Set SSL proxy settings: 34 | # Pass this header from the proxy after terminating the SSL, 35 | # and don't forget to strip it from the client's request. 36 | # For more information see: 37 | # https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header 38 | #SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') 39 | 40 | # If Horizon is being served through SSL, then uncomment the following two 41 | # settings to better secure the cookies from security exploits 42 | #CSRF_COOKIE_SECURE = True 43 | #SESSION_COOKIE_SECURE = True 44 | 45 | # The absolute path to the directory where message files are collected. 46 | # The message file must have a .json file extension. When the user logins to 47 | # horizon, the message files collected are processed and displayed to the user. 48 | #MESSAGES_PATH=None 49 | 50 | # Overrides for OpenStack API versions. Use this setting to force the 51 | # OpenStack dashboard to use a specific API version for a given service API. 52 | # Versions specified here should be integers or floats, not strings. 53 | # NOTE: The version should be formatted as it appears in the URL for the 54 | # service API. For example, The identity service APIs have inconsistent 55 | # use of the decimal point, so valid options would be 2.0 or 3. 56 | #OPENSTACK_API_VERSIONS = { 57 | # "data-processing": 1.1, 58 | # "identity": 3, 59 | # "volume": 2, 60 | # "compute": 2, 61 | #} 62 | 63 | # Set this to True if running on multi-domain model. When this is enabled, it 64 | # will require user to enter the Domain name in addition to username for login. 65 | #OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False 66 | OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = {{ horizon_keystone_multidomain_support }} 67 | 68 | # Overrides the default domain used when running on single-domain model 69 | # with Keystone V3. All entities will be created in the default domain. 70 | # NOTE: This value must be the ID of the default domain, NOT the name. 71 | # Also, you will most likely have a value in the keystone policy file like this 72 | # "cloud_admin": "rule:admin_required and domain_id:" 73 | # This value must match the domain id specified there. 74 | #OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default' 75 | 76 | # Set this to True to enable panels that provide the ability for users to 77 | # manage Identity Providers (IdPs) and establish a set of rules to map 78 | # federation protocol attributes to Identity API attributes. 79 | # This extension requires v3.0+ of the Identity API. 80 | #OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT = False 81 | 82 | # Set Console type: 83 | # valid options are "AUTO"(default), "VNC", "SPICE", "RDP", "SERIAL" or None 84 | # Set to None explicitly if you want to deactivate the console. 85 | #CONSOLE_TYPE = "AUTO" 86 | 87 | # If provided, a "Report Bug" link will be displayed in the site header 88 | # which links to the value of this setting (ideally a URL containing 89 | # information on how to report issues). 90 | #HORIZON_CONFIG["bug_url"] = "http://bug-report.example.com" 91 | 92 | # Show backdrop element outside the modal, do not close the modal 93 | # after clicking on backdrop. 94 | #HORIZON_CONFIG["modal_backdrop"] = "static" 95 | 96 | # Specify a regular expression to validate user passwords. 97 | #HORIZON_CONFIG["password_validator"] = { 98 | # "regex": '.*', 99 | # "help_text": _("Your password does not meet the requirements."), 100 | #} 101 | 102 | # Disable simplified floating IP address management for deployments with 103 | # multiple floating IP pools or complex network requirements. 104 | #HORIZON_CONFIG["simple_ip_management"] = False 105 | 106 | # Turn off browser autocompletion for forms including the login form and 107 | # the database creation workflow if so desired. 108 | #HORIZON_CONFIG["password_autocomplete"] = "off" 109 | 110 | # Setting this to True will disable the reveal button for password fields, 111 | # including on the login form. 112 | #HORIZON_CONFIG["disable_password_reveal"] = False 113 | 114 | LOCAL_PATH = '/tmp' 115 | 116 | # Set custom secret key: 117 | # You can either set it to a specific value or you can let horizon generate a 118 | # default secret key that is unique on this machine, e.i. regardless of the 119 | # amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, 120 | # there may be situations where you would want to set this explicitly, e.g. 121 | # when multiple dashboard instances are distributed on different machines 122 | # (usually behind a load-balancer). Either you have to make sure that a session 123 | # gets all requests routed to the same dashboard instance or you set the same 124 | # SECRET_KEY for all of them. 125 | SECRET_KEY='{{ horizon_secret_key }}' 126 | 127 | # We recommend you use memcached for development; otherwise after every reload 128 | # of the django development server, you will have to login again. To use 129 | # memcached set CACHES to something like 130 | #CACHES = { 131 | # 'default': { 132 | # 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 133 | # 'LOCATION': '127.0.0.1:11211', 134 | # }, 135 | #} 136 | 137 | #CACHES = { 138 | # 'default': { 139 | # 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache', 140 | # }, 141 | #} 142 | 143 | SESSION_ENGINE = "django.contrib.sessions.backends.cached_db" 144 | 145 | CACHES = { 146 | 'default': { 147 | 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 148 | 'LOCATION': '{{ horizon_memcached_servers }}', 149 | } 150 | } 151 | 152 | # Send email to the console by default 153 | EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' 154 | # Or send them to /dev/null 155 | #EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend' 156 | 157 | # Configure these for your outgoing email host 158 | #EMAIL_HOST = 'smtp.my-company.com' 159 | #EMAIL_PORT = 25 160 | #EMAIL_HOST_USER = 'djangomail' 161 | #EMAIL_HOST_PASSWORD = 'top-secret!' 162 | 163 | # For multiple regions uncomment this configuration, and add (endpoint, title). 164 | #AVAILABLE_REGIONS = [ 165 | # ('http://cluster1.example.com:5000/v2.0', 'cluster1'), 166 | # ('http://cluster2.example.com:5000/v2.0', 'cluster2'), 167 | #] 168 | 169 | OPENSTACK_HOST = "{{ openstack_controller_host }}" 170 | OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST 171 | OPENSTACK_KEYSTONE_DEFAULT_ROLE = "{{ horizon_keystone_default_role }}" 172 | 173 | # Enables keystone web single-sign-on if set to True. 174 | #WEBSSO_ENABLED = False 175 | 176 | # Determines which authentication choice to show as default. 177 | #WEBSSO_INITIAL_CHOICE = "credentials" 178 | 179 | # The list of authentication mechanisms which include keystone 180 | # federation protocols and identity provider/federation protocol 181 | # mapping keys (WEBSSO_IDP_MAPPING). Current supported protocol 182 | # IDs are 'saml2' and 'oidc' which represent SAML 2.0, OpenID 183 | # Connect respectively. 184 | # Do not remove the mandatory credentials mechanism. 185 | # Note: The last two tuples are sample mapping keys to a identity provider 186 | # and federation protocol combination (WEBSSO_IDP_MAPPING). 187 | #WEBSSO_CHOICES = ( 188 | # ("credentials", _("Keystone Credentials")), 189 | # ("oidc", _("OpenID Connect")), 190 | # ("saml2", _("Security Assertion Markup Language")), 191 | # ("acme_oidc", "ACME - OpenID Connect"), 192 | # ("acme_saml2", "ACME - SAML2"), 193 | #) 194 | 195 | # A dictionary of specific identity provider and federation protocol 196 | # combinations. From the selected authentication mechanism, the value 197 | # will be looked up as keys in the dictionary. If a match is found, 198 | # it will redirect the user to a identity provider and federation protocol 199 | # specific WebSSO endpoint in keystone, otherwise it will use the value 200 | # as the protocol_id when redirecting to the WebSSO by protocol endpoint. 201 | # NOTE: The value is expected to be a tuple formatted as: (, ). 202 | #WEBSSO_IDP_MAPPING = { 203 | # "acme_oidc": ("acme", "oidc"), 204 | # "acme_saml2": ("acme", "saml2"), 205 | #} 206 | 207 | # Disable SSL certificate checks (useful for self-signed certificates): 208 | #OPENSTACK_SSL_NO_VERIFY = True 209 | 210 | # The CA certificate to use to verify SSL connections 211 | #OPENSTACK_SSL_CACERT = '/path/to/cacert.pem' 212 | 213 | # The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the 214 | # capabilities of the auth backend for Keystone. 215 | # If Keystone has been configured to use LDAP as the auth backend then set 216 | # can_edit_user to False and name to 'ldap'. 217 | # 218 | # TODO(tres): Remove these once Keystone has an API to identify auth backend. 219 | OPENSTACK_KEYSTONE_BACKEND = { 220 | 'name': 'native', 221 | 'can_edit_user': True, 222 | 'can_edit_group': True, 223 | 'can_edit_project': True, 224 | 'can_edit_domain': True, 225 | 'can_edit_role': True, 226 | } 227 | 228 | # Setting this to True, will add a new "Retrieve Password" action on instance, 229 | # allowing Admin session password retrieval/decryption. 230 | #OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False 231 | 232 | # The Launch Instance user experience has been significantly enhanced. 233 | # You can choose whether to enable the new launch instance experience, 234 | # the legacy experience, or both. The legacy experience will be removed 235 | # in a future release, but is available as a temporary backup setting to ensure 236 | # compatibility with existing deployments. Further development will not be 237 | # done on the legacy experience. Please report any problems with the new 238 | # experience via the Launchpad tracking system. 239 | # 240 | # Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to 241 | # determine the experience to enable. Set them both to true to enable 242 | # both. 243 | #LAUNCH_INSTANCE_LEGACY_ENABLED = True 244 | #LAUNCH_INSTANCE_NG_ENABLED = False 245 | 246 | # A dictionary of settings which can be used to provide the default values for 247 | # properties found in the Launch Instance modal. 248 | #LAUNCH_INSTANCE_DEFAULTS = { 249 | # 'config_drive': False, 250 | #} 251 | 252 | # The Xen Hypervisor has the ability to set the mount point for volumes 253 | # attached to instances (other Hypervisors currently do not). Setting 254 | # can_set_mount_point to True will add the option to set the mount point 255 | # from the UI. 256 | OPENSTACK_HYPERVISOR_FEATURES = { 257 | 'can_set_mount_point': False, 258 | 'can_set_password': False, 259 | 'requires_keypair': False, 260 | } 261 | 262 | # The OPENSTACK_CINDER_FEATURES settings can be used to enable optional 263 | # services provided by cinder that is not exposed by its extension API. 264 | OPENSTACK_CINDER_FEATURES = { 265 | 'enable_backup': False, 266 | } 267 | 268 | # The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional 269 | # services provided by neutron. Options currently available are load 270 | # balancer service, security groups, quotas, VPN service. 271 | OPENSTACK_NEUTRON_NETWORK = { 272 | 'enable_router': {{ horizon_enable_router | bool }}, 273 | 'enable_quotas': {{ horizon_enable_quotas | bool }}, 274 | 'enable_ipv6': {{ horizon_enable_ipv6 | bool }}, 275 | 'enable_distributed_router': False, 276 | 'enable_ha_router': {{ horizon_enable_ha_router | bool }}, 277 | 'enable_lb': {{ horizon_enable_lb | bool }}, 278 | 'enable_firewall': {{ horizon_enable_firewall | bool }}, 279 | 'enable_vpn': {{ horizon_enable_vpn | bool }}, 280 | 'enable_fip_topology_check': True, 281 | 282 | # Neutron can be configured with a default Subnet Pool to be used for IPv4 283 | # subnet-allocation. Specify the label you wish to display in the Address 284 | # pool selector on the create subnet step if you want to use this feature. 285 | 'default_ipv4_subnet_pool_label': None, 286 | 287 | # Neutron can be configured with a default Subnet Pool to be used for IPv6 288 | # subnet-allocation. Specify the label you wish to display in the Address 289 | # pool selector on the create subnet step if you want to use this feature. 290 | # You must set this to enable IPv6 Prefix Delegation in a PD-capable 291 | # environment. 292 | 'default_ipv6_subnet_pool_label': None, 293 | 294 | # The profile_support option is used to detect if an external router can be 295 | # configured via the dashboard. When using specific plugins the 296 | # profile_support can be turned on if needed. 297 | 'profile_support': None, 298 | #'profile_support': 'cisco', 299 | 300 | # Set which provider network types are supported. Only the network types 301 | # in this list will be available to choose from when creating a network. 302 | # Network types include local, flat, vlan, gre, and vxlan. 303 | 'supported_provider_types': ['*'], 304 | 305 | # Set which VNIC types are supported for port binding. Only the VNIC 306 | # types in this list will be available to choose from when creating a 307 | # port. 308 | # VNIC types include 'normal', 'macvtap' and 'direct'. 309 | # Set to empty list or None to disable VNIC type selection. 310 | 'supported_vnic_types': ['*'], 311 | } 312 | 313 | # The OPENSTACK_HEAT_STACK settings can be used to disable password 314 | # field required while launching the stack. 315 | OPENSTACK_HEAT_STACK = { 316 | 'enable_user_pass': True, 317 | } 318 | 319 | # The OPENSTACK_IMAGE_BACKEND settings can be used to customize features 320 | # in the OpenStack Dashboard related to the Image service, such as the list 321 | # of supported image formats. 322 | #OPENSTACK_IMAGE_BACKEND = { 323 | # 'image_formats': [ 324 | # ('', _('Select format')), 325 | # ('aki', _('AKI - Amazon Kernel Image')), 326 | # ('ami', _('AMI - Amazon Machine Image')), 327 | # ('ari', _('ARI - Amazon Ramdisk Image')), 328 | # ('docker', _('Docker')), 329 | # ('iso', _('ISO - Optical Disk Image')), 330 | # ('ova', _('OVA - Open Virtual Appliance')), 331 | # ('qcow2', _('QCOW2 - QEMU Emulator')), 332 | # ('raw', _('Raw')), 333 | # ('vdi', _('VDI - Virtual Disk Image')), 334 | # ('vhd', _('VHD - Virtual Hard Disk')), 335 | # ('vmdk', _('VMDK - Virtual Machine Disk')), 336 | # ], 337 | #} 338 | 339 | # The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for 340 | # image custom property attributes that appear on image detail pages. 341 | IMAGE_CUSTOM_PROPERTY_TITLES = { 342 | "architecture": _("Architecture"), 343 | "kernel_id": _("Kernel ID"), 344 | "ramdisk_id": _("Ramdisk ID"), 345 | "image_state": _("Euca2ools state"), 346 | "project_id": _("Project ID"), 347 | "image_type": _("Image Type"), 348 | } 349 | 350 | # The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image 351 | # custom properties should not be displayed in the Image Custom Properties 352 | # table. 353 | IMAGE_RESERVED_CUSTOM_PROPERTIES = [] 354 | 355 | # OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints 356 | # in the Keystone service catalog. Use this setting when Horizon is running 357 | # external to the OpenStack environment. The default is 'publicURL'. 358 | #OPENSTACK_ENDPOINT_TYPE = "publicURL" 359 | 360 | # SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the 361 | # case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints 362 | # in the Keystone service catalog. Use this setting when Horizon is running 363 | # external to the OpenStack environment. The default is None. This 364 | # value should differ from OPENSTACK_ENDPOINT_TYPE if used. 365 | #SECONDARY_ENDPOINT_TYPE = "publicURL" 366 | 367 | # The number of objects (Swift containers/objects or images) to display 368 | # on a single page before providing a paging element (a "more" link) 369 | # to paginate results. 370 | API_RESULT_LIMIT = 1000 371 | API_RESULT_PAGE_SIZE = 20 372 | 373 | # The size of chunk in bytes for downloading objects from Swift 374 | SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024 375 | 376 | # Specify a maximum number of items to display in a dropdown. 377 | DROPDOWN_MAX_ITEMS = 30 378 | 379 | # The timezone of the server. This should correspond with the timezone 380 | # of your entire OpenStack installation, and hopefully be in UTC. 381 | TIME_ZONE = "{{ horizon_time_zone }}" 382 | 383 | # When launching an instance, the menu of available flavors is 384 | # sorted by RAM usage, ascending. If you would like a different sort order, 385 | # you can provide another flavor attribute as sorting key. Alternatively, you 386 | # can provide a custom callback method to use for sorting. You can also provide 387 | # a flag for reverse sort. For more info, see 388 | # http://docs.python.org/2/library/functions.html#sorted 389 | #CREATE_INSTANCE_FLAVOR_SORT = { 390 | # 'key': 'name', 391 | # # or 392 | # 'key': my_awesome_callback_method, 393 | # 'reverse': False, 394 | #} 395 | 396 | # Set this to True to display an 'Admin Password' field on the Change Password 397 | # form to verify that it is indeed the admin logged-in who wants to change 398 | # the password. 399 | #ENFORCE_PASSWORD_CHECK = False 400 | 401 | # Modules that provide /auth routes that can be used to handle different types 402 | # of user authentication. Add auth plugins that require extra route handling to 403 | # this list. 404 | #AUTHENTICATION_URLS = [ 405 | # 'openstack_auth.urls', 406 | #] 407 | 408 | # The Horizon Policy Enforcement engine uses these values to load per service 409 | # policy rule files. The content of these files should match the files the 410 | # OpenStack services are using to determine role based access control in the 411 | # target installation. 412 | 413 | # Path to directory containing policy.json files 414 | POLICY_FILES_PATH = '/etc/openstack-dashboard' 415 | 416 | # Map of local copy of service policy files. 417 | # Please insure that your identity policy file matches the one being used on 418 | # your keystone servers. There is an alternate policy file that may be used 419 | # in the Keystone v3 multi-domain case, policy.v3cloudsample.json. 420 | # This file is not included in the Horizon repository by default but can be 421 | # found at 422 | # http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \ 423 | # policy.v3cloudsample.json 424 | # Having matching policy files on the Horizon and Keystone servers is essential 425 | # for normal operation. This holds true for all services and their policy files. 426 | #POLICY_FILES = { 427 | # 'identity': 'keystone_policy.json', 428 | # 'compute': 'nova_policy.json', 429 | # 'volume': 'cinder_policy.json', 430 | # 'image': 'glance_policy.json', 431 | # 'orchestration': 'heat_policy.json', 432 | # 'network': 'neutron_policy.json', 433 | # 'telemetry': 'ceilometer_policy.json', 434 | #} 435 | 436 | # TODO: (david-lyle) remove when plugins support adding settings. 437 | # Note: Only used when trove-dashboard plugin is configured to be used by 438 | # Horizon. 439 | # Trove user and database extension support. By default support for 440 | # creating users and databases on database instances is turned on. 441 | # To disable these extensions set the permission here to something 442 | # unusable such as ["!"]. 443 | #TROVE_ADD_USER_PERMS = [] 444 | #TROVE_ADD_DATABASE_PERMS = [] 445 | 446 | # Change this patch to the appropriate list of tuples containing 447 | # a key, label and static directory containing two files: 448 | # _variables.scss and _styles.scss 449 | #AVAILABLE_THEMES = [ 450 | # ('default', 'Default', 'themes/default'), 451 | # ('material', 'Material', 'themes/material'), 452 | #] 453 | 454 | LOGGING = { 455 | 'version': 1, 456 | # When set to True this will disable all logging except 457 | # for loggers specified in this configuration dictionary. Note that 458 | # if nothing is specified here and disable_existing_loggers is True, 459 | # django.db.backends will still log unless it is disabled explicitly. 460 | 'disable_existing_loggers': False, 461 | 'handlers': { 462 | 'null': { 463 | 'level': 'DEBUG', 464 | 'class': 'logging.NullHandler', 465 | }, 466 | 'console': { 467 | # Set the level to "DEBUG" for verbose output logging. 468 | 'level': 'INFO', 469 | 'class': 'logging.StreamHandler', 470 | }, 471 | }, 472 | 'loggers': { 473 | # Logging from django.db.backends is VERY verbose, send to null 474 | # by default. 475 | 'django.db.backends': { 476 | 'handlers': ['null'], 477 | 'propagate': False, 478 | }, 479 | 'requests': { 480 | 'handlers': ['null'], 481 | 'propagate': False, 482 | }, 483 | 'horizon': { 484 | 'handlers': ['console'], 485 | 'level': 'DEBUG', 486 | 'propagate': False, 487 | }, 488 | 'openstack_dashboard': { 489 | 'handlers': ['console'], 490 | 'level': 'DEBUG', 491 | 'propagate': False, 492 | }, 493 | 'novaclient': { 494 | 'handlers': ['console'], 495 | 'level': 'DEBUG', 496 | 'propagate': False, 497 | }, 498 | 'cinderclient': { 499 | 'handlers': ['console'], 500 | 'level': 'DEBUG', 501 | 'propagate': False, 502 | }, 503 | 'keystoneclient': { 504 | 'handlers': ['console'], 505 | 'level': 'DEBUG', 506 | 'propagate': False, 507 | }, 508 | 'glanceclient': { 509 | 'handlers': ['console'], 510 | 'level': 'DEBUG', 511 | 'propagate': False, 512 | }, 513 | 'neutronclient': { 514 | 'handlers': ['console'], 515 | 'level': 'DEBUG', 516 | 'propagate': False, 517 | }, 518 | 'heatclient': { 519 | 'handlers': ['console'], 520 | 'level': 'DEBUG', 521 | 'propagate': False, 522 | }, 523 | 'ceilometerclient': { 524 | 'handlers': ['console'], 525 | 'level': 'DEBUG', 526 | 'propagate': False, 527 | }, 528 | 'swiftclient': { 529 | 'handlers': ['console'], 530 | 'level': 'DEBUG', 531 | 'propagate': False, 532 | }, 533 | 'openstack_auth': { 534 | 'handlers': ['console'], 535 | 'level': 'DEBUG', 536 | 'propagate': False, 537 | }, 538 | 'nose.plugins.manager': { 539 | 'handlers': ['console'], 540 | 'level': 'DEBUG', 541 | 'propagate': False, 542 | }, 543 | 'django': { 544 | 'handlers': ['console'], 545 | 'level': 'DEBUG', 546 | 'propagate': False, 547 | }, 548 | 'iso8601': { 549 | 'handlers': ['null'], 550 | 'propagate': False, 551 | }, 552 | 'scss': { 553 | 'handlers': ['null'], 554 | 'propagate': False, 555 | }, 556 | }, 557 | } 558 | 559 | # 'direction' should not be specified for all_tcp/udp/icmp. 560 | # It is specified in the form. 561 | SECURITY_GROUP_RULES = { 562 | 'all_tcp': { 563 | 'name': _('All TCP'), 564 | 'ip_protocol': 'tcp', 565 | 'from_port': '1', 566 | 'to_port': '65535', 567 | }, 568 | 'all_udp': { 569 | 'name': _('All UDP'), 570 | 'ip_protocol': 'udp', 571 | 'from_port': '1', 572 | 'to_port': '65535', 573 | }, 574 | 'all_icmp': { 575 | 'name': _('All ICMP'), 576 | 'ip_protocol': 'icmp', 577 | 'from_port': '-1', 578 | 'to_port': '-1', 579 | }, 580 | 'ssh': { 581 | 'name': 'SSH', 582 | 'ip_protocol': 'tcp', 583 | 'from_port': '22', 584 | 'to_port': '22', 585 | }, 586 | 'smtp': { 587 | 'name': 'SMTP', 588 | 'ip_protocol': 'tcp', 589 | 'from_port': '25', 590 | 'to_port': '25', 591 | }, 592 | 'dns': { 593 | 'name': 'DNS', 594 | 'ip_protocol': 'tcp', 595 | 'from_port': '53', 596 | 'to_port': '53', 597 | }, 598 | 'http': { 599 | 'name': 'HTTP', 600 | 'ip_protocol': 'tcp', 601 | 'from_port': '80', 602 | 'to_port': '80', 603 | }, 604 | 'pop3': { 605 | 'name': 'POP3', 606 | 'ip_protocol': 'tcp', 607 | 'from_port': '110', 608 | 'to_port': '110', 609 | }, 610 | 'imap': { 611 | 'name': 'IMAP', 612 | 'ip_protocol': 'tcp', 613 | 'from_port': '143', 614 | 'to_port': '143', 615 | }, 616 | 'ldap': { 617 | 'name': 'LDAP', 618 | 'ip_protocol': 'tcp', 619 | 'from_port': '389', 620 | 'to_port': '389', 621 | }, 622 | 'https': { 623 | 'name': 'HTTPS', 624 | 'ip_protocol': 'tcp', 625 | 'from_port': '443', 626 | 'to_port': '443', 627 | }, 628 | 'smtps': { 629 | 'name': 'SMTPS', 630 | 'ip_protocol': 'tcp', 631 | 'from_port': '465', 632 | 'to_port': '465', 633 | }, 634 | 'imaps': { 635 | 'name': 'IMAPS', 636 | 'ip_protocol': 'tcp', 637 | 'from_port': '993', 638 | 'to_port': '993', 639 | }, 640 | 'pop3s': { 641 | 'name': 'POP3S', 642 | 'ip_protocol': 'tcp', 643 | 'from_port': '995', 644 | 'to_port': '995', 645 | }, 646 | 'ms_sql': { 647 | 'name': 'MS SQL', 648 | 'ip_protocol': 'tcp', 649 | 'from_port': '1433', 650 | 'to_port': '1433', 651 | }, 652 | 'mysql': { 653 | 'name': 'MYSQL', 654 | 'ip_protocol': 'tcp', 655 | 'from_port': '3306', 656 | 'to_port': '3306', 657 | }, 658 | 'rdp': { 659 | 'name': 'RDP', 660 | 'ip_protocol': 'tcp', 661 | 'from_port': '3389', 662 | 'to_port': '3389', 663 | }, 664 | } 665 | 666 | # Deprecation Notice: 667 | # 668 | # The setting FLAVOR_EXTRA_KEYS has been deprecated. 669 | # Please load extra spec metadata into the Glance Metadata Definition Catalog. 670 | # 671 | # The sample quota definitions can be found in: 672 | # /etc/metadefs/compute-quota.json 673 | # 674 | # The metadata definition catalog supports CLI and API: 675 | # $glance --os-image-api-version 2 help md-namespace-import 676 | # $glance-manage db_load_metadefs 677 | # 678 | # See Metadata Definitions on: http://docs.openstack.org/developer/glance/ 679 | 680 | # TODO: (david-lyle) remove when plugins support settings natively 681 | # Note: This is only used when the Sahara plugin is configured and enabled 682 | # for use in Horizon. 683 | # Indicate to the Sahara data processing service whether or not 684 | # automatic floating IP allocation is in effect. If it is not 685 | # in effect, the user will be prompted to choose a floating IP 686 | # pool for use in their cluster. False by default. You would want 687 | # to set this to True if you were running Nova Networking with 688 | # auto_assign_floating_ip = True. 689 | #SAHARA_AUTO_IP_ALLOCATION_ENABLED = False 690 | 691 | # The hash algorithm to use for authentication tokens. This must 692 | # match the hash algorithm that the identity server and the 693 | # auth_token middleware are using. Allowed values are the 694 | # algorithms supported by Python's hashlib library. 695 | #OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5' 696 | 697 | # Hashing tokens from Keystone keeps the Horizon session data smaller, but it 698 | # doesn't work in some cases when using PKI tokens. Uncomment this value and 699 | # set it to False if using PKI tokens and there are 401 errors due to token 700 | # hashing. 701 | #OPENSTACK_TOKEN_HASH_ENABLED = True 702 | 703 | # AngularJS requires some settings to be made available to 704 | # the client side. Some settings are required by in-tree / built-in horizon 705 | # features. These settings must be added to REST_API_REQUIRED_SETTINGS in the 706 | # form of ['SETTING_1','SETTING_2'], etc. 707 | # 708 | # You may remove settings from this list for security purposes, but do so at 709 | # the risk of breaking a built-in horizon feature. These settings are required 710 | # for horizon to function properly. Only remove them if you know what you 711 | # are doing. These settings may in the future be moved to be defined within 712 | # the enabled panel configuration. 713 | # You should not add settings to this list for out of tree extensions. 714 | # See: https://wiki.openstack.org/wiki/Horizon/RESTAPI 715 | REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES', 716 | 'LAUNCH_INSTANCE_DEFAULTS'] 717 | 718 | # Additional settings can be made available to the client side for 719 | # extensibility by specifying them in REST_API_ADDITIONAL_SETTINGS 720 | # !! Please use extreme caution as the settings are transferred via HTTP/S 721 | # and are not encrypted on the browser. This is an experimental API and 722 | # may be deprecated in the future without notice. 723 | #REST_API_ADDITIONAL_SETTINGS = [] 724 | 725 | # DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded 726 | # within an iframe. Legacy browsers are still vulnerable to a Cross-Frame 727 | # Scripting (XFS) vulnerability, so this option allows extra security hardening 728 | # where iframes are not used in deployment. Default setting is True. 729 | # For more information see: 730 | # http://tinyurl.com/anticlickjack 731 | #DISALLOW_IFRAME_EMBED = True 732 | --------------------------------------------------------------------------------