Add support for the openSUSE Leap distributions. Additionally,
for openSUSE, we need to load some extra apache2 modules which are
not there by default. Finally, Apache on openSUSE configures some
of it's components in httpd.conf and some others in default-server.conf
so it's not possible to drop one of them as that will likely break
Apache. A future improvement would be to drop both and provide a good
httpd.conf template. Until then, we need to drop the default
configuration for the root directory as that breaks Horizon since
it does not allow symlinks and global access to it.
Change-Id: I51613df836c6a507f6f36967c0ce4b76ba9202a9
This patch does the following:
- Instead of scoping to the inventory group name, we scope
to the play hosts. This allows the execution of the role
using limits to still execute the necessary tasks.
- A little style update is done to improve readability.
- Some includes are changed from static to dynamic to
improve execution speed.
- The tag for the translations async finalisation is
changed to 'horizon-config' to match the rest of the
config related tasks, including the task which starts the
async process.
- The enabling and starting up of Apache is moved to the
handler so that it's all done in one task.
Change-Id: If9726035d1fae0ec78aead38eb85f4d30a45a07c
Restarting the apache service under ubuntu read the envvars file.
This envvars contains the folder for logrotate. If the folder
doesn't exist or hasn't the apache permissions, the restart of
the service will fail.
We ensure here the folder properly exists, with the right
permissions.
Change-Id: I041a044ef88aff917eeb3a618c2c08ac9ceb80fe
The apache2_module module in Ansible 2.2 is much more strict around
configuration syntax checks and contains a bug [0] preventing MPM
modules from being changed.
Move the enabling of apache2 modules ahead of writing configurations and
temporarily use the command module to enable/disable apache2 modules
until this issue is resolved.
[0] https://github.com/ansible/ansible-modules-core/issues/5328
Change-Id: I65ffc016b594ebe0d61d1355364d222d0082ee63
The numerous tags within the role have been condensed
to two tags: horizon-install and horizon-config
These tags have been chosen as they are namespaced
and cover the two major functions of the role.
Documentation has been updated to inform how each tag
influences the function of the role.
Change-Id: I02e5ee7c2975325bfa479f23ae1001095f664dcb
This change makes it so that all services are expecting SSL termination
at the load balancer by default. This is more indicative of how a real
world deployment will be setup and is being added such that we can test
a more production like deployment system by default.
The AIO will now terminate SSL in HAProxy using a self-signed cert.
Change-Id: Ibbeca3325947b549ae00d11e60bf719741b4b0e4
Re-Implementation-Of: https://review.openstack.org/#/c/277199/9
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
In order to make it more difficult to know which
httpd server is running, here is a change to
reduce the ServerTokens OS to ServerTokens Prod
and the ServerSignature On to ServerSignature Off.
This removes ServerName and version report
on page footer and reduces the detail of the httpd
server running in the headers to "Apache".
These options can be overwritten by an user variable
Change-Id: I1aaffaa3b6b7d6574aefac65b6027e62240a702b
Closes-Bug: #1484256
This change implements the blueprint to convert all roles and plays into
a more generic setup, following upstream ansible best practices.
Items Changed:
* All tasks have tags.
* All roles use namespaced variables.
* All redundant tasks within a given play and role have been removed.
* All of the repetitive plays have been removed in-favor of a more
simplistic approach. This change duplicates code within the roles but
ensures that the roles only ever run within their own scope.
* All roles have been built using an ansible galaxy syntax.
* The `*requirement.txt` files have been reformatted follow upstream
Openstack practices.
* Dynamically generated inventory is now more organized, this should assist
anyone who may want or need to dive into the JSON blob that is created.
In the inventory a properties field is used for items that customize containers
within the inventory.
* The environment map has been modified to support additional host groups to
enable the seperation of infrastructure pieces. While the old infra_hosts group
will still work this change allows for groups to be divided up into seperate
chunks; eg: deployment of a swift only stack.
* The LXC logic now exists within the plays.
* etc/openstack_deploy/user_variables.yml has all password/token
variables extracted into the separate file
etc/openstack_deploy/user_secrets.yml in order to allow seperate
security settings on that file.
Items Excised:
* All of the roles have had the LXC logic removed from within them which
should allow roles to be consumed outside of the `os-ansible-deployment`
reference architecture.
Note:
* the directory rpc_deployment still exists and is presently pointed at plays
containing a deprecation warning instructing the user to move to the standard
playbooks directory.
* While all of the rackspace specific components and variables have been removed
and or were refactored the repository still relies on an upstream mirror of
Openstack built python files and container images. This upstream mirror is hosted
at rackspace at "http://rpc-repo.rackspace.com" though this is
not locked to and or tied to rackspace specific installations. This repository
contains all of the needed code to create and/or clone your own mirror.
DocImpact
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Closes-Bug: #1403676
Implements: blueprint galaxy-roles
Change-Id: I03df3328b7655f0cc9e43ba83b02623d038d214e
