openstack/openstack-ansible-os_horizon
Code Issues Proposed changes
Role os_horizon for OpenStack-Ansible
96 Commits 9 Branches 138 Tags 6.9 MiB
Jinja 74.5%
Python 18.3%
Shell 7.2%
30138c2850
Go to file
Jesse Pretorius 30138c2850 Add dependencies for paramiko 2.0 
Paramiko version 2.0 has been released. It now uses the Python library
cryptography. Installing this requires additional system packages. This
commit adds in the appropriate packages required by cryptography based
on its documentation [1].

An alternative approach would have been to constrain the version of
Paramiko however the project describes the 1.x versions as relying on
insecure dependencies [2].

[1] https://cryptography.io/en/latest/installation/
[2] http://www.paramiko.org/installing.html

Change-Id: I19c0f95e65bf7d57090398d92b11303589f0619c
2016-05-03 08:56:09 +01:00
defaults Merge "Fix server/hostname for RFC 1034/1035" 2016-04-20 14:12:50 +00:00
doc [DOCS] Cleanup the role docs for consistency and clarity 2016-03-10 08:55:29 -05:00
handlers Convert existing roles into galaxy roles 2015-02-18 10:56:25 +00:00
meta Update min_ansible_version to 1.9 2016-04-11 12:19:51 +01:00
releasenotes Remove Liberty releasenote index 2016-04-21 09:20:30 +01:00
tasks Ansible 2.x - Address deprecation warning of bare variables 2016-04-21 15:20:52 -04:00
templates Optionally allow autocomplete in Horizon 2016-04-14 13:32:52 -05:00
tests Switch defaults/tests to use master branch 2016-04-03 12:59:17 +01:00
.gitignore Add reno scaffolding for release notes management 2016-04-09 19:20:32 +01:00
.gitreview Implement base configuration for independent repository 2016-03-02 09:39:02 -05:00
CONTRIBUTING.rst Convert existing roles into galaxy roles 2015-02-18 10:56:25 +00:00
LICENSE Convert existing roles into galaxy roles 2015-02-18 10:56:25 +00:00
other-requirements.txt Add dependencies for paramiko 2.0 2016-05-03 08:56:09 +01:00
README.rst Remove dependency on the Keystone admin auth token 2016-03-17 10:48:22 -04:00
run_tests.sh Add dependencies for paramiko 2.0 2016-05-03 08:56:09 +01:00
setup.cfg Implement base configuration for independent repository 2016-03-02 09:39:02 -05:00
setup.py Implement base configuration for independent repository 2016-03-02 09:39:02 -05:00
test-requirements.txt Remove Liberty releasenote index 2016-04-21 09:20:30 +01:00
tox.ini Add reno scaffolding for release notes management 2016-04-09 19:20:32 +01:00
Vagrantfile Adding Vagrantfile for local developer testing 2016-03-09 22:04:36 -05:00

README.rst

OpenStack-Ansible Horizon

This Ansible role installs and configures OpenStack Horizon served by the Apache webserver. Horizon is configured to use Galera for session caching and memcached for other caching.

Default Variables

../../defaults/main.yml

Required Variables

This list is not exhaustive at present. See role internals for further details.

horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
horizon_galera_address: 10.100.100.101
horizon_container_mysql_password: "SuperSecrete"
horizon_secret_key: "SuperSecreteHorizonKey"

Example Playbook

- name: Installation and setup of horizon
  hosts: horizon_all
  user: root
  roles:
    - { role: "os_horizon", tags: [ "os-horizon" ] }
  vars:
    galera_client_drop_config_file: false
    external_lb_vip_address: 10.100.100.101
    internal_lb_vip_address: 10.100.100.101
    horizon_galera_address: 10.100.100.101
    horizon_container_mysql_password: "SuperSecrete"
    horizon_secret_key: "SuperSecreteHorizonKey"
    horizon_external_ssl: true
    horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
    horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
    galera_root_password: "secrete"
    rabbitmq_servers: 10.100.100.101
    rabbitmq_use_ssl: false
    rabbitmq_port: 5671
    keystone_admin_user_name: admin
    keystone_auth_admin_password: "SuperSecretePassword"
    keystone_admin_tenant_name: admin
    keystone_service_adminuri_insecure: false
    keystone_service_internaluri_insecure: false
    keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
    keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
    keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
    keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
    openrc_os_password: "{{ keystone_auth_admin_password }}"
    openrc_os_domain_name: "Default"
    memcached_servers: 10.100.100.101
    memcached_encryption_key: "secrete"