flatten the horizon service configurations
This change combines the previous puppet and docker files into a single file that performs the docker service installation and configuration for the horizon service. With this patch the baremetal version of each respective horizon service has been removed. Change-Id: I132465a32cd9f5e094ed184a92549d6521ad4e64 Related-Blueprint: services-yaml-flattening
This commit is contained in:
parent
57d23df6be
commit
3238e547a6
@ -39,38 +39,179 @@ parameters:
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
Debug:
|
||||
default: false
|
||||
description: Set to True to enable debugging on all services.
|
||||
type: boolean
|
||||
HorizonDebug:
|
||||
default: false
|
||||
description: Set to True to enable debugging Horizon service.
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
|
||||
HorizonAllowedHosts:
|
||||
default: '*'
|
||||
description: A list of IP/Hostname for the server Horizon is running on.
|
||||
Used for header checks.
|
||||
type: comma_delimited_list
|
||||
HorizonPasswordValidator:
|
||||
description: Regex for password validation
|
||||
type: string
|
||||
default: ''
|
||||
HorizonPasswordValidatorHelp:
|
||||
description: Help text for password validation
|
||||
type: string
|
||||
default: ''
|
||||
HorizonSecret:
|
||||
description: Secret key for Django
|
||||
type: string
|
||||
hidden: true
|
||||
default: ''
|
||||
HorizonSecureCookies:
|
||||
description: Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in Horizon
|
||||
type: boolean
|
||||
default: false
|
||||
MemcachedIPv6:
|
||||
default: false
|
||||
description: Enable IPv6 features in Memcached.
|
||||
type: boolean
|
||||
MonitoringSubscriptionHorizon:
|
||||
default: 'overcloud-horizon'
|
||||
type: string
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
InternalTLSCAFile:
|
||||
default: '/etc/ipa/ca.crt'
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
HorizonVhostExtraParams:
|
||||
default:
|
||||
add_listen: true
|
||||
priority: 10
|
||||
access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
|
||||
options: ['FollowSymLinks','MultiViews']
|
||||
description: Extra parameters for Horizon vhost configuration
|
||||
type: json
|
||||
HorizonCustomizationModule:
|
||||
default: ''
|
||||
description: Horizon has a global overrides mechanism available to perform customizations
|
||||
type: string
|
||||
WebSSOEnable:
|
||||
default: false
|
||||
type: boolean
|
||||
description: Enable support for Web Single Sign-On
|
||||
WebSSOInitialChoice:
|
||||
default: 'OIDC'
|
||||
type: string
|
||||
description: The initial authentication choice to select by default
|
||||
WebSSOChoices:
|
||||
default:
|
||||
- ['OIDC', 'OpenID Connect']
|
||||
type: json
|
||||
description: Specifies the list of SSO authentication choices to present.
|
||||
Each item is a list of an SSO choice identifier and a display
|
||||
message.
|
||||
WebSSOIDPMapping:
|
||||
default:
|
||||
'OIDC': ['myidp', 'openid']
|
||||
type: json
|
||||
description: Specifies a mapping from SSO authentication choice to identity
|
||||
provider and protocol. The identity provider and protocol names
|
||||
must match the resources defined in keystone.
|
||||
|
||||
conditions:
|
||||
|
||||
debug_unset: {equals : [{get_param: Debug}, '']}
|
||||
websso_enabled: {equals : [{get_param: WebSSOEnable}, True]}
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
|
||||
HorizonBase:
|
||||
type: ../../puppet/services/horizon.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
type: ../../docker/services/containers-common.yaml
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Horizon API role.
|
||||
value:
|
||||
service_name: {get_attr: [HorizonBase, role_data, service_name]}
|
||||
config_settings: {get_attr: [HorizonBase, role_data, config_settings]}
|
||||
service_config_settings: {get_attr: [HorizonBase, role_data, service_config_settings]}
|
||||
service_name: horizon
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionHorizon}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- horizon::allowed_hosts: {get_param: HorizonAllowedHosts}
|
||||
tripleo::horizon::firewall_rules:
|
||||
'126 horizon':
|
||||
dport:
|
||||
- 80
|
||||
- 443
|
||||
horizon::enable_secure_proxy_ssl_header: true
|
||||
horizon::disable_password_reveal: true
|
||||
horizon::enforce_password_check: true
|
||||
horizon::disallow_iframe_embed: true
|
||||
horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
|
||||
horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
|
||||
horizon::vhost_extra_params: {get_param: HorizonVhostExtraParams}
|
||||
horizon::bind_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
|
||||
horizon::keystone_url: {get_param: [EndpointMap, KeystoneV3Public, uri]}
|
||||
horizon::password_validator: {get_param: [HorizonPasswordValidator]}
|
||||
horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]}
|
||||
horizon::secret_key:
|
||||
yaql:
|
||||
expression: $.data.passwords.where($ != '').first()
|
||||
data:
|
||||
passwords:
|
||||
- {get_param: HorizonSecret}
|
||||
- {get_param: [DefaultPasswords, horizon_secret]}
|
||||
horizon::secure_cookies: {get_param: [HorizonSecureCookies]}
|
||||
memcached_ipv6: {get_param: MemcachedIPv6}
|
||||
horizon::servername:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
|
||||
horizon::listen_ssl: {get_param: EnableInternalTLS}
|
||||
horizon::horizon_ca: {get_param: InternalTLSCAFile}
|
||||
horizon::customization_module: {get_param: HorizonCustomizationModule}
|
||||
-
|
||||
if:
|
||||
- websso_enabled
|
||||
-
|
||||
horizon::websso_enabled:
|
||||
get_param: WebSSOEnable
|
||||
horizon::websso_initial_choice:
|
||||
get_param: WebSSOInitialChoice
|
||||
horizon::websso_choices:
|
||||
get_param: WebSSOChoices
|
||||
horizon::websso_idp_mapping:
|
||||
get_param: WebSSOIDPMapping
|
||||
- {}
|
||||
-
|
||||
if:
|
||||
- debug_unset
|
||||
- horizon::django_debug: { get_param: HorizonDebug }
|
||||
- horizon::django_debug: { get_param: Debug }
|
||||
service_config_settings:
|
||||
haproxy:
|
||||
tripleo::haproxy::firewall_rules:
|
||||
'127 horizon':
|
||||
dport:
|
||||
- 80
|
||||
- 443
|
||||
keystone:
|
||||
keystone_enable_member: true
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: horizon
|
||||
puppet_tags: horizon_config
|
||||
step_config: {get_attr: [HorizonBase, role_data, step_config]}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::horizon
|
||||
config_image: {get_param: DockerHorizonConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/horizon.json:
|
||||
@ -226,5 +367,3 @@ outputs:
|
||||
vars:
|
||||
containers_to_rm:
|
||||
- horizon
|
||||
metadata_settings:
|
||||
get_attr: [HorizonBase, role_data, metadata_settings]
|
@ -24,7 +24,7 @@ resource_registry:
|
||||
OS::TripleO::Services::HeatApiCfn: ../deployment/heat/heat-api-cfn-container-puppet.yaml
|
||||
OS::TripleO::Services::HeatEngine: ../deployment/heat/heat-engine-container-puppet.yaml
|
||||
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-container-puppet.yaml
|
||||
OS::TripleO::Services::Horizon: ../puppet/services/horizon.yaml
|
||||
OS::TripleO::Services::Horizon: ../deployment/horizon/horizon-container-puppet.yaml
|
||||
OS::TripleO::Services::Iscsid: ../deployment/iscsid/iscsid-container-puppet.yaml
|
||||
OS::TripleO::Services::Keystone: ../deployment/keystone/keystone-container-puppet.yaml
|
||||
OS::TripleO::Services::Memcached: ../deployment/memcached/memcached-container-puppet.yaml
|
||||
|
@ -220,7 +220,7 @@ resource_registry:
|
||||
OS::TripleO::Services::CeilometerAgentIpmi: docker/services/ceilometer-agent-ipmi.yaml
|
||||
OS::TripleO::Services::CeilometerAgentNotification: docker/services/ceilometer-agent-notification.yaml
|
||||
OS::TripleO::Services::ComputeCeilometerAgent: docker/services/ceilometer-agent-compute.yaml
|
||||
OS::TripleO::Services::Horizon: docker/services/horizon.yaml
|
||||
OS::TripleO::Services::Horizon: deployment/horizon/horizon-container-puppet.yaml
|
||||
#Gnocchi services
|
||||
OS::TripleO::Services::GnocchiApi: docker/services/gnocchi-api.yaml
|
||||
OS::TripleO::Services::GnocchiMetricd: docker/services/gnocchi-metricd.yaml
|
||||
|
@ -1,197 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
Horizon service configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
Debug:
|
||||
default: false
|
||||
description: Set to True to enable debugging on all services.
|
||||
type: boolean
|
||||
HorizonDebug:
|
||||
default: false
|
||||
description: Set to True to enable debugging Horizon service.
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
HorizonAllowedHosts:
|
||||
default: '*'
|
||||
description: A list of IP/Hostname for the server Horizon is running on.
|
||||
Used for header checks.
|
||||
type: comma_delimited_list
|
||||
HorizonPasswordValidator:
|
||||
description: Regex for password validation
|
||||
type: string
|
||||
default: ''
|
||||
HorizonPasswordValidatorHelp:
|
||||
description: Help text for password validation
|
||||
type: string
|
||||
default: ''
|
||||
HorizonSecret:
|
||||
description: Secret key for Django
|
||||
type: string
|
||||
hidden: true
|
||||
default: ''
|
||||
HorizonSecureCookies:
|
||||
description: Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in Horizon
|
||||
type: boolean
|
||||
default: false
|
||||
MemcachedIPv6:
|
||||
default: false
|
||||
description: Enable IPv6 features in Memcached.
|
||||
type: boolean
|
||||
MonitoringSubscriptionHorizon:
|
||||
default: 'overcloud-horizon'
|
||||
type: string
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
InternalTLSCAFile:
|
||||
default: '/etc/ipa/ca.crt'
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
HorizonVhostExtraParams:
|
||||
default:
|
||||
add_listen: true
|
||||
priority: 10
|
||||
access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
|
||||
options: ['FollowSymLinks','MultiViews']
|
||||
description: Extra parameters for Horizon vhost configuration
|
||||
type: json
|
||||
HorizonCustomizationModule:
|
||||
default: ''
|
||||
description: Horizon has a global overrides mechanism available to perform customizations
|
||||
type: string
|
||||
WebSSOEnable:
|
||||
default: false
|
||||
type: boolean
|
||||
description: Enable support for Web Single Sign-On
|
||||
WebSSOInitialChoice:
|
||||
default: 'OIDC'
|
||||
type: string
|
||||
description: The initial authentication choice to select by default
|
||||
WebSSOChoices:
|
||||
default:
|
||||
- ['OIDC', 'OpenID Connect']
|
||||
type: json
|
||||
description: Specifies the list of SSO authentication choices to present.
|
||||
Each item is a list of an SSO choice identifier and a display
|
||||
message.
|
||||
WebSSOIDPMapping:
|
||||
default:
|
||||
'OIDC': ['myidp', 'openid']
|
||||
type: json
|
||||
description: Specifies a mapping from SSO authentication choice to identity
|
||||
provider and protocol. The identity provider and protocol names
|
||||
must match the resources defined in keystone.
|
||||
|
||||
conditions:
|
||||
|
||||
debug_unset: {equals : [{get_param: Debug}, '']}
|
||||
websso_enabled: {equals : [{get_param: WebSSOEnable}, True]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Horizon role.
|
||||
value:
|
||||
service_name: horizon
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionHorizon}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- horizon::allowed_hosts: {get_param: HorizonAllowedHosts}
|
||||
tripleo::horizon::firewall_rules:
|
||||
'126 horizon':
|
||||
dport:
|
||||
- 80
|
||||
- 443
|
||||
horizon::enable_secure_proxy_ssl_header: true
|
||||
horizon::disable_password_reveal: true
|
||||
horizon::enforce_password_check: true
|
||||
horizon::disallow_iframe_embed: true
|
||||
horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
|
||||
horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
|
||||
horizon::vhost_extra_params: {get_param: HorizonVhostExtraParams}
|
||||
horizon::bind_address:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
|
||||
horizon::keystone_url: {get_param: [EndpointMap, KeystoneV3Public, uri]}
|
||||
horizon::password_validator: {get_param: [HorizonPasswordValidator]}
|
||||
horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]}
|
||||
horizon::secret_key:
|
||||
yaql:
|
||||
expression: $.data.passwords.where($ != '').first()
|
||||
data:
|
||||
passwords:
|
||||
- {get_param: HorizonSecret}
|
||||
- {get_param: [DefaultPasswords, horizon_secret]}
|
||||
horizon::secure_cookies: {get_param: [HorizonSecureCookies]}
|
||||
memcached_ipv6: {get_param: MemcachedIPv6}
|
||||
horizon::servername:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
|
||||
horizon::listen_ssl: {get_param: EnableInternalTLS}
|
||||
horizon::horizon_ca: {get_param: InternalTLSCAFile}
|
||||
horizon::customization_module: {get_param: HorizonCustomizationModule}
|
||||
-
|
||||
if:
|
||||
- websso_enabled
|
||||
-
|
||||
horizon::websso_enabled:
|
||||
get_param: WebSSOEnable
|
||||
horizon::websso_initial_choice:
|
||||
get_param: WebSSOInitialChoice
|
||||
horizon::websso_choices:
|
||||
get_param: WebSSOChoices
|
||||
horizon::websso_idp_mapping:
|
||||
get_param: WebSSOIDPMapping
|
||||
- {}
|
||||
-
|
||||
if:
|
||||
- debug_unset
|
||||
- horizon::django_debug: { get_param: HorizonDebug }
|
||||
- horizon::django_debug: { get_param: Debug }
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::horizon
|
||||
upgrade_tasks: []
|
||||
service_config_settings:
|
||||
haproxy:
|
||||
tripleo::haproxy::firewall_rules:
|
||||
'127 horizon':
|
||||
dport:
|
||||
- 80
|
||||
- 443
|
||||
keystone:
|
||||
keystone_enable_member: true
|
@ -16,7 +16,7 @@ environments:
|
||||
- KeystoneOpenIdcCryptoPassphrase
|
||||
- KeystoneOpenIdcResponseType
|
||||
- KeystoneOpenIdcRemoteIdAttribute
|
||||
puppet/services/horizon.yaml:
|
||||
deployment/horizon/horizon-container-puppet.yaml:
|
||||
parameters:
|
||||
- WebSSOEnable
|
||||
- WebSSOInitialChoice
|
||||
|
@ -9,7 +9,7 @@ environments:
|
||||
files:
|
||||
deployment/haproxy/haproxy-public-tls-inject.yaml:
|
||||
parameters: all
|
||||
puppet/services/horizon.yaml:
|
||||
deployment/horizon/horizon-container-puppet.yaml:
|
||||
parameters:
|
||||
- HorizonSecureCookies
|
||||
static:
|
||||
|
Loading…
x
Reference in New Issue
Block a user