summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYanis Guenane <yguenane@redhat.com>2015-09-08 13:01:48 +0200
committerYanis Guenane <yguenane@redhat.com>2015-10-12 11:56:41 +0200
commitc0bd689636e14ed64c702e9178d82df82f556550 (patch)
tree945c8cf9cff00c9cc890f0c4beffe7a7f7cdb511
parentd4cb01089b5cfd78a663995d59a1ca804acb0769 (diff)
Allow one to specify horizon ALLOWED_HOSTS
If horizon is running in production (DEBUG is False), it will answer only to the IPs/hostnames specified in the ALLOWED_HOSTS variable in the local_settings.py configuration file. The puppet-horizon module offer the feature to customize that, tripleo-heat-teamplates was missing the link between the top-level parameter and the puppet parameter, hence this commit. More info : * https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts * https://github.com/openstack/puppet-horizon/blob/master/templates/local_settings.py.erb#L14-L24 Change-Id: I5faede8b74a0318e15baa761dc502b95b051ae0d
-rw-r--r--overcloud-without-mergepy.yaml5
-rw-r--r--puppet/controller.yaml6
-rw-r--r--puppet/hieradata/controller.yaml1
3 files changed, 11 insertions, 1 deletions
diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index 7fdba562..654c2427 100644
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -78,6 +78,10 @@ parameters:
default: http
description: Protocol to use when connecting to glance, set to https for SSL.
type: string
+ HorizonAllowedHosts:
+ default: '*'
+ description: A list of IP/Hostname allowed to connect to horizon
+ type: comma_delimited_list
ImageUpdatePolicy:
default: 'REBUILD_PRESERVE_EPHEMERAL'
description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
@@ -780,6 +784,7 @@ resources:
HeatPassword: {get_param: HeatPassword}
HeatStackDomainAdminPassword: {get_param: HeatStackDomainAdminPassword}
HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey}
+ HorizonAllowedHosts: {get_param: HorizonAllowedHosts}
HorizonSecret: {get_resource: HorizonSecret}
Image: {get_param: controllerImage}
ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 3b7ec7e7..8ea7053e 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -187,6 +187,10 @@ parameters:
HeatAuthEncryptionKey:
description: Auth encryption key for heat-engine
type: string
+ HorizonAllowedHosts:
+ default: '*'
+ description: A list of IP/Hostname allowed to connect to horizon
+ type: comma_delimited_list
HorizonSecret:
description: Secret key for Django
type: string
@@ -666,6 +670,7 @@ resources:
- {get_param: HeatApiVirtualIP}
- ':8000/v1/waitcondition'
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
+ horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
horizon_secret: {get_param: HorizonSecret}
admin_password: {get_param: AdminPassword}
admin_token: {get_param: AdminToken}
@@ -1182,6 +1187,7 @@ resources:
# Horizon
apache::ip: {get_input: horizon_network}
+ horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
horizon::django_debug: {get_input: debug}
horizon::secret_key: {get_input: horizon_secret}
horizon::bind_address: {get_input: horizon_network}
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index a4e2766b..90c2705f 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -90,7 +90,6 @@ pacemaker::resource_defaults::defaults:
resource-stickiness: { value: INFINITY }
# horizon
-horizon::allowed_hosts: '*'
horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
# mysql