diff options
author | Yanis Guenane <yguenane@redhat.com> | 2015-09-08 13:01:48 +0200 |
---|---|---|
committer | Yanis Guenane <yguenane@redhat.com> | 2015-10-12 11:56:41 +0200 |
commit | c0bd689636e14ed64c702e9178d82df82f556550 (patch) | |
tree | 945c8cf9cff00c9cc890f0c4beffe7a7f7cdb511 | |
parent | d4cb01089b5cfd78a663995d59a1ca804acb0769 (diff) |
Allow one to specify horizon ALLOWED_HOSTS
If horizon is running in production (DEBUG is False), it will answer
only to the IPs/hostnames specified in the ALLOWED_HOSTS variable in the
local_settings.py configuration file.
The puppet-horizon module offer the feature to customize that,
tripleo-heat-teamplates was missing the link between the top-level
parameter and the puppet parameter, hence this commit.
More info :
* https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
* https://github.com/openstack/puppet-horizon/blob/master/templates/local_settings.py.erb#L14-L24
Change-Id: I5faede8b74a0318e15baa761dc502b95b051ae0d
-rw-r--r-- | overcloud-without-mergepy.yaml | 5 | ||||
-rw-r--r-- | puppet/controller.yaml | 6 | ||||
-rw-r--r-- | puppet/hieradata/controller.yaml | 1 |
3 files changed, 11 insertions, 1 deletions
diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index 7fdba562..654c2427 100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -78,6 +78,10 @@ parameters: default: http description: Protocol to use when connecting to glance, set to https for SSL. type: string + HorizonAllowedHosts: + default: '*' + description: A list of IP/Hostname allowed to connect to horizon + type: comma_delimited_list ImageUpdatePolicy: default: 'REBUILD_PRESERVE_EPHEMERAL' description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. @@ -780,6 +784,7 @@ resources: HeatPassword: {get_param: HeatPassword} HeatStackDomainAdminPassword: {get_param: HeatStackDomainAdminPassword} HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey} + HorizonAllowedHosts: {get_param: HorizonAllowedHosts} HorizonSecret: {get_resource: HorizonSecret} Image: {get_param: controllerImage} ImageUpdatePolicy: {get_param: ImageUpdatePolicy} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 3b7ec7e7..8ea7053e 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -187,6 +187,10 @@ parameters: HeatAuthEncryptionKey: description: Auth encryption key for heat-engine type: string + HorizonAllowedHosts: + default: '*' + description: A list of IP/Hostname allowed to connect to horizon + type: comma_delimited_list HorizonSecret: description: Secret key for Django type: string @@ -666,6 +670,7 @@ resources: - {get_param: HeatApiVirtualIP} - ':8000/v1/waitcondition' heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} + horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} admin_password: {get_param: AdminPassword} admin_token: {get_param: AdminToken} @@ -1182,6 +1187,7 @@ resources: # Horizon apache::ip: {get_input: horizon_network} + horizon::allowed_hosts: {get_input: horizon_allowed_hosts} horizon::django_debug: {get_input: debug} horizon::secret_key: {get_input: horizon_secret} horizon::bind_address: {get_input: horizon_network} diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index a4e2766b..90c2705f 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -90,7 +90,6 @@ pacemaker::resource_defaults::defaults: resource-stickiness: { value: INFINITY } # horizon -horizon::allowed_hosts: '*' horizon::django_session_engine: 'django.contrib.sessions.backends.cache' # mysql |