aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services/horizon.yaml
AgeCommit message (Collapse)AuthorFilesLines
2016-12-14Enable SECURE_PROXY_SSL_HEADER option for horizonJuan Antonio Osorio Robles1-0/+1
This reads makes Django take the X-Forwarded-Proto header into account when forming URLs. Change-Id: Ice64de9a11d7819ae7f380279ff356342d9b6673 Depends-On: Ifed7d4c3409419c01c5b20c707221c1fc76ea09e
2016-11-22Merge "Disable Options Indexes in horizon"Jenkins1-0/+1
2016-11-17Disable Options Indexes in horizonAndreas Karis1-0/+1
Security scanners complain that directory listings are enabled in horizon. Change-Id: I1d7cfcb3521e8235a99bc452f1b7b92c20ce72ac Closes-Bug: #1637576
2016-11-17Enable enforce_password_checkLuke Hinds1-0/+1
By setting ENFORCE_PASSWORD_CHECK to `True`, it displays an 'Admin Password' field on the Change Password form to verify that it is indeed the admin logged-in who wants to change the password. Change-Id: Ib11bef93b6b0c74063052875fa361290bf1e92fd Depends-On: If7af97df7a011569a7e14fbab4f880688d7b82c3 Closes-Bug: #1640806
2016-11-15Horizon service cleanups for hiera json hookDan Prince1-35/+34
This patch resolves a few issues I noticed when porting our Horizon service to support the new heat hiera agent hook (which uses Json instead of Yaml). -we only need to set django_debug if the string is non-empty. This should match previous behavior. -remove the duplicated NeutronMechanismDrivers setting. This is already managed in the neutron services and shouldn't be set here. Change-Id: I473e110bb9b14cb8f57d41c4fc398871548726b0 Partial-bug: #1596373
2016-11-09Disable password reveal in horizonAlex Schultz1-0/+1
To improve security, we should disable the password reveal option in horizon by default. An end user can override this options via their own custom hiera if they would ultimately like to have this functionality. Change-Id: Ie88dac5610840eb4b327252b32dc469099ba5f5f Depends-On: Iacf899d595a2a3c522df1b96ca527731937ec698 Closes-Bug: 1640492
2016-10-21Merge "Clarify horizon allowed hosts setting"Jenkins1-1/+2
2016-10-21Clarify horizon allowed hosts settingMatthias Runge1-1/+2
Horizon allowed hosts should name the IP addresses/ DNS names (short/long) the Horizon node is listening to. Allowed hosts is used for header checks and is a security mechanism. Change-Id: I81c96357f969a1a436eecd35eb178579159bc719
2016-09-02Merge "Remove repeated apache-related hieradata"Jenkins1-13/+0
2016-08-31Remove repeated apache-related hieradataJuan Antonio Osorio Robles1-13/+0
This is already set in the apache profile, so we shouldn't be setting it in horizon. Change-Id: I21bd2c6770f871b2940c03d4a2b1cff7d4616346
2016-08-31Availability monitoring agents supportMartin Mágr1-0/+4
- adds possibility to install sensu-client on all nodes - each composable service has it's own subscription Co-Authored-By: Emilien Macchi <emilien@redhat.com> Co-Authored-By: Michele Baldessari <michele@redhat.com> Implements: blueprint tripleo-opstools-availability-monitoring Change-Id: I6a215763fd0f0015285b3573305d18d0f56c7770
2016-08-30Mv Nova, Neutron, Horizon out of controller.yamlDan Prince1-1/+38
This patch moves the settings for Nova, Neutron, and Horizon out of controller.yaml. Also fixes the NovaPassword settings in nova-base.yaml so they don't use get_input. Also, creates a new apache.yaml base service to contain shared apache settings for several services which use Apache for WSGI. Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Change-Id: I35d909bd5abc23976b5732a2b9af31cf1448838e Related-bug: #1604414
2016-08-18Add DefaultPasswords to composable servicesDan Prince1-0/+3
This patch adds a new DefaultPasswords parameter to composable services. This is needed to help provide access to top level password resources that overcloud.yaml currently manages (passwords for Rabbit, Mysql, etc.). Moving the RandomString resources into composable services would cause them to regenerate within the stack. With this approach we can leave them where they are while we deprecate the top level mechanism and move the code that uses the passwords into the composable services. Change-Id: I4f21603c58a169a093962594e860933306879e3f
2016-08-18Pass ServiceNetMap to servicesGiulio Fidente1-0/+6
This will be needed to pick the network where the service has to bind to from within the service template. Change-Id: I52652e1ad8c7b360efd2c7af199e35932aaaea8c
2016-07-27Migrate Puppet Hieradata to composable servicesEmilien Macchi1-0/+6
Migrate puppet/hieradata/*.yaml parameters to puppet/services/*.yaml except for some services that are not composable yet. Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: I7e5f8b18ee9aa63a1dffc6facaf88315b07d5fd7
2016-07-25Composable firewall rulesDan Prince1-0/+5
Split out the firewall rules in puppet/hieradata/controller.yaml into the composable services Depends-On: Id370362ab57347b75b1ab25afda877885b047263 Change-Id: Icaecab100d3f278035fbbb3facb9bf6c62c76c03
2016-07-22Add 'service_name' to composable servicesDan Prince1-0/+1
This patch adds a new service_name section to each composable service. We now have an explicit unit test check to ensure that service_name exists in tools/yaml-validate.py. This patch also wires service_names into hieradata on each of the roles so that tools can access the deployed services locally during deployment and upgrades. Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
2016-07-11Composable Horizon service - tripleo-heat-templatesCarlos Camacho1-0/+34
Add horizon as a composable service Depends-on: Iff6508972edfd5f330b239719bc5eb14d3f71944 Change-Id: I734c3e0784c25f30adff2e13faf1155a3e45cefd Partially-implements: blueprint composable-services-within-roles