From c0bd689636e14ed64c702e9178d82df82f556550 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Tue, 8 Sep 2015 13:01:48 +0200 Subject: Allow one to specify horizon ALLOWED_HOSTS If horizon is running in production (DEBUG is False), it will answer only to the IPs/hostnames specified in the ALLOWED_HOSTS variable in the local_settings.py configuration file. The puppet-horizon module offer the feature to customize that, tripleo-heat-teamplates was missing the link between the top-level parameter and the puppet parameter, hence this commit. More info : * https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts * https://github.com/openstack/puppet-horizon/blob/master/templates/local_settings.py.erb#L14-L24 Change-Id: I5faede8b74a0318e15baa761dc502b95b051ae0d --- overcloud-without-mergepy.yaml | 5 +++++ puppet/controller.yaml | 6 ++++++ puppet/hieradata/controller.yaml | 1 - 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index 7fdba562..654c2427 100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -78,6 +78,10 @@ parameters: default: http description: Protocol to use when connecting to glance, set to https for SSL. type: string + HorizonAllowedHosts: + default: '*' + description: A list of IP/Hostname allowed to connect to horizon + type: comma_delimited_list ImageUpdatePolicy: default: 'REBUILD_PRESERVE_EPHEMERAL' description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. @@ -780,6 +784,7 @@ resources: HeatPassword: {get_param: HeatPassword} HeatStackDomainAdminPassword: {get_param: HeatStackDomainAdminPassword} HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey} + HorizonAllowedHosts: {get_param: HorizonAllowedHosts} HorizonSecret: {get_resource: HorizonSecret} Image: {get_param: controllerImage} ImageUpdatePolicy: {get_param: ImageUpdatePolicy} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 3b7ec7e7..8ea7053e 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -187,6 +187,10 @@ parameters: HeatAuthEncryptionKey: description: Auth encryption key for heat-engine type: string + HorizonAllowedHosts: + default: '*' + description: A list of IP/Hostname allowed to connect to horizon + type: comma_delimited_list HorizonSecret: description: Secret key for Django type: string @@ -666,6 +670,7 @@ resources: - {get_param: HeatApiVirtualIP} - ':8000/v1/waitcondition' heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} + horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} admin_password: {get_param: AdminPassword} admin_token: {get_param: AdminToken} @@ -1182,6 +1187,7 @@ resources: # Horizon apache::ip: {get_input: horizon_network} + horizon::allowed_hosts: {get_input: horizon_allowed_hosts} horizon::django_debug: {get_input: debug} horizon::secret_key: {get_input: horizon_secret} horizon::bind_address: {get_input: horizon_network} diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index a4e2766b..90c2705f 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -90,7 +90,6 @@ pacemaker::resource_defaults::defaults: resource-stickiness: { value: INFINITY } # horizon -horizon::allowed_hosts: '*' horizon::django_session_engine: 'django.contrib.sessions.backends.cache' # mysql -- cgit 1.2.3-korg