diff options
| author |   liyuenan <liyuenan@huawei.com> | 2016-10-26 13:55:23 +0800 |
|---|---|---|
| committer | liyuenan <liyuenan@huawei.com> | 2016-11-09 14:11:48 +0800 |
| commit | 14c337344987857a4648ff08365b8b128a553ef8 (patch) | |
| tree | c277582d07b1a9ee65780a49db7071d3c6fb1978 /deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard | |
| parent | dbbb61368932e724f8aae720e1de53ae5c4eebf3 (diff) | |
Update the API version for Openstack Newton
Use the "keystone-manage bootstrap" command to instead of admin_token.
Because the admin_token is treated as a "shared secret" that can be used
to bootstrap Keystone through the API. This "token" does not represent a
user (it has no identity), and carries no explicit authorization (it
effectively bypasses most authorization checks).
Use the API v3 to instead of API v2.0. Identity API v3 was established to
introduce namespacing for users and projects by using "domains" as a
higher-level container for more flexible identity management and fixed a
security issue in the v2.0 API (bearer tokens appearing in URLs).
JIRA: COMPASS-491
Change-Id: I56182c14b761728c3492b9dd2b05c3b57aa5f35f
Signed-off-by: liyuenan <liyuenan@huawei.com>
Diffstat (limited to 'deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard')
| -rw-r--r-- | deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/tasks/main.yml | 106 | ||||
| -rw-r--r-- | deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/local_settings.py.j2 | 326 |
2 files changed, 432 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/tasks/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/tasks/main.yml new file mode 100644 index 00000000..9be6fd6c --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/tasks/main.yml @@ -0,0 +1,106 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: disable auto start + copy: + content: "#!/bin/sh\nexit 101" + dest: "/usr/sbin/policy-rc.d" + mode: 0755 + when: ansible_os_family == "Debian" + +- name: install dashboard packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: packages | union(packages_noarch) + +- name: enable auto start + file: + path=/usr/sbin/policy-rc.d + state=absent + when: ansible_os_family == "Debian" + +- name: remove ubuntu theme + action: "{{ ansible_pkg_mgr }} name=openstack-dashboard-ubuntu-theme state=absent" + when: ansible_os_family == 'Debian' and not enable_ubuntu_theme + notify: + - restart dashboard services + +- name: remove default apache2 config + file: + path: '{{ item }}' + state: absent + when: ansible_os_family == 'Debian' + with_items: + - '{{ apache_config_dir }}/conf-available/openstack-dashboard.conf' + - '{{ apache_config_dir }}/conf-enabled/openstack-dashboard.conf' + - '{{ apache_config_dir }}/sites-available/000-default.conf' + - '{{ apache_config_dir }}/sites-enabled/000-default.conf' + notify: + - restart dashboard services + +- name: update apache2 configs + template: + src: openstack-dashboard.conf.j2 + dest: '{{ apache_config_dir }}/sites-available/openstack-dashboard.conf' + when: ansible_os_family == 'Debian' + notify: + - restart dashboard services + +- name: update apache2 configs redhat + template: + src: openstack-dashboard-redhat.conf.j2 + dest: '{{ apache_config_dir }}/conf.d/openstack-dashboard.conf' + when: ansible_os_family == 'RedHat' + notify: + - restart dashboard services + +- name: enable dashboard + file: + src: "/etc/apache2/sites-available/openstack-dashboard.conf" + dest: "/etc/apache2/sites-enabled/openstack-dashboard.conf" + state: "link" + when: ansible_os_family == 'Debian' + notify: + - restart dashboard services + +- name: update ubuntu horizon settings + template: + src: local_settings.py.j2 + dest: "/etc/openstack-dashboard/local_settings.py" + when: ansible_os_family == 'Debian' + notify: + - restart dashboard services + +- name: precompile horizon css + shell: /usr/bin/python /usr/share/openstack-dashboard/manage.py compress --force + ignore_errors: True + when: ansible_os_family == 'Debian' + notify: + - restart dashboard services + +- name: update redhat version horizon settings + lineinfile: + dest: /etc/openstack-dashboard/local_settings + regexp: '{{ item.regexp }}' + line: '{{ item.line }}' + with_items: + - regexp: '^WEBROOT[ \t]*=.*' + line: 'WEBROOT = "/horizon"' + - regexp: '^COMPRESS_OFFLINE[ \t]*=.*' + line: 'COMPRESS_OFFLINE=False' + - regexp: '^ALLOWED_HOSTS[ \t]*=.*' + line: 'ALLOWED_HOSTS = ["*"]' + - regexp: '^OPENSTACK_HOST[ \t]*=.*' + line: 'OPENSTACK_HOST = "{{ internal_ip }}"' + when: ansible_os_family == 'RedHat' + notify: + - restart dashboard services + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/local_settings.py.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/local_settings.py.j2 new file mode 100644 index 00000000..7278d5c2 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/local_settings.py.j2 @@ -0,0 +1,326 @@ +# -*- coding: utf-8 -*- + +import os + +from django.utils.translation import ugettext_lazy as _ + +from horizon.utils import secret_key + +from openstack_dashboard import exceptions +from openstack_dashboard.settings import HORIZON_CONFIG + +DEBUG = False + +WEBROOT = '/' + +LOCAL_PATH = os.path.dirname(os.path.abspath(__file__)) + +SECRET_KEY = secret_key.generate_or_read_from_file('/var/lib/openstack-dashboard/secret_key') + +SESSION_ENGINE = 'django.contrib.sessions.backends.cache' + +CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': '{{ internal_vip.ip }}:11211', + }, +} + +EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' + +OPENSTACK_HOST = "{{ internal_ip }}" +OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST +OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default" +OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" +OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True + +OPENSTACK_API_VERSIONS = { + "identity": 3, + "image": 2, + "volume": 2, +} + +OPENSTACK_KEYSTONE_BACKEND = { + 'name': 'native', + 'can_edit_user': True, + 'can_edit_group': True, + 'can_edit_project': True, + 'can_edit_domain': True, + 'can_edit_role': True, +} + +OPENSTACK_HYPERVISOR_FEATURES = { + 'can_set_mount_point': False, + 'can_set_password': False, + 'requires_keypair': False, + 'enable_quotas': True +} + +OPENSTACK_CINDER_FEATURES = { + 'enable_backup': False, +} + +OPENSTACK_NEUTRON_NETWORK = { + 'enable_router': True, + 'enable_quotas': True, + 'enable_ipv6': True, + 'enable_distributed_router': False, + 'enable_ha_router': False, + 'enable_lb': True, + 'enable_firewall': True, + 'enable_vpn': True, + 'enable_fip_topology_check': True, + 'profile_support': None, + 'supported_vnic_types': ['*'], +} + +OPENSTACK_HEAT_STACK = { + 'enable_user_pass': True, +} + +IMAGE_CUSTOM_PROPERTY_TITLES = { + "architecture": _("Architecture"), + "kernel_id": _("Kernel ID"), + "ramdisk_id": _("Ramdisk ID"), + "image_state": _("Euca2ools state"), + "project_id": _("Project ID"), + "image_type": _("Image Type"), +} + +IMAGE_RESERVED_CUSTOM_PROPERTIES = [] + +API_RESULT_LIMIT = 1000 +API_RESULT_PAGE_SIZE = 20 +SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024 +INSTANCE_LOG_LENGTH = 35 +DROPDOWN_MAX_ITEMS = 30 + +TIME_ZONE = "UTC" + +LOGGING = { + 'version': 1, + 'disable_existing_loggers': False, + 'formatters': { + 'operation': { + 'format': '%(asctime)s %(message)s' + }, + }, + 'handlers': { + 'null': { + 'level': 'DEBUG', + 'class': 'logging.NullHandler', + }, + 'console': { + 'level': 'INFO', + 'class': 'logging.StreamHandler', + }, + 'operation': { + 'level': 'INFO', + 'class': 'logging.StreamHandler', + 'formatter': 'operation', + }, + }, + 'loggers': { + 'django.db.backends': { + 'handlers': ['null'], + 'propagate': False, + }, + 'requests': { + 'handlers': ['null'], + 'propagate': False, + }, + 'horizon': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'horizon.operation_log': { + 'handlers': ['operation'], + 'level': 'INFO', + 'propagate': False, + }, + 'openstack_dashboard': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'novaclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'cinderclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'keystoneclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'glanceclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'neutronclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'heatclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'ceilometerclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'swiftclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'openstack_auth': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'nose.plugins.manager': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'django': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'iso8601': { + 'handlers': ['null'], + 'propagate': False, + }, + 'scss': { + 'handlers': ['null'], + 'propagate': False, + }, + }, +} + +SECURITY_GROUP_RULES = { + 'all_tcp': { + 'name': _('All TCP'), + 'ip_protocol': 'tcp', + 'from_port': '1', + 'to_port': '65535', + }, + 'all_udp': { + 'name': _('All UDP'), + 'ip_protocol': 'udp', + 'from_port': '1', + 'to_port': '65535', + }, + 'all_icmp': { + 'name': _('All ICMP'), + 'ip_protocol': 'icmp', + 'from_port': '-1', + 'to_port': '-1', + }, + 'ssh': { + 'name': 'SSH', + 'ip_protocol': 'tcp', + 'from_port': '22', + 'to_port': '22', + }, + 'smtp': { + 'name': 'SMTP', + 'ip_protocol': 'tcp', + 'from_port': '25', + 'to_port': '25', + }, + 'dns': { + 'name': 'DNS', + 'ip_protocol': 'tcp', + 'from_port': '53', + 'to_port': '53', + }, + 'http': { + 'name': 'HTTP', + 'ip_protocol': 'tcp', + 'from_port': '80', + 'to_port': '80', + }, + 'pop3': { + 'name': 'POP3', + 'ip_protocol': 'tcp', + 'from_port': '110', + 'to_port': '110', + }, + 'imap': { + 'name': 'IMAP', + 'ip_protocol': 'tcp', + 'from_port': '143', + 'to_port': '143', + }, + 'ldap': { + 'name': 'LDAP', + 'ip_protocol': 'tcp', + 'from_port': '389', + 'to_port': '389', + }, + 'https': { + 'name': 'HTTPS', + 'ip_protocol': 'tcp', + 'from_port': '443', + 'to_port': '443', + }, + 'smtps': { + 'name': 'SMTPS', + 'ip_protocol': 'tcp', + 'from_port': '465', + 'to_port': '465', + }, + 'imaps': { + 'name': 'IMAPS', + 'ip_protocol': 'tcp', + 'from_port': '993', + 'to_port': '993', + }, + 'pop3s': { + 'name': 'POP3S', + 'ip_protocol': 'tcp', + 'from_port': '995', + 'to_port': '995', + }, + 'ms_sql': { + 'name': 'MS SQL', + 'ip_protocol': 'tcp', + 'from_port': '1433', + 'to_port': '1433', + }, + 'mysql': { + 'name': 'MYSQL', + 'ip_protocol': 'tcp', + 'from_port': '3306', + 'to_port': '3306', + }, + 'rdp': { + 'name': 'RDP', + 'ip_protocol': 'tcp', + 'from_port': '3389', + 'to_port': '3389', + }, +} + +REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES', + 'LAUNCH_INSTANCE_DEFAULTS', + 'OPENSTACK_IMAGE_FORMATS'] + +DEFAULT_THEME = 'ubuntu' +WEBROOT='/horizon/' +ALLOWED_HOSTS = ['*',] +COMPRESS_OFFLINE = True +ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []} |