Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[DOCS] Move horizon docs to roles
This change moves the horizon config information into the
os_horizon role repo. Moving forward, specific project
configurations are maintained in the appropriate role book.

Change-Id: Ic0b1599aee659f47128aa50f367164b64353556a
  • Loading branch information
Nate Graf authored and Nate Graf committed Aug 12, 2016
1 parent 387abfa commit f40f7d1
Show file tree
Hide file tree
Showing 4 changed files with 116 additions and 72 deletions.
73 changes: 2 additions & 71 deletions README.rst
@@ -1,77 +1,8 @@
=========================
OpenStack-Ansible Horizon
#########################
=========================

This Ansible role installs and configures OpenStack Horizon served by the
Apache webserver. Horizon is configured to use Galera for session caching and
memcached for other caching.

Default Variables
=================

.. literalinclude:: ../../defaults/main.yml
:language: yaml
:start-after: under the License.


Required Variables
==================

This list is not exhaustive at present. See role internals for further
details.

.. code-block:: yaml
horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
horizon_galera_address: 10.100.100.101
horizon_container_mysql_password: "SuperSecrete"
horizon_secret_key: "SuperSecreteHorizonKey"
Example Playbook
================

.. code-block:: yaml
- name: Installation and setup of horizon
hosts: horizon_all
user: root
roles:
- { role: "os_horizon", tags: [ "os-horizon" ] }
vars:
galera_client_drop_config_file: false
external_lb_vip_address: 10.100.100.101
internal_lb_vip_address: 10.100.100.101
horizon_galera_address: 10.100.100.101
horizon_container_mysql_password: "SuperSecrete"
horizon_secret_key: "SuperSecreteHorizonKey"
horizon_external_ssl: true
horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
galera_root_password: "secrete"
rabbitmq_servers: 10.100.100.101
rabbitmq_use_ssl: false
rabbitmq_port: 5671
keystone_admin_user_name: admin
keystone_auth_admin_password: "SuperSecretePassword"
keystone_admin_tenant_name: admin
keystone_service_adminuri_insecure: false
keystone_service_internaluri_insecure: false
keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
openrc_os_password: "{{ keystone_auth_admin_password }}"
openrc_os_domain_name: "Default"
memcached_servers: 10.100.100.101
memcached_encryption_key: "secrete"
Tags
====

This role supports two tags: ``horizon-install`` and ``horizon-config``

The ``horizon-install`` tag can be used to install and upgrade.

The ``horizon-config`` tag can be used to manage configuration.

31 changes: 31 additions & 0 deletions doc/source/configure-horizon.rst
@@ -0,0 +1,31 @@
==============================================
Configuring the Dashboard (horizon) (optional)
==============================================

Customize your horizon deployment in
``/etc/openstack_deploy/user_variables.yml``.

Securing horizon communication with SSL certificates
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The OpenStack-Ansible project provides the ability to secure Dashboard
(horizon) communications with self-signed or user-provided SSL certificates.

Refer to `Securing services with SSL certificates`_ for available configuration
options.

.. _Securing services with SSL certificates: http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-sslcertificates.html

Configuring a horizon customization module
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Openstack-Ansible supports deployment of a horizon `customization module`_.
After building your customization module, configure the
``horizon_customization_module`` variable with a path to your module.

.. code-block:: yaml
horizon_customization_module: /path/to/customization_module.py
.. _customization module: http://docs.openstack.org/developer/horizon/topics/customizing.html#horizon-customization-module-overrides

52 changes: 51 additions & 1 deletion doc/source/index.rst
@@ -1 +1,51 @@
.. include:: ../../README.rst
=========================
OpenStack-Ansible Horizon
=========================

.. toctree::
:maxdepth: 2

configure-horizon.rst

This Ansible role installs and configures OpenStack Horizon served by the
Apache webserver. Horizon is configured to use Galera for session caching and
memcached for other caching.

Default variables
~~~~~~~~~~~~~~~~~

.. literalinclude:: ../../defaults/main.yml
:language: yaml
:start-after: under the License.


Required variables
~~~~~~~~~~~~~~~~~~

This list is not exhaustive. See role internals for further
details.

.. code-block:: yaml
horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
horizon_galera_address: 10.100.100.101
horizon_container_mysql_password: "SuperSecrete"
horizon_secret_key: "SuperSecreteHorizonKey"
Example playbook
~~~~~~~~~~~~~~~~

.. literalinclude:: ../../examples/playbook.yml
:language: yaml

Tags
====

This role supports two tags: ``horizon-install`` and ``horizon-config``.

The ``horizon-install`` tag can be used to install and upgrade.

The ``horizon-config`` tag can be used to manage configuration.

32 changes: 32 additions & 0 deletions examples/playbook.yml
@@ -0,0 +1,32 @@
- name: Installation and setup of horizon
hosts: horizon_all
user: root
roles:
- { role: "os_horizon", tags: [ "os-horizon" ] }
vars:
galera_client_drop_config_file: false
external_lb_vip_address: 10.100.100.101
internal_lb_vip_address: 10.100.100.101
horizon_galera_address: 10.100.100.101
horizon_container_mysql_password: "SuperSecrete"
horizon_secret_key: "SuperSecreteHorizonKey"
horizon_external_ssl: true
horizon_ssl_protocol: "ALL -SSLv2 -SSLv3"
horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
galera_root_password: "secrete"
rabbitmq_servers: 10.100.100.101
rabbitmq_use_ssl: false
rabbitmq_port: 5671
keystone_admin_user_name: admin
keystone_auth_admin_password: "SuperSecretePassword"
keystone_admin_tenant_name: admin
keystone_service_adminuri_insecure: false
keystone_service_internaluri_insecure: false
keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
openrc_os_password: "{{ keystone_auth_admin_password }}"
openrc_os_domain_name: "Default"
memcached_servers: 10.100.100.101
memcached_encryption_key: "secrete"

0 comments on commit f40f7d1

Please sign in to comment.