From f40f7d130875e3388b9dd3cadc55ea990ada891b Mon Sep 17 00:00:00 2001 From: Nate Graf Date: Thu, 11 Aug 2016 19:55:48 +0000 Subject: [PATCH] [DOCS] Move horizon docs to roles This change moves the horizon config information into the os_horizon role repo. Moving forward, specific project configurations are maintained in the appropriate role book. Change-Id: Ic0b1599aee659f47128aa50f367164b64353556a --- README.rst | 73 +------------------------------- doc/source/configure-horizon.rst | 31 ++++++++++++++ doc/source/index.rst | 52 ++++++++++++++++++++++- examples/playbook.yml | 32 ++++++++++++++ 4 files changed, 116 insertions(+), 72 deletions(-) create mode 100644 doc/source/configure-horizon.rst create mode 100644 examples/playbook.yml diff --git a/README.rst b/README.rst index 65c48ce5..821599db 100644 --- a/README.rst +++ b/README.rst @@ -1,77 +1,8 @@ +========================= OpenStack-Ansible Horizon -######################### +========================= This Ansible role installs and configures OpenStack Horizon served by the Apache webserver. Horizon is configured to use Galera for session caching and memcached for other caching. -Default Variables -================= - -.. literalinclude:: ../../defaults/main.yml - :language: yaml - :start-after: under the License. - - -Required Variables -================== - -This list is not exhaustive at present. See role internals for further -details. - -.. code-block:: yaml - - horizon_ssl_protocol: "ALL -SSLv2 -SSLv3" - horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" - horizon_galera_address: 10.100.100.101 - horizon_container_mysql_password: "SuperSecrete" - horizon_secret_key: "SuperSecreteHorizonKey" - - -Example Playbook -================ - -.. code-block:: yaml - - - name: Installation and setup of horizon - hosts: horizon_all - user: root - roles: - - { role: "os_horizon", tags: [ "os-horizon" ] } - vars: - galera_client_drop_config_file: false - external_lb_vip_address: 10.100.100.101 - internal_lb_vip_address: 10.100.100.101 - horizon_galera_address: 10.100.100.101 - horizon_container_mysql_password: "SuperSecrete" - horizon_secret_key: "SuperSecreteHorizonKey" - horizon_external_ssl: true - horizon_ssl_protocol: "ALL -SSLv2 -SSLv3" - horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" - galera_root_password: "secrete" - rabbitmq_servers: 10.100.100.101 - rabbitmq_use_ssl: false - rabbitmq_port: 5671 - keystone_admin_user_name: admin - keystone_auth_admin_password: "SuperSecretePassword" - keystone_admin_tenant_name: admin - keystone_service_adminuri_insecure: false - keystone_service_internaluri_insecure: false - keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000" - keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3" - keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357" - keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3" - openrc_os_password: "{{ keystone_auth_admin_password }}" - openrc_os_domain_name: "Default" - memcached_servers: 10.100.100.101 - memcached_encryption_key: "secrete" - -Tags -==== - -This role supports two tags: ``horizon-install`` and ``horizon-config`` - -The ``horizon-install`` tag can be used to install and upgrade. - -The ``horizon-config`` tag can be used to manage configuration. - diff --git a/doc/source/configure-horizon.rst b/doc/source/configure-horizon.rst new file mode 100644 index 00000000..4e7a289d --- /dev/null +++ b/doc/source/configure-horizon.rst @@ -0,0 +1,31 @@ +============================================== +Configuring the Dashboard (horizon) (optional) +============================================== + +Customize your horizon deployment in +``/etc/openstack_deploy/user_variables.yml``. + +Securing horizon communication with SSL certificates +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The OpenStack-Ansible project provides the ability to secure Dashboard +(horizon) communications with self-signed or user-provided SSL certificates. + +Refer to `Securing services with SSL certificates`_ for available configuration +options. + +.. _Securing services with SSL certificates: http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-sslcertificates.html + +Configuring a horizon customization module +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Openstack-Ansible supports deployment of a horizon `customization module`_. +After building your customization module, configure the +``horizon_customization_module`` variable with a path to your module. + +.. code-block:: yaml + + horizon_customization_module: /path/to/customization_module.py + +.. _customization module: http://docs.openstack.org/developer/horizon/topics/customizing.html#horizon-customization-module-overrides + diff --git a/doc/source/index.rst b/doc/source/index.rst index a6210d3d..227af0ac 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -1 +1,51 @@ -.. include:: ../../README.rst +========================= +OpenStack-Ansible Horizon +========================= + +.. toctree:: + :maxdepth: 2 + + configure-horizon.rst + +This Ansible role installs and configures OpenStack Horizon served by the +Apache webserver. Horizon is configured to use Galera for session caching and +memcached for other caching. + +Default variables +~~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../defaults/main.yml + :language: yaml + :start-after: under the License. + + +Required variables +~~~~~~~~~~~~~~~~~~ + +This list is not exhaustive. See role internals for further +details. + +.. code-block:: yaml + + horizon_ssl_protocol: "ALL -SSLv2 -SSLv3" + horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" + horizon_galera_address: 10.100.100.101 + horizon_container_mysql_password: "SuperSecrete" + horizon_secret_key: "SuperSecreteHorizonKey" + + +Example playbook +~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../examples/playbook.yml + :language: yaml + +Tags +==== + +This role supports two tags: ``horizon-install`` and ``horizon-config``. + +The ``horizon-install`` tag can be used to install and upgrade. + +The ``horizon-config`` tag can be used to manage configuration. + diff --git a/examples/playbook.yml b/examples/playbook.yml new file mode 100644 index 00000000..4b1d7288 --- /dev/null +++ b/examples/playbook.yml @@ -0,0 +1,32 @@ +- name: Installation and setup of horizon + hosts: horizon_all + user: root + roles: + - { role: "os_horizon", tags: [ "os-horizon" ] } + vars: + galera_client_drop_config_file: false + external_lb_vip_address: 10.100.100.101 + internal_lb_vip_address: 10.100.100.101 + horizon_galera_address: 10.100.100.101 + horizon_container_mysql_password: "SuperSecrete" + horizon_secret_key: "SuperSecreteHorizonKey" + horizon_external_ssl: true + horizon_ssl_protocol: "ALL -SSLv2 -SSLv3" + horizon_ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" + galera_root_password: "secrete" + rabbitmq_servers: 10.100.100.101 + rabbitmq_use_ssl: false + rabbitmq_port: 5671 + keystone_admin_user_name: admin + keystone_auth_admin_password: "SuperSecretePassword" + keystone_admin_tenant_name: admin + keystone_service_adminuri_insecure: false + keystone_service_internaluri_insecure: false + keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000" + keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3" + keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357" + keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3" + openrc_os_password: "{{ keystone_auth_admin_password }}" + openrc_os_domain_name: "Default" + memcached_servers: 10.100.100.101 + memcached_encryption_key: "secrete"