3 # Installs Horizon dashboard with Apache
8 # (required) Secret key. This is used by Django to provide cryptographic
9 # signing, and should be set to a unique, unpredictable value.
12 # (optional) DEPRECATED, use allowed_hosts and server_aliases instead.
13 # FQDN(s) used to access Horizon. This is used by Django for
14 # security reasons. Can be set to * in environments where security is
15 # deemed unimportant. Also used for Server Aliases in web configs.
19 # (optional) FQDN used for the Server Name directives
23 # (optional) List of hosts which will be set as value of ALLOWED_HOSTS
24 # parameter in settings_local.py. This is used by Django for
25 # security reasons. Can be set to * in environments where security is
30 # (optional) List of names which should be defined as ServerAlias directives
35 # (optional) Package ensure state. Defaults to 'present'.
38 # (optional) Memcached IP address. Can be a string, or an array.
39 # Defaults to '127.0.0.1'.
41 # [*cache_server_port*]
42 # (optional) Memcached port. Defaults to '11211'.
45 # (optional) Enable Swift interface extension. Defaults to false.
47 # [*horizon_app_links*]
48 # (optional) Array of arrays that can be used to add call-out links
49 # to the dashboard for other apps. There is no specific requirement
50 # for these apps to be for monitoring, that's just the defacto purpose.
51 # Each app is defined in two parts, the display name, and
52 # the URIDefaults to false. Defaults to false. (no app links)
55 # (optional) Full url of keystone public endpoint. (Defaults to 'http://127.0.0.1:5000/v2.0')
56 # Use this parameter in favor of keystone_host, keystone_port and keystone_scheme.
59 # (optional) DEPRECATED: Use keystone_url instead.
60 # Scheme of the Keystone service. (Defaults to 'http')
61 # Setting this parameter overrides keystone_url parameter.
64 # (optional) DEPRECATED: Use keystone_url instead.
65 # IP address of the Keystone service. (Defaults to '127.0.0.1')
66 # Setting this parameter overrides keystone_url parameter.
69 # (optional) DEPRECATED: Use keystone_url instead.
70 # Port of the Keystone service. (Defaults to 5000)
71 # Setting this parameter overrides keystone_url parameter.
73 # [*keystone_default_role*]
74 # (optional) Default Keystone role for new users. Defaults to '_member_'.
77 # (optional) Enable or disable Django debugging. Defaults to 'False'.
79 # [*openstack_endpoint_type*]
80 # (optional) endpoint type to use for the endpoints in the Keystone
81 # service catalog. Defaults to 'undef'.
83 # [*secondary_endpoint_type*]
84 # (optional) secondary endpoint type to use for the endpoints in the
85 # Keystone service catalog. Defaults to 'undef'.
87 # [*available_regions*]
88 # (optional) List of available regions. Value should be a list of tuple:
89 # [ ['urlOne', 'RegionOne'], ['urlTwo', 'RegionTwo'] ]
92 # [*api_result_limit*]
93 # (optional) Maximum number of Swift containers/objects to display
94 # on a single page. Defaults to 1000.
97 # (optional) Log level. Defaults to 'INFO'. WARNING: Setting this to
98 # DEBUG will let plaintext passwords be logged in the Horizon log file.
100 # [*local_settings_template*]
101 # (optional) Location of template to use for local_settings.py generation.
102 # Defaults to 'horizon/local_settings.py.erb'.
105 # (optional) Location where the documentation should point.
106 # Defaults to 'http://docs.openstack.org'.
108 # [*compress_offline*]
109 # (optional) Boolean to enable offline compress of assets.
112 # [*hypervisor_options*]
113 # (optional) A hash of parameters to enable features specific to
114 # Hypervisors. These include:
115 # 'can_set_mount_point': Boolean to enable or disable mount point setting
116 # Defaults to 'True'.
117 # 'can_set_password': Boolean to enable or disable VM password setting.
118 # Works only with Xen Hypervisor.
119 # Defaults to 'False'.
122 # (optional) A hash of parameters to enable features specific to
123 # Cinder. These include:
124 # 'enable_backup': Boolean to enable or disable Cinders's backup feature.
127 # [*neutron_options*]
128 # (optional) A hash of parameters to enable features specific to
129 # Neutron. These include:
130 # 'enable_lb': Boolean to enable or disable Neutron's LBaaS feature.
132 # 'enable_firewall': Boolean to enable or disable Neutron's FWaaS feature.
134 # 'enable_quotas': Boolean to enable or disable Neutron quotas.
136 # 'enable_security_group': Boolean to enable or disable Neutron
137 # security groups. Defaults to True.
138 # 'enable_vpn': Boolean to enable or disable Neutron's VPNaaS feature.
140 # 'profile_support': A string indiciating which plugin-specific
141 # profiles to enable. Defaults to 'None', other options include
144 # [*configure_apache*]
145 # (optional) Configure Apache for Horizon. (Defaults to true)
148 # (optional) Bind address in Apache for Horizon. (Defaults to undef)
151 # (optional) Enable SSL support in Apache. (Defaults to false)
154 # (optional) Whether to redirect http to https
158 # (required with listen_ssl) Certificate to use for SSL support.
161 # (required with listen_ssl) Private key to use for SSL support.
164 # (required with listen_ssl) CA certificate to use for SSL support.
166 # [*vhost_extra_params*]
167 # (optionnal) extra parameter to pass to the apache::vhost class
170 # [*file_upload_temp_dir*]
171 # (optional) Location to use for temporary storage of images uploaded
172 # You must ensure that the path leading to the directory is created
173 # already, only the last level directory is created by this manifest.
174 # Specify an absolute pathname.
178 # (optional) Enables security settings for cookies. Useful when using
179 # https on public sites. See: http://docs.openstack.org/developer/horizon/topics/deployment.html#secure-site-recommendations
182 # [*django_session_engine*]
183 # (optional) Selects the session engine for Django to use.
184 # Defaults to undefined - will not add entry to local settings.
186 # === Deprecation notes
188 # If any value is provided for keystone_scheme, keystone_host, or
189 # keystone_port parameters; keystone_url will be completely ignored. Also
190 # can_set_mount_point is deprecated.
195 # secret_key => 's3cr3t',
196 # keystone_url => 'https://10.0.0.10:5000/v2.0',
197 # available_regions => [
198 # ['http://region-1.example.com:5000/v2.0', 'Region-1'],
199 # ['http://region-2.example.com:5000/v2.0', 'Region-2']
206 $package_ensure = 'present',
207 $cache_server_ip = '127.0.0.1',
208 $cache_server_port = '11211',
210 $horizon_app_links = false,
211 $keystone_url = 'http://127.0.0.1:5000/v2.0',
212 $keystone_default_role = '_member_',
213 $django_debug = 'False',
214 $openstack_endpoint_type = undef,
215 $secondary_endpoint_type = undef,
216 $available_regions = undef,
217 $api_result_limit = 1000,
219 $help_url = 'http://docs.openstack.org',
220 $local_settings_template = 'horizon/local_settings.py.erb',
221 $configure_apache = true,
222 $bind_address = undef,
223 $servername = $::fqdn,
224 $server_aliases = $::fqdn,
225 $allowed_hosts = $::fqdn,
227 $ssl_redirect = true,
228 $horizon_cert = undef,
229 $horizon_key = undef,
231 $compress_offline = true,
232 $hypervisor_options = {},
233 $cinder_options = {},
234 $neutron_options = {},
235 $file_upload_temp_dir = '/tmp',
236 $policy_files_path = undef,
237 $policy_files = undef,
238 # DEPRECATED PARAMETERS
239 $can_set_mount_point = undef,
240 $keystone_host = undef,
241 $keystone_port = undef,
242 $keystone_scheme = undef,
243 $vhost_extra_params = undef,
244 $secure_cookies = false,
245 $django_session_engine = undef,
248 include ::horizon::params
251 warning('swift parameter is deprecated and has no effect.')
254 if $keystone_scheme {
255 warning('The keystone_scheme parameter is deprecated, use keystone_url instead.')
259 warning('The keystone_host parameter is deprecated, use keystone_url instead.')
263 warning('The keystone_port parameter is deprecated, use keystone_url instead.')
266 # Default options for the OPENSTACK_HYPERVISOR_FEATURES section. These will
267 # be merged with user-provided options when the local_settings.py.erb
268 # template is interpolated. Also deprecates can_set_mount_point.
269 if $can_set_mount_point {
270 warning('The can_set_mount_point parameter is deprecated, use hypervisor_options instead.')
271 $hypervisor_defaults = {
272 'can_set_mount_point' => $can_set_mount_point,
273 'can_set_password' => false
276 $hypervisor_defaults = {
277 'can_set_mount_point' => true,
278 'can_set_password' => false
283 warning('Parameter fqdn is deprecated. Please use parameter allowed_hosts for setting ALLOWED_HOSTS in settings_local.py and parameter server_aliases for setting ServerAlias directives in vhost.conf.')
284 $final_allowed_hosts = $fqdn
285 $final_server_aliases = $fqdn
287 $final_allowed_hosts = $allowed_hosts
288 $final_server_aliases = $server_aliases
291 # Default options for the OPENSTACK_CINDER_FEATURES section. These will
292 # be merged with user-provided options when the local_settings.py.erb
293 # template is interpolated.
295 'enable_backup' => false,
298 # Default options for the OPENSTACK_NEUTRON_NETWORK section. These will
299 # be merged with user-provided options when the local_settings.py.erb
300 # template is interpolated.
301 $neutron_defaults = {
302 'enable_lb' => false,
303 'enable_firewall' => false,
304 'enable_quotas' => true,
305 'enable_security_group' => true,
306 'enable_vpn' => false,
307 'profile_support' => 'None'
310 Service <| title == 'memcached' |> -> Class['horizon']
313 ensure => $package_ensure,
314 name => $::horizon::params::package_name,
317 file { $::horizon::params::config_file:
318 content => template($local_settings_template),
320 require => Package['horizon'],
323 package { 'python-lesscpy':
324 ensure => $package_ensure,
327 exec { 'refresh_horizon_django_cache':
328 command => "${::horizon::params::manage_py} compress",
330 require => [Package['python-lesscpy'], Package['horizon']],
333 if $compress_offline {
334 File[$::horizon::params::config_file] ~> Exec['refresh_horizon_django_cache']
337 if $configure_apache {
338 class { 'horizon::wsgi::apache':
339 bind_address => $bind_address,
340 servername => $servername,
341 server_aliases => $final_server_aliases,
342 listen_ssl => $listen_ssl,
343 ssl_redirect => $ssl_redirect,
344 horizon_cert => $horizon_cert,
345 horizon_key => $horizon_key,
346 horizon_ca => $horizon_ca,
347 extra_params => $vhost_extra_params,
351 if ! ($file_upload_temp_dir in ['/tmp','/var/tmp']) {
352 file { $file_upload_temp_dir :
354 owner => $::horizon::params::wsgi_user,
355 group => $::horizon::params::wsgi_group,